RELEASE NOTES FOR MANAGEMENT CONSOLE

---

Please choose from the release notes listed below:

• Management Console Update - August 20, 2024
• Management Console Update - June 6, 2024
• Management Console Update - March 27, 2024
• Management Console Update - November 28, 2023
• Management Console Update 28.0 - November 16, 2016
• Management Console Update 23.0 - January 21, 2016 
• Management Console Update - Support System 2.1 - November 17, 2015
• Management Console Update 22.1 - November 9, 2015
• Management Console Update 21.0 - July 28, 2015
• Management Console Update 20.5 - June 3, 2015
• Management Console Update 20.4 - May 7, 2015
• Management Console Update 20.2 - February 4, 2015
• Management Console Update 20.1 - November 27, 2014
• Management Console Update 20.0 - November 20, 2014
• Management Console Update 19.3 - November 4, 2014
• Management Console Update 19.2 - September 11, 2014
• Management Console Update 19.1 - August 12, 2014
• Management Console Update 19.0 - July 1, 2014
• Management Console Update 18.0.3 - May 7, 2014
• Management Console Update 18.0.2 - April 16, 2014
• Management Console Update 18.0.1 - March 27, 2014
• Management Console Update 18.0 - March 20, 2014
• Management Console Update 17.2 - November 7, 2013
• Management Console Update 17.1 - October 1, 2013
• Management Console Update 17 - September 3, 2013
• Management Console Update 16 - June 20, 2013
• Management Console Update 15 - May 15, 2013
• Management Console Update 14 - January 10, 2013
• Management Console Update 13 - November 28, 2012
• Management Console Update 12 - September 12, 2012
• Management Console Update 11 - August 16, 2012
• Management Console Update 10 - July 26, 2012
• Management Console Update 9 - July 16, 2012
• Management Console Update 8 - June 30, 2010
• Management Console Update 7 - June 6, 2012
• Management Console Update 6 - May 15, 2012
• Management Console Update 5 - April 30, 2012
• Management Console Update 4 - April 2, 2012
• Management Console Update 3 - March 19, 2012
• Management Console Update 2 - March 12, 2012
• Management Console Update 1 - March 1, 2012

 

---

 

Management Console Update - August 20, 2024

Updates

Process Tree: Added a process tree preview showing parent and child process relationships, with the ability to view process details, create overrides, and isolate devices. Device Isolation: Added Isolate Device and Unisolate Device agent commands, allowing admins to isolate devices from internal and external network traffic via the agent commands menu or directly from the process tree.

 

---

 

Management Console Update - June 6, 2024

Updates	Added a Device Isolation preview.
Fixes	Fixed several issues affecting the Management Console.

 

---

 

Management Console Update - March 27, 2024

Updates	Added a Process Tree preview.
Fixes	Fixed several issues affecting the Management Console.

 

---

 

Management Console Update - November 28, 2023

Updates

Consolidation of the Endpoint Protection Console.

 

---

PRODUCT UPDATE BULLETIN 28.0 - November 16^th 2016

  NEW Web Shield & Mac Agent Commands – November 2016

OVERVIEW

OpenText™ Core Endpoint Protection already features many web threat protection layers, including the ability to detect and block malicious and known phishing URLs. In this release we are fully integrating much more of the world-class contextual threat intelligence available from within our OpenText Threat Intelligence Services. We will be upgrading all business customers, as a no cost upgrade, to latest version of our new Web Threat Shield so they too benefit from the threat intelligence deployed by over 40 other network and security vendors.

The new Web Threat Shield will include the addition of real-time web categorization and web reputation filtering, real-time anti-phishing scanning, improved web search ratings and web blocking notifications. These new capabilities will improve web safety and significantly mitigate the risks from threats like polymorphic phishing URLs and other web-based attacks aimed at OpenText™ Core Endpoint Protection users. They are part of our commitment to continuously enhance the device and user malware prevention and protection efficacy and functionality within our endpoint security.

In addition to the new Web Shield we are also adding improvements to our Mac Agent management, to move closer to the ease of management provided for Windows environments. With Mac Agent version 9.0.4.23 and greater we are upgrading the management console to execute 13 new Mac Agent Commands. (You might be interested to know that the OpenText™ Core Endpoint Protection was recently favorably tested by AV Comparatives in their Mac Security Review/Test 2016 that is available from here: https://www.av-comparatives.org/mac-security-reviews/
   

1. Web Classification and Reputation upgrade
   
   Website requests via a supported browser will now be validated using OpenText Threat Intelligence Web Categorization and Reputation data. This will offer highly accurate and, ultimately, much safer browsing for end users. We will now automatically block any site categorized by our OpenText Threat Intelligence Services as:
    
   1. »    Category 49 – Key logger,
   2. »    Category 56 – Malware,
   3. »    Category 57 – Phishing, or
   4. »    Any site where the web reputation score is 20 or lower.
    
