Windows Patch Notes for CTE v7.8.0.111
CTE version | Date | Version |
---|---|---|
v7.8.0.111 | 2025-10-01 | v1 |
Resolved Issues
-
AGT-67904: [CS2201560] voradmin ldt Reports Incorrect Key Name
AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.99
When users moved or copied files from a non-guarded location to a guarded location without applying a key, the
voradmin ldt report <guardpoint>
command displayed an incorrect key name. This issue was caused by the lazy rekey feature.The
voradmin ldt report
command has been updated to correctly display the key status for files affected by lazy rekey. -
AGT-66253 | AGT-66374 [CS2146268]: Unable to access symbolic link in an LDT GuardPoint
AFFECTED VERSIONS: 7.7.0.111 — 7.8.0.99
Previously, symbolic links located inside protected folders could not be accessed. This resulted in errors, or denied access, when trying to follow or use those links. This issue has been fixed. Symbolic links inside protected folders can now be accessed as expected, ensuring smoother file operations and improved reliability.
-
AGT-66593: Logging differences between Linux and Windows while imposing writing restrictions from OS
AFFECTED VERSIONS: 7.8.0.99
Issue occurred when FAM was enabled, and a FAM policy was applied. If an IO operation failed, with
access denied
error from NTFS, on a CTE guarded path, FAM log displayed access state asCTE_DENIED
instead ofOS_DENIED
. This has been fixed. -
AGT-66626: [CS1604122]: Effective User ID displaying as Computer Name causing
access denied
on GuardPointsAFFECTED VERSIONS: 7.7.0.130 — 7.8.0.99
The CTE Windows driver was preventing access to the file for fast I/O reads when it should have returned that the operation was not supported. Only normal I/O reads are supported. This issue has been fixed.
-
AGT-66937 [CS2189489] Windows disk management unable to display the mounted volume info after guarding
AFFECTED VERSIONS: 7.6.0.143 — 7.8.0.99
When the Access Control List of a mount point does not specify allowing access for the user group, Disk Manager may not be able to display the mount point. This was fixed by changing the CTE driver to perform less stringent permissions checking for directories.
-
AGT-67113 [CS2186722]: MSSQL update (KB5046862) failed to install when staging drive is guarded with CTE RWP
AFFECTED VERSIONS: 7.7.0.77 — 7.8.0.xx
When attempting to perform an MSSQL update (KB5046862) on an RWP protected volume, this update failed. This was due to an issue with Enhanced RWP Protection. This issue has been fixed.
-
AGT-67379 | AGT-66352: System Crashed while restoring shadow-copy backup
AFFECTED VERSIONS: 7.8.0.73 — 7.8.0.xx
Forcefully dismounting a shadow drive using the
vssadmin.exe revert shadow /ForceDismount
command, and then attempting to generate an LDT report using thevoradmin LDT report
command, in sequence, resulted in a system crash. This has been fixed. -
AGT-68108 [CS2213662]: CTE driver causing system crash when a file is renamed
AFFECTED VERSIONS: 7.7.0.130 — 7.8.0.99
A timing issue could occur when a file was renamed. This happens when the CTE drivers try to access internal data structures when another operation is releasing that same memory simultaneously. While this is an infrequent occurrence, it leads to a system crash. This issue has been fixed.
Known Issues
-
AGT-36370: The vorvmd.log reports an error message,
Not guarding path
when guarding LDT over CIFS GuardPointAFFECTED VERSIONS: N/A
This error message displays when the CTE agent is in the process of authenticating the user. This error can be safely ignored.
-
AGT-39189 | AGT-55063: CTE failed to unguard after changing to incorrect CIFS credentials
AFFECTED VERSIONS: All
If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails because CTE agent is unable to access the CIFS share to update the credentials.
Work-around
To successfully guard/unguard a CIFS path, use valid credentials.
-
AGT-39190: File modified time does not change after rekey for excluded files
AFFECTED VERSIONS: 7.7.0 — 7.8.0.111
This is a limitation with the current CTE agent. This is due to the Windows Redirected Drive Buffering Subsystem (rdbss) limitation.
-
AGT-48196: Microsoft DPM recovery creation failed when creating an incremental backup recovery point
AFFECTED VERSIONS: 7.5.0 — 7.8.0.111
Work-around
Perform a complete backup. Do not perform an incremental backup.
-
AGT-48580: The gzip files in a directory can be mistakenly identified as ransomware by Ransomware Protection
AFFECTED VERSIONS: 7.5.0 — 7.8.0.111
Some compression algorithms haves high entropy value and intermittently, zip or unzip activity that occurs on files that already themselves have high entropy, within a Ransomware Protection GuardPoint, is mistakenly identified as ransomware.
Work-around
Add the
zip/gzip/winzip
programs to the Ransomware Protection process exemption list in the CipherTrust Manager. -
AGT-48862: Unguard process fails if CTE
secfsd
service is downAFFECTED VERSIONS: 7.5.0 — 7.8.0.111
The
secfsd
service is a critical CTE service. If this service is down, certain CTE features may not work as intended.Work-around
Manually restart the
secfsd
service in the service manager. -
AGT-58577: Issues and limitations for Multifactor Authentication and Ransomware Protection co-existence
AFFECTED VERSIONS: 7.7.0 — 7.8.0.111
Multifactor Authentication is not yet supported for a GuardPoint with Ransomware Protection with a CTE Agent.
-
AGT-61138: When applying a GuardPoint on the UNC (Universal Naming Convention) name instead of a Local drive, files display as cipher-text format when accessing using local drive
AFFECTED VERSIONS: 7.7.0 — 7.8.0.111
User must apply GuardPoint on the local drive. If the user decides to apply the GuardPoint on the UNC path, user must use the UNC path to access the data. Do not view through the local Windows explorer path.
-
AGT-64352: No Audit logs generated for same resource set on Standard Policy vs FAM policy
AFFECTED VERSIONS: 7.7.0 — 7.8.0.111
In FAM, no audit logs are generated with a FAM policy having a resource set matching the designated pattern.
-
AGT-64711: Data transformation is failing in case of existing data in OneDrive using dataxform
AFFECTED VERSIONS: 7.7.0 — 7.8.0.111
For OneDrive v23.066 and subsequent versions, Microsoft made a change to their software. Users can no longer disable the Files On-Demand feature. Disabling this feature is required for the CTE driver. As a result, the CTE driver can only support using a standard policy and Data Transformation with previous versions of OneDrive v23.066. For OneDrive v23.066 and subsequent versions, the CTE driver supports using a standard policy. It does not support using Data Transformation.
-
AGT-64971: Unable to delete GuardPoint inside a Ransomware protected volume, when simulating a ransomware attack when a process is marked as malicious by RWP
AFFECTED VERSIONS: 7.8.0.111
GuardPoint is not being removed from the directory. On CipherTrust Manager it displays that it's in the processing state.
Work-around
Reboot the agent.
-
AGT-65794: CTE/FAM duplicate audit logs generated for single action
AFFECTED VERSIONS: 7.8.0.111
For CTE protected paths, there can be multiple FAM audit logs generated for a single I/O operation.
-
AGT-66386: Not able to access CIFS file from a Windows AccessOnly node after key rotation
AFFECTED VERSIONS: 7.8.0.77 — 7.8.0.111
If a file on a CIFS share is accessed from a Windows AccessOnly node immediately following the initial LDT transformation operation, and then a subsequent rekey is performed, the file is no longer be accessible on the Windows AccessOnly Node.
Workaround
Reboot the Windows AccessOnly node.