2023-25-October

Release Version: PK Protect Endpoint Manager October 2023

General Availability Date: October 25, 2023

Introduction

The following ‘minor’ release provides new product functionality, resolution to customer reported issues and other general improvements to the PKWARE software.

Updated Components and Versions

PKWARE Component	New Version
PK Endpoint Manager	v19.8.11
PK Endpoint Agent - Persistent Data Encryption (PDE) Agent	v17.80.0007
PK Transparent Server Agent (TDE)	v3.90.7
PKWARE SDK	Java 2020.2.1 / .NET 2020.2.4
PK Protect Mobile App for iOS	2.1.0
PK Protect for Intune Mobile App for iOS	2.1.0
PK Protect Mobile App for Android	2.1.0
PK Protect for Intune Mobile App for Android	2.1.0

PK Endpoint Manager / PK Endpoint Agent Application Version Compatibility

PEM Version

Archive Client Application Versions

PEM v19.8.11

October 2023

Endpoint Agent: 17.80.0007 (Oct 2023), 17.70.0005 (Jul 2023),17.6.0008 (Apr 2023), and
17.50.007 (Jan 2023),
Transparent Server Agent (TDE): v3.90.7

Supported 3^rd Party Platforms

The following PKWARE and 3^rd Party products and versions listed below represent those which have been tested for quality, interoperability, and functional operation. Customers are strongly encouraged to maintain their environment in accordance with the versions and dependencies listed below, to avoid unforeseen issues with compatibility or unexpected behavior.

PK Endpoint Manager
Operating System Type	Version
Microsoft Windows	Windows Server 2022, 2019, 2016
Browser Type	Version
Edge	Edge 117.x
Firefox	118.x
Google Chrome	118.x
Safari	17
Database Type	Version
PostgreSQL	12
MSSQL	SQL Server 2016, 2014
Web Server	Version
Internet Information Server (IIS)	IIS 10.0, 8.5, 8.0
PK Endpoint Agent
Operating System Type	Version
Microsoft Windows	Windows Server 2022, 2019, 2016 Windows 11, 10
MacOS	Ventura (13), Monterey (12), Big Sur (11) (with M1 chip – using Rosetta 2)
Linux – RedHat	RedHat 6 or greater
Linux – SUSE	12 SP5 and 15 SP3 on x86_64
Linux - Ubuntu	14.04 (LTS) and greater on X86 and X86_64
UNIX – IBM AIX	7L version 7.1 (7100-00) or higher
UNIX - Solaris	10 and 11.3 on UltraSPARC and X86
UNIX – HPUX	11iv2 with patches
Operating System Type - Mobile	Version
PK Protect for iOS	14.x
PK Protect for Android	11
SDK
Language	Version
Java v2019.7.1	Dependencies: Java 8 or higher JRE
Application Operating System	Version
MacOS	Monterey (12), Big Sur (11)
Windows	Windows Server 2019, 2016 Windows 10 (64-bit)
Linux – RedHat	RedHat Enterprise Linux 8 (64-bit)
Linux – SUSE	Linux Enterprise Server 12 (64-bit)
Linux – Ubuntu	Ubuntu 18.04 LTS
Language	Version
.NET v2020.2.4	Dependencies: .NET Framework 4.6.1 and higher on Windows .NET Core 2.1, .NET Core 3.1, .NET 6.0 on all platforms (LTS release from Microsoft)
Application Operating System	Version
Windows	Windows Server 2019, 2016 Windows 10 (32-bit + 64-bit)
MacOS	Monterey (12), Big Sur (11)
Linux – RedHat	RedHat Enterprise Linux 8 (64-bit)
Linux – Ubuntu	Ubuntu 18.04 LTS
Other PKWARE Components
Component	Version
PK Transparent Server Agent (TDE) - Server	Windows Server 2022, 2019, 2016
PK Transparent Desktop Agent (TDE) – Desktop	Windows 11, 10
PK Protect Reader – Windows	Windows 10 and higher
PK Protect Reader – macOS	macOS 11 and higher

Features and Improvements

The following capabilities have been added to the Manager, Agent or both in the current release.

