Proofpoint | ObserveIT On-Premises Release Notes version 7.15.3

Version 7.15.3

This document provides information about new features, issues that were discovered and fixed since the previous release, and any limitations of the release. It is important that you read this document before you install and configure this version.

For information about how to install and upgrade, see:

This version includes security fixes and new features.

New Features and Enhancements

Image Security Notification

A new notification has been added to clarify to users that to enable Image Security for all application servers, you must change the Image Security setting to ON for each server. This reminds users that selecting Enable Image Security only updates the selected server.

The following message displays after the first time Image Security is set to ON::

Image Security does not apply on all application servers. To enable it for all servers, change the setting Image security to ON for each application server.

(This option is located in > Security & Privacy >Security tab in the App Server Name area.

Screenshot Storage Updated Support

From version 7.15.3, screenshot storage is allowed on file systems only. Screenshot Storage: 7.15.2 was the last version allowing screenshot storage on SQL Server database. If you are upgrading, any previously stored screenshots will remain in their current location.

The file system is composed of both HOT storage (Fast SSD drive) and WARM storage (Standard disk drive).

Application Server

The following describes the modifications to the Application server installation process:

  • Silent parameters to define the storage when installing the Application server:

    HOT_STORAGE

    WARM_STORAGE

    ARCHIVE_STORAGE

  • Example of a command line with the parameters:

    msiexec /i "ObserveIT.AppServerSetup.msi" /quiet /norestart DATABASE_SERVER="<DB_SERVER_NAME>" DATABASE_LOGON_TYPE="WindowsAccount" SERVICE_USERNAME="<SERVICE_USERNAME>" SERVICE_PASSWORD="<SERVICE_PASSWORD>" TARGETAPPPOOL="<POOL_NAME>" TARGETSITE="<SITE_NAME>" HOT_STORAGE="<HOT_STORAGE_PATH>" WARM_STORAGE="<WARM_STORAGE_PATH>" ARCHIVE_STORAGE="<ARCHIVE_STORAGE_PATH>" /leo ObserveITWebServices_setup.txt

  • For manual Application server installation, when prompted, add the path to HOT, WARM and ARCHIVE Storage. (If this is a new installation, these fields will be available. If this is an upgrade and you have already designated paths, the fields will be grayed-out.

See Installing ITM On-Prem (ObserveIT) Application Server.

Support for Thunderbolt 3 Protocol

Thunderbolt 3 storage devices are now supported.

You can monitor and capture activities involving the Thunderbolt device. This includes detection of both device insertion and exfiltration to a Thunderbolt device - similar to USB insertion and detection.

See Detecting the Insertion of an External Device

db_creator Permissions

From version 7.15.3, db_owner (for SQL Database) permissions are no longer required for the following:

  • Ability to upgrade the SQL Database without db_creator permissions.

  • Ability to complete a successful SQL Database clean install script - if a database is already created (manually) - without db_owner permissions and with the following permissions instead: db_datareader, db_datawriter, db_ddladmin.

macOS Sonoma 14.4 Support

Mac Agent 7.15.3 was certified on the latest 14.4 service pack for macOS Sonoma.

Updated .NET Core Support

  • . NET Core upgraded to 6.0.419

Resolved Issues

Resolved Issues

[Issue 1071]: Fixed an issue where the loading time for the Diary and Search tabs in manual Archive launch was improved.

[Issue 1067]: Fixed an issue where the Archive Database could not be upgraded to versions 7.15.3 and forward.

[Issues 1074, 974]: Fixed an issue where from Endpoint ManagementEndpoints tab, the Status dropdown did not allow selecting and filtering by Not Reporting value.

[Issue 1062]: Fixed an issue where clicking Cancel button in the Choose File dialog on Japanese localized Mac Agent, canceled activity was reported as File Upload.

[Issue 1046]: Fixed an issue where the field Amount of Pages was incorrectly set to 1 when printing a .DOCX or .PPTX file.

[Issue 1089]: Fixed an issue where screenshots did not display in the Session Player when the Agent was installed in a different time zone than the server.

[Issue 1066]: Fixed an issue where trace log files size increased very quickly.

[Issue 1061]: Fixed an issue where an email notification was not sent to the Admin when a saved session was ready for download.

[Issue 1053]: Fixed an issue where built-in reports (Google, Bing and Yahoo searches the past 2 weeks) were not saved with the .XLS extension when the generated reports were exported to Excel.

[Issue 1050]: Fixed an issue where an error message was displayed on Web Console when clicking on an Alert to see its details.

[Issue 926]: Fixed an issue where an internal file operation by Chrome in a \temp folder, was reported incorrectly as User File Upload or Download.

[Issue 818]: Fixed an issue where trace files were not created when Health Monitoring service failed to start.

[Issues 1081, 1037]: Fixed an issue where screenshots capture by Agent failed in Sonoma 14.3.1.

[Issue 923]: Fixed an issue where activities in environments with 10000 or more endpoints were sent to QRadar, data arrived after a couple of days and with duplicate records.

[Issue 1048]: Fixed an issue where the archive processing consistently failed after upgrade to 7.15.x.

[Issue 1079]: Fixed an issue where error messages were displayed in the Web Console due to deadlocks in the database.

[Issue 1075]: Fixed an issue where during upgrade, error messages displayed related to file monitoring.

[Issue 946]: Fixed an issue where in Endpoint ManagementEndpoints, Unregister was selected for a specific Agent, all Agents were unregistered.

[Issue 1073]: Fixed an issue where when clicking Update button in the Load Balancer area of the Security & Privacy screen, the setting incorrectly reverted to HTTP from HTTPs.