What's new in version 2024.2?

Please find the bug fixes in version 2024.2 in our Release Notes.

The changes and bug fixes in the current patch version can be found here.

Please note that some issues may cause a change in product behavior when you install the update. Before updating, make sure to check your settings to see if your existing environment is affected. The issues are labeled with the following icon

The main version 2024.2 contains the following new features and general improvements and changes.

Device Control

  • End users can send unlock requests for composite and MTP devices.

  • Administrators can configure drive classes in the DOC.

  • CSVs exported from the DMC can now be imported into device or drive rules in the DOC. In addition, these CSVs can now be exported in the DMC not only from device or drive collections, but also directly from a list of simple device or drive rules.

  • Drives can now be managed in remote sessions on non-terminal servers.

  • Accepting the usage policy and using the self-service unlock now both work with user names in UNC format (Name@Domain).

  • Archive scanning can now be done across encrypted containers and SMB shares

  • Hardware information is displayed in event columns

  • Simulation mode can be enabled for individual device classes

  • Defender scans may be temporarily deactivated during remote unlock

  • Content scanner event: For blocked files, the file header (beginning of the file content) can be attached to the event that reports a failed content scan. This data can be used to customize the content review.

New system groups and changed group evaluation

  • DriveLock now introduces system groups that automatically include all computers and all users. In addition, the evaluation of groups has been modified (for computer or user groups alike):

    Behavior before 2024.2: If all groups used in a group were excluded, all computers that were not in the excluded groups were members of the group.

    Example: You had a group 'Servers' that contained all servers. You wanted to create a computer group 'Workstations' that included all computers in your organization except for the servers. To accomplish this, you added the group 'Servers' as an exclusion in this group.

    New behavior as of 2024.2: If all groups in a group are only exclusions, this is no longer interpreted as 'all except'. This means that all other computers are no longer automatically members.

    In the above example, you must therefore include the 'All Computers' group in the 'Workstations' group and exclude the 'Servers' group. To maintain the same result as before for existing groups, the 'All Computers' or 'All Users' group is automatically added to the groups that are subject to this change during the update.

    Note on creating new groups: If you want to create a new group that contains all computers that are not contained in specific groups, you must now explicitly add the 'All Computers' group to get the desired result.

macOS

  • DriveLock Notifier for macOS: The new menu bar app "DriveLock Notifier" provides quick access to encryption and recovery.

  • The macOS agent now supports the Windows hardware ID from the parent USB device, numeric USB IDs for vendor, product and revision, as well as Windows rules for vendor, product and revision names (all optionally with S/N) for blocking drives.

  • The macOS agent can be distributed via MDM

  • You can encrypt USB drives on macOS with Encryption 2-Go

Linux

  • Device Control on Linux now supports vendor and product information on Linux.

  • Devices the Linux agent cannot assign to any other device class can now be controlled via the new device class "Unknown Linux device" in the policy

  • Devices the Linux agent cannot assign to a device class can now be controlled via user-defined device classes with a configured USB class property

  • AlmaLinux is supported as a new Linux distribution on endpoints

Application Control

  • You can now manage Application Behavior Control rules in the DOC

  • Managing Application Control rules in the DOC provides an enhanced display and additional settings.

  • In Application Control rules you can now filter for the file size.

  • More detailed information on the file is now supplied for event 596 (file added to local whitelist). Application control rules can now also be created from this event.

  • Simplified process analysis with process tree in DOC.

BitLocker Management

  • Devices may be automatically encrypted during provisioning when TPM is activated.

DriveLock Operations Center (DOC)

  • The DriveLock Operations Center now has a dark mode in addition to the familiar light mode. You can find the corresponding setting via the menu item "Customize appearance" in the user settings.

  • It is now possible to specify for every list view whether you want the total number of entries to be determined and displayed.

  • The display mode of any string field via the context menu can now be changed between single-line and multi-line.

  • In the event view, there are new filter options for the affected objects (application, hardware ID, drive ID). The view must be reset to default in order to display the columns.

  • The export to Excel has been replaced by the export in CSV format. This allows you to specify both the amount of data to be exported and the format.

  • The column selection and the setting for displaying the total number of entries can now be saved for each list view in both the Detail View and the Object View.

  • Now you can easily evaluate, distribute, and modify licenses, and create license policies in the DOC.

  • Licenses can now be evaluated on a tenant basis for managed service environments.

General improvements and changes

  • Platform API extensions: Endpoints and groups can be managed via API.

  • The settings for deleting inactive computers automatically have been extended and there is now also an option to protect computers from being deleted automatically.

  • Centrally manage encrypted folders

  • Integrate risk assessments and training with Human Risk Assessment & Security Awareness

  • The login screen behavior for DriveLock PBA is aligned with Windows

  • Use the new DriveLock Server Setup wizard for database installation and server certificate management (replacing the older tools Database Install Wizard.exe and ChangeDesCert.exe)

  • Allow the DriveLock Enterprise Service to use a group-managed service account (gMSA) as a login account.

System requirements update