IDU Suite 5.9 - Varonissupport.varonis.com/emails/attachements/IDU_Suite_5.9.72_Release... · IDU Suite 5.9.72 Release Notes ... • New application settings: ... in the grid, especially

IDU Suite 5.9.72Release Notes

Publishing Information

Software version 5.9.72Document version 35Publication date May 31, 2013; updated August 7, 2014

Copyright © 2005 - 2014 Varonis Systems Inc.

All rights reserved.

This information shall only be used in conjunction with services contractedfor with Varonis Systems, Inc. and shall not be used to the detriment ofVaronis Systems, Inc. in any manner. User agrees not to copy, reproduce,sell, license, or transfer this information without prior written consent ofVaronis Systems, Inc.

Other brands and products are trademarks of their respective holders.

IDU Suite 5.9.72 Release NotesIntroduction

Proprietary and Confidential of Varonis 1

Introduction

IMPORTANT: Certain features included in the software may be subject toseparate fees. This may apply to features which were initially provided in thesoftware as free-of-charge features.

What's New in 5.9.72

There are no new features in this release. The release contains only bugfixes.

What's New in 5.9.71• DatAdvantage

• In keeping with Varonis branding, all IDU Suite products now presenttheir new logos throughout the user interface.

• The tooltip for the Managed Entity icon in the Directory and User &Groups pane now displays the names of the data owners instead ofthe word "Managed."

• The Flags tab in the DatAdvantage Legend has been renamed toFollow Up. In addition, the Follow Up tab now displays the defaulttags as well as the default flags that are configured in the system.

• It is no longer possible to define a note's color in the Follow UpConfiguration window. Notes are now marked with a note iconinstead of a flag icon. Additionally, it is now possible to hover over anote icon to view its content.

• DataPrivilege

• In this version, DataPrivilege enables defining separate entitlementreview schedules for different scopes of folders or groups.

• DataPrivilege now presents a new logo and default theme.

• This version provides full support for Internet Explorer 11.

• DataPrivilege now supports both Portuguese (Brazil) and Spanish(Latin America).

• In this version, built-in and abstract groups and their relatedpermissions are no longer presented in DataPrivilege by default.

• A number of performance improvements have been made.

• Email recipients now receive DataPrivilege mail in their configuredlanguage.

• DataPrivilege email templates now include a <MacPCLink>placeholder, to enable using Mac directory paths in email notifications.

• It is now possible to manage local users and groups. Additionally,users can now create group membership requests for local groups.This feature is disabled by default.

• Permissions reports can now be generated directly from the mainPermissions pane. It is also possible to customize the content of email



notifications regarding exported permissions as needed. This featureis disabled by default.

• New application settings:

• Default number of days from the start to end dates displayed in theRequest Date filter

• Display table headers in ToolTips

• Exclude built-in groups from FileWalk

• Set the permissions to be exported

• Allow expanding locations and folders that do not contain managedsubfolders

• DataPrivilege reports:

• Requests and Authorizations Report - It is now possible to exportsub-reports to a CSV file.

• Management Console

• Domain controllers can now be added manually (available only inAdvanced mode).

• Performance of certain migration activities has been improved.

• It is now possible to configure IDU Suite notification settings so thatemail notifications are sent for missing events. The Missing Eventspage has been added to the Configuration menu to enable thisconfiguration.

• For increased efficiency, performance of the Jobs grid has beenoptimized to enable a short response time for all operations performedin the grid, especially those performed against a remote Probe.

• Data Transport Engine

• This version includes enhancements to the use of stub files in theData Transport Engine.

• Transfer rules can now be configured to either delete content from thesource that was not copied due to collision behavior, or to leave it atthe source with an error message.

• DatAlert

• It is now possible to configure threshold alerts, to provide notificationof a large number of events occurring within a specified timespan.

• DCF

• The limit on the size of files the DCF can scan has been increased to50 MB, with the default set at 30 MB.

• Reports

• New reports

• Report 8.a.02, Varonis Service Accounts

• Report 6.b.02, DatAlert Threshold Rules

• New filters

• Alert rule type

• Display inactive folders only if all their subfolders are inactive

• Exclude activity by

• Parameter

• Changed filters



• The Member name category was renamed to Member.

• The Group name category was renamed to Group.

• The AD properties category includes new properties.

• The AD properties category is now available in several additionalcategories.

• Other changes

• It is now possible to select specific report results for preview orexport.

• Report 4.c.01, This report now supports data-driven subscriptionsfor resource and directory owners. This report also supportshierarchical subscriptions, which enables managers to view thedata owned by their subordinates through report subscriptions.

• Integrated - Report 4.m.01, Permissions for Users and GroupsOther than the Mailbox Owner - This report now supports data-driven subscriptions.

• Core

• The IDU Suite fully supports Microsoft SQL 2014 Standard orEnterprise edition.

• The IDU Suite fully supports Exchange 2013 and 2013 SP1.

• A new agent is available for use with Exchange 2013. This agent is inbeta mode.

• The IDU Suite fully supports SharePoint 2013 SP1.

• Licensing

• It is now possible to suppress the grace period for evaluation licenses.



What's New in 5.9.62• In this version, the IDU Suite fully supports Microsoft SQL 2012 SP1.

• Support for SharePoint 2013 is generally available (GA) with IDU Suite5.9.62.


This version integrates a number of features that were formerly onlyavailable in 5.8.x, as well as several new features:

• DatAdvantage

• Integrated - The CSV file for uploading owners in bulk includes newfields and enables the use of wild cards.

• Integrated - Owners or custodians that manage entities can now beremoved in bulk.

• Integrated - Visibility enhancements for owners and custodians areincluded.

• Integrated - The new Edit role can work in the sandbox, but cannotcommit any changes.

• DataPrivilege



• Integrated - Google Chrome v26 is now supported.

• Integrated - With the assistance of Varonis Support, the text of theBrowse button can be changed from an ellipsis to the word "Browse".

• Integrated - Application settings:

• Allow folder owners to edit names of new groups

• Set default owners for unmanaged groups

• Synchronize group owners with Active Directory

• Integrated - It is now possible to use the Bulk Upload Tool to uploadgroups directly to their locations.

• Integrated - Internet Explorer 10 is now supported.

• Integrated - It is now possible for administrators to cancel pendingentitlement review requests.

• Integrated - Changes have been made to the ManagementAuthorization feature.

• Integrated - The Entitlement Review Configuration page now enablesselecting all entities for various actions.

• Integrated - It is now possible to set multiple owners and authorizersat different levels directly through the Add Base Folder or AddManaged Folder wizard.


• Integrated - It is possible to migrate IDU and Probe services anddatabases to Windows clusters.

• Integrated - The jobs list now includes an Advanced Maintenancecategory.

• Integrated - It is possible to filter event types in specified files or filetypes.

• Integrated - Column names in reports and logs can now becustomized as needed.


• Integrated - Fine-grained handling of Creator Owner permissions(ACLs) is now provided.

• Integrated - Shares and share permissions can now be copied.

• Integrated - The Not equals operator has been added to the Username filter within the Folder Activity and File activity compound filters.

• Integrated - This version provides additional insight into the DataTransport Engine's commit verification mechanism.

• Integrated - This version provides information about permissions thatmust be fixed at the destination when inconsistent permissions at thesource were corrected.

• DCF

• New - Improvements have been made to driver's license patterns,to reduce the number of false positives returned in productionenvironments.

• New - Improvements have been made to predefined rules, to reducethe number of false positives returned in production environments.

• Reports

• New



• Report 4b, User or Group Permissions for Directory, now providesthe Account Type column as an additional column.

• Report 8c, Active Users by Platform, now includes theADProperties column type to enable selecting Active Directoryproperties as columns in the report.

• Report 12l, Open Share and NTFS Permissions, now includes theShare Path column.

• Integrated - DatAdvantage reports

• 8.c.01, Active User Count by Platform - This report lists monitoredplatforms and the number of active users on each one during thedefined period of time.

• 8.c.02, Active User List by Platform - This report lists monitoredplatforms and the active users on each one during the definedperiod of time.

• 8.d.01, Potential User Count by Platform - This report lists allmonitored platforms and the total number of potential users oneach one.

• 8.d.02, Potential User List by Platform - This report lists allmonitored platforms and the potential users on each one.

• Integrated - Filters

• Object type

• User/Group without permissions

• Show only shares

• List special permissions

• Hide permissions with unresolved or deleted trustees

• Integrated - Other changes

• Report 4g, Classification and Priorities - The Risk Priority %column now includes both DCF results and DCF external files.

• Report 4.m.01, Permissions for Users and Groups Other thanthe Mailbox Owner - This report now supports data-drivensubscriptions.

• Hierarchical reporting enables managers to view the data ownedby their subordinates through report subscriptions.

• The IP/Hostname column in reports and logs now displays theunique device ID of a mobile device that created Exchange events.

• Is share filter renamed to Show only shares in reports 4a, 4b, 4f,4g, 4j, 4k, and 7b.

• File activity - A compound filter which returns only the files onwhich events were either performed or not performed on thespecified dates.

• Core

• New - Support has been added for Windows 8.1.

• New - Support has been added for Debian 6.

• New - The Varonis SharePoint agent is now generally available (GA).

• Integrated - Support has been added for Centrify Suite 2013.

• Integrated - Support has been added for Exchange 2010 SP3, build14.3.x.



• Integrated - NetApp OnTap 8.2 Cluster Mode is now supported.

• Integrated - SharePoint 2013 now supports both the Data TransportEngine and the commit service.

• Integrated - Solaris 11 is now supported.

• Integrated - The ability to configure Probe proxies for NetAppresources, available in 5.7, has been restored.

• Integrated - EMC Isilon OneFS 7.1.0.1 is now supported.

• Integrated - It is now possible to convert an existing Probe to aCollector.

• Integrated - Probe proxies are again supported.

• Licensing

• Integrated - The amount of data that can be transported during asoftware evaluation period is now limited by license.

• Integrated - It is now possible to run permanent licenses andevaluation licenses simultaneously.



What's New in 5.9.50• DatAdvantage

• Stricter security for command-line capabilities in Real-Time Alerts andAccount Management.


• Automatic detection of shares and mounts is now available in thisversion.

• DCF

• A number of changes were made to clarify DCF filters and their use:

• Filters were added.

• Filters were renamed.

• Rules can now be configured so that all the files having hits aremarked as special files.

• The Special Files tab has been renamed to Import Files.

• Report 4.g.01 has undergone a number of changes.

• Enhancements were made to DCF dictionaries, including encryption inthe database.

• Reports

• Category 14, Trend Reports, enables the creation of statistics,comparative and trend reports.

• Ability to set caps on the amount of disk space and CPU time thegeneration of reports may consume.

• The Classification filter category is now available in many additionalreports, as well as Real-Time Alerts, the Data Transport Engine andthe log.

• The Reports View includes a new Chart Data tab in some reports.



• New reports:

• Report 4.g.02, Sensitive Folders by Risk Percent

• Report 4.k.02, Folder Permission Tracking

• Report 14.a.01, General File System Statistics

• Report 14.a.02, File System Action Items Statistics

• Report 14.a.03, Sensitive Files Statistics

• Report 14.b.01, Comparative File System Statistics

• Report 14.b.02, Comparative File System Action Items Statistics

• Report 14.b.03, Comparative Sensitive File Statistics

• Report 14.c.01, Trends in File System Statistics

• Report 14.d.01, General Directory Service Statistics (per Domain)

• Report 14.d.02, User-Related Action Items (per Domain)

• Report 14.d.03, Group-Related Action Items (per Domain)

• Report 14.e.01, User-Related Action Items (per Business Unit)

• Report 14.e.02, Activity-Related Action Items (per Business Unit)

• Report 14.f.01, Comparative Directory Service Statistics (perDomain)

• Report 14.f.02, Comparative User-Related Action Items (perDomain)

• Report 14.f.03, Comparative Group-Related Action Items (perDomain)

• Report 14.g.01, Comparative User-Related Action Items (perBusiness Unit)

• Report 14.g.02, Comparative Activity-Related Action Items (perBusiness Unit)

• Report 14.h.01, Trends in Directory Service Statistics

• Report 14.i.01, Trends per Business Unit

• Filters

• A large number of new filters have been added in this version,primarily to support report category 14.

• The names of several filters have been changed.

• The Classification filter category has been added.

• Core

• Renaming of BlueArc to Hitachi NAS.

• Incremental FileWalk - In this version, FileWalk can be configured torun incrementally, to scan only directories with new events.

• Partial support for SharePoint 2013.

• Exchange administration events through PowerShell cmdlets are nowavailable.

• Upgrade

• Upgrade from 5.8.6x is not supported.

• Licensing

• Licensing for Real-Time Alerts is now separate from the generalDatAdvantage license.




There are no new features in this release.


There are no new features in this release.

What's New in 5.9.20• New user roles in the DCF:

• Classification Configuration user

• Classification Dictionaries View user

• Classification Results View user

• New filters in report 12m.

• Changes to existing filters in Real-Time Alerts and the DCF.

• Ability to upload follow-up indicators in bulk - Merged from 5.8.50.

• DCF - Ability to show or hide rules as preferred.

• The Migration utility is not supported in 5.9.20.

What's New in 5.9• DatAdvantage

• Real-time alerts - DatAdvantage now enables defining dynamic rulesthat provide alerts on sensitive events in real-time (or nearly so).

• Directory services monitoring is now supported when AdvancedAuditing Policy is in use

• DataPrivilege

• Multi-language support - UI language can be changed as needed inrequest screens.

• Additional application settings have been introduced.

• The Administrator role can now be restricted if necessary.

• The expiration date can now be edited in permissions or membershipassignments.

• Requests can now be authorized in a bulk operation.

• Management Console - Varonis is pleased to introduce the first version ofthe Management Console.

• Shares and mounts can now be detected automatically for severaldifferent resources.

• DCF

• Extensive predefined content is now provided.

• The DCF engine has been optimized.

• Reports

• DatAdvantage report templates

• Report 4.a.02, Effective Permissions on Sensitive Files

• Report 4.b.02, Direct Permissions for Empty Groups

• Report 4.b.03, Open NTFS Permissions

• Report 4.b.04, Special and Deny Permissions

IDU Suite 5.9.72 Release NotesNew Enhancements


• Report 4.b.05, Inconsistent Permissions

• Report 4.f.02, Stale Data

• Report 4.f.03, Empty Folders

• Report 4.f.04, Large Folders

• Report 9.i.01, Executive Stale Data

• New filters

• Core

• Commit engine optimization.

• Upgrade

• Upgrade flows

• Agents to be upgraded

• Enterprise Installer

• Shares and mounts can now be detected automatically for severaldifferent resources.

• Noteworthy or changed behavior

• Resolved issues

• Known issues

New Enhancements

DatAdvantage

New Product Logos

5.9.71

In keeping with Varonis branding, all IDU Suite products now present theirnew logos throughout the user interface.

Changes to Follow-up Indicators

5.9.71

Several changes have been made to follow-up indicators:

• The Flags tab in the DatAdvantage Legend has been renamed to FollowUp.

• The Follow Up tab now displays the default tags as well as the defaultflags that are configured in the system.

• It is no longer possible to define a note's color in the Follow UpConfiguration window.

• Notes are now marked with a note icon instead of a flag icon.

• It is now possible to hover over a note icon to view its content.



Changes to ToolTips

5.9.71

In this version, the "Managed" ToolTip in the Directories and Users & Groupspanes now displays the names of the first five users that directly own theentity. If there are more than five users, the ToolTip indicates the number ofusers.

New Edit Role

5.9.61

Now available in 5.9.61.

5.8.70

This version provides a new role, the Edit role. This role can:

• View and edit permissions and group membership in the sandbox.

• Cannot commit changes.

• Can create groups, but cannot perform any other account managementactivities.

Visibility Enhancements for Owners and Custodians

5.9.61


5.8.70

This version provides enhanced visibility for folder owners and resourcecustodians:

• Ability to view permissions on the folders and resources for which theyare responsible.

• Ability to view permissions on owned folders and resources by clickingunowned groups.

Bulk Upload of Owners

5.9.61


5.8.70

The ownership bulk upload file now includes additional information:

• The following fields can now be added to the format in the CSV file:

• ActionType - The action that is being performed. In addition to theAdd ActionType, the following options are now available:

• Del - Removes ownership from one or more objects.

• Replace - Replaces the current owner with the original owner.



• OriginalOwner - The name of the original owner. If the ReplaceActionType is selected, the original owner replaces the currentowner.

• Wild cards are supported for the following fields:

• ResourceName

• Folder/group

• type

In addition, the Manage Ownership window now enables removing allowners from an entity at once.

Command Line Security

5.9.50

Until this version, the local system account could be used to run command-line executables in Real-Time Alerts and account management. To avoiduse of these elevated credentials, this version includes the followingchanges:

• DatAlert

• Users must set the credentials that can be used to run executables.

• The executable's path is no longer part of the alert template. Instead,it is a configurable string.

