Introduction

The following ‘minor’ release provides new product functionality, resolution to customer reported issues and other general improvements to the PKWARE software.

Updated Components and Versions

PKWARE Component

New Version

PK Endpoint Manager

v19.3.102

PK Endpoint Agent - Persistent Data Encryption (PDE) Agent

v17.30.0011

PK Transparent Server Agent (TDE)

v3.80.6

PKWARE SDK

Java 2020.2.1 / .NET 2020.2.4

PK Protect Mobile App for iOS

2.0.0

PK Protect for Intune Mobile App for iOS

2.0.0

PK Protect Mobile App for Android

2.0.0

PK Protect for Intune Mobile App for Android

2.0.0

PK Endpoint Manager / PK Endpoint Agent Application Version Compatibility

PEM Version

Archive Client Application Versions

 PEM v19.3.102

  July 2022

Endpoint Agent: 17.30.0011 (July ’22) 17.20.0011 (Apr ’22), 17.10.0017 (Jan ’22), and 17.00.0011 (Sept ’21)   

Transparent Server Agent (TDE): v3.80.6

Supported 3rd Party Platforms

The following PKWARE and 3rd Party products and versions listed below represent those which have been tested for quality, interoperability, and functional operation. Customers are strongly encouraged to maintain their environment in accordance with the versions and dependencies listed below, to avoid unforeseen issues with compatibility or unexpected behavior.

PK Endpoint Manager

Operating System Type

Version

Microsoft Windows

Windows Server 2022, 2019, 2016, 2012, 2012 R2

Browser Type

Version

Edge

Edge 97.x

Firefox

102.0.x

Google Chrome

103.x

Safari

15

Database Type

Version

PostgreSQL

12.5

MSSQL

SQL Server 2016, 2014, 2012

Web Server

Version

Internet Information Server (IIS)

IIS 10.0, 8.5, 8.0, 7.5

PK Endpoint Agent

Operating System Type

Version

 Microsoft Windows

Windows Server 2019, 2016, 2012, 2012 R2

Windows 11, 10, 8.1

 MacOS

Monterey (12), Big Sur (11) (with M1 chip – using Rosetta 2), Catalina (10.15)  

 Linux – RedHat

RedHat 5 or greater   

 Linux – SUSE

10 and greater on x86, and x86_64

 Linux - Ubuntu

14.04 (LTS) and greater on X86 and X86_64

 UNIX – IBM AIX

7L version 7.1 (7100-00) or higher, 6L Version 6.1 (6100-00) or higher with required patches

 UNIX - Solaris

10 or greater on UltraSPARC and X86

 UNIX – HPUX

11iv2 with patches

 IBM z/OS  

  Software: z/OS 2.4, z/OS 2.3, z/OS 2.2, z/OS 2.1, z/OS 1.13             

  Hardware: z10-EC, z10-BC, z-10, z196, z114, zEC12, zBC12,

  z13 (2964), z13 (BC (2965)), z14, zR1, z15

 IBM i

  Software: IBM i 7.4, 7.3, 7.2, 7.1

  Hardware: Power 7, 8 and 9

Operating System Type - Mobile

Version

PK Protect for iOS

15

PK Protect for Android

11  

SDK                                                                      

 Language

Version

 Java

 v2019.7.1

Dependencies:

-  Java 8 or higher JRE

 Application Operating System

Version

 MacOS

Monterey (12), Big Sur (11)

 Windows

Windows Server 2019, 2016, 2012, 2012 R2

Windows 10, 8.1 (64-bit)

 Linux – RedHat

RedHat Enterprise Linux 8 (64-bit)

 Linux – SUSE

Linux Enterprise Server 12 (64-bit)

 Linux – Ubuntu

Ubuntu 18.04 LTS

Language

Version

  .NET

  v2020.2.4

Dependencies:

-  .NET Framework 4.6.1 and higher on Windows

-  .NET Core 2.1 on all platforms (LTS release from Microsoft)

 Application Operating System

Version

 Windows

Windows Server 2019, 2016, 2012, 2012 R2

Windows 10, 8.1 (32-bit + 64-bit)

 MacOS

Monterey (12), Big Sur (11)

 Linux – RedHat

RedHat Enterprise Linux 8 (64-bit)

 Linux – Ubuntu

Ubuntu 18.04 LTS

Other PKWARE Components

 Component

Version

PK Transparent Server Agent (TDE) - Server

Windows Server 2019, 2016, 2012, 2012 R2

PK Transparent Desktop Agent (TDE) – Desktop

Windows 11, 10, 8.1

PK Protect Reader – Windows

Windows 8.1 and higher

PK Protect Reader – macOS

macOS 10.13 and higher  

Features and Improvements

The following capabilities have been added to the Manager, Agent or both in the current release.

PK Endpoint Manager

PK Endpoint Manager

Summary

Appliance / Windows

Version 19.3.102

Features

  • Local Caching of User and Group Information

o   PK for Endpoints now caches user and group information from Microsoft Active Directory in the local PEM databased

o   This allows for local look ups instead of having to connect with and obtain information from the live Active Directory instance each time user / group information needs to be looked up and/or verified.

o   PEM syncs with the live Active Directory at pre-defined intervals, however also supports a ‘sync Accounts (users)’ and ‘Sync Groups’ function to provide and on-demand synchronization with the live Active Directory instance.

