Windows Patch Notes for CTE v7.8.0.99
CTE version | Date | Version |
---|---|---|
v7.8.0.99 | 2025-06-17 | v1 |
v7.8.0.99 | 2025-08-29 | v2 |
New Features and Enhancements
SQL File Table graphical setup for LDT
CTE now supports guarding SQL FileTables databases with LDT.
- See Guarding SQL Server FileTable databases with LDT for more information.
Registry entry now included in default installation
Registry entries for ReparseonCompletion
and CompressedEASpecialHandling
have now been added to the default installation.
Resolved Issues
-
AGT-64246 [CS1606706]: Long delay (up to 5mins) to open files over the network with CTE driver
AFFECTED VERSIONS: 7.7.0.88 — 7.8.0.99
When a directory is accessed remotely, Microsoft SMB issued file open requests for every individual file in that directory. This caused the CTE driver to open every file and read the file metadata, which was time-consuming. The solution is to check the desired access for the requested file, and if the open request is only for file attributes and not for file data, then the CTE driver will now skip the opening and reading of the file metadata.
-
AGT-64751 [CS1615045] Creating an Ransomware Protection GuardPoint on an OS volume, in Monitor mode, causes internal web application to stop working
AFFECTED VERSIONS: 7.7.0.88 — 7.8.0.99
Ransomware Protection was denying writes to RWP-enhanced detection virtual files while in monitor mode. Ransomware Protection has been corrected to return success for writes to said virtual files in monitor mode.
-
AGT-65185: Filetable SQL server failed to backup guarded DB directory with access denied error with LDT policy
AFFECTED VERSIONS: 7.7.0.130 — 7.8.0.83
The issue occurred when access was denied to temp files in an AccessOnly node. This has been fixed. The temp files now have open access.
-
AGT-66499 [CS2177280]: Ransomware Protection continues to block the
NTOSKRNL.exe
process after it is added to the Allow ListAFFECTED VERSIONS: 7.7.0.88 — 7.8.0.99
Corrected the method that determines if an operation is exempt from Ransomware Protection. Now, CTE can search for the exempted process list to find a match if
NTOSKRNL.exe
is listed. -
AGT-66524 [CS2159079]: Get exclusion list command is not working
AFFECTED VERSIONS: 7.7.0.88 — 7.8.0.99
The LDT Exclusion List must contain at least one GuardPoint to display. No fix was needed but the message has been improved.
-
AGT-66762: System crash seen after creating directory inside CIFS path
AFFECTED VERSIONS: 7.7.0.138 — 7.8.0.99
The memory allocation for the event was not large enough to handle it. This has been fixed.
-
AGT-66903: Security query caused crash
AFFECTED VERSIONS: 7.7.0.130 — 7.8.0.99
When a Security query was issued for an Ransomware Protection virtual file that was smaller than the required size, Ransomware Protection was did not handle it properly. Ransomware Protection has been corrected to properly handle the security query for virtual files.
Known Issues
-
AGT-36370: The vorvmd.log reports an error message,
Not guarding path
when guarding LDT over CIFS GuardPointAFFECTED VERSIONS: N/A
This error message displays when the CTE agent is in the process of authenticating the user. This error can be safely ignored.
-
AGT-39189 | AGT-55063: CTE failed to unguard after changing to incorrect CIFS credentials
AFFECTED VERSIONS: All
If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails because CTE agent is unable to access the CIFS share to update the credentials.
Work-around
To successfully guard/unguard a CIFS path, use valid credentials.
-
AGT-39190: File modified time does not change after rekey for excluded files
AFFECTED VERSIONS: 7.7.0 — 7.8.0.xx
This is a limitation with the current CTE agent. This is due to the Windows Redirected Drive Buffering Subsystem (rdbss) limitation.
-
AGT-48196: Microsoft DPM recovery creation failed when creating an incremental backup recovery point
AFFECTED VERSIONS: 7.5.0 — 7.8.0.xx
Work-around
Perform a complete backup. Do not perform an incremental backup.
-
AGT-48580: The gzip files in a directory can be mistakenly identified as ransomware by Ransomware Protection
AFFECTED VERSIONS: 7.5.0 — 7.8.0.xx
Some compression algorithms haves high entropy value and intermittently, zip or unzip activity that occurs on files that already themselves have high entropy, within a Ransomware Protection GuardPoint, is mistakenly identified as ransomware.
