Dell Data Guardian Technical Advisories v2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2019 Dell Inc. All rights reserved.Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Data Guardian Technical Advisories................................................................................................ 5 Contact Dell ProSupport...................................................................................................................................................... 6 New Features and Functionality v2.8................................................................................................................................. 6 Technical Advisories v2.
Technical Advisories v1.3/v1.0........................................................................................................................................... 27 New Features and Functionality v1.2................................................................................................................................ 28 Windows Resolved Technical Advisories v1.2..................................................................................................................
1 Data Guardian Technical Advisories This document provides information about Data Guardian features and changes in each major release, any issues resolved from a prior release, and any technical advisories in the current release. Data Guardian provides security, authority, and forensic visibility - all through a single solution. The product is available from Windows, Mac, or iOS and Android mobile devices with cross-platform compatibility.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Technical Advisories v2.2 New Features and Functionality v2.1 Resolved Technical Advisories v2.1 Technical Advisories v2.1 New Features and Functionality v2.0.1 Resolved Technical Advisories v2.0.1 Technical Advisories v2.0.1 New Features and Functionality v2.0 Resolved Technical Advisories v2.0 Technical Advisories v2.0 New Features and Functionality v1.6/v1.3 Resolved Technical Advisories v1.6 Technical Advisories v1.6/v1.
• • Data Loss Prevention (DLP) now focuses on Data Guardian's mobile clients and web portal. In Windows, some workflows have been reenabled to improve performance. Therefore, the following policies no longer apply for Windows in Data Guardian v2.8 and higher: • Block Print Screen • Print Control • Export Control • Protected Office Document Process Protection • Protected Office Clip Board Unauthorized Text • On Screen Watermark • No red border displays on protected Office documents or protected emails.
Mac v2.8 • No technical advisories. Mobile v2.8 • • Currently, for Android mobile devices with Data Guardian, audit logs are not generating when a user deletes a .xen file or when a user selects File Upload. [DDPCE-12287] If an enterprise enables Data Guardian for mobile devices, they must configure their firewall so that users can use the mobile devices on the company network. [DDPCE-14562] Web Portal v2.
New Features and Functionality v2.6 All Platforms v2.6 • • In an on-prem environment and if the administrator enables the feature for Access Groups, internal users have a pre-share option for protected Office documents and files encrypted with Basic File Protection. The Protected File Access pre-share user interface allows users to select one or more access groups when sharing a protected file. External users who own a file can use the pre-share option.
Mac v2.6 • If the administrator removes a file extension from the Basic File Protection Configuration policy field, the Properties > Dell Data Guardian tab and file overlay icon may be removed during the one-time sweep before the file has finished decrypting. Users may need to wait several minutes for the file to fully decrypt.
Technical Advisories v2.5 Windows v2.5 • • Currently, if the administrator enables or disables the File Icon Overlay policy, users must manually refresh any opened File Explorer to view the correct file overlay behavior. If enabled and the overlay icon does not display for users, the administrator can navigate to the Microsoft Registry, HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers.
Resolved Technical Advisories v2.4 Windows v2.4 • Protected documents no longer fail to open with Office 2013 when Data Guardian is configured in disconnected mode. [DDPCE-11812, DDPSUS-2468] Mac v2.4 • An issue resulting when requesting access for multiple shared files to an external user has now been resolved. [DDPCE-11786] Mobile v2.4 • • Adding several images simultaneously to the Data Guardian application works as expected. [DDPCE-9532] Office 2019 is now supported for Android.
Resolved Technical Advisories v2.3 Mac v2.3 • During installation of Data Guardian, "Install for me Only" selection is no longer available for users to select. [DDPCE-10807] Technical Advisories v2.3 Windows v2.3 • For the Block Print Screen policy to block this option for users, Data Guardian must be installed and run on the client operating system, not a VM or Remote Desktop. [DDPCE-11612] Mac v2.3 • No technical advisories exist. Mobile v2.3 • No technical advisories exist. Web Portal v2.