• The user interface now refers to executable scripts instead ofcommand lines.

• Account Management

• Executables can be run using either the commit credentials providedfor user creation (the default) or the local system account.

Bulk Upload of Follow-Up Indicators

5.9.20

The ability to upload flags and tags in a bulk operation is now available inthis version.

In addition to adding new tags and global flags, this procedure enablesconverting existing personal flags to global flags, detaching flags and tagsfrom objects, and changing the color of a flag or tag.

The following users can perform this activity:

• System administrators

• Enterprise managers

• Configuration users

Directory Services Monitoring

5.9

Directory services monitoring is now supported when Advanced AuditingPolicy is in use (with Windows 2008 and higher).



DataPrivilege

Multiple Schedules for Entitlement Reviews

5.9.71

In this version, DataPrivilege enables defining separate entitlement reviewschedules for different scopes of folders or groups. Default scheduling rulesare provided separately for folders and groups that are not included in anyother scheduling rule, or that are included in rules that have been disabled.Default rules cannot be deleted, but they can be disabled.

The exceptions list now functions as follows:

• If the Require entitlement review option is selected, entitlement reviewrequests are not created for entities added to the exceptions list.

• If this option is not selected, entitlement review requests are created onlyfor entities added to the exceptions list.

New Logo and Theme

5.9.71

In keeping with Varonis branding, DataPrivilege now presents a new logoand default theme.

Support for Internet Explorer 11

5.9.71

This version provides full support for Internet Explorer 11.

Support for Additional Languages

5.9.71

DataPrivilege now supports both Portuguese (Brazil) and Spanish (LatinAmerica).

Handling of Built-in and Abstract Groups

5.9.71

In this version, built-in and abstract groups and their related permissions canbe hidden in DataPrivilege. A new configuration key, Exclude built-in groupsfrom FileWalk, controls this feature (see Changes to Application Settings onpage 14).

Performance Improvements

5.9.71

Performance improvements have been made in the following areas:



• A default date range filter has been added to the Requests andAuthorizations report to retrieve only the requests created in the last 30days.

• User/group searches are performed first on the database. If the requiredentity is not found, the search can be extended to Active Directory.

• Timeouts have been resolved in several places at the server side.

• The request life cycle has been improved.

• Response time after a checkbox is selected has been shortened.

Multi-Language Support for Email

5.9.71

In this version, email recipients receive DataPrivilege mail in their configuredlanguage. If a user has not yet logged into DataPrivilege and selected alanguage, the emails are sent in the installation language.

Email Link for Mac Computers

5.9.71

DataPrivilege email templates now include a <MacPCLink> placeholder, toenable using Mac directory paths in email notifications.

Local Group Management Support

5.9.71

With this version, DataPrivilege now supports the management of local usersand groups.

All management activities that enable managing global groups are nowavailable for local users and groups. Additionally, users can now creategroup membership requests for local groups.

This feature is disabled by default and can be enabled when adding a fileserver or defining credentials for file servers and root folders. If enabled, thelocal host on which the file server resides becomes a monitored domain.

Exporting Permissions on Managed Folders

5.9.71

With this version, permissions reports can now be generated directly fromthe main Permissions pane. This feature is disabled by default and can beenabled if it is configured in Application Settings.

Depending on the configuration for this setting, one or both of the followingDataPrivilege reports can be generated:

• Managed Folder Permissions

• Managed Folder User Level Permissions

It is also possible to customize the content of email notifications regardingexported permissions. The Export Template tab has been added to theMail Configuration pane to enable this customization. Upon export, an email



is sent to the specified email address describing the permissions on thespecified folder or group.

Changes to Application Settings

5.9.71

Category New Value Description

AD Management Exclude built-in groups fromFileWalk

If this option is set to True, built-in Windows groups are excludedfrom FileWalk and hidden inDataPrivilege. When hidden, thesegroups and their permissions donot appear on any user-facingscreen.

Authorizers and Owners Rights Set the permissions to be exported By default, data owners andauthorizers cannot generatepermissions reports from thePermissions pane of the FolderOwner and Folder Authorizerscreens. However, it is possibleto enable data owners andauthorizers to generate one or bothof the permissions reports directlyfrom the main Permissions pane.

Set this option to determine whichpermissions are exported for dataowners and authorizers. Optionsare:

• None

Note: If selected, the ExportPermissions option on themain Permissions pane is notvisible.

• File system permissions

• User-level permissions

• Both

General Display table headers in ToolTips For each scrollable DataPrivilegegrid that has a fixed header,hovering the mouse over thecolumn displays the column headertext in a ToolTip. Applies to use ofInternet Explorer only.

File System and Active Directory Allow expanding locations andfolders that do not containmanaged subfolders

Performance can be negativelyaffected if the entire folder treeis expanded each time a usernavigates to a particular folder.This setting enables administratorsto allow such expansion, or to limitexpansion to include only locationsand folders that do not contain




managed subfolders. By default,expansion is limited.

Reports Default number of days from thestart to end dates displayed in theRequest Date filter, for use with theRequests and Authorizations report

Set the default number of daysfrom the start to end datesdisplayed in the Request Datefilter. The default value representsthe past number of days for whichreport results are displayed. Thisoption is set to the past 30 days bydefault.

5.9


Domains Determine how locations arematched to users

Use this setting to determine howlogged-on users are matched tothe properties defined for eachlocation. If the By organizationalunit option is selected, the OUsrequired for each location can beselected from a picker instead ofentered manually.

AD Management Determine whether groups can besearched by domains or locations

Determine whether groups can besearched by domains or locationsin the Administration > Groups> Group Owners screens and ingroup pickers.

Changes to Existing Reports

5.9.71• Requests and Authorizations Report - This report now enables exporting

sub-reports to CSV. In the CSV file, the sub-report columns will appear tothe right of the main report columns. The request details are duplicatedfor each authorizer that handled the request.

Support for Google Chrome

5.9.61


5.8.60

With this version, DataPrivilege supports Google Chrome v26.

Renaming of the Browse Button

5.9.61




5.8.60

DataPrivilege now enables changing the text of the Browse buttonthroughout the software from an ellipsis (...) to the word "Browse". ContactVaronis Support for assistance.

Bulk Upload of Groups to Locations

5.9.61


5.8.70

The Bulk Upload Tool now enables uploading groups to the locations inwhich they are to reside.

Support for Internet Explorer 10

5.9.61


5.8.80

DataPrivilege now supports the use of Internet Explorer 10.

Cancelling Pending Entitlement Review Requests

5.9.61


5.8.80

With this version, administrators can now cancel entitlement review requeststhat are pending for folder owners and group owners.

Management Authorization

5.9.61


5.8.80

In this version, the following changes have been made to the ManagementAuthorization (authorizer 0) feature:

• With the new Allow owner to authorize requests pending to requestee'smanager configuration key, data and group owners can authorizerequests pending the requestee's manager.

• All the configuration keys related to management authorization havebeen moved to the Request Life Cycle category.

Entitlement Review Configuration



5.9.61


5.8.80

The Entitlement Review configuration screen now enables selecting allentities in the following columns in the Exceptions area:

• Enable Recommendations

• Require Review

• Enable Requests from Other Owners

Setting Multiple Owners and Authorizers

5.9.61


5.8.80

It is now possible to set multiple owners and authorizers at different levelsdirectly through the Add Base Folder or Add Managed Folder wizard. A newconfiguration setting, Set policy for assigning folder owners/authorizers asgroup owners/authorizers on permitted groups, enables determining whetherfolder owners and authorizers can also be assigned as group owners andauthorizers.

Multi-Language Support

5.9.50

The DataPrivilege User Guide erroneously states that Japanese issupported. It is not yet supported.

5.9

DataPrivilege now fully supports running each user session in a differentlanguage, using a selection drop-down list in the UI. All screens exceptReports, Mail Configuration and Application Settings are translated. Emailsent by DataPrivilege is sent in the requester's selected language.

Supported languages:

• Czech

• Dutch

• English

• French

• German

• Hebrew

• Italian

• Russian

• Swedish

Changes to Administrator Role



5.9

The DataPrivilege Administrator role can now be configured to explicitlyallow administrators to manage other user roles, or to prevent this.Administrators with this management limitation cannot see the User Rolestab under Advanced Administration.

Expiration Date

5.9

With this version, the expiration date can now be edited in a number offeatures throughout the user interface:

• Direct permission requests

• Existing group membership

• Existing folder permissions

• Entitlement review requests for group membership and folder access

Bulk Authorization for Requests

5.9

DataPrivilege now enables approving or declining several requests at once,in a bulk operation. This feature is available through the Summary screen.

Management Console

Manual Addition of Domain Controllers

5.9.71

With this version, it is possible to add domain controllers manually, withoutusing auto-detection. This feature is only available when the ManagementConsole is configured to work in Advanced mode.

Performance Improvements in Migration

5.9.71

Performance has been improved in migrating Probes and Collectors, and inediting the working directory of both Probes and Collectors (i.e., "migrationlite"). Moreover, it is no longer necessary to be in Migration mode to carryout these activities.

Missing Events Notification

5.9.71

With this version, it is now possible to configure IDU Suite notificationsettings so that email notifications are sent for missing events. The emailnotification is sent daily and lists all file servers from which events are



missing for more than the specified number of hours. A notification will notbe sent for file servers that are predefined as excluded.

The Missing Events page has been added to the Configuration menu of the Management Console to enable thisconfiguration. In addition, the following jobs have now been added to the Advanced Maintenance category:

• Check missing events - Scans file servers for missing events andprepares the data for the Send missing events mail job.

• Send missing events mail - Sends an email notification if events aremissing for more than the specified number of hours.

Increased Performance in Jobs Grid

5.9.71

For increased efficiency, performance of the Jobs grid has been optimizedto enable a short response time for all operations performed in the grid. Theinformation presented in the grid is now updated every 10 seconds. Whenthe Jobs grid is manually refreshed, the Management Console updatesthe information in the grid, loads new jobs and clears removed jobs. Thesechanges result in improved performance primarily for jobs that run on remoteProbes.

Data Migration

5.9.61


5.8.70

This version enables migration of IDU and Probe services and databases toWindows clusters.

New Categorization of Jobs

5.9.61


5.8.60

To simplify daily work in the Management Console, most maintenance jobshave been moved to a new category called Advanced Maintenance. Newjobs are added to this category by default. This change results in improvedperformance, since the Management Console only loads the jobs that aredisplayed.

Filtering of Events by Type

5.9.61


5.8.70

In this version, a new item on the Configuration menu enables filtering outevents on specified files or file types. It is possible to filter out only Openevents, or all event types.



Customizing Column Names

5.9.61


5.8.80

It is now possible to customize the names of columns used in reports. Whencolumn names are customized, the changes are implemented in:

• Report columns, including the UI, subscriptions and export to all formats

• Report sorting settings

• Column selection in the Display tab in report configuration

• Log columns - The column names configured for report 1a are also usedin the log.

• Log column selection

This does not include column names for Active Directory properties. TheExtended Properties tab on the Configuration menu can be used to editdisplay names of Active Directory properties.

Automatic Share Detection

5.9

This version provides automatic detection of shares and mounts for thefollowing types of resources:

• EMC Celerra

• HP-NAS

• NetApp

• Unix

• Unix SAMBA

• SharePoint

• Windows

Data Transport Engine

Stub File References

This version includes enhancements to the use of stub files in the DataTransport Engine:

• Stub files created by the Data Transport Engine now point to the closestshare and not to the admin share.

• If the closest share is an admin share, and there are no other shares tothe data, the stub points to it.

• If the Data Transport Engine is also configured to copy shares and notonly the folder itself, the calculation of the closest share includes the newshares.



• If the destination has multiple shares at the same level, the DataTransport Engine picks one randomly (either according to shortest lengthor alphabetically).

Handling of File Copy Failures

5.9.71

With this version, users can configure transfer rules to either delete contentfrom the source that was not copied due to collision behavior, or to leave itat the source with a message indicating whether it was due to an error. Inaddition to this new configuration option on the Source File Scope page, theLast Run Summary includes a new column that indicates whether the copyfailure was a true failure or due to the configured collision behavior.

Handling of Creator Owner Permissions

5.9.61


5.8.60

With this version, the Data Transport Engine provides fine-grained supportfor Creator Owner permissions (ACLs). Creator Owner permissions arehandled according to the following principles:

Copy Behavior• Copies the Creator Owner permission from source folders to destination

folders if:

• The permission is unique on the source folder.

• The permission is inherited from the root source folder's parent andthe transport rule is defined to copy all permissions in the definedfolder structure. In this case, the Creator Owner permission on theroot source folder is also copied as unique to the destination.

• Copies the owner of the transported folders as a folder property at thedestination, so that the permissions of the folder owner on the foldersthemselves can be correctly transported.

Note:

• If the owner cannot be setsuccessfully, neither permissionsnor content are copied.

• Owners from untrusted domainsor local users are set as lostpermissions. In this case,permissions and content areactually copied, but without theowner property.

• Copies the owner of the transported files as a file property at thedestination, so that the permissions of the file owner on the filesthemselves can be correctly transported.



Collision Behavior• If a collision occurs between the source and destination folders:

• If the collision behavior is set to Merge > Enforce existing permissions:

• The folder owner is not copied and the folder at the target retainsits defined owner.

• The Creator Owner permission is not copied from the source.

• If the collision behavior is set to Merge > Enforce transportedpermissions:

• The folder owner is copied from the source and replaces thecurrent owner at the destination.

• The Creator Owner permission is copied from the source andreplaces the current Creator Owner permission at the destination.

• When the destination root folder is set as protected with permissionsadded from the parent folder, the owner permission must bepreserved as unique on the folder.

• If a collision occurs between source folders:

• If the collision behavior is set to Merge:

• A folder owner is selected at random from among the sourcefolders. This owner is copied to the destination folder.

• All Creator Owner permissions are copied from all sources to thedestination folder.

• If a collision occurs between several source folders and the destinationfolder:

• A source folder is selected at random for handling with the destination,according to the behavior defined for a collision between source anddestination folders.

• The remaining source folders are handled according to the behaviordefined for a collision between source folders.

• If a collision occurs between files:

• Since it is only possible to overwrite files, not merge them, there is noissue with regard to the owner permission. The owner of the sourcefile is copied as the owner of the file at the destination.

Copying Share Permissions

5.9.61


5.8.70

The Data Transport Engine now supports copying shares and theirpermissions from Windows sources to Windows targets. Support is asfollows:

• If a folder to be copied is a share on the source file server (not asubfolder of a share), its copy is also set as a share on the destinationfile server. This behavior is also allowed if the root source folder on thesource is a subfolder of a share. In this case, the folder becomes shared



on the destination as result of the rule. The name of the destination shareis the same as that of the source.

• The permissions of each share are also copied from the source to thedestination share.

• If the source folder is shared multiple times, it is shared the same numberof times on the destination file server. The corresponding permissions arealso copied.

Data Transport Engine Commit Verification Cycles

5.9.61


5.8.80

This version provides additional insight into the Data Transport Engine'scommit mechanism. For each file listed in the Copied/Deleted Files and FileCopy Failures tabs, the Last Run Summary now indicates the phase of therule during which the file was detected and the phase during which it wascopied.

DatAlert

DatAlert

5.9.71

DatAlert now enables the definition of threshold alerts. A threshold alertprovides notification that a large number of events has occurred. Forexample, while a single Delete event might not be of interest, 1000 Deleteevents in the space of an hour is suspect. Threshold alerts are defined inmuch the same way as regular alerts with DatAlert, with the addition ofseveral new options that are defined on the General tab of DatAlert's AddRule or Edit Rule window. During rule calculation, events are aggregatedaccording to the number of events occurring during the specified time frame.Event aggregation can be configured to run according to acting object, or forall users.

Note:

• Standard event aggregation, definedin mail settings, does not apply tothreshold rules.

• During recovery from publisherdowntime, only a single alert is sentper threshold rule.

In addition, this version provides:

• A new template, report 6.b.02, to provide information about thresholdalerts.

• The ability to load the parameters of a threshold alert to the Log View'sAdvanced Search filters.



• The ability to jump from the log directly to report 1.a.01 after loading thethreshold filters (or any other set of filters), to quickly and easily create areport template or subscription.

Known Limitation

The alert threshold is applied to each Probe or Collector separately,regardless of the type of event aggregation that is configured.

Filters

See Changes to Filters on page 30.

5.9.61

In this version, Real-Time Alerts has been rebranded to DatAlert. Thechange has been made throughout the user interface, the software(including job names) and documentation.

Subscriptions to report 6.b.01 must be redefined. Otherwise, they will be lost.

5.9

Some events are so sensitive that it is important to become aware of themas soon as possible following their occurrence. For example, an organizationmight want to know if a GPO is changed, or an attempt is made to accesssensitive files. To that end, DatAdvantage provides a sophisticated alertsystem that notifies users of such events in real-time (or nearly so).

