Proofpoint | ObserveIT On-Premises Insider Threat Management

What's New

Release Notes for the current release can be found here.

New Features and Enhancements

Enhanced Email Notification for Saved Session

From this release, the email sent when a recorded session is saved and ready for download, has been enhanced to provide additional information that will improve your ability to understand what was saved, by whom and when.

Previously when a session was saved, an email was sent with only the link to the downloaded session and no other information.

The new email format includes:

  • Subject with the text: Saved session is ready for download.

  • Body with the text and relevant information:

    The following session that was saved from within Proofpoint On-Premise Insider Threat Management web console is ready for download:

    • Session Name: <name>

    • Saved Date: <date>

    • Session Date: <date>

    • User Name: <login by>

    • Endpoint Name: <endpoint name>

  • Link to download the session in a .ZIP format

Allow specifying different path for Saved Sessions on the server side

You can configure the destination you want when Windows saved sessions are generated and ready for download. Previously the generated .ZIP files were saved to a fixed folder within the Web Management Console. Now you can select to store the files where you want, such as a separate and dedicated external storage location.

To configure the location, navigate to ConfigurationStorage ManagementSaved Sessions. From the Settings tab, enter the location you want in the Storage Folder area.

If your folder location was previously customized by your Proofpoint representative, you will now need to configure the location again. This new version will overwrite any previously customized locations.

See: Saving Sessions to a Storage Folder

Export up to 100 Alerts to PDF

You can now export a maximum of 100 alerts from the Alerts list to a PDF file. Previously the limit was set at 20 alerts.

See Exporting Alerts to a PDF File

Support for Dynamic Proxy (Windows)

This version supports Dynamic Proxy for Windows Agents allowing agent-server communication to go through different proxies dynamically based on PAC file rules.


  • Dynamic Proxy requires that Proxy Auto-Configuration (PAC) resides on an accessible Web server.

  • This feature is based on proxy settings defined at the Operating System level. The Operating System must be configured to use dynamic proxy for applications running under the System account (not user account). In order to set it (together with PAC file location) or to find out if it’s already set you can run the following commands as Administrator in CMD or Powershell:

    To set it:

    • bitsadmin /util /setieproxy localsystem AUTOSCRIPT

    To find out if it’s already set:

    • bitsadmin /util /getieproxy localsystem

    From Winagent64bit, configure the settings with ProxyType set to 2

    ProxyType=2 Dynamic proxy

    Use the following command line argumets for Proxy Server Installation during installation;

    • ProxyType=0 No proxy (default)
    • ProxyType=1 Static proxy
    • ProxyType=2 Dynamic proxy

The following apply only to static proxy

  • ProxyServerHostname="<URL/IP>" 
  • ProxyServerPort="<Proxy Port>"
  • ProxyDomain="<Domain Login>"

The Updater does not support communicating with the server side via Dynamic Proxy.


version 7.13.2