• PDFs now support Modify Audit Events for protected Office documents. [DDPCE-10452] Mac v2.2 • • Files inside file bundles are no longer encrypted. [DDPCE-10546] Files are no longer encrypted in the Unprotected Documents folder. [DDPCE-10686] Mobile v2.2 • Resolved an issue where pressing the back button on devices running Android operating systems would result in the application closing instead of returning to the home screen for Data Guardian. [DDPCE-10385] Web Portal v2.
Mac v2.1 • • macOS Mojave 10.14 and 10.14.1 are now supported. Automatic tenant detection and provisioning is supported. When a user provides an email address and password, the system automatically determines the needed configuration information and sends all the needed data to the client allowing an activation against the intended tenant. If the user exists in more than one tenant, then the system will prompt the user to select one of the available tenants. Mobile v2.
• If a user's authentication token expires before any offline keys have been uploaded to the server, disconnecting, and subsequently reconnecting to the network will force the keys to upload. [DDPCE-10764] Mac v2.1 • • • • • • • • [SaaS] If a user enters an invalid email ID with a domain name that belongs to a configured Tenant, the user will be redirected to Azure to login.
Web Portal v2.1 • No technical advisories exist. New Features and Functionality v2.0.1 Windows v2.0.1 • Added 09/28/2018 - Data protection for email is now available. In this initial release, a preview of Data Loss Prevention (DLP) is included with future releases continuing to add further improvements. As always, data in motion is protected, including protected Office documents, files protected by Basic File Protection, and emails protected by Data Guardian.
New Features and Functionality v2.0 Windows v2.0 • Dell IP Data Classification: allows administrators to choose which files should be encrypted based on content. • • • In Windows for Office documents and PDFs, the Data Classification Rules policy allows administrators to select rules that enforce encryption on sensitive data. The Classification rules can be set at the Enterprise, Endpoint Groups, or Endpoints populations.
Mac v2.0 • Uploading files to OneDrive no longer becomes unresponsive with user account almost full. [DDPCE-8266] Mobile v2.0 • Search filters are working as expected on the Content Security Policy screen when a user opens Data Guardian on an iOS. [DDPCE-7325] Web Portal v2.0 • • The viewer and Editor menus are localized to Japanese language. [DDPCE-6644] Users are able to open encrypted files not encrypted by Data Guardian when logged in and browsing for secured PDF files.
• OneDrive for Business may not properly bind initially due to a rare communication issue with OneDrive. To resolve, attempt to add the OneDrive for Business account again. [DDPCE-10320] Web Portal v2.0 • No technical advisories exist. New Features and Functionality v1.6/v1.3 All Clients Windows v1.6 • • Data Guardian agents detect and encrypt files based on Titus Classification. Files identified with certain classification based on Titus will automatically encrypt as a protected office document.
• Desktop, the user can disable Clipboard within the Remote Desktop Connection based on Microsoft's documentation here:https:// msdn.microsoft.com/en-us/library/aa380804(v=vs.85).aspx. [DDPCE-8250] In some cases, when using the recovery tool to recover large number of files pointed to a network location, the recovery tool fails to recover all the files. [DDPCE-8277] Mac v1.6 • • • Currently, when linking Google drive to Data Guardian, users are required to submit user credentials more than one time.
• • Administrators can now define applications that can be blocked from running while protected office documents are opened, such as the Snipping Tool built into Windows 10. A durable device identifier has been created. This will be used in future releases of the Dell Servers for device identification and management. Mac v1.5 • • IPV6 is now supported for Mac. If protected office document encryption is on, then Data Guardian will sweep the files.
• • • • • Added 3/2018-Currently, if you try saving an unprotected PDF with the same name as a previously deleted PDF, you will receive an error message "A device attached to the system is not functioning" when Data Guardian is active. The workaround is to choose a different file name. [DDPCE-7397] OneDrive's Files On-Demand feature is not supported with Data Guardian.
Windows v1.4 • Protected .pdf files can be opened and edited with Adobe Acrobat Reader DC. NOTE: The following are not supported: Adobe Acrobat Standard DC, Adobe Acrobat Pro DC, and Adobe Acrobat DC. • • • • • • • As part of the Acrobat Reader DC functionality, users can add annotations to a protected .pdf file or complete a form. When the file is saved, a new protected .pdf file is created that includes the changes. To enhance security, when one protected .