Real-time alerts are generated according to dynamic rules that users define,which are based on available metadata such as ownership attributes, flags,classification filters, and so on. These rules instruct the engine when andhow to generate alerts, and for which events. Rules can be configured togenerate alerts on:

• Acting objects - Users or computer accounts that perform actions

• Affected objects - Resource entities on which the actions are performed

• Event details - The specifics of what occurred

• Event time - The day of the week and time at which the event occurredDatAdvantage further enables creating predefined scopes to simplify rulecreation. Users may create scopes as needed and save them for later reuse.

In addition, alert rules can instruct the engine to send alerts by any of thefollowing methods:

• Email

• Message in the event log

• Syslog message

• SNMP trap

• Command-line script

The Real-Time Alerts engine interfaces easily with other DatAdvantageviews:

• Log view - Users can easily jump to the log from the Real-Time Alertswindow to view relevant events for the same filter set, and create an alertdirectly from the log.

• Reports view - Report 6b, Real-Time Alerts, displays all the alerts sent bythe Real-Time Alerts engine.



Alert templates enable users to send the required strings and dynamicalert parameters to the various alert methods. These templates facilitateinterfacing with third-party event monitoring solutions. Users can define theirown templates or use a default template provided by DatAdvantage.

DCF

Increase in File Size Limit

5.9.71

The maximum size of files the DCF can scan has been increased from16 MB to 50 MB, with the default set at 30 MB (the default is changedautomatically after upgrade). The maximum allowed size for plain text files is25 MB.

Improvements to Predefined Rules - SOX and HIPAA

5.9.61

In this version, the DCF includes a number of improvements to somepredefined rules. These improvements are aimed at dramatically reducingthe number of false positives returned in a production environment.Improvements include:

• The addition of operators for the Dictionary filter, to enable fine-tuningrule results. For the HIPAA canned rule in particular, this change meansdictionary matches are bound to whole words only.

• Changes to the SSN regular expression:

• The logic of the regex has been updated.

• The US SSN pattern now searches keywords related to social securitynumbers that are located in close proximity to unformatted socialsecurity numbers.

• The US SSN validation algorithm has been removed.Due to these changes, existing rules (both predefined and user-defined)will be rescanned following upgrade.

Improvements to Driver's License Patterns

5.9.61

In this version, the DCF includes a number of additional keywords forpatterns related to driver's license numbers for various countries. Thesechanges are aimed at reducing the number of false positives returned inproduction environments.

These changes affect the following predefined rules:

• DE Personal Data Protection

• FR Personal Data Protection

• AU Privacy Act

• ES Personal Data Protection

• CH Personal Data Protection



• SE Personal Data Protection

• GLBA (Gramm-Leach Bliley Act)

• California SB-1386

• MA 201 CMR 17

Due to these changes, existing rules (both predefined and user-defined) willbe rescanned following upgrade.

General Enhancements

5.9.50• The following terms are no longer in use with regard to the DCF:

• DCF Notes - This column in the Directories pane has been renamedto Classification Results.

• Violation Count - This column in the Directories pane has beenrenamed to Total Hit Count (Inc. Subfolders).

• New Rule dialog box - This dialog box has undergone the followingchanges:

• File classified by this rule are considered sensitive - This optionenables automatically marking all files containing hits for the rule assensitive files.

• Classification column - This new column indicates whether the abovecheck box is selected for a particular rule.

• The term special files is no longer in use. Instead, the DCF refers tosensitive files and files with hits. Accordingly, the Special Files tab hasbeen renamed to Import Files.

Dictionary Enhancements

5.9.50• To improve security, DCF dictionaries are now encrypted in the database.

• While the effect of this encryption on performance is negligible, the sizeof a dictionary is now limited to 60,000 entries (this may be configured byVaronis Support).

• Dictionaries can now be cloned.

• The original predefined dictionary entries can now be restored. Whenthis action is performed, all user-defined entries are deleted and allpredefined entries are enabled. The Restore button, located in the Editwindow, is only available for predefined dictionaries.

Ability to Show or Hide DCF Rules

5.9.20

It is now possible to show or hide DCF rules as preferred. The followingoptions are available:

• Hide disabled rules - Hides all the rules that are currently disabled.

• Hide rules from external sources - Hides all the rules imported from aCSV or RSA.



New User Roles

5.9.20

This version provides three new user roles for the DCF:

• Classification Configuration user - Open the ClassificationConfiguration window and use it to configure the DCF.

• Classification Dictionaries View user - View the Dictionaries tab in theClassification Configuration window.

• Classification Results View user

• View the DCF Notes and Violation Count columns in the Directoriespane.

• View the classification context menu in the Work Area.

• View classification-related reports.

• View subscriptions and templates with DCF columns and filters.

DCF Predefined Content and Enhancements

5.9

This version includes a number of enhancements to the Data ClassificationFramework:

• A number of predefined rules have been added, such as rules supportingcompliance with many regulations (SOX, HIPAA, PCI, PII privacy rules,Masachusetts 201 CMR 17, etc.)

• Over 100 predefined regular expressions have been added, to supportregulatory compliance in different countries such as the USA, Canada,Australia, France, Spain, Brazil, Germany, and many more.

Note: Since so many regular expressions have been changed in thisversion, the DCF rescans all rules that use one of the old predefinedregular expressions following upgrade to 5.9.

• Predefined dictionaries have been added, including dictionaries ofmedical and financial terms.

• Considerable enhancements to the user interface:

• New toolbar.

• Ability to clone rules.

• Patterns tab:

• Lists the most popular patterns that can be used in regularexpressions.

• Additional predefined patterns can be added from the new PatternRepository.

• Over 100 new patterns have been added to the repository.

• Dictionaries tab:

• New predefined dictionaries have been added.

• New columns indicate the status of the dictionary's automaticupdates.

• Improved form for creating and editing dictionaries.



• Ability to enable or disable individual entries.

• Ability to search an entire dictionary.

• File Types tab:

• Ability to configure how different file types are scanned:

• Not scanned

• Only content is scanned

• Metadata is scanned

• Both content and metadata are scanned

• Hit count settings - A Hit count property can now be defined forindividual rule conditions, which determines how the hit count for thecondition will be calculated.

• Testing rules - The UI for testing a rule has been improved.

• Regular expressions - The UI for defining regular expressions hasbeen improved.

• Schedules tab - Now indicates which file servers are affected by theschedule.

DCF Engine Enhancements

5.9

In this version, performance of the DCF engine has been optimized so thatmultiple files in a folder can be scanned at once. The Classification MonitorUI has been updated accordingly.

Reports

New Reports in This Version

5.9.71

The following report templates are new in this version of DatAdvantage:

• Report 6.b.02, DatAlert Threshold Rules - This report displays alerts onthe threshold rule type, grouped by alert GUID. The information providedin this report enables you to view each instance in which an alert rule'scriteria were met.

• Report 8.a.02, Varonis Service Accounts - This report displays all serviceaccounts used by the system.

5.9.50


• Report 4.g.02, Sensitive Folders by Risk Percent - This report displays alist of folders that directly contain files with classification hits.

• Report 4.k.02, Folder Permission Tracking - This report displays historicalfolder permissions on the specified dates.

• Report 14.a.01, General File System Statistics - For the selected fileserver, this report displays general file system statistics on the specifieddate.



• Report 14.a.02, File System Action Items Statistics - For the selected fileserver, this report displays detailed statistics for file system action itemson the specified date.

• Report 14.a.03, Sensitive Files Statistics - For the selected file server,this report displays detailed statistics for the files containing sensitivedata.

• Report 14.b.01, Comparative File System Statistics - For the selected fileserver, this report displays percentage changes in file system statisticsduring the defined time period.

• Report 14.b.02, Comparative File System Action Items Statistics - Forthe selected file server, this report displays percentage changes in filesystem action items during the defined time period.

• Report 14.b.03, Comparative Sensitive File Statistics - For the selectedfile server, this report displays percentage changes in the statisticscalculated on sensitive files during the defined time period.

• Report 14.c.01, Trends in File System Statistics - This report displays aline chart which represents the changes in various file system statisticsduring the defined period.

• Report 14.d.01, General Directory Service Statistics (per Domain) -For the selected domain, this report displays general directory servicestatistics on the specified date.

• Report 14.d.02, User-Related Action Items (per Domain) - This reportdisplays directory service statistics for the user-related action items oneach domain on the specified date.

• Report 14.d.03, Group-Related Action Items (per Domain) - For theselected domain, this report displays directory service statistics for group-related action items on the specified date.

• Report 14.e.01, User-Related Action Items (per Business Unit) - For theselected business unit, this report displays directory service statistics foruser-related action items on the specified date.

• Report 14.e.02, Activity-Related Action Items (per Business Unit) - Forthe selected business unit, this report displays directory service statisticsfor activity-related action items on the specified date.

• Report 14.f.01, Comparative Directory Service Statistics (per Domain)- For the selected domain, this report displays percentage changes indirectory service statistics during the defined time period.

• Report 14.f.02, Comparative User-Related Action Items (per Domain) -For the selected domain, this report displays percentage changes in user-related action items during the defined time period.

• Report 14.f.03, Comparative Group-Related Action Items (per Domain)- For the selected domain, this report displays percentage changes ingroup-related action items during the defined time period.

• Report 14.g.01, Comparative User-Related Action Items (per BusinessUnit) - For the selected business unit, this report displays percentagechanges in the user-related action items during the defined time period.

• Report 14.g.02, Comparative Activity-Related Action Items (per BusinessUnit) - For the selected business unit, this report displays percentagechanges in the activity-related action items during the defined timeperiod.



• Report 14.h.01, Trends in Directory Service Statistics - This reportdisplays a line chart which represents the changes in various directoryservice statistics during the defined period.

• Report 14.i.01, Trends per Business Unit - This report displays a barchart which compares the values for the selected directory service metricbetween business units during the specified interval.

5.9


• Report 4.a.02, Effective Permissions on Sensitive Files - This reportdisplays a breakdown of all users and groups that have permissions onsensitive files grouped by file server and access path.

• Report 4.b.02, Direct Permissions for Empty Groups - This report enablesadministrators to quickly and easily list unique permissions by emptygroup and file server. It is possible to drill down within each group to seeindividual permissions.

• Report 4.b.03, Open NTFS Permissions - This report lists global accessgroups that have direct permissions on a monitored file server, and thenumber of permissions for each group. The number of folders open toglobal access groups on a file server is displayed after the name of thefile server

• Report 4.b.04, Special and Deny Permissions - This report lists users andgroups that have unique permissions which deny users access or allowaccess in a special manner to files or folders on a monitored file server.

• Report 4.b.05, Inconsistent Permissions - This report enablesadministrators to quickly and easily list users and groups that haveinconsistent permissions on a monitored file server.

• Report 4.f.02, Stale Data - This report lists the folders which contain filesthat have not been modified after a specified date (the threshold date),grouped by file server. All the files directly under a folder that appear inthis report can be archived.

• Report 4.f.03, Empty Folders - This report lists the folders that are emptyon a monitored file server.

• Report 4.f.04, Large Folders - This report lists large folders on monitoredfile servers according to the number and size of the subfolders.

• Report 9.i.01, Executive Stale Data - This report is a pie chart thatdisplays the percentage of memory on a specific file server that can besaved by moving all the data not modified on or before a specified date(the staleness threshold date).

Changes to Filters

5.9.71

Now available in 5.9.71:

• Alert rule type - Filters according to the type of alert rule, which can be:

• Standard

• ThresholdAvailable now in report 6b.

• Display inactive folders only if all their subfolders are inactive - Filters todisplay inactive folders only if these folders and their subfolders have no



events. Child folders of inactive folders are not displayed. Available nowin report 7b.

• Exclude activity by - A compound filter which excludes events performedby the selected users or users in the selected group. If only the selecteduser performed events on a folder, that folder is considered inactive.Available now in report 7b.

• Parameter - Filters according to the name of the parameter, whichprovides information on the component. Available now in report 8a.

• The Member name category was renamed to Member.

• The Group name category was renamed to Group.

• AD properties category

• The following properties were added:

• Display name

• Domain name

• OU name

• OU path

• SAM account nameThis affects the following reports: 1.a, 2.a, 3.a, 3.b, 3.e, 4.a, 4.b, 4.e,4.j, 4.k, 7.a, 12.i.

• DatAlert filters

• The File server filter on the Where tab is no longer mandatory.

• The Resource type filter (under FS properties) can now be used tofilter according to file server type. It refers to the folder level for mixed-mode resources, and the file server for non-mixed-mode resources.

5.9.61


• Object type - Filters according to the specified object type. Available in allcategory 4 reports.

• User/Group without permissions - Filters to display all the folders onmonitored file servers to which the specified user or group does not haveaccess. Available now in report 12k.

• Show only shares - Filters to display folders that include one of thefollowing:

• All shares

• Only administrative shares

• Only non-administrative sharesAvailable in all category 2 reports. This filter replaces the Is share filter inreports 4a, 4b, 4f, 4g, 4j, 4k, and 7b.

• List special permissions - Filters to display the special permissions forfiles and folders. Available in reports 4a, 4b, 4j, and 4k. If selected, thereport will display the special permissions in the Permissions, CurrentPermissions, and Effective File System Permissions report columns.

• Hide permissions with unresolved or deleted trustees - Filters the resultsto exclude all permissions for deleted trustees or trustees with unresolvedSIDs. Available in reports 4a, 4b, and 4j.



• Permissions - Reports 4.a.01, 4.b.01, 4.j.01, and 4.k.01 - If the Listspecial permissions filter is selected, the Permissions filter can be used tofilter results according to the name of the special permission.

• Users with permissions on all objects - Filters to display permissions forusers having access to all folders retrieved by certain other filters. Nowavailable in the Permissions filter category.

• File activity - A compound filter which returns only the files on whichevents were either performed or not performed on the specified dates.Comprised of the following filters:

• Date

• Files activity

• User name

Note: This default filter is optional. If used together with thecompound filter, only files on which events were either performed ornot performed by the specified user(s) are returned.

Note: The File activity filter is only available in the Data TransportEngine configuration.

• Display users/groups with both share and file system permissions - Filtersto present only rows for which the Share and File System Permissionscolumn contains a value. Now available in the Permissions filter category.

• Exchange client type - If selected, the report displays the device ID of themobile device that created the Exchange event in the IP/Hostname reportcolumn. The report does not display device IDs if the selected Exchangeclient type is Outlook.

5.9.50

The following filters have been added or changed in this version:

• The Classification filter category is now available as follows:

• Reports 1.a and 6.b under the Affected objects category, 2.a, 2.b,2.c, 4.a, 4.b, 4.d, 4.f, 4.g, 4.h, 4.j, 4.k, 5.a, 5.c, 6.b, 7.b, 9.h, 10.a, 0.c,12.a, 12.b, 12.d, 12.e, 12.f, 12.k, 12.l, 12.n.

• Log

• Real-Time Alerts and Data Transport Engine rule scopes

• Total hit count- Replaces the Hit count filter.

• Total hit count (inc. subfolders)- Replaces the Violation count filter.

• Classification results - Compound filter that enables combinedfiltering on both rules and hit count on the rules. It replaces both theDCF notes and Rule name filters.

• Selected object types - Replaces the Retrieve all ancestor foldersfilter.

• Show all files with hits

• Replaces the Special files only filter.

• SharePoint files are no longer retrieved by this filter.

• This filter does not appear in reports 2b, 2.c, 4.d, 10.a, 10c, 12.d, 12.k,12.m, Real-Time Alerts or the Data Transport Engine.

• Scan priority - Replaces the Priority filter.



• Object type - Has been added to the following reports: 2a, 4a, 4b, 4d, 4g,4h, 4j, 4k, 4m, 5a, 5c, 12b, 12d, 12e, 12f, 12l.

New Filters

The following filters have been added in this version, primarily for use withthe Trend Reports on page 50:

Filter Name Description

% change in data usage Filters according to the percentage change in the totalsize of folders managed by users from the selectedbusiness unit.

% change in no. of computer accounts Filters according to the percentage change in thespecified number of computer accounts in eachdomain for the defined period.

% change in no. of disabled users Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the specified number of users in each domainthat are marked as disabled in Active Directory.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of users in eachbusiness unit that are marked as disabled in ActiveDirectory.

% change in no. of empty groups Filters according to the percentage change in thespecified number of empty security groups in eachdomain with no members (including computeraccounts).

% change in no. of enabled but stale users Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentagechange in the specified number of users in eachdomain that are enabled but stale, as determinedby account management configuration in theManagement Console.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of users in eachbusiness unit that are enabled but stale, asdetermined by account management configurationin the Management Console.

% change in no. of enabled locked-out users Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the specified number of enabled users in eachdomain who are locked out of the system.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of enabled usersin each business unit who are locked out of thesystem.

% change in no. of enabled users with expiredpassword

Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the number of enabled users in each domainwhose passwords have expired.




• Reports 14.g.01 and 14.g.02: The percentagechange in the number of enabled users in eachbusiness unit whose passwords have expired.