PK Protect Endpoint Manager

PK Endpoint Manager

Summary

Appliance / Windows

Version 19.8.11

Features

Quick Start & System Discovery Policy
- Quick Start and System Discovery Targets allow customers to easily start discovering sensitive data and analyze findings without detailed knowledge of PEM. Customers can analyze the findings and use the data to create subsequent Targets to improve their data security posture.
- A new page called Quick Start can be used to quickly set up a System Discovery Target for each platform. Currently only Windows is supported.
- System Discovery Targets are a new kind of Target intended to discover and report sensitive data.
- Targets no longer require local paths and users can select from six predefined paths. These paths are common locations where sensitive data may live.
- A new field has been added to File Protection Policies called
  “Priority File Filters”. These filters allow customers to prioritize file paths and file extensions. When running a Target, the agent will prioritize these paths and extensions before others.
Secure Email: Microsoft Purview Information Protection (MIP) Advancements
- MIP sensitivity labeling support has been expanded to emails.
- The processing of attachments has been improved in Secure Email. Now each attachment is processed through protection
  policies independently. This means each attachment can trigger different remediations or be bypassed all together if deemed
  insensitive.
Secure Email: Global Settings Advancement
- A new field called "Image Discovery” has been added to Email Settings. This field controls whether images in an email body or attachments will attempt to discover sensitive data in images.
- A new field called "Support URL” has been added to Email Settings. This field controls visibility of the help link on the external recipient prompt. The help link will redirect users to the support URL provided.
- There are five prompt scenarios which can now be controlled through email settings: agent connectivity error, action failures,
  unknown errors, sensitive subject encryption, and caching duration. Admins can select to ignore and send, warn with prompt or block with prompt for each scenario.
- Live monitoring has been added to address speed concerns and improve time to process emails. This feature polls the content of
  an email every five seconds for changes and starts scanning for sensitive data. The findings are cached and retrieved upon send
  being clicked. Admins have two options around notifying users about live monitoring findings: do nothing or InfoBar notifications.
Distributed App Pool Usage
- The Distributed App Pool usage page mimics Target status information and displays each Target’s status total. Admins can utilize this data to ensure Distributed App Pools are not being overwhelmed with Target loads and take advantage of the ability to horizontally scale.
Locker and Assignment Conversion to Targets
- Assignments and Lockers will be end-of-life and replaced with Targets. To help customers convert to using Targets, the October release includes an easy conversion process.
- A new Convert link has been added to each Assignment and Locker which allows customers to easily convert to Targets. This
  conversion process is automated to help speed up this process.

PK Endpoint Agent

Windows, Mac, Linux
Version 17.80.0007

Features

Quick Start & System Discovery Policy
- Quick Start and System Discovery Targets allow customers to easily start discovering sensitive data and analyze findings without detailed knowledge of PEM. Customers can analyze the findings and use the data to create subsequent Targets to improve their data security posture.
- A new page called Quick Start can be used to quickly set up a System Discovery Target for each platform. Currently only Windows is supported.
- System Discovery Targets are a new kind of Target intended to discover and report sensitive data.
- Targets no longer require local paths and users can select from six predefined paths. These paths are common locations where sensitive data may live.
- A new field has been added to File Protection Policies called “Priority File Filters”. These filters allow customers to prioritize file paths and file extensions. When running a Target, the agent will prioritize these paths and extensions before others.
PK Secure Email: Microsoft Purview Information Protection (MIP) Advancements
- MIP sensitivity labeling support has been expanded to emails.
- The processing of attachments has been improved in Secure Email. Now each attachment is processed through protection policies independently. This means each attachment can trigger different remediations or be bypassed all together if deemed insensitive.
Latest Discovery improvements
- Discovery improvements have been added to the agent which addressed several issues and performance improvements.

Fixed Issues

Component	ID	Details	Fixed Version
PEM	PEM-671	Added simple expression/selectize box to File Protection Policy filter bundle screen.	19.8
PEM	PEM-883	Added Enabled checkbox to Email Settings. This setting is used by PK Protect agent to decide whether to start up websockets server.	19.8
PEM	PEM-966	MFA Policy “Security Level” was editable for read-only admins and was resolved.	19.8
PEM	PEM-968	MFA policies page had poor performance on cluster replica nodes. The page was reworked to address the performance issue.	19.8
PEM	PEM-1046	PEM startup experienced slowness in some instances. The startup was improved, and logging was added to help diagnose further issues.	19.8
PEM	PEM-1076	Fixed error with GroupSync distributed task reporting higher group counts when AD domain and Azure tenant linked as a connector. This was resolved to not count groups twice.	19.8
Agent	PEM-925	When no registered application exists for a file type after extraction an error dialog appeared, even though the extraction was successful. The agent now attempts to open with Preview.app to avoid confusion.	17.8
Agent	PEM-1031	During asset creation or modification during sync caused a persistent error to log. Error was reported an inordinate number of times causing a segfault while writing to logfile. This has been resolved.	17.8
Agent	PEM-1035	Mac Agent forgot to submit authentication token when communicating with PEM. This resulted in a new authentication token being generated which is not efficient. This was resolved.	17.8
Agent	PEM-1044	There was a potential crash when parsing missing date/time information. This has been resolved.	17.8
Agent	PEM-1105	When sending events to Syslog, it was determined that TAG field cannot contain spaces. This has been resolved.	17.8
Agent	PEM-1180	Logic around prompting without credentials based on a corresponding registry value broke and has been fixed.	17.8
PK Secure Email	PEM-1100	Added select all and deselect all buttons to external recipient prompt.	1.4
PK Secure Email	PEM-1101	Fixed issue when email contact display name included special characters.	1.4

PK Endpoint Manager Appliance – OS and Major Packages

For a full list of the packages included in your appliance, see the Systems/Packages page.

