Release Notes
Introduction
The following ‘minor’ release provides new product functionality, resolution to customer reported issues and other general improvements to the PKWARE software.
Updated Components and Versions
PKWARE Component | New Version |
PK Endpoint Manager | v19.3.102 |
PK Endpoint Agent - Persistent Data Encryption (PDE) Agent | v17.30.0011 |
PK Transparent Server Agent (TDE) | v3.80.6 |
PKWARE SDK | Java 2020.2.1 / .NET 2020.2.4 |
PK Protect Mobile App for iOS | 2.0.0 |
PK Protect for Intune Mobile App for iOS | 2.0.0 |
PK Protect Mobile App for Android | 2.0.0 |
PK Protect for Intune Mobile App for Android | 2.0.0 |
PK Endpoint Manager / PK Endpoint Agent Application Version Compatibility
PEM Version | Archive Client Application Versions |
PEM v19.3.102 July 2022 | Endpoint Agent: 17.30.0011 (July ’22) 17.20.0011 (Apr ’22), 17.10.0017 (Jan ’22), and 17.00.0011 (Sept ’21) Transparent Server Agent (TDE): v3.80.6 |
Supported 3rd Party Platforms
The following PKWARE and 3rd Party products and versions listed below represent those which have been tested for quality, interoperability, and functional operation. Customers are strongly encouraged to maintain their environment in accordance with the versions and dependencies listed below, to avoid unforeseen issues with compatibility or unexpected behavior.
PK Endpoint Manager | |
Operating System Type | Version |
Microsoft Windows | Windows Server 2022, 2019, 2016, 2012, 2012 R2 |
Browser Type | Version |
Edge | Edge 97.x |
Firefox | 102.0.x |
Google Chrome | 103.x |
Safari | 15 |
Database Type | Version |
PostgreSQL | 12.5 |
MSSQL | SQL Server 2016, 2014, 2012 |
Web Server | Version |
Internet Information Server (IIS) | IIS 10.0, 8.5, 8.0, 7.5 |
PK Endpoint Agent | |
Operating System Type | Version |
Microsoft Windows | Windows Server 2019, 2016, 2012, 2012 R2 Windows 11, 10, 8.1 |
MacOS | Monterey (12), Big Sur (11) (with M1 chip – using Rosetta 2), Catalina (10.15) |
Linux – RedHat | RedHat 5 or greater |
Linux – SUSE | 10 and greater on x86, and x86_64 |
Linux - Ubuntu | 14.04 (LTS) and greater on X86 and X86_64 |
UNIX – IBM AIX | 7L version 7.1 (7100-00) or higher, 6L Version 6.1 (6100-00) or higher with required patches |
UNIX - Solaris | 10 or greater on UltraSPARC and X86 |
UNIX – HPUX | 11iv2 with patches |
IBM z/OS | Software: z/OS 2.4, z/OS 2.3, z/OS 2.2, z/OS 2.1, z/OS 1.13 Hardware: z10-EC, z10-BC, z-10, z196, z114, zEC12, zBC12, z13 (2964), z13 (BC (2965)), z14, zR1, z15 |
IBM i | Software: IBM i 7.4, 7.3, 7.2, 7.1 Hardware: Power 7, 8 and 9 |
Operating System Type - Mobile | Version |
PK Protect for iOS | 15 |
PK Protect for Android | 11 |
SDK | |
Language | Version |
Java v2019.7.1 | Dependencies: - Java 8 or higher JRE |
Application Operating System | Version |
MacOS | Monterey (12), Big Sur (11) |
Windows | Windows Server 2019, 2016, 2012, 2012 R2 Windows 10, 8.1 (64-bit) |
Linux – RedHat | RedHat Enterprise Linux 8 (64-bit) |
Linux – SUSE | Linux Enterprise Server 12 (64-bit) |
Linux – Ubuntu | Ubuntu 18.04 LTS |
Language | Version |
.NET v2020.2.4 | Dependencies: - .NET Framework 4.6.1 and higher on Windows - .NET Core 2.1 on all platforms (LTS release from Microsoft) |
Application Operating System | Version |
Windows | Windows Server 2019, 2016, 2012, 2012 R2 Windows 10, 8.1 (32-bit + 64-bit) |
MacOS | Monterey (12), Big Sur (11) |
Linux – RedHat | RedHat Enterprise Linux 8 (64-bit) |
Linux – Ubuntu | Ubuntu 18.04 LTS |
Other PKWARE Components | |
Component | Version |
PK Transparent Server Agent (TDE) - Server | Windows Server 2019, 2016, 2012, 2012 R2 |
PK Transparent Desktop Agent (TDE) – Desktop | Windows 11, 10, 8.1 |
PK Protect Reader – Windows | Windows 8.1 and higher |
PK Protect Reader – macOS | macOS 10.13 and higher |
Features and Improvements
The following capabilities have been added to the Manager, Agent or both in the current release.