% change in no. of events Filters according to one of the following:

• Reports 14.b.01 - 14.b.03: The percentage changein the specified number of events that were createdby users on each file server during the defined timeperiod.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of events that werecreated by users in each business unit during thedefined time period.

% change in no. of events on sensitive files Filters according to one of the following:

• Reports 14.b.01 - 14.b.03: The percentage changein the specified number of events on sensitive filesthat were performed by users on each file server.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of events onsensitive files that were performed by users ineach business unit.

% change in no. of files Filters according to the percentage change in thespecified number of files on each file server for thedefined period.

% change in no. of folders Filters according to the percentage change in thespecified number of folders on each file server for thedefined period.

% change in no. of folders that contain sensitive files Filters according to the percentage change in thespecified number of folders that contain sensitive fileson each file server.

% change in no. of folders with global access Filters according to the percentage change in thespecified number of folders with unique permissionsgranted to global access groups via the file systemand share permissions.

% change in no. of folders with inconsistentpermissions

Filters according to the percentage change inthe specified number of folders with inconsistentpermissions on each file server.

% change in no. of folders with stale data Filters according to the percentage change in thespecified number of folders with stale data on each fileserver for the defined period.

% change in no. of folders with unresolved SIDs Filters according to the percentage change in thespecified number of folders that have ACLs withunresolved SIDs on each file server. This includesinherited folders.

% change in no. of folders with user ACEs Filters according to the percentage change in thespecified number of folders with permissions that




were granted directly to user accounts. This includesinherited permissions.

% change in no. of global access groups Filters according to the percentage change in thespecified number of global access groups (such asEveryone, Domain Users and Users) in each domain,as defined in the Management Console.

% change in no. of global access groups Filters according to the percentage change in thespecified number of global access groups (such asEveryone, Domain Users and Users) in each domain,as defined in the Management Console.

% change in no. of groups Filters according to the percentage change in thespecified number of groups in each domain for thedefined period.

% change in no. of groups with recommendations Filters according to the percentage change in thespecified number of groups in each domain thatcontain members with recommendations based onIDU Analytics.

% change in no. of identified data owners Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the specified number of users in each domainwho are defined as data owners in DatAdvantage.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of users in eachbusiness unit who are defined as data owners inDatAdvantage.

% change in no. of inherited folders Filters according to the percentage change in thespecified number of folders with only inheritedpermissions on each file server for the defined period.

% change in no. of looped nested groups Filters according to the percentage change in thespecified number of looped nested groups in eachdomain for the defined period.

% change in no. of mailboxes Filters according to the percentage change in thespecified number of mailboxes in each ExchangeStorage Group for the defined period.

% change in no. of mailboxes with permissions forusers/groups other than owner

Filters according to the percentage change in thespecified number of mailboxes that have permissionsfor users and groups other than the mailbox owner.

% change in no. of managed folders Filters according to the percentage change in thespecified number of managed folders on each fileserver for the defined period.

% change in no. of non-administrator groups withadministrator members

Filters according to the percentage change in thespecified number of critical groups in each domainthat have administrator members.

% change in no. of OUs Filters according to the percentage change in thespecified number of organizational units in eachdomain for the defined period.




% change in no. of permission entries Filters according to the percentage change in thespecified number of permission entries on all files andfolders on each file server.

% change in no. of protected folders Filters according to the percentage change inthe specified number of folders with no inheritedpermissions on each file server for the defined period.

% change in no. of public folders Filters according to the percentage change in thespecified number of public folders, not includingsubfolders, in each Exchange Storage Group for thedefined period.

% change in no. of sensitive files Filters according to the percentage change in thespecified number of sensitive files on each file server.

% change in no. of sensitive files accessible by globalaccess groups

Filters according to the percentage change in thespecified number of sensitive files that can beaccessed by global access groups via the file systemand share permissions.

% change in no. of sensitive folders accessible byglobal access groups

Filters according to the percentage change in thespecified number of sensitive folders that can beaccessed by global access groups via the file systemand share permissions.

% change in no. of stale public folders Filters according to the percentage change in thespecified number of stale public folders on each fileserver.

% change in no. of stale sensitive files Filters according to the percentage change in thespecified number of stale sensitive files on each fileserver.

% change in no. of stale user accounts Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the specified number of stale user accountsin each domain, as determined by accountmanagement configuration in the ManagementConsole.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of stale useraccounts in each business unit, as determinedby account management configuration in theManagement Console.

% change in no. of unique folders Filters according to the percentage change in thespecified number of unique folders on each file serverfor the defined period.

% change in no. of unique permission entries Filters according to the percentage change in thespecified number of unique permission entries on allfiles and folders on each file server.

% change in no. of unmanaged protected folders Filters according to the percentage change in thespecified number of unmanaged protected folders oneach file server for the defined period.




% change in no. of users Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the specified number of users in each domain forthe defined period.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of users in eachbusiness unit for the defined period.

% change in no. of users with activity on sensitive files Filters according to the percentage change in thespecified number of users in each business unit whohave events on sensitive files.

% change in no. of users with password that neverexpires

Filters according to one of the following:

• Reports 14.f.01 - 14.f.03: The percentage changein the specified number of users in each domainwho have a password that never expires.

• Reports 14.g.01 and 14.g.02: The percentagechange in the specified number of users in eachbusiness unit who have a password that neverexpires.

% change in no. of users with removalrecommendations

Filters according to the percentage change in thespecified number of users in each domain withrecommendations based on IDU Analytics.

% change in size of all files and folders Filters according to the percentage change in the totalsize of all files and folders on each file server for thedefined period.

% change in size of folders with stale data Filters according to the percentage change in thespecified size of folders with stale data on each fileserver for the defined period.

% change in size of managed folders Filters according to the percentage change in thespecified size of managed folders on each file serverfor the defined period.

% change in size of public folders Filters according to the percentage change inthe specified size of public folders, not includingsubfolders, in each Exchange Storage Group for thedefined period.

% change in size of sensitive files Filters according to the percentage change in the totalsize of sensitive files on each file server.

% change in size of stale public folders Filters according to the percentage change in thespecified size of stale public folders on each fileserver.

Business Unit Filters according to the selected business unit definedin the Trend Reports tab of the Management Console.

Change percent calculation method Defines the method of calculation for the percentagechange, which can be one of the following:

• Simple - Calculates according to the standardpercentage change formula




• Proportional to data growth - Calculates apercentage change which takes into account theoverall data growth on the file server. For example,the percentage change in the number of uniquefolders, which is relative to the change in thenumber of folders on the file server.

Change type Filters according to the type of change made topermissions, which can be one of the following:

• Unchanged - No changes were made topermissions

• Permission added - A user/group with nopermissions on the folder was granted permissionson the folder

• Permission changed - A change was made to theuser/group permissions on the folder

• Permission removed - A user/group withpermissions on the folder no longer haspermissions on the folder

Data usage (GB) Filters according to the specified size of foldersmanaged by users from the selected business unit,in gigabytes. If the Filter by percentage option isselected, this is the percentage of folders managedby users in the business unit out of the total size ofmanaged folders in the file system.

Domains Filters according to the selected domain.

Hit count (on selected rules) Part of the Classification results compound filter.Filters on the total hit count on all the rules selected inthe Rule names filter (per rule).

Metrics display mode Defines the mode in which the metric values inthe report are displayed, which can be one of thefollowing:

• Both absolute value and percentage

• Absolute value

• Percentage

No. of computer accounts Filters according to the specified number of computeraccounts on each domain on the selected date.

No. of disabled users Filters according to one of the following:

• Report 14.d.01 - 14.d.03: Number of users in eachdomain that are marked as disabled in ActiveDirectory. If the Filter by percentage option isselected, this is the percentage of disabled usersout of the total number of users in the domain. Thevalue must be between 0 and 100.

• Report 14.e.01 - 14.e.02: Number of users in eachbusiness unit that are marked as disabled in ActiveDirectory. If the Filter by percentage option isselected, this is the percentage of disabled users




out of the total number of users in the businessunit. The value must be between 0 and 100.

No. of empty groups Filters according to the specified number of emptysecurity groups in each domain with no members(including computer accounts). If the Filter bypercentage option is selected, this is the percentageof empty groups out of the total number of groups inthe domain.

No. of enabled but stale users Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of usersin each domain that are enabled but stale, asdetermined by account management configurationin the Management Console. If the Filter bypercentage option is selected, this is thepercentage of enabled but stale users out of thetotal number of users in the domain.

• Reports 14.e.01 - 14.e.02: Number of usersin each business unit that are enabled butstale, as determined by account managementconfiguration in the Management Console. If theFilter by percentage option is selected, this is thepercentage of enabled but stale users out of thetotal number of users in the business unit.

No. of enabled locked-out users Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of enabledusers in each domain who are locked out ofthe system. If the Filter by percentage option isselected, this is the percentage of enabled locked-out users out of the total number of users in thedomain.

• Reports 14.e.01 - 14.e.02: Number of enabledusers in each business unit who are locked outof the system. If the Filter by percentage option isselected, this is the percentage of enabled locked-out users out of the total number of users in thebusiness unit.

No. of enabled users with expired password Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of enabledusers in each domain whose passwords haveexpired. If the Filter by percentage option isselected, this is the percentage of enabled userswith an expired password out of the total number ofusers in the domain.

• Reports 14.e.01 - 14.e.02: Number of enabledusers in each business unit whose passwordshave expired. If the Filter by percentage option isselected, this is the percentage of enabled userswith an expired password out of the total number ofusers in the business unit.




No. of events Filters according to the specified number of eventsthat were created by users in each business unit.

No. of events on sensitive files Filters according to one of the following:

• Reports 14.a.01 - 14.a.03: Number of events onsensitive files that were performed by users onthe selected file server. If the Filter by percentageoption is selected, this is the percentage of eventson sensitive files out of the total number of eventson the file server.

• Reports 14.e.01 - 14.e.02: Number of events onsensitive files that were performed by users in theselected business unit. If the Filter by percentageoption is selected, this is the percentage of eventson sensitive files out of the total number of eventsin the business unit.

No. of files Filters according to the specified number of files oneach file server.

No. of files with hits Returns the number of files with hits.

No. of files with hits (selected rules) Report 4g only: Part of the Classification resultscompound filter. If this filter is added to the compoundfilter, it returns the number of files with hits for theselected rules.

No. of folders Filters according to the specified number of folders oneach file server.

No. of folders that contain sensitive files Filters according to the specified number of foldersthat contain sensitive files on the file server. If theFilter by percentage option is selected, this is thepercentage of folders that contain sensitive files out ofthe total number of folders on the file server.

No. of folders with global access Filters according to the specified number of folderswith unique permissions granted to global accessgroups via the file system and share permissions. Ifthe Filter by percentage option is selected, this is thepercentage of folders with global access out of thetotal number of folders on the file server.

No. of folders with inconsistent permissions Filters according to the specified number of folderswith inconsistent permissions on the file server. Ifthe Filter by percentage option is selected, this is thepercentage of folders with inconsistent permissionsout of the total number of folders on the file server.

No. of folders with stale data Filters according to the specified number of folderswith stale data on the file server. If the Filter bypercentage option is selected, this is the percentageof folders with stale data out of the total number offolders on the file server.

No. of folders with unresolved SIDs Filters according to the specified number of foldersthat have ACLs with unresolved SIDs on each file




server. This includes inherited folders. If the Filter bypercentage option is selected, this is the percentageof folders with unresolved SIDs out of the total numberof folders on the file server.

No. of folders with user ACEs Filters according to the specified number of folderswith permissions that were granted directly to useraccounts. This includes inherited permissions. If theFilter by percentage option is selected, this is thepercentage of folders with user ACEs out of the totalnumber of folders on the file server.

No. of global access groups Filters according to the specified number of globalaccess groups in each domain as defined in theManagement Console. If the Filter by percentageoption is selected, this is the percentage of globalaccess groups out of the total number of groups in thedomain.

No. of groups Filters according to the specified number of groups ineach domain on the selected date.

No. of group changes Filters according to the number of group membershipchange events in each domain from the last calculateddate.

No. of groups with recommendations Filters according to the specified number ofgroups in each domain that contain members withrecommendations based on IDU Analytics. If theFilter by percentage option is selected, this is thepercentage of groups with recommendations out ofthe total number of groups in the domain.

No. of identified data owners Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of users ineach domain who are defined as data owners inDatAdvantage. If the Filter by percentage optionis selected, this is the percentage of identifieddata owners out of the total number of users in thedomain.

• Reports 14.e.01 - 14.e.02: Number of usersin each business unit who are defined asdata owners in DatAdvantage. If the Filterby percentage option is selected, this is thepercentage of identified data owners out of thetotal number of users in the business unit.

No. of inherited folders Filters according to the specified number of folderswith only inherited permissions on each file server. Ifthe Filter by percentage option is selected, this is thepercentage of inherited folders out of the total numberof folders on the file server.

No. of looped nested groups Filters according to the specified number of loopednested groups in each domain on the specified date. Ifthe Filter by percentage option is selected, this is the




percentage of looped nested groups out of the totalnumber of groups in the domain.

No. of mailboxes Filters according to the specified number of mailboxesin each Exchange Storage Group.

No. of mailboxes with permissions for users/groupsother than owner

Filters according to the specified number of mailboxesthat have permissions for users and groups other thanthe mailbox owner. This does not include the numberof mailboxes that have permissions for administrators.If the Filter by percentage option is selected, this isthe percentage of mailboxes with permissions forusers and groups other than the Owner out of the totalnumber of mailboxes on the file server.

No. of managed folders Filters according to the specified number of managedfolders on each file server. If the Filter by percentageoption is selected, this is the percentage of managedfolders out of the total number of folders on the fileserver.

No. of non-administrator groups with administratormembers

Filters according to the specified number of criticalgroups in each domain that have administratormembers. If the Filter by percentage option isselected, this is the percentage of non-administratorgroups with administrator members out of the totalnumber of groups in the domain.

No. of OUs Filters according to the specified number oforganizational units in each domain on the selecteddate.

No. of permission entries Filters according to the specified number ofpermission entries on each file server.

No. of protected folders Filters according to the specified number of folderswith no inherited permissions on each file server. Ifthe Filter by percentage option is selected, this is thepercentage of protected folders out of the total numberof folders on the file server.

No. of public folders Filters according to the specified number of publicfolders, not including subfolders, in each ExchangeStorage Group.

No. of sensitive files Filters according to the specified number of sensitivefiles on each file server. If the Filter by percentageoption is selected, this is the percentage of sensitivefiles out of the total number of files on the file server.

No. of sensitive files (selected rules) Report 4g only: Part of the Classification resultscompound filter. If this filter is added to the compoundfilter, it returns the number of sensitive files found bythe selected rules.

No. of sensitive files accessible by global accessgroups

Filters according to the specified number of sensitivefiles that can be accessed by global access groups viathe file system and share permissions. If the Filter by




percentage option is selected, this is the percentageof sensitive files accessible by global access groupsout of the total number of sensitive files on the fileserver.

No. of sensitive folders accessible by global accessgroups

Filters according to the specified number of sensitivefolders that can be accessed by global access groupsvia the file system and share permissions. If theFilter by percentage option is selected, this is thepercentage of sensitive folders accessible by globalaccess groups out of the total number of sensitivefolders on the file server.

No. of stale public folders Filters according to the specified number of stalepublic folders on each file server. If the Filter bypercentage option is selected, this is the percentageof stale public folders out of the total number of publicfolders on the file server.

No. of stale sensitive files Filters according to the specified number of stalesensitive files on each file server. If the Filter bypercentage option is selected, this is the percentageof stale sensitive files out of the total number of fileson the file server.

No. of stale user accounts Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of staleuser accounts in each domain, as determinedby account management configuration in theManagement Console. If the Filter by percentageoption is selected, this is the percentage of staleuser accounts out of the total number of users inthe domain.

• Reports 14.e.01 - 14.e.02: Number of stale useraccounts in each business unit, as determinedby account management configuration in theManagement Console. If the Filter by percentageoption is selected, this is the percentage of staleuser accounts out of the total number of users inthe business unit.

No. of unique folders Filters according to the specified number of uniquefolders on each file server. If the Filter by percentageoption is selected, this is the percentage of uniquefolders out of the total number of folders on the fileserver.

No. of unique permission entries Filters according to the specified number of uniquepermission entries on all files and folders on each fileserver. If the Filter by percentage option is selected,this is the percentage of unique permission entries outof the total number of permission entries on the fileserver.

No. of unmanaged protected folders Filters according to the specified number ofunmanaged protected folders on each file server. If




the Filter by percentage option is selected, this is thepercentage of unmanaged protected folders out of thetotal number of protected folders on the file server.

No. of users Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of users ineach domain on the selected date

• Reports 14.e.01 - 14.e.02: Number of users ineach business unit on the selected date

No. of users with activity on sensitive files Filters according to the specified number of users ineach business unit who have events on sensitive files.If the Filter by percentage option is selected, this is thepercentage of users that have accessed sensitive filesout of the total number of users in the business unit.

