2022-22-July

Release Version: PK Protect July 2022

General Availability Date: July 22, 2022

Introduction

The following ‘minor’ release provides new product functionality, resolution to customer reported issues and other general improvements to the PKWARE software.

Updated Components and Versions

PKWARE Component	New Version
PK Endpoint Manager	v19.3.102
PK Endpoint Agent - Persistent Data Encryption (PDE) Agent	v17.30.0011
PK Transparent Server Agent (TDE)	v3.80.6
PKWARE SDK	Java 2020.2.1 / .NET 2020.2.4
PK Protect Mobile App for iOS	2.0.0
PK Protect for Intune Mobile App for iOS	2.0.0
PK Protect Mobile App for Android	2.0.0
PK Protect for Intune Mobile App for Android	2.0.0

PK Endpoint Manager / PK Endpoint Agent Application Version Compatibility

PEM Version

Archive Client Application Versions

PEM v19.3.102

July 2022

Endpoint Agent: 17.30.0011 (July ’22) 17.20.0011 (Apr ’22), 17.10.0017 (Jan ’22), and 17.00.0011 (Sept ’21)

Transparent Server Agent (TDE): v3.80.6

Supported 3^rd Party Platforms

The following PKWARE and 3^rd Party products and versions listed below represent those which have been tested for quality, interoperability, and functional operation. Customers are strongly encouraged to maintain their environment in accordance with the versions and dependencies listed below, to avoid unforeseen issues with compatibility or unexpected behavior.

PK Endpoint Manager
Operating System Type	Version
Microsoft Windows	Windows Server 2022, 2019, 2016, 2012, 2012 R2
Browser Type	Version
Edge	Edge 97.x
Firefox	102.0.x
Google Chrome	103.x
Safari	15
Database Type	Version
PostgreSQL	12.5
MSSQL	SQL Server 2016, 2014, 2012
Web Server	Version
Internet Information Server (IIS)	IIS 10.0, 8.5, 8.0, 7.5
PK Endpoint Agent
Operating System Type	Version
Microsoft Windows	Windows Server 2019, 2016, 2012, 2012 R2 Windows 11, 10, 8.1
MacOS	Monterey (12), Big Sur (11) (with M1 chip – using Rosetta 2), Catalina (10.15)
Linux – RedHat	RedHat 5 or greater
Linux – SUSE	10 and greater on x86, and x86_64
Linux - Ubuntu	14.04 (LTS) and greater on X86 and X86_64
UNIX – IBM AIX	7L version 7.1 (7100-00) or higher, 6L Version 6.1 (6100-00) or higher with required patches
UNIX - Solaris	10 or greater on UltraSPARC and X86
UNIX – HPUX	11iv2 with patches
IBM z/OS	Software: z/OS 2.4, z/OS 2.3, z/OS 2.2, z/OS 2.1, z/OS 1.13 Hardware: z10-EC, z10-BC, z-10, z196, z114, zEC12, zBC12, z13 (2964), z13 (BC (2965)), z14, zR1, z15
IBM i	Software: IBM i 7.4, 7.3, 7.2, 7.1 Hardware: Power 7, 8 and 9
Operating System Type - Mobile	Version
PK Protect for iOS	15
PK Protect for Android	11
SDK
Language	Version
Java v2019.7.1	Dependencies: - Java 8 or higher JRE
Application Operating System	Version
MacOS	Monterey (12), Big Sur (11)
Windows	Windows Server 2019, 2016, 2012, 2012 R2 Windows 10, 8.1 (64-bit)
Linux – RedHat	RedHat Enterprise Linux 8 (64-bit)
Linux – SUSE	Linux Enterprise Server 12 (64-bit)
Linux – Ubuntu	Ubuntu 18.04 LTS
Language	Version
.NET v2020.2.4	Dependencies: - .NET Framework 4.6.1 and higher on Windows - .NET Core 2.1 on all platforms (LTS release from Microsoft)
Application Operating System	Version
Windows	Windows Server 2019, 2016, 2012, 2012 R2 Windows 10, 8.1 (32-bit + 64-bit)
MacOS	Monterey (12), Big Sur (11)
Linux – RedHat	RedHat Enterprise Linux 8 (64-bit)
Linux – Ubuntu	Ubuntu 18.04 LTS
Other PKWARE Components
Component	Version
PK Transparent Server Agent (TDE) - Server	Windows Server 2016, 2012, 2012 R2
PK Transparent Desktop Agent (TDE) – Desktop	Windows 11, 10, 8.1
PK Protect Reader – Windows	Windows 8.1 and higher
PK Protect Reader – macOS	macOS 10.13 and higher

Features and Improvements

The following capabilities have been added to the Manager, Agent or both in the current release.