PK Endpoint Manager | |
PK Endpoint Manager | Summary |
Appliance / Windows Version 19.3.102 | Features
o PK for Endpoints now caches user and group information from Microsoft Active Directory in the local PEM databased o This allows for local look ups instead of having to connect with and obtain information from the live Active Directory instance each time user / group information needs to be looked up and/or verified. o PEM syncs with the live Active Directory at pre-defined intervals, however also supports a ‘sync Accounts (users)’ and ‘Sync Groups’ function to provide and on-demand synchronization with the live Active Directory instance.
o A new checkbox has been added to the Contingency Users feature, allowing an Admin to explicitly turn on or off, the feature o If enabled, this feature will allow defined users to decrypt any files encrypted with any key from this point it was enabled, forward o If disabled, the contingency public key will be ‘deactivated’ and the members of the policy will not be able to decrypt previously encrypted files (with the prior contingency key) nor will they be able to decrypt newly encrypted files. o If re-enabled it will re-instate the prior, disabled contingency public key. All members will be able to decrypt files, encrypted with that prior, original key; and newly encrypted files after the feature was re-enabled o While the feature was disabled / paused, those files will not be able to be decrypted by a contingency group member.
o The PK Endpoints product requires a valid SSL certificate to be used with the product. In prior versions of the PEM, the process of making the request for a certificate to be generated was executed through the appliance console o A new capability has been added to the PEM on the ‘System’ > ‘SSL’ page to generate the request directly from the PEM UI.
o The scope columns in the table views for assignments and community keys, can contain many entries that cause the field to expand greatly. o This field has been modified to only show the first ten, then reference ‘... and xx more’; so the field doesn’t fully expand.
o A ‘comments’ section has been added to the ‘Discovery’, ‘File Filters’, ‘Patterns’, and ‘Assignments configuration pages o Comments can be used to document the purpose, scope and intent of the configuration or provide other notes that can be useful to administrators. |
PK Endpoint Agent | Summary |
Windows, Mac, Linux Version 17.30.0011 | Features
o A new checkbox has been added to the Contingency Users feature, allowing an Admin to explicitly turn on or off, the feature o If enabled, this feature will allow defined users to decrypt any files encrypted with any key from this point it was enabled, forward o If disabled, the contingency public key will be ‘deactivated’ and the members of the policy will not be able to decrypt previously encrypted files (with the prior contingency key) nor will they be able to decrypt newly encrypted files. o If re-enabled it will re-instate the prior, disabled contingency public key. All members will be able to decrypt files, encrypted with that prior, original key; and newly encrypted files after the feature was re-enabled o While the feature was disabled / paused, those files will not be able to be decrypted by a contingency group member. |
Fixed Issues
Component | ID | Summary | Details | Affected Version |
PEM | MGR-4651 | Provisional Accounts allowed to be scoped in some policies it shouldn't be allowed | MFA/Unmanaged Accounts | 19.2+ |
PEM | MGR-4607 | Identities Accounts Search Usability issue | Repeated Searches could cause the browser to navigate backwards many pages | 19.1+ |
PEM | MGR-4674 | Security Vulnerability with BackupConfig endpoint | Unprotected Certificate was being included in the backup package. See JIRA for more details | before 19.0+ |
PEM | MGR-4707 | Timestamp Visual issue for Tasks | Mismatch in showing UTC versus Local Time |
|
Client | ARC-2976 | Authentication Policy Check for computers not joined to any domain | These machines could get stuck only trying to do IWA and not prompting the user to enter credentials | 17.2 |
Client | ARC-2978 | AuditLogPolicy was only being used on Windows | The user policy was being fetched but falling back to the default policy | 17.2 |
Implementation Notes
Component | Summary | Details | Affected Version |
PEM / Appliance | When executing an upgrade, the OS upgrade must be executed prior to the PEM upgrade | The July release the product has been updated to support .NET 6. The OS upgrade is the component that installs .NET 6. Therefore the OS upgrade must be executed first. | 19.3.102 |
PK Protect / App-V Deployments | Before starting the App-V sequencer (and installing the PK Protect client), the following registry key needs to be set: [HKEY_LOCAL_MACHINE\SOFTWARE\PKWARE\SmartCrypt\UI] "CtxMenu"=dword:00000001 | This makes the PK Protect installer activate the legacy Windows Explorer integration instead of the new Windows Explorer integration. Immediately after the App-V sequencer installs the PK Protect client (and before you tell it that you're done installing), the following registry key needs to be set: [HKEY_LOCAL_MACHINE\SOFTWARE\PKWARE\SmartCrypt] "InstallPackage"=dword:00000000 This stops the PK Protect Agent from trying to install the new Windows 11 package on startup (since it won't work in App-V). | 19.3.102 |
PK Endpoint Manager Appliance – OS and Major Packages
For a full list of the packages included in your appliance, see the Systems/Packages page.
PKWARE Enterprise Manager Virtual Appliance | |
Ubuntu | 20.04.4 LTS |
Dotnet-host | 6.0.6-1 |
Dotnet-runtime | 3.1.26-1 |
Apache2 | 2.4.41-4ubuntu3.12 |
PostgreSQL | 12+214ubuntu0.1 |
Openssl | 1.1.1f-1ubuntu2.15 |
Python3 | 3.8.2-0ubuntu2 |
PKWARE Software Checksums
New PEM Updates:
Type | Sha256 Checksum |
Windows Installer | 7EAADDE662BFFCDFFAF6AF8C1AD16813E4567EECDE06D717623FF19498E20002 |
Appliance Upgrade | F21CD9E20727A42A545938DE53B349441D07E1C4CA24288F3540043731FAA683 |
Appliance OS Upgrade | C1886933D1CAEC4CB1E897F369357E15F3645DD02677407294570EC7EE6D3C21 |
Base PEM VM:
Format | Sha256 Checksum |
OVA | A7D372935FD5FFEDB21603355898C12E37562945D327B9FD608ED51865D44404 |
QCOW2 | 8B5474BDBE96BB9D0A00CE142BD0CAADA5FE2BC87CC82C74A47134AB42B0E5DE |
VHD | E2503B080E858F10DADBD340FD8B931535AE07D3DB9E7BA017C5C3121CBC816D |