PKWARE Enterprise Manager Virtual Appliance
Package / OS	Version
Ubuntu	20.04.4 LTS
Dotnet-host	7.0.11-1
Dotnet-runtime-3.1	3.1.32-1
Dotnet-runtime-6.0	6.0.22-1
Apache2	2.4.41-4ubuntu3.14
Postgresql	12+214ubuntu0.1
Openssl	1.1.1f-1ubuntu2.19
Python3	3.8.2-0ubuntu2

PKWARE Software Checksums

New PEM Updates:

Type	Sha256 Checksum
Windows Installer	75ac6f7e22ca3044858b3b665775ca0d5e4d949057e03d6edc20e908723df63d
Appliance Upgrade	d8c1ba7464927382b090e54b8ac8a1af0e57b90f68035dba96aa6ef21d82ec1b
Appliance OS Upgrade	d162f33fccdd21554a8582c6e491d7b3b87ea6f94a62197363abe0616ca71508

Base PEM VM (Virtual Machines):

Format	Sha256 Checksum
OVA	CODE `A7D372935FD5FFEDB21603355898C12E37562945D327B9FD608ED51865D44404`
QCOW2	CODE `8B5474BDBE96BB9D0A00CE142BD0CAADA5FE2BC87CC82C74A47134AB42B0E5DE`
VHD	CODE `E2503B080E858F10DADBD340FD8B931535AE07D3DB9E7BA017C5C3121CBC816D`

PEM Supporting Software:

Product	Checksum
PowerShell Azure App Helper (Create App)	CODE `e7ce0827a46b9b062eb2b74dad0ff8a184a31a5cef7c6f13dbe73d9271f581be`
PowerShell Azure App Helper (Delete App)	CODE `189bbfb48022fce61146e3fa66bad3e438b70d816b6efb77cabebb185207dab8`
Elasticsearch 7.9.2	CODE `1eaf78d94c37ea8acecf0b2702fc71e54e2a73259cd777056fa92361d8eb0890`
AdoptOpenJDK 11	CODE `6eb277a3e9305fdf380900d20f4ef7a474f13fdbc92f7709b57945f6ffdc80fc`

PK Endpoint Agent (Archive Agent):

Platform	Checksum
Windows 64- bit	CODE `a82dfd5f472e04559ebdd2eec2f76fb6fb4aa8d563790e5f256f30e7a6603e17`
macOS	CODE `da7df31d7ef893662b8d7e0047bb45a7dc84dbfb3ae78e1ccb9bc56b84cbc96d`
deb 32-bit	CODE `2d02e35105fce6242f9cae74dea3e61c8df224956957de69e057352ed1fb2c27`
deb 64-bit	CODE `26e0b1458b217b132d15a0ce6c7f15f5442ec1ad775d76a1cb2f2128bceaaf1e`
Linux rpm 32-bit	CODE `a671e2b6f0c793652e92ed590f491b6866d21c89a6743a38fc6fc633a283d93b`
Linux rpm 64-bit	CODE `4048a36f65251b1c08ede438149d3538936a9f95b1b3b499d07e5ebdb81778f5`
Linux Discovery Supplemental Package	CODE `539a2372676a999a64c80b2734db9b06cee0bf787f2fd090f27fa3c6ab00cb3d`
aix bff	CODE `15a44bb154242dbfe3f8db4479deb91810ab107e66028f8cf82800a7051ec2e4`
Solaris SPARC sun4u pkg	CODE `a6d67de3d01e65f2d1298aba884185ff6485f3ecbc148a4b659a0cd74921a40f`
Solaries x86 i86pc pkg	CODE `55f707c046ce1f64dc02631f0ff24e59c83c79e1da09d0c0510f79ea3b7def63`

Windows Deployment JSONs:

Type	Checksum
Upgrading from 16.9 or newer	CODE `e462eab1d8b0253ea48fc7ffb93c8f410bd3541fe04f5a5d67ed7b8e3aae27aa`
Upgrading from 16.8 or older	CODE `a3bb05cc120858bf23082b6d05f20dd3b9acf81fa741b68d49be58b91eb709ad`

PK Secure Email Outlook Add-in:

Type	URL
Outlook Add- in	https://addin.pkware.com/v1.4/manifest.xml

Transparent Server and Desktop Agent (TDE)

Download	Checksum
TDE 64-bit	CODE `73e22c1e9b7828736e095f24feeb01300ef21cb5ea644b4378a41ce6ab8dcf51`

Classification

Installers	Checksum
Boldon James Manual Installer	CODE `f90f4deddd3a92f1397a2d8c5247fa1d4693026a6c1bceb6d9f90a0dba184b6f`
PKWARE Bundled Installer	CODE `b832a7516e2e83915e9fe9753d0793bad0cc7b5c84953012b89445fbb8296cb7`

Related documentation

https://support.pkware.com

Questions and Support

Support Hours and Contact Information

Monday through Friday 8-6 Eastern Time Zone
Technical Support 937.847.2687
Customer Service 937.847.2374
Request Tech Support Form

Support Links