   Fig 1. Daily Statistics from OpenText Threat Intelligence Web Classification & Reputation Services.
    
2. Real-Time Anti-Phishing upgrade
   
   When accessed via supported browsers, websites that do not belong to overtly malicious categories will now be checked using the OpenText Threat Intelligence Real-Time Anti-Phishing Service. This is a step change security enhancement, as it provides real-time site analysis at the time of request, with real-time site analysis scans taking place in typically under a second.
   
   Unlike other solutions this service is delivered in real time, not via outdated URL blacklists or look-up feeds that offer little protection against polymorphic zero-day phishing sites. Real-time anti-phishing is automatically activated when a web site does not belong to web categories 49, 56, or 57 (see above) and it has a score of 21 or higher. Since phishing and spear phishing are particularly successful in breaching networks for malware delivery this new scanning will significantly reduce phishing ransomware and other phishing breaches.
    
3. Search Safety Ratings
   
   Google, Bing & Yahoo search engine users will see annotated search results in supported browsers. Each search result will appear with a colored icon (see Fig 2) to indicate the current reputation of that website.
   
   Additionally, users can now hover over the colored icon to see a tooltip with more information about the reputation of that website. Following the launch of this enhanced functionality, the annotated search feature will be on by default. (This default setting can be changed from within the management console).
    
   Fig 2. Web Reputation – Color vs Risk Scoring Parameters.
    
    
   Fig 3. Google Search with HIGH RISK Tooltip.
    
    
   Fig 4. Yahoo Search with MODERATE RISK Tooltip.
    
    
4. Enhanced Block Pages
   
   The new web inform pages will give users a better experience by providing more information on why a website has been blocked, and being clearer on the actions your users can take when a block occurs. Users will now see a block page containing the following information:
    
   1. »    A reason for the block, including reputation indicator and site category where applicable.
   2. »    “Get me out of here” option – clickable call to action to navigate the user back to a blank browser page.
   3. »    An option to close the block page and continue to the website (this function is optional, and set to off by default).
   4. »    An option to submit a request for the website to be reviewed by OpenText™ Core Endpoint Protection (this function is optional and set to off by default)
   
   
   Note: The “Submit a request to OpenText™ Core Endpoint Protection” function has a non-mandatory field for free text feedback.
   
    
   Fig 5. An example of the new Block Page.
    
    
   Fig 6. Enhanced block page with page options expanded.
    
5. New Mac Agent Commands
   
   Thirteen Agent Commands for use with Apple Mac OS endpoints are introduced to considerably improve the manageability of Mac endpoints, the new commands are:
    
   1. Change scan time,
   2. Scan a folder,
   3. Uninstall,
   4. Reset,
   5. Clear Log Files,
   6. Disable proxy settings,
   7. Change keycode,
   8. Log off,
   9. Reset desktop wallpaper,
   10. Reset Screen Saver,
   11. Customer Support Diagnostics,
   12. Download and run a file,
   13. Run a DOS (Shell) command
    
   Fig 7. New Apple Mac Agent Commands view.
    
   Important Notes:
    
   1. If both Mac and PC endpoints are selected at the same time then the PC Agent Command list will be shown in the console.
   2. We also have retained the Windows term run a DOS command for both PC’s and Mac’s (while the Mac term is properly a ‘Shell Command’).
   
     The following views are within the updated management console UI.
    
   Fig 8. Group Management- Additional Mac Agent Commands.
    
    
6. New Forced Mac Poll Option
   
   In addition to the new Agent Commands we have also introduced a forced poll option for Mac Agents. This option is particularly useful when you need to ensure that any Mac Agent has checked into the OpenText™ Management Console is receiving data, including any pending agent commands or policy revisions.
   
   IMPORTANT NOTE: This option is NOT run from within the OpenText™ Management Console or from within Agent Commands. It has to be run from one of your own endpoint management tools.
   
   The syntax for the new command is: sudo /usr/local/bin/WSDaemon –poll

 

---

PRODUCT UPDATE BULLETIN 23.0 - January 21^st 2016

The number of devices deployed with Mac operating systems is increasing in business environments. A report by Statcounter (November 2015) states that 9.4% of all desktop browsers utilize a Mac OS version. This Mac OS ‘Reporting Parity’ release forms part of an ongoing programme to enhance the Administration experience for our Customers and Managed Services Partners administrating Mac OS devices within their environment. With this release Administrators will have visibility of all devices operating Mac OS, as this release is specifically designed to deliver data on Mac Endpoints in all views, reports, and management screens within the management console. These Mac features are present in both our Standard and Global Site Manager (GSM) consoles.

