ER 2.7.0 Release Notes

The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon 2.7.0.

For a quick view of the changes since the last Enterprise Recon release, see Summary of Changes.

Contents:

1. Highlights
   • New and Improved Features
     • Scan Resources in Salesforce Government Cloud
   • New and Improved Data Types
2. Important Notes
   • Critical: One Way Upgrade to Enterprise Recon 2.7.0
   • Critical: End of Support for KCT Datastore Format
   • End-of-Support Platforms and Features in Enterprise Recon 2.7.0
   • Upcoming End-of-Support Platforms and Features
3. Enterprise Recon 2.7.0 Changelog
   • What’s New?
   • Enhancements
   • Bug Fixes
4. Features That Require Agent Upgrades

New and Improved Features

Scan Resources in Salesforce Government Cloud

The Salesforce Target has been enhanced to enable scanning of Salesforce Government Cloud environments. The Partial Object Scanning feature has also been updated to scan a maximum of N records sorted by last modification date (in descending order) instead of the record ID.

See Salesforce for more information.

New and Improved Data Types

With the new Singaporean Telephone Number data type in Enterprise Recon 2.7.0, you can now scan and remediate locations that store unsecured Singapore Telephone Numbers to ensure compliance with Singapore's Personal Data Protection Act (PDPA) regulations.

The US Passport Number data type has been enhanced to support the (i) new format for Next Generation Passports (NGPs) and also the (ii) "X" gender marker in passport MRZ lines.

Important Notes

CRITICAL: One Way Upgrade to Enterprise Recon 2.7.0

Certain data sets, storage formats and components for the Master Server have been updated in Enterprise Recon 2.7.0. Therefore once the Master Server is updated from ER 2.5.0 (and below) to ER 2.7.0, the datastore is not backward compatible and downgrading ER 2.7.0 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance with upgrading the Master Server.

CRITICAL: End of Support for KCT Datastore Format

From Enterprise Recon 2.0.28, new installations of Enterprise Recon utilize CentOS 7 and RDB datastore format, which features improved reliability, better performance, and reduced internal fragmentation.

If your existing Master Server installation is based on CentOS 6 or utilizes the KCT datastore format, please upgrade to CentOS 7 and migrate your datastore to RDB format before upgrading to Enterprise Recon 2.7.0 to continue using Enterprise Recon without interruption.

The Ground Labs Support Team is available to assist customers who wish to upgrade and migrate existing installations of Enterprise Recon.

End-of-Support Platforms and Features in Enterprise Recon 2.7.0

The following platforms and/or features have reached end of support in Enterprise Recon:

• Email Targets - Microsoft Exchange (EWS)
  • To continue scanning the Microsoft Exchange Server, you are recommended to use the Exchange Domain protocol instead.
  Existing reports and/or match locations for the deprecated Targets will still be accessible in Enterprise Recon.
• Microsoft 365 - Exchange Online (EWS)
  • The Exchange Online (EWS) (previously Office 365 Mail) Target uses the Basic Authentication method for Exchange Web Services (EWS), which is marked for retirement by Microsoft on October 1st, 2022. Existing scans for Microsoft 365 - Exchange Online (EWS) may start to fail once Basic Authentication access is disabled for Exchange Web Services (EWS).
  • To continue scanning the Exchange Online environment, you are recommended to use the Exchange Online (Graph) protocol which uses the more secure application permissions workflow for authentication and authorization. The recommended Exchange Online (Graph) protocol also simplifies compliance management by allowing you to identify, remediate and report results according to predefined Groups in your organization's Exchange Online mail environment.
  Existing reports and/or match locations for the deprecated Targets will still be accessible in Enterprise Recon.
• Web Browser - Internet Explorer
  • Microsoft has ended support for Internet Explorer. To ensure best performance, we advise using only supported browsers to access the Enterprise Recon Web Console. See System Requirements - Web Console for the up-to-date list of supported browsers.

Upcoming End-of-Support Platforms and Features

The following platforms and/or features will reach end of support and be removed in a subsequent release of Enterprise Recon:

• Linux 2.4 Node Agents
  To continue scanning Linux server Targets, install the Linux 2.6 Node Agent instead.

Changelog

The Changelog is a complete list of all the changes in Enterprise Recon 2.7.0.

What’s New?

• New Data Types
  • NEW Singaporean Telephone Number

Enhancements

• Improved Features:
  • The US Passport Number data type has been enhanced to support the (i) new format for Next Generation Passports (NGPs) and also the (ii) "X" gender marker in passport MRZ lines.
  • Existing G Suite Target has been renamed to Google Workspace; this update is reflected in the labels and field names for the Target in the Web UI. There is no impact to existing scans and/or credentials for the Google Workspace Target.
  • (i) Added the "Severity" and "Logged" columns, and (ii) renamed the "Reason" column to "Description" for the Inaccessible Locations Target report (CSV format) to align with the data points available in the Web UI.
  • Clearer error messaging when uploading a new valid ER2 license file with a smaller data allowance limit than the already-consumed data.
  • The "Platform" label for Apple macOS El Capitan Agent has been renamed to Apple macOS 64bit in the Web UI.
  • The Data Classification with MIP feature has been updated to the latest version of Microsoft Information Protection SDK. This enhancement also requires the MIP Runtime Package to be updated.
  • Various third-party library upgrades for increased application security.
  • Partial Salesforce object scanning feature has been enhanced to scan a maximum of N records sorted by last modified date in descending order. This change will take effect for recurring or scheduled scans where the Partial Salesforce object scanning parameter has been configured.
  • The Oracle database module has been enhanced to improve the overall scan time when the pagination option is enabled.
  • Minor UI enhancements.

Bug Fixes

• The "Access Control" column in the exported Operation Log was (i) available for Enterprise Recon PII Edition, and (ii) incorrectly included even though the "Include access control details" checkbox was not selected.
• The exported Operation Log did not indicate the correct total remediated count for each type of remediation action performed if the "Include access control details" checkbox was selected.
• "File Created" and "File Modified" metadata information were not available and could not be displayed for match locations in SharePoint Online Targets.
• "File Created" metadata information would be incorrectly updated when applying MIP classification labels to supported file types via the Enterprise Recon web UI and API. Requires the MIP Runtime Package to be updated for the fix to take effect.

• In certain scenarios, the "Failed to retrieve file contents: Connection to remote host timed out" error would be returned if the connection request exceeded the defined timeout limit when scanning large files in Salesforce Targets.

• Adding a very large number of "Exclude location by expression" filter rules could cause the scans for impacted Targets to fail with the "Could not compile patterns" error.
• Package architecture for 32-bit Linux Agent (*.deb) was incorrectly configured as 64-bit, resulting in installation failure on 32-bit Debian-based operating systems.
• Sensitive data matches may not be properly detected when scanning certain files in MSG format.
• The Global Summary report and Target Group report would incorrectly display a scan date and time information instead of "Not Scanned" for unscanned Targets.
• In certain scenarios, the Ledger Service would fail to initialize and cause the Web UI to be stuck at the "Please wait while the system is starting up" stage.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon 2.7.0:

• The operating system value for Windows 11 and Windows Server 2022 Targets added in earlier versions of Enterprise Recon would be incorrectly labeled as "Windows 10 64bit" and "Windows Server 2019". Requires Windows Agents.

For a table of all features that require an Agent upgrade, see Agent Upgrade.

Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon with forthcoming features, please email your interest to product@groundlabs.com.