Proofpoint | ObserveIT On-Premises Release Notes version 7.18.0

Version 7.18.0

This document provides information about features, issues that were discovered and fixed since the previous release, and any limitations of the release. It is important that you read this document before you install and configure this version.

New Features and Enhancements

New Windows Registry Indication for Automatic Unregister Events

Automatic Unregister is a capability in the Web Console that automatically unregisters an endpoint after a defined period of agent inactivity (for example, when no heartbeat is received).

When an Automatic Unregister event occurs, the agent creates a new Windows Registry key named AgentAutoUnregisterDateUtc with the UTC timestamp of the unregister event. Example value: 2025-11-25T07:53:29.0000000Z

By default, this registry key is not present and appears as “(value not set)”. If the agent is reinstalled after being automatically unregistered, the registry key is cleared and returns to the unset state.

Website Categories Update

The list of raw categories available from Visited URL > Website category (detailed) has been updated to include the following new categories:

  • AI Agents

  • Generative AI

  • Trusted Proxy Relays

  • Scams

  • Cryptomining

  • Suspicious

  • QR Code Generators

  • URL Shortening and Redirect Services

 

In addition, the category family mappings under Visited URLWebsite category have been updated as follows:

  • Infected/Malicious: Reported using the raw categories Scams and Suspicious

  • Artificial Intelligence: Reported using the raw categories AI Agents and Generative AI

  • Remote Proxies: Reported using the raw category Trusted Proxy Relays

  • Cryptocurrency: Reported using the raw category Cryptomining

Windows 11 25H2 Certification

The Windows agent has been certified for the Windows 11 25H2 service pack.

Node JS Version Upgrade

Node js upgraded to 22.21.1

.NET Upgrade

.NET upgraded to 8.0.22

Tahoe 26.3 Screen Reporting

Screen reporting support was added from Tahoe 26.3 and higher.

Island Browser Support

Island Browser is supported for ITM Agent detection.

Additional Updates

ITM Stats Collector was removed from the ITM package.

Resolved Issues

[Issue 1426]: Fixed an issue where newly created archive databases could not be bulk loaded during the archive process.

[Issue 1418]: Fixed an issue where policy filters on USB events was not supported.

[Issue 1377]: Fixed an issue where the Email Diary did not show results in New Outlook.

[Issue 1434]: Fixed an issue in the Web Console Player where the session did not load for some endpoints.

[Issue 1433]: Fixed an issue where some details were missing when accessing Session Timeline section of an older session.

[Issue 1423]: Fixed an issue where Notification Service failed during FAM Monitoring with error "Violation of PRIMARY KEY constraint 'PK_FileMonitoringAction_TextSearch".

[Issue 1282]:  Fixed an issue where the agent took a long time to start due to high operating system load.

[Issue 1415]: Fixed an issue in the UI where the Users and Application boxes were too small.

[Issue 1409]: Fixed an issue where the Anonymization page crashed when a wildcard character was used.

[Issue 1392]: Fixed an issue where could not change pages on the Archive Diary when searching for a specific user.

[Issue 1391]: Fixed an issue where a database issue occurred when deleting an older session with the error "uspSessionDeletePartition".

[Issue 1419, 1407]: Fixed an issue when FTS engine is installed on SQL server.

[Issue 1404]: Fixed an issue where UserWinActivity table is blocking partition deletion.

[Issue 1394,1378]: Fixed an issue where "dbo.uspExtract_GetActivityAlerts" process was locked.

[Issue 1334, 1282]: Fixed an issue where screenshots were duplicated in Screenshot Storage Optimizer.

[Issue 434]: Fixed an issue where the report that incorrectly displayed "Last 1 Elapsed Week", when the user selected a data range.

[Issue 305]: Fixed an issue where "Filter by "User (secondary)" in the Alerts page, did not work.

[Issue 293]: Fixed an issue where alert was not detected when a second parameter was added to the SQL statement.

[Issue 1442, 1428]: Fixed an issue where a local search was performed instead of a remote search when User Data Cleanup dropdown was used.

[Issue 1388]: Fixed an issue where uspArchiveDelete procedure resulted in error message "uspSessionDelete_ByList".

[Issue 1257]: Fixed an issue where heartbeat alert has an explicit Collation definition.

 

Limitations and Known Issues

The Alert Rule “Trying to kill ObserveIT processes on Windows” which is part of Insider Threat Library (ITL) does not work on the following 2 our of 20 processes: “rcdcl.exe” and “rscutil.exe“ (the no-label variant of “rcdcl.exe”).

The ITL (Insider Threat Library) alert rule Opening ObserveIT Agent folder does not work on Windows 11. To restore functionality, update the rule by removing the condition Process name is explorer and adding Ran Application: Windows title contains ‘ObserveITAgent. Use the OR operator between the final two conditions.