Proofpoint | ObserveIT On-Premises Release Notes version 7.12.1

Version 7.12.1

This document provides information about features, issues that were discovered and fixed since the previous release, and any limitations of the release. It is important that you read this document before you install and configure this version.

For information about how to install and upgrade, see:

This version includes security fixes, that address the following:

  • CVE-2021-40842: ITM Server Blind SQL injection via dbName parameter High (8.1) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

  • CVE-2021-40843: ITM Server Unsafe Deserialization of Data Retrieved from DB High (8.8) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

New Features and Enhancements

Linux Alert Rule for Current Working Directory (pwd)

In Linux Alert rules, you can now create a rule that will generate an alert if a user tries to execute a command from a specific working directory. When this alert is triggered it will be displayed in the Alerts views and will be captured by the screen recorder when enabled. In addition, you can export the data to PDF from the Alerts screen.

Website Categorization

Website Categorization has been updated to reflect the following changes:

New Categories Added

  • Remote Desktop/Control

  • Cryptocurrency

See: Website Categorization

Improved Detection of Massive File Upload

If you select and upload a massive amount of files (more than 100), the correct URL destination is associated with them.

If the upload is done by selecting one or more folders (and not by directly selecting only files), some of the upload operations will be associated with the URL of different tab that is currently open in the browser. (This issue is to be fixed soon).

Resolved Issues

  • [Issue 161]: Archiving and deleting process is now handled
  • [Issue 182]: The detection of the correct URL when uploading files and switching to other tabs was significantly improved.
  • [Issue 194]: The issue that triggered Alert based on keylogger XQurartz terminal on Mac was fixed.
  • [Issue 198]: Fixed login issue on Linux when all Application servers are down.
  • [Issue 248, 349]: In the Video Player, the issue of the Alert overlay that did not fully collapse has been resolved.
  • [Issue 264]: Non-USB hard drives are no longer recognized as USB devices.
  • [Issue 265]: The Admin Dashboard screen was fixed to show earlier version fields correctly.
  • [Issue 303]: Fixed detecting monitoring of Web browsing during offline Activity Replay.
  • [Issue 320, 319]: Test files created by the system are no longer left on screenshot storage devices.
  • [Issue 321]: Issue with installing the Agent based on Master Image on Turkish-based OS was fixed.
  • [Issue 323]: Resolved issue of documenting file attaching to email and switching quickly to browser associated as an email not as an upload. (Mac Agent)
  • [Issue 327]: High CPU usage for Linux endpoints when registration fails, has been fixed.
  • [Issue 329]: Fix display issue with Database path field.
  • [Issue 336]: Fixed memory issue for RDCL process on RDS Citrix machine.
  • [Issues 340, 338]: Resolved issue of missing screenshots that arrive after the session was signed.
  • [Issue 353]: Default time period in various Web Console screens has been changed to "last 3 days".
  • [Issue 357]: High latency when deleting metadata as part of archiving with legal hold has been resolved.
  • [Issue 359]: Performance issue when querying file activity when using API reports has been resolved.
  • [Issue 360]: Issue with installing Agent on an endpoint that was renamed has been resolved.
  • [Issue 376]: Fixed high CPU issue when killing non-interactive session on Linux.
  • [Issue 380]: A performance issue on archiving process was fixed.
  • [Issue 394]: Printing sessions from the Endpoint and User Diary pages fixed to respect the time filter.
  • [Issue 446]: Resolved issue of possible macOS pop-up for screens recording permissions for metadata.
  • [Issue 411, 399]: Partial documentation of massive file copy was fixed, recovering all files.
  • [Issue 415]: Wireshark memory issue on an endpoint with ObserveIT Agent has been resolved.
  • [Issue 417]: Issue of error messages during installation of Linux Agent to non-default location was resolved.
  • [Issue 420]: Resolved issue with Security & Privacy screen when setting mTLS password.
  • [Issue 426]: Performance issue was resolved when processing email activity.
  • [Issue 438]: Issue resolved when Activity Replay to stop recording as configured.
  • [Issue 439]: Removed duplicate file copies.
  • [Issue 462]: Downgrade issue of the Updater on no label version Updater from 7.11 to 7.10 has been resolved.
  • [Issue 477]: The performance of retrieving file activity through report API has been improved.
  • [Issue 487]: Performance issue in loading time of User/Endpoint Diary was fixed.
  • [Issue 489]: Version number of macOS Big Sur that displayed in the Web Console has been updated from 10.6 to 11.