No. of users with password that never expires Filters according to one of the following:

• Reports 14.d.01 - 14.d.03: Number of users ineach domain who have a password that neverexpires. If the Filter by percentage option isselected, this is the percentage of users witha password that never expires out of the totalnumber of users in the domain.

• Reports 14.e.01 - 14.e.02: Number of users ineach business unit who have a password thatnever expires. If the Filter by percentage optionis selected, this is the percentage of users witha password that never expires out of the totalnumber of users in the business unit.

No. of users with removal recommendations Filters according to the specified number of usersin each domain with recommendations based onIDU Analytics. If the Filter by percentage option isselected, this is the percentage of users with removalrecommendations out of the total number of users inthe domain.

Permissions on from date When the Date filter is used with the Compareoperator, the Permissions on from date filter sets thefirst date to be compared.

Permissions on to date When the Date filter is used with the Compareoperator, the Permissions on to date filter sets thesecond date to be compared.

Risk % Displays the risk priority calculation.

Risk % (selected rules) Displays the risk priority calculation with regard to therules selected in the Classification results filter.

Scan priority A numerical value representing the importance of thefolder in the classification scan.

Show values on start and end dates If this filter is set to True, the report displays the filesystem metric values on the specified start and end




dates. The report displays the absolute values next tothe percentage change.

Size of all files and folders (GB) Filters according to the specified size of all files andfolders on each file server, in gigabytes.

Size of folders with stale data (GB) Filters according to the specified size of folders withstale data on each file server, in gigabytes. If theFilter by percentage option is selected, this is thepercentage of the total size of folders with stale dataout of the total size of all files and folders on the fileserver.

Size of managed folders (GB) Filters according to the specified size of managedfolders on each file server, in gigabytes. If the Filter bypercentage option is selected, this is the percentageof the size of managed folders out of the total size ofall files and folders on the file server.

Size of public folders (GB) Filters according to the specified size (in gigabytes)of public folders, not including subfolders, in eachExchange Storage Group.

Size of stale public folders (GB) Filters according to the specified size (in gigabytes) ofstale public folders on each file server. If the Filter bypercentage option is selected, this is the percentageof the size of stale public folders out of the total size ofpublic folders on the file server.

Total size of sensitive files (GB) Filters according to the total size (in gigabytes) ofsensitive files on each file server. If the Filter bypercentage option is selected, this is the percentageof the total size of sensitive files out of the total size ofall files and folders on the file server.

Trend Filters according to the selected trend. For a list ofavailable trends, see the Management Console UserGuide.

Trend Interval Filters according to specified period of time and theinterval for which the metrics are calculated. This is acompound filter, comprised of the following:

• Date

• Interval

5.9.20

The following filters have been added or changed in this version:

Filter name Description

File properties Compound filter that returns the name and/or type ofthe relevant file.

File name (including extension) Part of the File properties compound filter. Returns thename of the relevant file, including its extension.




File name and type Part of the File properties compound filter. Returnsboth the name and type of the relevant file.

Is share Now available in this version. Filters according tofolders on which a share exists.

Selected object types Part of the Classification results compound filter.Formerly called Retrieve all ancestor folders. Specifiesthe types of objects to be returned by the compoundfilter: files with hits, folders containing files with hits, orancestor folders.

Starting directory depth Starts the search for base folder recommendationsonly below all folders at the specified depth (relative tothe volume).

Starting directory name Starts the search for base folder recommendationsonly below the specified folder.

5.9

The following filters have been added in this version:


Acting accounts list Filters according to users and computers listed in aCSV file. The CSV file syntax is as follows:

• <account> | <path>Where <account> is the name of the account asit appears in the database. In addition, keep thefollowing in mind:

• The Acting accounts list filter requires Readpermissions for the IDU service user to the CSVfile specified by the filter.

• For languages other than English, UTF-16 orUCS-2 encoding must be used.

• Extraneous spaces, blanks or paragraphs areforbidden. Their presence in the file will preventDatAdvantage from reading the file.

• The filter is not case-sensitive.

Acting users from group Filters according to the users who are members of theselected group(s), including derived members.

Additional data

Affected accounts list Filters according to users and computers listed in aCSV file. The CSV file syntax is as follows:

• <account> | <path>Where <account> is the name of the account asit appears in the database. In addition, keep thefollowing in mind:

• The Affected accounts list filter requires Readpermissions for the IDU service user to the CSVfile specified by the filter.




• For languages other than English, UTF-16 orUCS-2 encoding must be used.

• Extraneous spaces, blanks or paragraphs areforbidden. Their presence in the file will preventDatAdvantage from reading the file.

• The filter is not case-sensitive.

Affected object type Filters according to the affected object type.

Affected users from group Filters according to the users who are members of theselected group(s), including derived members.

Alert rule name Filters according to the name of the alert rule.

Alert time Filters according to the date and specified period oftime for the alert.

Classification results Compound filter that returns the files and foldershaving classification results according to theconditions in this filter and the direct parent folder ofthese files. Comprised of the following filters:

• Hit count (on selected rules)

• Rule names

• Selected object types

Do not show inherited permissions When selected, only unique permissions on thefolders are listed in the report.

FS owner Filters according to the specified file system owner ofthe object.

Management status Filters according to whether the object has anassigned owner in DatAdvantage.

Rule names Part of the Classification results compound filter.Filters according to files and folders that directlycontain files that have hits on the selected rules.

Severity Filters according to the severity code defined in theRFC 5424 syslog protocol. The rule may be enabled,disabled or deleted.

Changed Filters

The behavior of the following filters has been changed in this version:

• A number of AD Properties filters can be set separately for acting objectsand affected objects in real-time alerts, as well as in the log and in report1a.

Changes to Existing Reports

5.9.71


• Report 4.c.01, This report now supports data-driven subscriptions forresource and directory owners. Resource owners will be able to view all



folders that have NTFS permissions for global groups within the ownedresource. Directory owners will be able to view all folders that have NTFSpermissions for global groups within the owned directory. This report alsosupports hierarchical subscriptions, which enables managers to view thedata owned by their subordinates through report subscriptions.

• Integrated - Report 4.m.01, Permissions for Users and Groups Other thanthe Mailbox Owner - This report now supports data-driven subscriptions.

• It is now possible to select specific report results to be exported orincluded in the report preview.

5.9.61


• New - Report 4b, User or Group Permissions for Directory, now providesthe Account Type column as an additional column.

• New - Report 8c, Active Users by Platform, now includes theADProperties column type to enable selecting Active Directory propertiesas columns in the report.

• New - Report 6.b.01 has been renamed to DatAlert Report. Subscriptionsto this report must be redefined. Otherwise, they will be lost.

• New - Report 12l, Open Share and NTFS Permissions, now provides theShare Path column as an additional column.

• Integrated - Report 4g, Classification and Priorities - The Risk Priority %column now includes both DCF results and DCF external files.

• Integrated - Report 4.m.01, Permissions for Users and Groups Other thanthe Mailbox Owner - This report now supports data-driven subscriptions.

• Integrated - IP/Hostname - This column now displays the uniquedevice ID of a mobile device that created Exchange events. For moreinformation, see Displaying the Device ID in Reports on page 50.

Changes to the Reports View

5.9.50• With this version, the Reports View includes a new Chart Data tab in

some reports. This tab enables users to set the data that will be displayedin charts.

• For reports 14.c.01 and 14.h.01, the following can be selected fordisplay in the line chart:

• Metrics

• The color and line type for each metric

• For report 14.i.01, the following can be selected for display in the barchart:

• Business units

• The color for each business unit

• A new option enables displaying or hiding data labels on charts.

• Report 4.g.01 has undergone several changes, in accordance with otherterminology changes made in the DCF to provide enhanced clarity.

• New default columns:

• Classification Results



• Scan Priority - Renamed from Priority

• Total Hit Count - Renamed from Hit Count

• Risk % - Renamed from Risk Priority %

• Number of Files with Hits

• Number of Sensitive Files

• Additional new columns:

• Hit Count (Selected Rules)

• No. of Files with Hits

• No. of Files with Hits (Selected Rules)

• No. of Sensitive Files

• No. of Sensitive Files (Selected Rules)

• Object Type

• Risk %

• Risk % (Selected Rules)

• Scan Priority

• Classification column type

5.9

With this version, the Reports View has undergone major modifications:

• Templates can now be defined, configured and saved directly in theSearch pane of the report viewer.

• Default filters can be selected, configured and saved in templates.

• Other display options, including the logo and general look and feel,can be customized.

• All these options can be saved in customized templates.

• A description of the filter and the number of returned results can beadded to the displayed reports.

• The report's title can be modified by changing the name of thetemplate.

• Two new panes enable viewing report data prior to exporting the report orcreating a subscription:

• Table View - Report data can be sorted and grouped as needed, priorto generating the formatted report.

• Preview - The formatted report can be previewed prior to generation.

• The Reports List can be manipulated as needed:

• A new search field enables locating reports quickly and easily.

• The list can be sorted and grouped.

• A new option enables hiding categories and displaying a flat list ofreports.

• The Report Template Wizard has been removed.

Selection of Report Results



5.9.71

It is now possible to select specific report results to be exported or includedin the report preview.

• Results are selected in the Table View.

• To include only selected results in the report preview, only the Previewbutton in the Table View can be used. The Preview button in the Searchpane returns all results.

• The selection cannot be saved in a template or a subscription.

Hierarchical Reporting

5.9.61


5.8.70

This version enables defining hierarchical report subscriptions. For severalreports, it is possible to define subscriptions that include the data of bothdata owners and their subordinates. This hierarchical subscription meansmanagers can view information regarding all the data for which they areultimately responsible, without the need to be data owners themselves.

Displaying the Device ID in Reports

5.9.61


5.8.80

With this version, several reports and logs in DatAdvantage can now displaythe unique device ID of a mobile device that created Exchange events. Thedevice ID can be used to identify:

• The mobile device that accessed multiple mailboxes.

• If a mailbox was accessed or used by multiple devices.

The device ID is displayed for all reports and logs which contain the IP/Hostname column.

Trend Reports

5.9.50

This version provides a new category of reports, the Trend Reports ofcategory 14. This category enables the creation of statistics, comparativeand trend reports for business executives, to highlight the improvementin the condition of the file system and directory services following theinstallation of DatAdvantage. For a description of the reports in this category,see New Reports in This Version on page 28.

Report Capping



5.9.50

This version enables configuring the amount of disk space and CPU timethat may be consumed by the generation of IDU Suite reports. Two newsettings are available in the Management Console, on the Reports page:

• Limit report disk usage on all servers to - Set the number of gigabytes thereporting service may use. When the reporting service uses more thanthe specified disk space, report processes are stopped on the relevantserver until the disk usage is less than the limit. In addition, an emailnotification is sent to the system administrator.

• Limit report CPU time on all servers to - Set the number of minutes forwhich the CPU may process instructions from the reporting service.When the reporting service uses more than the specified CPU time,report processes are stopped on the relevant server until the CPU time isless than the limit. In addition, and email notification is sent to the systemadministrator.

Core

SQL 2014 Support

5.9.71

This version provides support for Microsoft SQL 2014, Standard orEnterprise edition.

Exchange 2013 Beta Agent

5.9.71

This version provides a new agent for use with Exchange 2013. The agent isin beta mode.

The beta agent differs in several ways from the standard (GA) agent,primarily in the way in which it interacts and connects with the MBX and CASservers:

• All connections are made through RPC over HTTPS.

• Since collection of the IP address is not supported on Exchange 2013,only the MAPI agent is installed on the MBX.

• There is no need to specify use of additional protocols. Since the betaagent resides on the MBX, all events created through the additionalprotocols are always collected.

Installation

• In a mixed environment, the standard (GA) agent can be installed onExchange 2003, 2007 and 2010 Storage Groups while the beta agent isinstalled on Exchange 2013 Storage Groups (this is the recommendedoption).

• If only an Exchange 2013 Storage Group is selected for installation, onlythe beta agent is installed.

• If only the standard (GA) agent is selected for installation, Exchange2013 Storage Groups cannot be monitored.



• Since the beta agent is backward-compatible, it is also possible to installonly the beta agent on all Storage Groups.

Note: If the agent configured for an existing Storage Group is changed,events may be lost due to replacement of the agent.

Upgrade

During upgrade to 5.9.71, the standard agent is retained for all existingExchange Storage Groups.

Exchange 2013 and 2013 SP1 Support

5.9.71

With this version, support is provided for Exchange 2013 as follows:

• Exchange 2013, build 15.0

• Exchange 2013 SP1, build 15.1

SharePoint 2013 SP1 Support

5.9.71

This version provides full support for SharePoint 2013 SP1.

SQL 2012 SP1 Support

5.9.62

This version provides support for Microsoft SQL 2012 SP1.

Windows 8.1 Support

5.9.61

This version provides support for Windows 8.1 as a platform on which to runthe DatAdvantage user interface.

Debian 6 Support

5.9.61

This version provides support for Debian 6 Kernel 2.6.32 SMP - 64 bit.

SharePoint Agent Generally Available

5.9.61

The Varonis SharePoint agent is now generally available (GA).

SharePoint 2013 Support Generally Available

5.8.81

Support for SharePoint 2013 is generally available (GA) with IDU Suite5.8.81.



5.8.70

In this version, SharePoint 2013 supports both the Data Transport Engineand the commit service. In addition:

• Classic Windows authentication is supported, since Windows ClaimsAccounts are supported (Claims-Based authentication that uses Domain\Username as the IdentifyClaim).

• Federated domains and other Claims authentication methods are notsupported.

• No setup is required.

5.8.53

This version provides partial support (beta release) for SharePoint 2013.The Data Transport Engine and the commit service are not supported forSharePoint 2013.

SharePoint Installation

5.9.61


5.8.70

In this version, it is no longer necessary to create a database on theSharePoint SQL instance (the VaronisSharePoint database). Instead, thecollection of security events has been simplified such that the SharePointagent now pulls all security events. Duplicate events are filtered in the Probedatabase.

Centrify Support

5.9.61


5.8.60

The IDU Suite supports the following versions of Centrify:

• DirectControl 4

• Centrify Suite 2013

Exchange 2010 SP3 Support

5.9.61


5.8.60

With this version, support is provided for Exchange 2010 SP3, build 14.3.x.

Solaris 11 Support



5.9.61


5.8.70

In this version, SharePoint 2013 supports both the Data Transport Engineand the commit service. In addition:

• Classic Windows authentication is supported, since Windows ClaimsAccounts are supported (Claims-Based authentication that uses Domain\Username as the IdentifyClaim).

• Federated domains and other Claims authentication methods are notsupported.

• No setup is required.

5.8.53

This version provides partial support (beta release) for SharePoint 2013.The Data Transport Engine and the commit service are not supported forSharePoint 2013.

NetApp Cluster Mode

5.9.61


5.8.70

NetApp OnTap 8.2 Cluster Mode is now supported.

EMC Isilon Support

5.9.61


5.8.80

EMC Isilon OneFS 7.1.0.1 is now supported for use with CEPA eventcollection.

Conversion of Probes to Collectors

5.9.61


5.8.80

It is now possible to convert an existing Probe to a Collector if the Probemeets the following conditions:

• No Collector can be connected to the source Probe.

• The Probe to be converted cannot be consolidated with the IDU Server.

• There must be at least two Probes installed in the environment, so that atleast one Probe remains after conversion.



Probe Proxies

5.9.61


5.8.80

Probe proxies are once again supported with this version.

Renaming of BlueArc to Hitachi NAS

5.9.50

All references to BlueArc, throughout the IDU Suite, have been rebranded toHitachi NAS.

Incremental FileWalk

5.9.50

In this version, FileWalk can be configured to run incrementally, to scan onlydirectories with new events. The scope of the incremental scan is calculatedaccording to event data.

The FileWalkStatus table contains a new column,FullFileWalkTimeStamp, to enable monitoring full mode sessions andcalculating the next full mode run time. The WalkTime column is used byboth incremental and full mode.

Incremental FileWalk does not support directory services, Exchange fileservers or non-CIFS file servers. If an attempt is made to run FileWalk inincremental mode on either of these resources, FileWalk automaticallyswitches to full mode.

Known Issue

ACL data returned by incremental FileWalk may be incorrect or irrelevantif the parent permissions were changed. This happens because parentdirectories may not be scanned, so permission data is incomplete.

PowerShell Support for Exchange Administration Events

5.9.50

This version introduces support for Exchange administration events throughPowerShell cmdlets and the Exchange Management Console (EMC).

PowerShell support is enabled only for Exchange 2010 servers.

Supported Events

The following PowerShell events are supported:

• Mailbox permissions added (including Send As)

• Mailbox permissions removed (including Send As)

• Public folder administrative permissions added

• Public folder administrative permissions removed



• Public folder permissions added

• Public permissions removed

• Public permissions added

• Public permissions changed

• Public permissions removed

History of Differences

The new events are reflected in the history of differences as follows:

• For each permission event, two rows are created: one audit event andone history of differences event.