Work-around
Add the
zip/gzip/winzip
programs to the Ransomware Protection process exemption list in the CipherTrust Manager. -
AGT-48862: Unguard process fails if CTE
secfsd
service is downAFFECTED VERSIONS: 7.5.0 — 7.8.0.xx
The
secfsd
service is a critical CTE service. If this service is down, certain CTE features may not work as intended.Work-around
Manually restart the
secfsd
service in the service manager. -
AGT-58577: Issues and limitations for Multifactor Authentication and Ransomware Protection co-existence
AFFECTED VERSIONS: 7.7.0 — 7.8.0.xx
Multifactor Authentication is not yet supported for a GuardPoint with Ransomware Protection with a CTE Agent.
-
AGT-61138: When applying a GuardPoint on the UNC (Universal Naming Convention) name instead of a Local drive, files display as cipher-text format when accessing using local drive
AFFECTED VERSIONS: 7.7.0 — 7.8.0.xx
User must apply GuardPoint on the local drive. If the user decides to apply the GuardPoint on the UNC path, user must use the UNC path to access the data. Do not view through the local Windows explorer path.
-
AGT-64352: No Audit logs generated for same resource set on Standard Policy vs FAM policy
AFFECTED VERSIONS: 7.7.0 — 7.8.0.xx
In FAM, no audit logs are generated with a FAM policy having a resource set matching the designated pattern.
-
AGT-64711: Data transformation is failing in case of existing data in OneDrive using dataxform
AFFECTED VERSIONS: 7.7.0 — 7.8.0.xx
For OneDrive v23.066 and subsequent versions, Microsoft made a change to their software. Users can no longer disable the Files On-Demand feature. Disabling this feature is required for the CTE driver. As a result, the CTE driver can only support using a standard policy and Data Transformation with previous versions of OneDrive v23.066. For OneDrive v23.066 and subsequent versions, the CTE driver supports using a standard policy. It does not support using Data Transformation.
-
AGT-64971: Unable to delete GuardPoint inside a Ransomware protected volume, when simulating a ransomware attack when a process is marked as malicious by RWP
AFFECTED VERSIONS: 7.8.0
GuardPoint is not being removed from the directory. On CipherTrust Manager it displays that it's in the processing state.
Work-around
Reboot the agent.
-
AGT-65794: CTE/FAM duplicate audit logs generated for single action
AFFECTED VERSIONS: 7.8.0
For CTE protected paths, there can be multiple FAM audit logs generated for a single I/O operation.
-
AGT-66352: System Crashed while restoring shadow-copy backup
AFFECTED VERSIONS: 7.8.0.73 — 7.8.0.xx
Forcefully dismounting a shadow drive using the
vssadmin.exe revert shadow /ForceDismount
command, and then attempting to generate an LDT report using the Voradmin LDT report command, in sequence, may result in a system crash. Thales suggests that you do not perform these two commands in sequence. -
AGT-66386: Not able to access CIFS file from a Windows AccessOnly node after key rotation
AFFECTED VERSIONS: 7.8.0.77 — 7.8.0.xx
If a file on a CIFS share is accessed from a Windows AccessOnly node immediately following the initial LDT transformation operation, and then a subsequent rekey is performed, the file is no longer be accessible on the Windows AccessOnly Node.
Workaround
Reboot the Windows AccessOnly node.
-
AGT-67113 [CS2186722]: MSSQL update (KB5046862) failed to install when staging drive is guarded with CTE RWP
AFFECTED VERSIONS: 7.7.0.77 — 7.8.0.xx
Enhanced Ransomware Protection is blocking SQL upgrade KB5046862.
Work-around
To allow the upgrade to install, disable the enhanced Ransomware Protection before attempting the upgrade:
-
In CipherTrust Manager, go to Transparent Encryption > Settings > Profile > Ransomware Protection Configuration and switch from block mode to monitor mode.
-
Disable enhanced Ransomware Protection, type:
voradmin cft mode disable
-
Upgrade SQL.
-
Re-enable enable enhanced Ransomware Protection after the installation, type:
voradmin cft mode standard
-
Switch back to block mode in the client profile.
-