Windows Patch Notes for CTE v7.8.0.111

Resolved Issues

• AGT-67904: [CS2201560] voradmin ldt Reports Incorrect Key Name

  AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.99

  When users moved or copied files from a non-guarded location to a guarded location without applying a key, the voradmin ldt report <guardpoint> command displayed an incorrect key name. This issue was caused by the lazy rekey feature.

  The voradmin ldt report command has been updated to correctly display the key status for files affected by lazy rekey.

• AGT-66253 | AGT-66374 [CS2146268]: Unable to access symbolic link in an LDT GuardPoint

  AFFECTED VERSIONS: 7.7.0.111 — 7.8.0.99

  Previously, symbolic links located inside protected folders could not be accessed. This resulted in errors, or denied access, when trying to follow or use those links. This issue has been fixed. Symbolic links inside protected folders can now be accessed as expected, ensuring smoother file operations and improved reliability.

• AGT-66593: Logging differences between Linux and Windows while imposing writing restrictions from OS

  AFFECTED VERSIONS: 7.8.0.99

  Issue occurred when FAM was enabled, and a FAM policy was applied. If an IO operation failed, with access denied error from NTFS, on a CTE guarded path, FAM log displayed access state as CTE_DENIED instead of OS_DENIED. This has been fixed.

• AGT-66626: [CS1604122]: Effective User ID displaying as Computer Name causing access denied on GuardPoints

  AFFECTED VERSIONS: 7.7.0.130 — 7.8.0.99

  The CTE Windows driver was preventing access to the file for fast I/O reads when it should have returned that the operation was not supported. Only normal I/O reads are supported. This issue has been fixed.

• AGT-66937 [CS2189489] Windows disk management unable to display the mounted volume info after guarding

  AFFECTED VERSIONS: 7.6.0.143 — 7.8.0.99

  When the Access Control List of a mount point does not specify allowing access for the user group, Disk Manager may not be able to display the mount point. This was fixed by changing the CTE driver to perform less stringent permissions checking for directories.

• AGT-67113 [CS2186722]: MSSQL update (KB5046862) failed to install when staging drive is guarded with CTE RWP

  AFFECTED VERSIONS: 7.7.0.77 — 7.8.0.xx

  When attempting to perform an MSSQL update (KB5046862) on an RWP protected volume, this update failed. This was due to an issue with Enhanced RWP Protection. This issue has been fixed.

• AGT-67379 | AGT-66352: System Crashed while restoring shadow-copy backup

  AFFECTED VERSIONS: 7.8.0.73 — 7.8.0.xx

  Forcefully dismounting a shadow drive using the vssadmin.exe revert shadow /ForceDismount command, and then attempting to generate an LDT report using the voradmin LDT report command, in sequence, resulted in a system crash. This has been fixed.

• AGT-68108 [CS2213662]: CTE driver causing system crash when a file is renamed

  AFFECTED VERSIONS: 7.7.0.130 — 7.8.0.99

  A timing issue could occur when a file was renamed. This happens when the CTE drivers try to access internal data structures when another operation is releasing that same memory simultaneously. While this is an infrequent occurrence, it leads to a system crash. This issue has been fixed.

Known Issues

• AGT-36370: The vorvmd.log reports an error message, Not guarding path when guarding LDT over CIFS GuardPoint

  AFFECTED VERSIONS: N/A

  This error message displays when the CTE agent is in the process of authenticating the user. This error can be safely ignored.

• AGT-39189 | AGT-55063: CTE failed to unguard after changing to incorrect CIFS credentials

  AFFECTED VERSIONS: All

  If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails because CTE agent is unable to access the CIFS share to update the credentials.

  Work-around

  To successfully guard/unguard a CIFS path, use valid credentials.

• AGT-39190: File modified time does not change after rekey for excluded files

  AFFECTED VERSIONS: 7.7.0 — 7.8.0.111

  This is a limitation with the current CTE agent. This is due to the Windows Redirected Drive Buffering Subsystem (rdbss) limitation.

• AGT-48196: Microsoft DPM recovery creation failed when creating an incremental backup recovery point

  AFFECTED VERSIONS: 7.5.0 — 7.8.0.111

  Work-around

  Perform a complete backup. Do not perform an incremental backup.

• AGT-48580: The gzip files in a directory can be mistakenly identified as ransomware by Ransomware Protection

  AFFECTED VERSIONS: 7.5.0 — 7.8.0.111

  Some compression algorithms haves high entropy value and intermittently, zip or unzip activity that occurs on files that already themselves have high entropy, within a Ransomware Protection GuardPoint, is mistakenly identified as ransomware.

  Work-around

  Add the zip/gzip/winzip programs to the Ransomware Protection process exemption list in the CipherTrust Manager.

• AGT-48862: Unguard process fails if CTE secfsd service is down

  AFFECTED VERSIONS: 7.5.0 — 7.8.0.111

  The secfsd service is a critical CTE service. If this service is down, certain CTE features may not work as intended.

  Work-around

  Manually restart the secfsd service in the service manager.

• AGT-58577: Issues and limitations for Multifactor Authentication and Ransomware Protection co-existence

  AFFECTED VERSIONS: 7.7.0 — 7.8.0.111

  Multifactor Authentication is not yet supported for a GuardPoint with Ransomware Protection with a CTE Agent.

• AGT-61138: When applying a GuardPoint on the UNC (Universal Naming Convention) name instead of a Local drive, files display as cipher-text format when accessing using local drive

  AFFECTED VERSIONS: 7.7.0 — 7.8.0.111

  User must apply GuardPoint on the local drive. If the user decides to apply the GuardPoint on the UNC path, user must use the UNC path to access the data. Do not view through the local Windows explorer path.

• AGT-64352: No Audit logs generated for same resource set on Standard Policy vs FAM policy

  AFFECTED VERSIONS: 7.7.0 — 7.8.0.111

  In FAM, no audit logs are generated with a FAM policy having a resource set matching the designated pattern.

• AGT-64711: Data transformation is failing in case of existing data in OneDrive using dataxform

  AFFECTED VERSIONS: 7.7.0 — 7.8.0.111

  For OneDrive v23.066 and subsequent versions, Microsoft made a change to their software. Users can no longer disable the Files On-Demand feature. Disabling this feature is required for the CTE driver. As a result, the CTE driver can only support using a standard policy and Data Transformation with previous versions of OneDrive v23.066. For OneDrive v23.066 and subsequent versions, the CTE driver supports using a standard policy. It does not support using Data Transformation.

• AGT-64971: Unable to delete GuardPoint inside a Ransomware protected volume, when simulating a ransomware attack when a process is marked as malicious by RWP

  AFFECTED VERSIONS: 7.8.0.111

  GuardPoint is not being removed from the directory. On CipherTrust Manager it displays that it's in the processing state.

  Work-around

  Reboot the agent.

• AGT-65794: CTE/FAM duplicate audit logs generated for single action

  AFFECTED VERSIONS: 7.8.0.111

  For CTE protected paths, there can be multiple FAM audit logs generated for a single I/O operation.

• AGT-66386: Not able to access CIFS file from a Windows AccessOnly node after key rotation

  AFFECTED VERSIONS: 7.8.0.77 — 7.8.0.111

  If a file on a CIFS share is accessed from a Windows AccessOnly node immediately following the initial LDT transformation operation, and then a subsequent rekey is performed, the file is no longer be accessible on the Windows AccessOnly Node.

  Workaround

  Reboot the Windows AccessOnly node.