• Inheritance is not reflected in the history of differences in any way; noadditional event is recorded for the child objects of the object whosepermission was changed.

Commit Engine

5.9

With this version, the Commit engine has been enhanced to includedistributed commit services on Probes and Collectors, as well as the abilityto run parallel commands. These enhancements improve the Commitengine's performance.

Upgrade

Upgrade Flows

Customers who want to upgrade the IDU Suite may do so as follows:

5.9.61• Any previous version of 5.9 may be upgraded directly to 5.9.61.

• All main versions of 5.7 except 5.7.70 may be upgraded directly to 5.9.61.Version 5.7.70 may not be upgraded to 5.9.61.

• All main versions of 5.8 except 5.8.52 may be upgraded directly to 5.9.61.Version 5.8.52 may not be upgraded to 5.9.61.

5.9.51• Versions 5.8.7x may not be upgraded to 5.9.x.

5.9.50• Versions 5.8.6x may not be upgraded to 5.9.50.

5.9• Versions 5.8.23 and higher may be upgraded directly to 5.9.

• Versions from 5.8 to 5.8.22 must be upgraded first to 5.8.23 or higher andthen upgraded to 5.9.

• Versions 5.7.34, 5.7.71 and 5.5.72 may be upgraded directly to 5.9(version 5.7.70 cannot be upgraded to 5.9).



• Versions lower than 5.7.34 must be upgraded first to 5.7.34 and thenupgraded to 5.9.

Filters and Subscriptions

5.9.50• The DCF notes and Rule name filters have been deprecated and are

no longer available. However, existing subscriptions and templatescontaining these filters are still functional and need not be redefined.

Licensing

Evaluation Licenses

5.9.71

With this version, it is possible to suppress the grace period for evaluationlicenses according to platform. If the number of days set for a particularplatform's license is reached, the grace period will not start and the IDUSuite will behave as if the grace period has finished.

5.9.61

Now available in 5.9.61. In addition, the following changes have also beenmade:

• DatAlert

• Indications of expired licenses will appear for the relevant file serversthroughout DatAlert.

• DatAlert still calculates the scope of folders residing on expired fileservers and volumes, and still sends the commands to the relevantProbes. However, no alerts are sent as events are not collected onthose resources.

• DatAlert will only run on mixed-mode volumes if both the Windowsand the Unix license are valid.

• After the folder scope is sent to the Probe, it is updated only during thesubsequent scope sync.

• Automatic share detection

• Shares on resources with expired licenses cannot be detectedautomatically.

• Mixed-mode resources - Automatic share detection will continuerunning on the volumes with expired licenses. However, the FileWalkinput volume list will not include these volumes.

• CIFS share discovery

• CIFS share discovery will stop running when the Windows licenseexpires.

5.8.80

With this version, it is possible to run permanent licenses and evaluationlicenses simultaneously. The behavior of the evaluation license changes asfollows when it expires for a particular platform:



• License site - The registration date is now saved in UTC time, not withthe time zone.

• Crawling and event collection

• Will cease on all file servers of the type for which the license hasexpired.

• Will cease on all volumes of the relevant protocol for mixed fileservers.

• PullWalk

• Will cease on all file servers of the type for which the license hasexpired.

• Will continue to run on all volumes of mixed file servers.

• ADWalk

• Domains - Will continue to run on all configured domains, provided atleast one platform remains licensed.

• File servers - Will cease on all file servers of the type for which thelicense has expired.

• Will continue to run on all volumes of mixed file servers.

• Active SharePoint and Exchange licenses - Local account resolutionwill continue.

• DFSWalk - Will only run when it detects a valid Windows license.

• Mail alerts will be sent regarding pending license expiration.

• Indications of expired licenses will appear for the relevant file serversthroughout the DatAdvantage and Management Console UIs.

• Historical data collected from expired file servers will be available in allreports.

• For expired file servers or individual volumes of mixed file servers,historical folder structure is not available in the Work Area folder tree.


• If the source defined in a rule includes file servers or volumes thatlater expire, the rule will continue to run without error but the data fromthe expired item will not be calculated.

• If the destination defined in a rule includes file servers or volumes thatlater expire, the rule will stop running with an error.

• If a rule is calculated prior to license expiration, it will run as calculatedeven if the source or destination subsequently expires.

• Mixed mode folders

• Source folders for which the Unix license has expired are stillincluded in the source scope calculation.

• Mixed-mode folders can only be selected as the destination if bothlicenses (Windows and Unix) are valid.

• DCF

• The DCF does not run on file servers or folders with an expiredlicense. No specific error is sent.

• Mixed mode - Source folders for which the Unix license has expiredare still included in the source scope calculation.

• All folders in the buffer are scanned even after license expiration.

• File server configuration



• No change will be made to file server configuration. All values willremain as they were prior to license expiration.

• All values can be edited, shares can be added or removed, etc.

• File servers with expired licenses can be deleted.

• Automatic site detection does not run for SharePoint if the license isexpired.

• Automatic domain controller detection does not run if the domaincontroller's operation system license is expired.

• New file servers cannot be added if the license for the selectedoperating system is expired. This applies to mixed mode as well.

5.8.60

With this version, the amount of data that can be transferred by the DataTransport Engine during the product evaluation period is now limited by theevaluation license (it does not affect permanent software licenses). The datalimit can only be configured by Varonis Support personnel. When the datacounter reaches the configured limit, the Data Transport Engine stops theexecution of all currently running rules. Rules that have not yet reached theReady to Run stage can be calculated as usual.

DatAlert

5.9.50

Licensing for DatAlert is no longer part of the general DatAdvantage license.Instead, it must be purchased separately, similar to the DCF.

Enterprise Installer

Automatic Share Detection

5.9

For details, see Automatic Share Detection on page 20.

Noteworthy or Changed Behavior

The following issues are important for this release:

V5.9.72

N/A

V5.9.71

Issue ID Description

52762 Reports could not be generated if more than four custom themes wereinstalled and the configured theme ID was higher than 4.

55721 Column widths have been adjusted on the Entitlement Review Detailsscreen.




61240 In the DataPrivilege Rule Clauses editor, condition options are nowloaded only after an AD property is selected.

67923 DFS configuration now requires only an authenticated user.

71952 For permission and group membership requests, an email notificationis now sent by default to the requestor and requestee, as well as theauthorizer, informing them that a request has been handled.

71953 For clean installations, the default value of the "Allow administrators toview and edit management screens" setting was changed from "Viewonly" to "View and edit."

78167 For each scrollable DataPrivilege grid that has a fixed header, hoveringthe mouse over the column displays the column header text in aToolTip. Applies to use of Internet Explorer only.

80780 DataPrivilege email is now sent to recipients in the language eachrecipient has defined in the database. If a recipient has not changed hisor her language, mail is sent to in the default language.

81529 The CollectorID parameter in the Get-Collector PowerShell cmdlet isdeprecated in this version. Either LegacyID or FeatureID can be usedin its place.

83002 Performance of the Sites page was improved when SharePoint sitesare automatically detected.

83741 The Start menu on local computers now includes a shortcut for theDataPrivilege Log Collector.

86161 When a Collector is offline, the amount of time during which a job isretried before failing has been lowered from 48 hours to 10 minutes.

86909 In the Statistics view, the date range is now set to the default rangewhen a historical user is double-clicked.

86951 The 3rdPartyApps folder contained an older version of WinSCP. Anewer, more secure version (WinSCP 5.5.4) is now in use.

V5.9.63


81426 In NetApp configuration, the "Collect information regarding localaccounts" option has been changed to "Collect information regardingWindows local groups."

V5.9.62

N/A

V5.9.61


55649 Unsupported event types have been removed from the DatAlert filters.

74715 The name of the DatAlert Raise Dirty Flags job was changed toDatAlert Mark Changes.



V5.9.54

N/A

V5.9.52


76576 It is not possible to upgrade from 5.8.80 to any version of 5.9.

V5.9.51


71009 It is not possible to upgrade from 5.8.70 to any version of 5.9.

V5.9.50

N/A

V5.9.22

N/A

V5.9.21


61435 Memory monitoring capabilities have been added to the ExchangeMAPI agent. This enables logging memory consumption and shuttingdown modules when the memory consumption exceeds a defined limit.

V5.9.20


40276 The UNC path is now displayed in report 4f.

55701 Report subscriptions can now be delivered in XML format.

56164 During import of special files, the log messages of invalid rows are nowaggregated into a single message at the end of the import.

57361 A new job created for Real-Time Alerts periodically monitors allpublisher objects in all Probes and Collectors and writes their status tothe database.

57434 The Real-time Alerts Configuration User role has been added to theinstallation user.

V5.9.3

N/A

V5.9


49145 A Remove All button was added to the Manage Ownership screen inorder to delete all records.




52713 DataPrivilege no longer supports sending email notification toBlackBerry smartphones.

54858 When dates are copied from the grid into the search box, the dateformat may change according to the local machine's regional settings.

Resolved Issues

The following issues have been resolved:

V5.9.72


91373 DatAdvantage failed to detect delete events on Windows 2012 and2012 R2 servers. The problem is resolved by installing patch #91373 orupgrading to DatAdvantage 5.9.72.

V5.9.71


49517 When two Domain Controllers residing on the same domain wereadded to DataPrivilege, it was not possible to enable local groupmonitoring for either Domain Controller.

51799 A performance issue occurred while exporting and importing groupsusing the Bulk Upload tool.

53766 A timeout occurred while signing an entitlement review request withapproximately 1,800 relations.

54742 When an enforced automatic revoke rule was created for a group, therequest to revoke the permission was approved but the user was notremoved.

59531 When two site collections with the same ID were returned by theVaronis SharePoint agent, and the Verify operation was run on the fileserver, the installer stopped functioning.

60417 Even though the option to collect user accounts from BlueArc fileservers is not supported, an ADWalk local account was added for aBlueArc file server in the File Servers table.

61094 When a file server containing DFS roots was not added inDatAdvantage, the daily synchronization process failed.

63872 The Management Console failed to remove a Unix file server when the"Remove Varonis File Server agent" check box was not selected.

65447 When the NFS protocol was shut down on an EMC file server, an erroroccurred and Windows shares were not displayed in the Shares tab.

70488 The PullWalk job stopped responding when auto-approved revokerequests were being calculated.

70539 High CPU usage on the SQL Server hampered performance.




70618 While running a repair using Windows authentication, the logged-onuser account did not have the required permissions, causing the post-upgrade maintenance to fail.

70640 When DataPrivilege was uninstalled, DatAdvantage continued tosearch for DataPrivilege, causing subsequent migrations to fail.

71172 When the IDU and Probe were migrated in a consolidated environment,the Working directory key in the registry did not display the path nameof the Probe's Working directory.

72337 When a new file server was added and local group management wasenabled, the localDomainID in the File Servers table was not displayedin the Domains and removedDomains tables.

73050 In DataPrivilege, when a folder was right-clicked from the Managementscreens and Owners was selected from the context menu, the DataOwners window failed to display the folder owners.

73784 When an automatic rule with a special character was run, thecalculation failed and the entitlement review request was not created.

74100 In DataPrivilege, the Permission Request wizard continued to displaythe "You must select a valid folder to continue" error message eventhough a base or managed folder was already selected.

74996 FileWalk incorrectly marked folders with consistent permissions asfile system inconsistency (FSI) folders, or folders with inconsistentpermissions.

75055 Upgrade failed because all tables were archived and the partitionedview could not be recreated.

77787 In DataPrivilege, two different permission requests were displayedhaving the same group membership request.

77885 When a folder was searched in the Permission Request wizard, atimeout occurred and no error message was received.

78045 When the Requests and Authorizations report was exported to CSV,the CSV file failed to display the sub-report information. Instead, onlythe main report information was displayed.

79074 The Pull AD job stopped functioning for several hours when claims-based information was added to the AD_SidMapping table.

79163 The Health Check & Repair Auto job failed to remove temporaryExchange tables.

79206 .snapshot directories were included in the crawl, causing FileWalk tofail with errors.

79431 Following a clean installation, the "From" email address for email sentby Varonis setting in DataPrivilege was empty.

80962 When adding or editing a SharePoint file server with approximately7,000 site collections, the Sites tree required a long time to load.




80965 When a second SharePoint file server with over 7,000 site collectionswas added, the Management Console required a long time to validatethe request.

81107 Probe services were installed with an unquoted path to the executable.

81643 The Get-LastJobExecution PowerShell command returned incorrectresults, retrieving the first job execution parameters instead of the last.

82032 In DataPrivilege, actions performed in the Data Owners window causedthe folder tree to collapse.

82515 If the user password exceeded 20 characters, it was not possible tosign an entitlement review request.

82598 When UAC was enabled, the DataPrivilege Bulk Upload Utilityinstallation failed. The UAC must be disabled; otherwise, the databaseuser must have the Modify permissions for the Bulk Upload Utility'sinstallation folder.

82958 The Management Console was unable to load the Jobs list due to thelarge size of the JOB_Executions table.

83010 When the Report Deployment tool was run with invalid credentials, noerror message was received.

83011 The Scan, Save and Cancel buttons in the Domain Synchronizationdialog box of DataPrivilege were not visible when Internet Explorer 10was used.

83070 Folder owners can now be uploaded in DatAdvantage using the UNCpath.

83128 When a direct permission request was created on a remote file server(in Asia), the request remained pending until the scheduled databasetime (NY) was reached.

83317 During the run of PullWalk, there was a substantial growth in thedomain database, causing the Sync job to fail.

83501 The US MRN pattern searched for sequences of 20 digits only andfailed to detect numbers of up to 20 digits.

83697 Reports could not be viewed if DataPrivilege was installed on Windows2012 (IIS 8).

83732 A Collector failed to connect to the file server when MSI was pre-installed on the Collector.

83748 An unhandled exception occurred when the Verify option was clickedfrom the Editing File Server dialog box in the Management Console.

83813 Following migration to the Shadow database, CIFS events tables werenot deleted from the Probe database.

83851 When a search was performed from the Statistics view inDatAdvantage, and resources were selected or cleared from theResources picker, the search results were not updated.




83863 The DatAdvantage icons labeled "Added" and "Removed" are nowlabeled "Add" and "Remove." The new icon labels can be viewed in theStatus tab of the Legend.

83932 The CIFS queue did not filter out temporary file events. Instead, it sentthem to the Probe.

84175 When a SharePoint site was installed on a cluster and custom portswere not configured, the URL to the cluster environment was brokenand the connection failed.

84433 When retrieving the CommandID, the execution plan used a table scanof the Job_Commands table, resulting in a number of deadlocks.

84498 When the database account was edited using the Database usersconfiguration option, the Enterprise Installer failed to requestcredentials for Shadows. As a result, not all file servers were displayedin the Credentials grid.

84518 During upgrade, the "Impersonation Failed" error message wasreceived for all Probes and the prerequisites check failed.

84722 When historical and existing folders were uploaded using the BulkUpload tool, ownership could be applied to the historical folders but notto the existing folders.

84869 The run time for report 4b was long, even though only a few folderswere selected in the report.

84953 When the Member name and AD property filters were applied to report3b, the report failed to display all nested relations.

85233 During the configuration of DataPrivilege, no error message wasreceived when the Default Domain Credentials area remained empty.As a result, DataPrivilege stopped functioning.

85330 When creating a data classification rule, it was not possible to view theentire regular expression string in the relevant field.

85403 During the run of the CIFS Events Archive job, duplicate access pathswere generated for an Exchange file server.

85459 An error message was received when the Data Classification enginescanned a folder that contained a file with an invalid Modify date. As aresult, the entire folder was not scanned.

85521 An error message was received while changing the text displayed inthe Resources picker of the Work Area.

85560 When a NetApp file server with a Probe proxy was linked to a Collector,the Probe proxy was ignored.

85583 A signed entitlement review request failed with an error when a relationwas recommended for removal and kept.

85640 The DatAlert Publisher failed to send an alert by email.

85651 DatAdvantage returned empty reports even though the "Always sendthis report, even if empty" option was not selected.




85700 In DataPrivilege, the Request Details dialog box displayed the creationdate of the entitlement review request instead of the date on which thedata was last synchronized.

85818 An error message is now received if the value of the IRPStackSizeparameter is set to less than 30 or greater than 50.

86015 When a group was added in report 1a and the "User" or "Users fromgroup" filters were applied, the report ignored the filters and returnedevents from all users.

86175 When the "Enable emulation of direct permissions on folders, to groupswhich are members in the directly permitted groups" application settingwas enabled, the groups were not excluded and the SIDs were stilldisplayed in DataPrivilege.

86183 When generating a category 4 data-driven subscription without the Fileserver filter, the subscription ran for over a day and then ceased to run.