  • Contingency Feature Updates

o   A new checkbox has been added to the Contingency Users feature, allowing an Admin to explicitly turn on or off, the feature

o   If enabled, this feature will allow defined users to decrypt any files encrypted with any key from this point it was enabled, forward  

o   If disabled, the contingency public key will be ‘deactivated’ and the members of the policy will not be able to decrypt previously encrypted files (with the prior contingency key) nor will they be able to decrypt newly encrypted files.

o   If re-enabled it will re-instate the prior, disabled contingency public key. All members will be able to decrypt files, encrypted with that prior, original key; and newly encrypted files after the feature was re-enabled 

o   While the feature was disabled / paused, those files will not be able to be decrypted by a contingency group member. 

  • Execute CSR (Certificate Signing Request) from the PEM   

o   The PK Endpoints product requires a valid SSL certificate to be used with the product. In prior versions of the PEM, the process of making the request for a certificate to be generated was executed through the appliance console

o   A new capability has been added to the PEM on the ‘System’ > ‘SSL’ page to generate the request directly from the PEM UI.

  • Suppressing the list of all scope entries in the UI table views

o   The scope columns in the table views for assignments and community keys, can contain many entries that cause the field to expand greatly.

o   This field has been modified to only show the first ten, then reference ‘... and xx more’; so the field doesn’t fully expand.

  •  Comments fields added to primary configuration fields

o   A ‘comments’ section has been added to the ‘Discovery’, ‘File Filters’, ‘Patterns’, and ‘Assignments configuration pages

o   Comments can be used to document the purpose, scope and intent of the configuration or provide other notes that can be useful to administrators.

PK Endpoint Agent

Summary

Windows, Mac, Linux

Version 17.30.0011

Features

  • Contingency Feature Updates

o   A new checkbox has been added to the Contingency Users feature, allowing an Admin to explicitly turn on or off, the feature

o   If enabled, this feature will allow defined users to decrypt any files encrypted with any key from this point it was enabled, forward  

o   If disabled, the contingency public key will be ‘deactivated’ and the members of the policy will not be able to decrypt previously encrypted files (with the prior contingency key) nor will they be able to decrypt newly encrypted files.

o   If re-enabled it will re-instate the prior, disabled contingency public key. All members will be able to decrypt files, encrypted with that prior, original key; and newly encrypted files after the feature was re-enabled 

o   While the feature was disabled / paused, those files will not be able to be decrypted by a contingency group member.

Fixed Issues

Component

ID

Summary

Details

Affected Version

PEM

MGR-4651

Provisional Accounts allowed to be scoped in some policies it shouldn't be allowed

MFA/Unmanaged Accounts

19.2+

PEM

MGR-4607

Identities Accounts Search Usability issue

Repeated Searches could cause the browser to navigate backwards many pages

19.1+

PEM

MGR-4674

Security Vulnerability with BackupConfig endpoint

Unprotected Certificate was being included in the backup package. See JIRA for more details

before 19.0+

PEM

MGR-4707

Timestamp Visual issue for Tasks

Mismatch in showing UTC versus Local Time

 

Client

ARC-2976

Authentication Policy Check for computers not joined to any domain

These machines could get stuck only trying to do IWA and not prompting the user to enter credentials

17.2

Client

ARC-2978

AuditLogPolicy was only being used on Windows

The user policy was being fetched but falling back to the default policy

17.2

Implementation Notes

Component

Summary

Details

Affected Version

PEM / Appliance

When executing an upgrade, the OS upgrade must be executed prior to the PEM upgrade

The July release the product has been updated to support .NET 6. The OS upgrade is the component that installs .NET 6. Therefore the OS upgrade must be executed first.

 19.3.102

PK Protect / App-V Deployments

Before starting the App-V sequencer (and installing the PK Protect client), the following registry key needs to be set:

[HKEY_LOCAL_MACHINE\SOFTWARE\PKWARE\SmartCrypt\UI]


"CtxMenu"=dword:00000001


This makes the PK Protect installer activate the legacy Windows Explorer integration instead of the new Windows Explorer integration. Immediately after the App-V sequencer installs the PK Protect client (and before you tell it that you're done installing), the following registry key needs to be set:

[HKEY_LOCAL_MACHINE\SOFTWARE\PKWARE\SmartCrypt]

"InstallPackage"=dword:00000000

This stops the PK Protect Agent from trying to install the new Windows 11 package on startup (since it won't work in App-V).



19.3.102

PK Endpoint Manager Appliance – OS and Major Packages

For a full list of the packages included in your appliance, see the Systems/Packages page.

PKWARE Enterprise Manager Virtual Appliance

Ubuntu

20.04.4 LTS  

Dotnet-host

6.0.6-1

Dotnet-runtime

3.1.26-1

Apache2

2.4.41-4ubuntu3.12

PostgreSQL

12+214ubuntu0.1

Openssl

1.1.1f-1ubuntu2.15

Python3

3.8.2-0ubuntu2

PKWARE Software Checksums

 New PEM Updates:

Type

Sha256 Checksum

Windows Installer

7EAADDE662BFFCDFFAF6AF8C1AD16813E4567EECDE06D717623FF19498E20002


Appliance Upgrade

F21CD9E20727A42A545938DE53B349441D07E1C4CA24288F3540043731FAA683


Appliance OS Upgrade

C1886933D1CAEC4CB1E897F369357E15F3645DD02677407294570EC7EE6D3C21

 

 

Base PEM VM:

Format

Sha256 Checksum

OVA

A7D372935FD5FFEDB21603355898C12E37562945D327B9FD608ED51865D44404

 

QCOW2

8B5474BDBE96BB9D0A00CE142BD0CAADA5FE2BC87CC82C74A47134AB42B0E5DE

 

VHD

E2503B080E858F10DADBD340FD8B931535AE07D3DB9E7BA017C5C3121CBC816D