PK Endpoint Manager Manager
PK Endpoint Manager	Summary
Appliance / Windows Version 19.3.102	Local Caching of User and Group Information PK for Endpoints now caches user and group information from Microsoft Active Directory in the local PEM database. This allows for local look ups instead of having to connect with and obtain information from the live Active Directory instance each time user / group information needs to be looked up and/or verified. PEM syncs with the live Active Directory at pre-defined intervals, however also supports a ‘sync Accounts (users)’ and ‘Sync Groups’ function to provide and on-demand synchronization with the live Active Directory instance. Contingency Feature Updates A new checkbox has been added to the Contingency Users feature, allowing an Admin to explicitly turn on or off, the feature. If enabled, this feature will allow defined users to decrypt any files encrypted with any key from this point it was enabled, forward . If disabled, the contingency public key will be ‘deactivated’ and the members of the policy will not be able to decrypt previously encrypted files (with the prior contingency key) nor will they be able to decrypt newly encrypted files. If re-enabled it will re-instate the prior, disabled contingency public key. All members will be able to decrypt files, encrypted with that prior, original key; and newly encrypted files after the feature was re-enabled. While the feature was disabled / paused, those files will not be able to be decrypted by a contingency group member. Execute CSR (Certificate Signing Request) from the PEM The PK Endpoints product requires a valid SSL certificate to be used with the product. In prior versions of the PEM, the process of making the request for a certificate to be generated was executed through the appliance console. A new capability has been added to the PEM on the ‘System’ > ‘SSL’ page to generate the request directly from the PEM UI. Suppressing the list of all scope entries in the UI table views The scope columns in the table views for assignments and community keys, can contain many entries that cause the field to expand greatly. This field has been modified to only show the first ten, then reference ‘... and xx more’; so the field doesn’t fully expand. Comments fields added to primary configuration fields A ‘comments’ section has been added to the ‘Discovery’, ‘File Filters’, ‘Patterns’, and ‘Assignments configuration pages. Comments can be used to document the purpose, scope and intent of the configuration or provide other notes that can be useful to administrators.
PK Endpoint Agent	Summary
Windows, Mac, Linux Version 17.30.0011	Features Contingency Feature Updates A new checkbox has been added to the Contingency Users feature, allowing an Admin to explicitly turn on or off, the feature. If enabled, this feature will allow defined users to decrypt any files encrypted with any key from this point it was enabled, forward.  If disabled, the contingency public key will be ‘deactivated’ and the members of the policy will not be able to decrypt previously encrypted files (with the prior contingency key) nor will they be able to decrypt newly encrypted files. If re-enabled it will re-instate the prior, disabled contingency public key. All members will be able to decrypt files, encrypted with that prior, original key; and newly encrypted files after the feature was re-enabled. While the feature was disabled / paused, those files will not be able to be decrypted by a contingency group member.

Fixed Issues

Component	ID	Summary	Details	Affected Version
PEM	MGR-4651	Provisional Accounts allowed to be scoped in some policies it shouldn't be allowed	MFA/Unmanaged Accounts	19.2+
PEM	MGR-4607	Identities Accounts Search Usability issue	Repeated Searches could cause the browser to navigate backwards many pages	19.1+
PEM	MGR-4674	Security Vulnerability with BackupConfig endpoint	Unprotected Certificate was being included in the backup package. See JIRA for more details	before 19.0+
PEM	MGR-4707	Timestamp Visual issue for Tasks	Mismatch in showing UTC versus Local Time
Client	ARC-2976	Authentication Policy Check for computers not joined to any domain	These machines could get stuck only trying to do IWA and not prompting the user to enter credentials	17.2
Client	ARC-2978	AuditLogPolicy was only being used on Windows	The user policy was being fetched but falling back to the default policy	17.2

Implementation Notes

Component

Summary

Details

Affected Version

PEM / Appliance

When executing an upgrade, the OS upgrade must be executed prior to the PEM upgrade

The July release the product has been updated to support .NET 6. The OS upgrade is the component that installs .NET 6. Therefore the OS upgrade must be executed first.

19.3.102

PK Protect / App-V Deployments

Before starting the App-V sequencer (and installing the PK Protect client), the following registry key needs to be set:

[HKEY_LOCAL_MACHINE\SOFTWARE\PKWARE\SmartCrypt\UI]

"CtxMenu"=dword:00000001

This makes the PK Protect installer activate the legacy Windows Explorer integration instead of the new Windows Explorer integration. Immediately after the App-V sequencer installs the PK Protect client (and before you tell it that you're done installing), the following registry key needs to be set:

[HKEY_LOCAL_MACHINE\SOFTWARE\PKWARE\SmartCrypt]

"InstallPackage"=dword:00000000

This stops the PK Protect Agent from trying to install the new Windows 11 package on startup (since it won't work in App-V).

19.3.102

PK Endpoint Manager Appliance – OS and Major Packages

For a full list of the packages included in your appliance, see the Systems/Packages page.