86462 In the Work Area, it was not possible to clear a selected resource fromthe Resources picker.

86596 When emulation of direct permissions on folders was enabled, and the"Hide all real direct permissions on folders" setting was set to True,direct permissions on folders were still displayed.

86631 Database processes that did not involve reports were terminated by thecap mechanism.

86784 In the DataPrivilege group membership request page, locations couldnot be properly filtered by Active Directory property if the property valuewas in a non-Latin language.

87105 While editing accounts in DatAnswers, the process failed to completeand no error messages were received.

87264 When two domains with the same name were displayed inDatAdvantage, an error occurred and the relevant domain was notupdated.

87359 When a root directory was defined as the target database and log filesresided at this location, the database migration failed.

87525 While using the legacy auditing method, event handler errors andinformation logs regarding the CifsQueue were received in the eventviewer.

87691 The New File Server SID dialog box failed to display a link to moreinformation.

87780 When DataPrivilege was installed on Windows Server 2012, theinstallation failed.

87782 A performance issue occurred when over 20,000 data owners weredefined and a folder was expanded in the Work Area.

87793 The FileWalk methods displayed in the Management Console UI didnot match the methods displayed in the PowerShell command line.




87795 No error was displayed when the FileWalk method was changed to aninvalid value in the PowerShell command line.

87837 The SID column in report 12e (ACLs with Unresolved SIDs) displayeduser names instead of SIDs.

87946 When the logical name of the VrnsDomainDB_Mail database file waschanged, the upgrade failed with errors.

88073 A failure occurred while creating the SharePoint interface version inCreateDirectory.

88181 When a reports upgrade was run during the migration of Probeservices, a string with over 32,766 characters was written in the eventlog and an error message was displayed.

V5.9.63


61593 In DataPrivilege, changes to email templates were not saved duringupgrade.

81428 A timeout occurred in the FileWalk job when the database server wasbusy.

81476 Performance issues occurred with the detection of CIFS shares.

81561 Data-driven subscriptions were removed from the report server butwere not correctly marked as such in vrnsDomainDB.

81657 A primary key violation occurred on the PK_alerts table.

82091 The Enterprise Installer did not correctly recognize a file server asNetApp when a DFS path was manually added.

82850 Objects (users and groups) that received an ID of 39 or 40 fromADWalk could not be edited.

82918 The Pull CIFS Events job failed on Exchange File Servers when similaremails arrived from events, when the only difference between theemails was the presence of an extraneous space.

83885 In DataPrivilege domain configuration, the domain scan did not functioncorrectly with Windows 2012.

86782 In DataPrivilege, an error occurred when running an SQL script on thedatabase.

86792 Exchange statistics were sometimes deleted if a user generatedboth Exchange admin events (e.g., modify mailbox permission) andExchange events (e.g., sent email) on the same day.

V5.9.62


82568 Due to a database error, when the DCF failed to scan files, theCollector's buffer that contained data for rescanning the files might




have been corrupt. When this occurred, the DCF permanently stoppedtrying to scan the failed files.

82879 When the False Read filter was enabled, fast IO events were notrecorded.

V5.9.61


58708 Application latency was affected when an automatic rule was created inDataPrivilege.

63312 Due to the font size of the text in the Real-Time Alert windows, the fullcontents of the windows were not visible.

68578 The DCF User Sync job failed to calculate the relevant classificationpriorities and scope. As a result, empty tables were synchronized to theProbe.

68650 When the DCF User Sync job was run on a NetApp file server withdifferent volume types (e.g. CIFS, NFS and Mixed), directories fromnon-CIFS volumes were displayed in the DCF_Priorities table.

70681 When the Table Maintenance job was running and events were beingrestored, the Archive Events screen froze, preventing any furtheroperations.

71598 In the Management Console, jobs are now listed by category.

71670 In DataPrivilege, advanced search queries were processed slowly,sometimes resulting in a timeout.

71815 The CleanAccessPath step of the Table Maintenance job still workedeven though it was disabled.

71816 The CleanAccessPath step of the Table Maintenance job still workedeven though it was disabled.

71817 When duplicate rows appeared in the Hist_Archive table, the archivedfiles with corresponding dates were not deleted.

71819 During the run of the Table Maintenance job, a non-database error wasreceived in the UI, resulting in possible data loss.

71820 During the run of the Table Maintenance job, a non-database error wasreceived in the UI, resulting in possible data loss.

71951 The SendMail job no longer runs every five minutes. DataPrivilegeemail notifications are now sent every minute.

71978 The ExpirationRelation job returned a 'failed' status even though onlyone revoke request failed to be created.

72171 In DataPrivilege, the data in My Authorizations page required a longtime to load.

72312 A new table for DatAlert alerts was not created after the alerts weresaved in a file for one month following installation. As a result, the alertscould not be transferred to a table.




72684 In the DCF, the validation algorithm for the SA ID Number produced afalse negative.

72698 The DCF failed to update classification priorities when changes weremade to the file system.

72799 When the details in the Entitlement Review Details dialog box(displayed in view mode) were edited, the "You cannot edit thisrequest" error message disappeared.

73034 When the Probe server machine was rebooted, the wrong errormessage was displayed in the event log.

73045 In DataPrivilege, a performance issue occurred while searching forusers from the User Search dialog box.

73203 When an exception occurred, the Exchange agent stopped responding.

73241 When customizing a display language in DataPrivilege, the selectiondrop-down list no longer displays the country name for each language.

73312 The synchronization service failed without a timeout whilesynchronizing new folder owners.

73379 Upon upgrade from version 5.7 to 5.8, the old folder name(DatAdvantage UI) was not replaced by the new one (DatAdvantageGUI), causing the upgrade to fail.

73424 In DataPrivilege, the Keep All and Remove All buttons in theEntitlement Review Details dialog box (displayed in view mode) werenot visible.

73523 In DataPrivilege, when the name of a managed folder in the ManagedFolders pane was right-clicked, the popup menu was displayed at thebottom of the screen instead of next to the folder name.

74715 The name of the DatAlert Raise Dirty Flags job was changed toDatAlert Mark Changes.

74948 The installation of the IDU database was run from a cluster's physicalnode. As a result, the installer could not decrypt the license and theregistration failed.

74980 The spCreateSummaryUsersEventsView stored procedure used by theIDU Analytics engine did not function properly.

75117 By default, new files were marked as protected instead of inherited. Asa result, the data transport engine did not propagate the permissions tothese files.

75252 No data was returned for new file servers added after reportsubscriptions, or other features that require reoccurring calculations,were defined.

75349 The retention policy for persistent SDT tables did not cover dataretrieved from archived events.

75419 When a search was performed for a membership request inDataPrivilege and the Group Location filter was used, a database erroroccurred.




76645 The dpGetADObjectBySID stored procedure failed when theVaronisSystem SID was selected.

77210 When report 8b was run with the File server/domain filter and theOwnership assigned option was selected from the Event type filter,empty results were returned. When the File server/domain filter wasremoved, incorrect data was displayed in the report.

77224 When a data-driven subscription was run for more than five dataowners, the Dispatcher thread was locked until the subscriptions werefinished.

77318 When ADWalk was run on a SharePoint file server with approximately950 site collections, the server failed to connect to the vrnsDomainDB.

77893 When a Probe was uninstalled, the file servers connected to the Probewere also removed. To uninstall a Probe to which file servers areconnected, the file servers must be connected to a different Probe.

78066 When "Return To Main Menu" was selected during the run of apassword maintenance job, vrnsDomainDB was deleted and the jobfailed.

78154 In DataPrivilege, there was a delay while opening and performingoperations on Management and Administration pages on a system witha large amount of data.

78193 A primary key violation occurred during discovery of CIFS shares.

78446 Performance improvements were made to the DataPrivilege locationsfeature.

79051 The "Loading" message was not displayed when the scroller waspositioned at the bottom of the page.

79555 When a rule was run a large number of times, it stopped responding.

81070 When the user account for the Domain searcher was not active,DataPrivilege was unavailable and no option was provided to changethe user's credentials.

V5.9.54


78232 When the Password Maintenance procedure is run in the EnterpriseInstaller, the VrnsDomainDB might be deleted if no changes are madeand the Return to Main Menu button is clicked.

V5.9.52

N/A

V5.9.51

N/A



V5.9.50

IssueID

Description

57847 When upgrading from DatAdvantage 5.8.40, the ReportDeployment tool failed.

61410 A new file server was not added to the ManagementConsole due to the slow response of a stored procedure.

61682 When duplicate rows appeared in the Hist_Archive table,the archived files with corresponding dates were notdeleted.

62050 In report 7.b.01, public folders are inaccurately consideredstale because no events are generated when a public folderreceives an email. Use the Staleness threshold filter inreports 4.f.02 and 9.i.01 to detect stale public folders.

62139 Local Culture was used instead of Invariant Culture toformat Date-Time fields in the Real-Time Alerts output files,generating inconsistent Date-Time values.

62346 The IDU Analytics engine runs for too long, preventing otherjobs from running.

62404 The files containing DCF results were transferred to thewrong folder on the Probe.

63053 When the IDU Suite was installed on an SQL ServerEvaluation edition and the SQL Server was upgraded to theStandard edition, the IDU Suite stopped functioning.

63104 When multiple shares in a file server were selected forremoval in the Management Console, only the first shareselected was removed.

63232 When upgrading the Probe from 5.8.20 to 5.8.22, the nameof the database instance was incorrectly parsed. Thisoccurred when the letters "IS" in "VARONIS" were parsedas an operator, causing the upgrade to fail.

63258 When file servers were added to DataPrivilege manually,with their names written in lower-case letters, DataPrivilegefailed to add managed folders from that file server.

63259 Following upgrade, the Undetected Folders menu optionappeared as question marks in localized languages.

63352 In the DCF, the validation algorithm for the Brazilian CPFpredefined pattern produced an invalid result.

V5.9.22


62080 The event viewer showed null reference exceptions with regard to theSharePoint agent.

62243 An unhandled exception occurred in the SharePoint agent.



V5.9.21


60948 Windows 2012 server cluster with a Cluster Shared Volume (CSV) diskstopped responding after increasing the IRPStackSize from 15 to 30.

V5.9.20


55004 The KeyValue_changes.sql script caused the Enterprise Installer to failif it encountered null values in keys.

56195 When defining a custom permission type, the UI disallowed the entry ofa negative mask although the mask was valid.

57505 When two extended properties were created with the same displayname on the AD Properties page, the upgrade could fail.

V5.9.3


57397 If job execution history was very long, it took a long time to load the joblist.

57564 During upgrade to production, valid values were not inserted incolumns that do not allow Null.

57654 If a SharePoint site collection was not found, auditing was notperformed for any other site on the SharePoint server.

57823 Implementation of the Fast IO Read/Write filter caused the loss ofactual modify events.

58471 Computer accounts were counted in the DatAdvantage license.

58578 When the remote Probe database was installed on the same host asthe IDU database, but on a separate instance, no jobs were synced onthe Probe database.

V5.9


38894 The SDT_Stack in the DatAdvantage database was not built correctly.

44800 The DataPrivilege administrator was not able to search groups in theActive Directory by domains or locations.

44802 The Explanations column in the Group Search window of theMembership wizard should not have been displayed.

45531 Standard ASP.net error messages were displayed in DataPrivilegeinstead of Varionis-specific error messages.

48234 An incorrect timestamp was sent to the CIFS events table in thedatabase.




48396 Irrelevant property checkboxes in the Active Directory Schema Detailswindow were not hidden when the Property relevant field was definedas only User or only Group.

48982 It was not possible to add a SharePoint file server in the ManagementConsole when the User Account Control (UAC) was activated on theIDU server.

49087 The Entitlement Review calculation was very slow.

49145 A Remove All button was added to the Manage Ownership screen inorder to delete all records.

49667 Recently created groups were not displayed as managed (checked)right away.

49731 The HideLocalGroups key has been added to the KeyValue table, sothat it can be configured.

50205 The color of the message returned when no statistics were found hasbeen changed from red to black.

50365 An error message for a multiple permission request was displayed inboth French and English.

50494 Using the API to create a permission request resulted in a directrequest instead of a membership request.

50991 The Exchange FileWalk retrieved the wrong mailbox size when thefolder size was more than 2 GB and the size attribute was 32-bitinstead of 64-bit.

51505 A user who was a member of distribution list group that is nested withina group with full permission on a folder was not able to complete aDataPrivilege permission request.

51780 The DataPrivilege bulk upload failed because the user name was not inthe correct format.

52144 By default, incremental FileWalk now runs once daily and full FileWalkruns once weekly for all file servers.

52262 The installation of DataPrivilge and Synchronization configuration failedwhen using Windows authentication after installing DatAdvantage.

52397 Users could not be removed from a group if the group belonged to adifferent domain.

52554 It was not possible to create an Exchange mailbox because animpersonated FileWalk user did not have permission to write to the C:\Windows\system32\ path.

52713 DataPrivilege no longer supports sending email notification toBlackBerry smartphones.

53008 An agent installation warning was incorrectly displayed after eventswere correctly collected following a Windows file server installation.

53021 The Exchange AuditAgent was not installed because of an unresolvedserver




53044 Nested groups were not added to folders after the synchronization jobwas run.

53052 When a unique child folder with the same permissions as its parent wasdeleted, the removal of the child folder's permissions was displayed inthe parent directory.

53440 FileWalk failed if a group was added to a folder in Active Directory andthe folder was then added to DataPrivilege as a base folder.

53490 If DataPrivilege services were installed on the database machinewithout advanced installation, the installation failed.

54112 When new folders were created, group names for new permissions didnot conform to the group naming convention.

54374 The manually edited prerequisites.xml file was not replaced duringupgrade (due to standard MSI rules), causing the prerequisites checkto fail.

54391 The IDU could not identify the Probe's jobs when the IDU and Probedatabases were installed on the same server but different SQLinstances.

54491 In the DCF Monitor, the Recent Activity chart displayed an incorrectdate format on the X axis.

54634 Names of filters fetched from DatAdvantage are not localized.

54641 Left and right angle brackets were parsed incorrectly in theDataPrivilege HTML email templates.

54710 The Russian translation was improved with regard to the ExpirationDate feature.

54771 The synchronization service logs recorded UTC time instead of localtime.

54806 When file servers were added to DataPrivilege manually, with theirnames written in lower-case letters, DataPrivilege failed to addmanaged folders from that file server.

54858 When dates are copied from the grid into the search box, the dateformat may change according to the local machine's regional settings.

54865 The upgrade from 5.6 with security disabled failed on the IDU step.

55087 The client type for events from Outlook 2013 was not recognizedcorrectly.

55253 In right-to-left languages, strings containing a mix of right-to-left andleft-to-right characters as well as numbers are not displayed correctly.

55447 Under certain circumstances, the Probe misidentified a thread as notresponding.

55637 The Report Deployment tool did not use localization resourcescorrectly.

55984 Real-time alerts on objects that have been deleted display anunresolved objectGuid.




56481 A memory leak in the Exchange MAPI Agent caused the Mailbox storeto fail.

Known Issues

The following are the new known issues in the current version:

V5.9.72

N/A

V5.9.71IssueID

Description

71824 The combination of Exchange 2013 and Windows 2012cannot be installed automatically, since the beta agent,required for Exchange 2013, is overwritten when thestandard (GA) agent is installed for Windows 2012.Workaround: Install both agents manually using the correctMSI for each.

72499 To enable running the commit process on public folders forspecific users, the users must added to Exchange AdminCenter > Public Folders > Folder Permissions > Manage.

81058 When scrolling to the end of the Management Console jobslist using the scroll, the selected job visually jumps on everyauto-refresh.

81112 Exchange Admin events are not currently supported onExchange 2013.

81960 No exception is thrown when the schedule of a removed(non-existent) job is edited.

82189 When a schedule is set for a job that has been removed, noerror message is presented and the schedule has no effect.

83986 DatAlert does not support making changes to thresholdrules to alert on events that occurred prior to the change.

84005 Threshold alert rules are not supported in Probe migration.

85156 To avoid an error during logon, users must have loggedonto the Windows computer running DataPrivilege at leastonce with the same user name as that with which they logonto DataPrivilege.

86162 Because Microsoft no longer provides backwardcompatibility from Windows 2012 R2 to Windows 2003,FileWalk on Windows 2003 (both Exchange and Windows)fails when the Probe or Collector resides on Windows 2012R2.

86856 Increasing DPI above the default can cause display issuesfor some UI elements.



IssueID

Description

87286 When the Data Transport Engine deletes a folder that isshared, the share is not deleted.

87994 If the UAC is enabled on the computer on which theManagement Console is running, the user must runthe Management Console as an administrator for theimpersonation in Probe and Collector installation to workproperly.

88844 In order to upload file servers to DataPrivilege 5.9.71,the new Bulk Upload Utility template must be used. Thistemplate includes an option for setting whether the fileserver is enabled for local group management.

88897 Following upgrade to 5.9.71, DCF rules with user-definedpatterns created in 5.8 must be recreated.

V5.9.63

N/A

V5.9.62

N/A

V5.9.61

IssueID

Description

61277 In report 6b:

• If the executable script method appears as failed, it didnot start or run.

