Bug fixes

When taking over an existing BitLocker environment, it sometimes happened that an existing recovery key was not replaced. As a result, the affected partition was identified in the DOC as "BitLocker" instead of "DriveLock BitLocker".

When the policy was configured properly, the dialog for delaying encryption was displayed even if only protectors were to be replaced

When taking over an existing BitLocker-encrypted partition, the recovery key was not uploaded to the DES in some cases.

External drives that were already encrypted with BitLocker Management were decrypted by BLM when a decryption policy was assigned.

After assigning a decryption policy, an unmanaged data partition encrypted with BitLocker was not decrypted, but an existing automatic unlock was removed.

When taking over existing BitLocker environments, it could happen that the system partition was not completely taken over.

When updating the DriveLock Agent version 20.2 or older, the password dialog was displayed again if the BitLocker PBA was selected in the policy and the options were set so that the password must be entered by the user and that a takeover must take place while retaining the existing algorithm.

When querying the BitLocker information, the agent crashed if the drive information could no longer be read correctly due to a defect.

If a user logged out while the dialog for entering a BLM password was visible, the dialog was not displayed again when the user logged on again.

In order to be able to distinguish between quarantine files listed several times with the same path, a time stamp has been placed in front of them.

Some issues in connection with file filter templates have been fixed:

• Hash values defined in filter templates for file exclusions were ignored. Only the file name was decisive and the system could be fooled by renaming files.

• Hash creation is limited to the first 64k of the file. Folder exclusions did not work in some rare cases when the name of the excluded folder was part of the name of the executable file.

The bug that applied write quotas to read requests has been fixed.

The simulation mode for file filtering is implemented for file size limitation, quota, as well as other settings, e.g. extension(s) blocked/allowed. If quota settings are combined with other settings and a file is locked due to other settings, the read or write accesses to the locked file are not counted towards the quota so as not to distort the quota accounting. The creation of shadow copies is not adapted in this way, i.e. a file opened and written in simulation mode, which would otherwise have been blocked, is created as a shadow copy.

The recycle bin handling during content scan has been modified to support ExFat.

The Agent Remote Control for Disk Protection displayed an incorrect encryption status if BitLocker Management was also licensed.

The bug that screen readers sometimes read out texts in the user interface in the wrong order has been fixed.

The maximum length of the subject of emails sent by DriveLock can now be configured.

It is now possible to change the column width in the detail view and the object view.

Logging in to DOC with user names containing umlauts now works.

The "Events grouped by type" widget showed all events (including audit events), but when drilling down, only the "normal" events were displayed, which did not match the number shown previously. There is now a separate widget "Audit events grouped by type".

The API documentation has been improved so that it is now easier to see which URL and ports need to be used.

After self wipe, it was possible that individual users were still able to log on to the DriveLock PBA.

The 'Self-wipe' feature failed to execute even though the DES had been unavailable for more than the days specified in the policy.

A blue screen error (BSOD) that occurred when a user's SID could not be retrieved has been fixed.

The issue that a user with read access could write to DFS drives has been fixed.

Mounting the ISO from an encrypted network folder now works with all formats.

In previous versions, canceling the decryption of encrypted folders resulted in a mixture of unencrypted and encrypted files and a renamed database file in this folder. The database file is now restored, and when the folder is mounted, the state is consolidated and the unencrypted files are encrypted before you can start decryption again.

It is still not recommended to cancel the encryption/decryption of folders.

In a fully encrypted drive X:, files in system folders, e.g. \System Volume Information, must not be encrypted. The check for unencrypted files now takes this into account.

If a File Protection folder was mounted while an empty smartcard reader was connected to the computer, the connection wizard could crash.

If the restore wizard for a centrally managed folder was started via the tray icon, the wizard behaved as if it was not a centrally managed folder

The Drivelock.exe created dump files when an error occurred while accessing a certain device (it was not a crash, but only the creation of unnecessary dump files).

It was possible to decrypt a centrally managed folder without the appropriate authorization. This issue is now fixed.

The check for unencrypted files did not work for files synchronized from OneDrive that had not yet been downloaded.

Encryption 2Go recovery did not work when using a certificate file.