PKWARE Enterprise Manager Virtual Appliance
Package / OS	Version
Ubuntu	20.04.4 LTS
Dotnet-host	6.0.6-1
Dotnet-runtime	3.1.26-1
Apache2	2.4.41-4ubuntu3.12
Postgresql	12+214ubuntu0.1
Openssl	1.1.1f-1ubuntu2.15
Python3	3.8.2-0ubuntu2

PKWARE Software Checksums

New PEM Updates:

Type	Sha256 Checksum
Windows Installer	7EAADDE662BFFCDFFAF6AF8C1AD16813E4567EECDE06D717623FF19498E20002
Appliance Upgrade	F21CD9E20727A42A545938DE53B349441D07E1C4CA24288F3540043731FAA683
Appliance OS Upgrade	C1886933D1CAEC4CB1E897F369357E15F3645DD02677407294570EC7EE6D3C21

Base PEM VM:

Format	Sha256 Checksum
OVA	A7D372935FD5FFEDB21603355898C12E37562945D327B9FD608ED51865D44404
QCOW2	8B5474BDBE96BB9D0A00CE142BD0CAADA5FE2BC87CC82C74A47134AB42B0E5DE
VHD	E2503B080E858F10DADBD340FD8B931535AE07D3DB9E7BA017C5C3121CBC816D

PEM Supporting Software:

Product	Checksum
PowerShell Azure App Helper (Create App)	E7CE0827A46B9B062EB2B74DAD0FF8A184A31A5CEF7C6F13DBE73D9271F581BE
PowerShell Azure App Helper (Delete App)	189BBFB48022FCE61146E3FA66BAD3E438B70D816B6EFB77CABEBB185207DAB8
Elasticsearch 7.9.2	1EAF78D94C37EA8ACECF0B2702FC71E54E2A73259CD777056FA92361D8EB0890
AdoptOpenJDK 11	6EB277A3E9305FDF380900D20F4EF7A474F13FDBC92F7709B57945F6FFDC80FC

PK Endpoint Agent (Archive Agent):

Platform	Checksum
Windows Masking 64-bit	F98B2DBE37EE752EA082B6D7F06BA47CB047959AF3E04CC33E10D00ED537C1C7
macOS	D299E8C45A4CDD27F2243360842FB470D71D423AE6AB587B333DB3E0A8E79947
deb 32-bit	B4A33275C98C615175E07CF2694F7FF50812ED457313382B79D4A960549683A4
deb 64-bit	6181CFB03BCF5168ABFB9E1A8D265EEC418D2019F8179FD59531090CB602C2B4
rpm 32-bit	2276170F22EEC9E69033CB3766FBD480625821CEA5EB3BCB454C5273B9F06712
rpm 64-bit	EEC50D4381396073F59FB554FF92DF8FD0DAC0109157776C2D906FC6A7EA1FF5
Linux Discovery Supplemental Package	974590AECFBFB1B14C6F1B6791FE0FAE8D9BEDEA877654AC7BA629CEE1912287
aix bff	1FA07F0EA88D5B5AFC41473272366C502CE7E9E893974CCEC5A25A13B8B7E122
sun4u pkg	12CB51DBFF6C95AF37194047BD0EBAD6987E0F74FC9EC879976A3B37B637E062
i86pc pkg	467B4B1DDA70EB90BA10B543B8A6892604F74140BA9C7162991A891373A58BF5

Windows Deployment JSONs:

Type

Checksum

Upgrading from 16.9 or newer

C1369024AFF0031F1B825C8D05C48AB291D39A76D4FCC7B8533FA44A1CB8BBA0

Upgrading from 16.8 or older

E53079DE80E20E26C4DDBF6023899550CAAA0618DE73A8FCBB1B19081218A626

Transparent Server and Desktop Agent (TDE)

Download	Checksum
DesktopTDE 64-bit	C90F03D9FE4615CC567D8ED185D710A7CEA07323819420293258D1BCAE439940
DesktopTDE 32-bit	CBC00E41949A515534A10D8FE25236E4CCAD0C6927B1B0AB561F5E6ABFCDF79B
TDE 64-bit	5919029843031A5182C86B33B985AEF90F18B4BF72FDCBF57058DE0AA59EFD9A
TDE 32-bit	BBAD65C2F11A806E76A329F8289CF338385BBBAB783C247872629750459EAEE3

Classification

Installers

Checksum

Boldon James Manual Installer

BA433550CD65DD99BF44527FF1D68B532C0DD5D59A8C9F10F71062DE8A5D1FEB

PKWARE Bundled Installer

CB77049DF9935C33401C996660D674A32D23B841A8748DA23716F224160411A3

Related documentation

https://support.pkware.com

Questions and Support

Support Hours and Contact Information

Monday through Friday 8-6 Eastern Time Zone
Technical Support 937.847.2687
Customer Service 937.847.2374
Request Tech Support Form

Support Links