Technical Advisories v1.4/v1.1 Windows v1.4 • • • • • • • • • • • • • Occasionally, in Excel, if a user selects File > New > New workbook and then selects File > Open to select a file from the network or in Protected view, Excel will not open. To work around this issue, close the workbook before opening from the network or in Protected View. [DDPCE-6411] When using Excel 2010, users can drag and drop a protected Excel document to an unprotected one.
New Features and Functionality v1.3.1/v1.0 Mac v1.3.1 • • iOS 11.x is now supported. The Data Guardian Dropbox SDK was upgraded to 2.0 to support the new Dropbox API. Mobile v1.3.1 • • iOS 11.x is now supported. For iOS and Android, the Data Guardian Dropbox SDK was upgraded to 2.0 to support the new Dropbox API. New Features and Functionality v1.3/v1.0 All Clients v1.3/v1.
Resolved Technical Advisories v1.3 All Clients v1.3 • An external user no longer must reactivate Data Guardian after being removed from the Full Access List. [DDPS-5021] Windows v1.3 • • • • • • • • • • • • • • • • The print watermark is no longer obscured in a protected Word document when a white image is added and moved behind the text. [DDPCE-2239] The proper error message is now received when attempting to copy data from a protected office document to a new unprotected office document.
Windows v1.3 • • • • • • • • • • • Save is not enabled in a new protected PowerPoint file until after the file is saved for the first time. To work around this issue, use File > Save. [DDPCE-5511] An error related with \Users\...\Dropbox\.dropbox.cache may occur with Dropbox for Business, with an error in the log that is similar to: Err CBFSPortalFolder [6084] - Initialize - Folder 'C:\Users\SCTest21\Dropbox (Dell Official Team)\.dropbox.cache', Unable to find database record for folder.
Windows v1.2 • • • • • New audit events supported with Windows clients track when an internal user is blocked from copying protected content and when an external user requests access to a file. External users with Data Guardian installed and activated on Windows, Mac, or a mobile device can now directly and immediately request file access from internal users. Administrators can grant or deny access through the Dell Remote Management Console when internal users are unavailable.
Technical Advisories v1.2 Windows v1.2 • • • • • • • • • • For Office 2010 and 2013, if a user selects Attach File in Outlook for a protected Office document, the user must select Insert not Insert as Text. As a protected document, the Office file's cover page displays a warning that the document is protected. For Office 2016, a user can select Insert as Text, but the file content is not protected. [DDPCE-4611] Dropbox Smart Sync is disabled when Data Guardian is installed.
Mobile v1.1 • • When Office documents or macro-enabled documents are created on an Android or iOS client that is not connected to the Dell Server, encryption keys are generated offline and then uploaded to the Dell Server the next time the device is online. New geofencing policies for Android and iOS clients allow administrators to restrict protected office document and .xen file access to a specified region. Regions currently include the United States and Canada. Resolved Technical Advisories v1.
• • • • • • • • • • • • • • • • • • • • • • When a new folder is created in the Secure Lifecycle virtual drive and a new file is added to it, the help file specified in the Help File Name and Help File Contents policies is not added to the folder. [DDPCE-1824] When a user with a personal Dropbox account joins a Dropbox for Business team, the user must restart the computer in order for Secure Lifecycle to protect all Dropbox files.
• Occasionally, the iOS application may become unresponsive when a file is synced over a slow network connection. [DDPCE-4163] Mac v1.0 • • • • • Added 4/2017 - If a user drags the Secure Lifecycle application to the trash, credentials such as email and Dell Server name may remain in the key chain. If the user reinstalls with a different Dell Server, to work around this issue, click Change Server and enter the new Dell Server information when Secure Lifecycle is launched.
2 Software and Hardware Compatibility Data Guardian is tested with third-party software and hardware as needed. Dell reports problems found during testing to other vendors, where appropriate. Hacks and Utilities • 34 Hacks or utilities that alter device manufacturer performance specifications are not supported.