• If it appears as successful, it started successfully butmay or may not have run successfully. It may startsuccessfully even if the user has no permissions toexecute it; in this case, it is terminated by the operatingsystem. The event log may not reflect an error.

73471 Due to a known Microsoft issue, the DTE will not functionproperly when Windows 2012 or Windows 8 is in use withEMC. Microsoft has published the following workaround:http://support.microsoft.com/kb/2686098

77219 After a file server is deleted it continues to appear in theFolder scope in DCF rules.

77266 It is not possible to add a computer with permissions whenusing Microsoft's ADMT utility for migration.

77399 When the time zone is updated on the ManagementConsole computer, the new time is not updated in the nextand last run of jobs.

78007 Windows NT domains cannot be added when the IDU Suiteis installed with Windows authentication.

http://support.microsoft.com/kb/2686098



IssueID

Description

78207 Due to a Microsoft issue, several fields are not populated inevent ID 5136 for "Directory Service Changes" on WindowsServer 2008 or Windows Server 2008 R2. Microsoft haspublished a fix for this at: http://support.microsoft.com/kb/975696/en-us

79563 Due to a Microsoft issue, renaming an OU on Windows2012 R2 may cause the server to stop responding.

80645 If a DFS path representing a DFS link is selected as thesource of a Data Transport Engine rule, the DFS link targetis not copied; only the physical folder representing the DFSlink is copied.

80904 Group owners and resource custodians on which novisibility limitations are place do not have the ManageOwnership option available to them in the Directories pane.

81077 When object limitation is set for a folder owner, the owner isstill able to change ownership on his folders by right-clickingthem in the Work Area.

81347 Uploaded special files (external files) disappear from the UIwhen pulling is executed, either manually or automatically.They reappear after the nightly jobs are executed.

V5.9.54

N/A

V5.9.52

N/A

V5.9.51

N/A

V5.9.50

IssueID

Description

54920 If Incremental FileWalk is in use, events on filtered orunmonitored users are not gathered. They are onlygathered following the next full FileWalk run.

62436 The following Exchange administration events are notsupported in DatAlert: Mailbox Permissions Added/Removed, Public Folder Administrative Permissions Added/Removed.

63375 In the beta release of 5.9, the DCF's New Rule dialogbox does not use any validation algorithm for predefinedpatterns.

66577 Attributes added as static attributes cannot be added toreports during a clean installation. If they were added as



IssueID

Description

dynamic attributes in a previous version, they are availablefollowing upgrade to 5.9.50.

72121 In right-to-left languages, brackets may not be displayedcorrectly.

V5.9.22

IssueID

Description

53381 DataPrivilege cannot be installed on remote Probe orCollector machines. It may only be installed on machineswith a consolidated IDU or separately.

V5.9.21

IssueID

Description

54577 Real-Time Alerts may be generated for filtered users forwhom the 'allow event collection' option is selected.

V5.9.20


56391 If a user opens Microsoft Word 2010 or 2012, edits a file and saves iton a remote server, a false positive "File permissions changed" event iscaptured.

58947 When a flag's color is changed through the bulk upload operation, thechange only takes effect after the UI is restarted.

59232 On the Real-Time Alerts Where tab, if the 'Classification results' >'Selected object types' filter is set to 'Files with hits', but a file of thistype has been renamed, no alert is sent.

59238 After a SharePoint file is renamed, File Open alerts with reference tothe file's original classification results will continue to occur until the ruleis updated.

59276 If a Real-Time Alert rule is run on a SharePoint directory and includesthe 'Classification results' > 'Folders with hits' filter, a false alert occursregarding Rename File events in subfolders that do not include hits.

59580 If a user has Deny permissions on a folder, and a group of which theuser is a member does have permissions on that folder, the user isdisplayed in the Effective Permissions view for the folder.

59640 When a member is added to a group in the Effective Permissions view,the member is only displayed upon directory click under the group towhich it was added.

60349 The Migration utility is not supported in 5.9.20.

62886 In version 5.9.20, the Hit Count column is not available in the defaultcolumn list for report 4g.



V5.9.3


54442 Some characters are not displayed correctly in email notifications sentin Hebrew.

55047 Some data that is fetched from DatAdvantage (such as some filternames) is not translated.

56461 Report results are not sorted if the results are grouped in the grid afterthe report is run.

56971 If a personal flag is changed to a global one, only the user that madethe change will see it immediately in the Work Area. All other usersmust restart the UI to see the change.

58333 DataPrivilege reports are always generated in the default languageselected during installation, regardless of the language selected forviewing the UI.

58573 If several rules are configured for real-time alerts and the Wherescopes are large, it might take a very long time for the Probe to loadthe criteria. It is recommended to use predefined scopes to improveperformance.

59013 Subscriptions and rule upgrades will not be supported for componentsusing the 'Classification results' compound filter; this includes DataTransport Engine and Real-Time Alert rules, as well as reports 1a and6b.

59014 Templates created for the Real-Time Alerts command line methodwill have to be manually adjusted in future versions; no upgrade willsupport these templates.

V5.9


57112 The names of AD properties that will be used in reports cannot beedited, since such editing would affect report subscriptions.

57037 Limitations on running real-time alerts from the command line: a)execution requires a full path; b) batch files are not supported; c)commands cannot be run on the PATH.

56545 If events are created on folders whose paths contain spaces, relatedalerts cannot be created since the paths of the events arrive inabbreviated form.

56391 If a user opens Microsoft Word 2010 or 2012, edits a file and saves iton a remote server, a false positive "File permissions changed" event iscaptured.

56276 In real-time alerts, if the Publisher is down and the event log reached itslimit, the oldest entries are overwritten by newer ones. If the Publisher'sprocessing of new events is slower than the rate at which new eventsarrive, alerts may be missed.




56007 If the permissions on a directory service object change due to aninherited change, no Set Security event occurs on the object itself (onlyon its parent), and therefore a real-time alert cannot be set for it.

55925 The presentation of the Admin set in the Work Area for Data TransportEngine commands on Creator-Owner ACLs might not reflect the resultsreturned following rule execution and the PullWalk job.

55766 When a group is created in a target domain, only the direct usermembers from the source are added to the new group. This may resultin unreported permission loss, as subgroups are not added to the newgroup.

55372 It is not possible to install the IDU Suite remotely on a Windows 2012cluster. Installation can only be performed from the cluster server itself.

55344 Real-time alerts regarding 'Exchange folder copied' events appear withan unresolved source path if the the target path was part of the affectedobjects scope and the source path was not.

55276 If an alert is set for changes to SharePoint file permissions, no eventsare received for such changes. If the event type is not limited, orincludes changes to folder permissions, the file permission changeappears as a folder permission change.

55253 In right-to-left languages, strings containing a mix of right-to-left andleft-to-right characters as well as numbers are not displayed correctly.

55232 When a real-time alert is defined for the rename of a specific object ina SharePoint document library (not the entire library), the alert can onlybe created if the rename includes a move and the target is part of therule scope.

55187 Real-time alerts on changes to folder permissions are not captured fornew SharePoint folders.

55030 If the user's localization settings differ from the date settings on theDatAdvantage report server, the values of date columns may differbetween the Table View and the preview and subscriptions.

55012 Real-time alerts cannot be set for changes to inherited permissions onSharePoint folders.

55009 Real-time alerts on SharePoint folders that have been renamed appearwith the old folder name.

54744 Migration of IDU or Probe services to a Windows cluster is notsupported (however, the Cluster Server checkbox still appears in theMigration window).

54719 When a consolidated Probe is migrated to a new server, a popupmessage is displayed that is relevant only for IDU migration.

54634 Names of filters fetched from DatAdvantage are not localized.

54611 When the DFS target is mapped to a folder which is located under theanother DFS link, but the folder itself is only a subfolder of a share,DFS Walk does not collect it.

54351 Permission editing on a system volume may fail.




54293 The definition of an Open event in DatAdvantage is "a significantportion of the file has been read". Since small files are read completelyfor most purposes, an Open event is reported even if Windows Exploreris just piping the file.

54223 Following the Sync Latest Events action, DS and Exchange eventsare present in report 6b within one hour of the action; CIFS events arepresent in report 6b after the next PullCIFS.

54222 While alerts are archived every 180 days, the frequency of CIFS eventarchiving can be changed from the default of 180 days; this means analert may not appear in report 6b while its corresponding event mayappear in report 1a.

53964 Direct upgrade from 5.6 is now possible without loss of grouping insubscriptions.

53729 In report 6b, the "Owner name" and "Management status" filters returnresults only for the specified owner's base folders, not on the owner'ssubfolders. This is inconsistent with real-time alerts, which providealerts on nested owned objects.

53702 The Probe records an unresolved ID instead of the full access path ifthe path does not fall within the rule's selected directory scope.

53260 In order to import an account list for LDAP, the account domain namemust appear in the list exactly as entered in the domain table (duringdomain creation); otherwise, the account will not be imported.

52965 If a file server is configured such that share changes are only detectedonce, and the configuration is changed from "notify only" to "monitor",shares for which notification has already been provided will not beadded automatically.

52957 When a report template contains a very long description (tens ofthousands of characters) an exception is raised and the previewwindow is empty.

52896 For Unix systems, the Modify date may be earlier than the Create datebecause ctime and mtime are used.

52828 If the size of a report is too large it cannot be sent to the report server.

52601 If the logo image is present in a report, some cell text may not be auto-fit into the cell.

51912 Only the first three lines of a filter are displayed in the UI; the entirefilter string can be viewed by exporting to Excel.

51827 Since EMC Celerra does not support SMB3 by default, Windows2012 cannot connect to Celerra machines using CIFS; this affects thefunctioning of the IDU Suite on Celerra file servers.

51796 ADWalk does not retrieve Hitachi NAS (BlueARC) BUILTIN\Localusers.

51596 The recipients of message events may reach the database with anincorrect UserDN.




51497 Migration from SQL Server 2008 SP2 to SQL Server 2008 SP1 isconsidered to be a downgrade, but is not identified as such by theprerequisite check; therefore, the migration process might fail.

51474 An unhandled exception occurs when an instance of a SQL Server isstopped on a distributed Probe and the Jobs grid is refreshed in theManagement Console.

51380 If the Probe database connection fails after initial verification, and thena job fails during execution, the job may remain in recovery.

51293 When the 'Enable object limitation' option is selected in theManagement Console, iisreset must be run in order to retrieve thecorrect results.

51273 In case of an HOD event on an unresolved SID - 'Object' and 'ObjectType' columns are empty.

51258 If a configuration file is edited manually on one node of a cluster, itmust be edited manually on the other nodes as well.

50904 When SharePoint list columns are copied using the Data TransportEngine, the list columns are not automatically set to be viewable at thedestination. They must be manually set as viewable following the copyprocess.

50568 When upgrading from any supported version to 5.8.21, the old jobhistory is not saved.

50157 Alert conditions are based on the current resource data, which isupdated nightly.

50138 Users with the Real-time Alerts Configuration user role can definealerts on all objects, even if they are owners and ownership limitationsare applied.

49686 In real-time alerts, SNMP and Syslog messages are sent through UDPand have a maximum length limitation of 65535 bytes including theheader.

49685 In real-time alerts, SNMP and Syslog messages are sent through UDPand have a maximum length limitation of 65535 bytes including theheader.

49328 On clean installation, the default export path for archive files is changedto 'C:\Program Files\Varonis\DatAdvantage\Archive' instead of 'C:\Program Files\Varonis\Archive'.

49240 The Content column of report 13e does not present the query set forfolders to be transferred.

49011 When extended properties are removed through the ManagementConsole, the Users & Groups panes are updated only afterDatAdvantage is restarted. However, columns based on theseproperties continue to display data collected from Active Directory onthe ADW

48997 Committing 'Add/Remove FullAccess permission' on system mailboxesin Exchange 2007 is not supported.




48978 The Source column of report 13e does not present the query set forfolders to be transferred.

48653 It is not possible to add records beginning with a pound sign (#) whenediting the values of extended properties.

48444 While the Real-Time Alerts engine can send email to an unlimitednumber of recipients, email regarding exceptions and report exceptionwarnings are only sent to the fist 500 characters of the alert's recipientslist.

48435 The file count and file size presented in the Next Run summary arebased on the folder scope, and therefore include stub files and otherfiles that will not be copied.

48373 Subscriptions using the supportedEncryptiontypes AD property as afilter must be redefined following upgrade from 5.7.65 to 5.8.x, sincethis property is a String in 5.7.65 and an integer in 5.8.x.

48200 On SQL Server RS 2008, DataPrivilege report subscriptions usingrendering format HTML 3.0 are not functional.

48000 EMC and NetApp file servers are not presented in the File Serverpicker. They can only be searched by IP range or OU path.

47958 When a folder filter is modified in a Data Transport Engine rule,Calculate Source must be clicked twice to start the calculation process.

47813 In this version, reports cannot be exported to XML.

47812 The default timeout value for running a report in the UI is 2h. However,the default can no longer be changed in the report server configuration.Only Varonis Support can change the default.

47676 When the 'Hit count' file filter is set to 0 in a Data Transport Engine rule,the rule does not copy any data.

47657 The Data Transport Engine does not consider flags in copyingpermissions from Windows to SharePoint.

47649 In the Data Transport Engine, unresolved SIDs are not copied but arenot considered lost permissions.

47391 The Data Transport Engine does not copy computed SharePointcolumns (fields).

47378 If a report description exceeds one page, empty pages are generatedwhen the report is exported to PDF.

47274 In real-time alerts, the hours specified on the Rule > When tab areapplied by the Probes and Collectors according to the local time zone.

47113 If a Data Transport Engine rule is stopped by user, the Last Runstatistics for copied and deleted files do not match the Copied/FailedFiles tab.

46538 Data Transport Engine views and actions are not available from theReview Area.




46484 Events that differ only by access mode and create mode are notaggregated. Since access mode is not visible in the log, the log doesnot clarify why such events are not aggregated.

46296 Due to MS Word limitations, a report exported to Word appears to becropped if it is wider than the standard page size in Word. However,report data can be viewed if the columns are resized.

44833 While synchronization of dynamic distribution groups will fail (becausesuch groups do not exist in DataPrivilege), it is not currently possible todifferentiate between them and regular security groups.

44824 Exchange events generated through extended protocols sometimes donot contain the Client Access Type information. For such events, theClient Access Type filter and column contain a value of Unknown.

43065 The Report Deployment tool (internal Varonis utility) does not supportimporting and exporting subscriptions.

43026 If an "Open Folder" event occurs and access is denied, the event isdisplayed three times instead of one.

42968 In the Last Run window, the "copied size" value displays the actual sizeof data that was copied and not the size on disk.

42935 The RedistributeScript tool can only work with a single SA user. This isdue to changes in architecture and the database, such that user namesand passwords may no longer be saved.

42932 Effective permissions actually represent the NTFS permissions, asmasked by the share permissions.

42851 Report subscriptions with the 'mail' filter were disabled after a firmwareupgrade from v5.7 to v5.8.

42552 Since the Data Transport Engine does not calculate the effectivepermissions of a file, the engine can move and delete files for which itis not authorized to do so.

42515 If a user sets the merge of destination directories to "enforce existingpermission" on the Collision Behavior page, and then a change occursprior to the next FileWalk, the Data Transport Engine adds the ACE ofthe source to the destination folders.

42503 After upgrading from version 5.7 to 5.8, report subscriptions usingthe "Client access type" filter returned more results than prior to theupgrade because the build numbers were removed from the filter'svalues.

42454 In a cluster installation, only administrative shares are scanned.Workarounds: 1) Use an IP range scope that contains all the cluster IPs(including the relevant nodes); 2) Use an OU scope that contains all thecluster machines (including the relevant no

42427 Uninstallation does not remove the SHS Walk job.

42123 A pencil icon was displayed next to a name when no edits were visibleand the IDU Analytics engine recommendation to remove the memberwas declined.




42105 Resources that have neither an FQDN nor a NetBIOS name definedare not scanned.

41837 Users must connect with SA credentials in order to view the SQL traceresults via the ESTI utility.

41832 Deleted groups appear in the Directory Services Search dialog box.

41829 The Add Member, Restore Relationship and Add Group Membershipoptions appear in the context menu for deleted groups.

41824 Groups continue to exist after deletion if the commit process fails.

41713 For Date attributes, DatAdvantage sets the inserted date accordingto the local time zone of the machine from which the operation wasexecuted.

41699 The Create User operation does not consider the modification or editingof certain date-related system attributes if they are modified or editedduring user creation.

40742 The default properties 'Email' and 'Primary group ID' are not copied,even if the Copy checkbox is marked.

Documents

IDU Suite 5.9 - Varonissupport.varonis.com/emails/attachements/IDU_Suite_5.9.72_Release... · IDU Suite 5.9.72 Release Notes ... • New application settings: ... in the grid, especially