KEY FEATURES IN - GLOBAL SITE MANAGER CONSOLE:

1. NEW – Macs will now report into the sites information panel for infection related data.
2. NEW – Administrators of the OpenText™ Management Console, now have full visibility of all endpoints, irrespective of which operating system or version of operating system is used.
3. NEW – Mac computers are included in all views, reports and managements screens.

 

1. Sites Information Panel Visibility
   
   Macs will now report into the sites information panel for infection related data.
    
   Fig 1. Sites ‘More Information’ panel.
    
   DASHBOARD/ SCHEDULED REPORTS
    

   Summary	Mac threats reported.
   Threa Detection History Chart	Mac threats reported.
   Data Point Charts *See point 9 in Notes section	The time of the last response on this ticket.
   Date Created	New data points added for Mac. Mac will now report all data points with the exception of those items listed below: Charts updated to show ‘Unsupported’, where functionality is not supported on the Mac agent. Mac’s will show ‘Unsupported’ for the following data points: Silent mode/Firewall status/ Infrared status/Offline shield/ USB Shield/Root kit shield /OS fire wall status.
   Dashboard Chart Drilldowns (Dashboard only) *See point 9 in Notes section	As above.

    
   Fig 2. Data Chart with ‘Unsupported’ data.
    
   Fig 3. Dashboard chart drilldown with ‘Unsupported’ data.
    
2. Alerts
    

   Alerts

   Threat Alerts now supported for Macs. ‘Active Directory’ and ‘Workgroup’ data points are not supported.

   
    
3. Global Site Management Console
   
   Administrators now have full visibility of all endpoints, irrespective of which operating system or version of operating system is used.
   
   Mac Endpoint data is now populated in all views, reports, and management screens. In addition Mac endpoints may now be controlled remotely, as per with Windows devices.
   
   STATUS
    

   Endpoints Requiring attention	Mac threats reported.
   Endpoints Not Seen	Macs will continue to report in after their initial install check-in and will show an accurate ‘last seen’ time.
   Endpoints Encountering Threats Chart	Mac threats reported.
   50 Most Recent Endpoints Encountering Threats	Mac threats reported.
   Threats Seen popup	Mac threats reported. This is also via Group Management > Scan History.

    
   Fig 4. Endpoints requiring attention.
    
   Fig 5. Endpoints not seen recently.
    
   Fig 6. Endpoints encountering threats in the last 7 days.
    
   Fig 7. 50 most recent endpoints encountering threats.
    
   Fig 8. All threats seen.
    
4. GROUP MANAGEMENT
    

   Group Management > IP	Mac IP address reported.
   Group Management > All threats seen on Endpoint	Mac threats reported.
   Group Management > Threats Detected popup	Mac threats reported.
   Group Management > Scan History	Full scan history for Macs reported.

    
   Fig 9. Threats detected.
    
   Fig 10. Scan history.
    

   Alerts	Threat Alerts now supported for Macs. Note: ‘Active Directory’ and ‘Workgroup’ data points are not supported.
   Reports > Threat History (collated)	Mac threats reported.
   Reports > Threat History (Daily)	Mac threats reported.
   Reports > All Threats Seen	Mac threats reported.
   Reports > Endpoints with threats on last scan	Mac threats reported.
   Agent Commands	Agent commands supported with the exception of uninstall. Deactivation of an endpoint will also not uninstall the product.

   
    

NOTES:

1. Cloud determination not visible for Mac threats.
2. No restore from quarantine available.
3. No undetermined history report, as undetermined files are not reported.
4. Overrides are not supported.
5. Policies not supported. Macs will show as ‘Unmanaged’.
6. Macs can be added to group, but group based policies will not apply.
7. Active Directory not supported on endpoint views.
8. Vendor, product and version not supported on threat views.
9. * Data may not be fully synchronized with the console dashboard and reporting, if the MAC UI is not open. This will be included in a future release.

KEY FEATURES IN - STANDARD MANAGEMENT CONSOLE:
 

1. NEW – Administrators of the OpenText™ Management Console now have full visibility of all endpoints, irrespective of which operating system or version of operating system is used.
2. NEW – Mac computers are included in all views, reports and managements screens.

 

1. STATUS
    

   Endpoints Requiring attention	Mac threats reported.
   Endpoints Not Seen	Macs will continue to report in after their initial install check-in and will show an accurate ‘last seen’ time.
   Endpoints Encountering Threats Chart	Mac threats reported.
   50 Most Recent Endpoints Encountering Threats	Mac threats reported.
   Threats Seen popup	Mac threats reported. This is also via Group Management > Scan History.

    
   Fig 1. Endpoints requiring attention.
    
   Fig 2. Endpoints not seen recently.
    
   Fig 3. Endpoints encountering threats in the last 7 days.
    
   Fig 4. 50 most recent endpoints encountering threats.
    
   Fig 5. All threats seen.
    
2. GROUP MANAGEMENT
    
   Fig 6. Threats detected.
    

   Group Management > IP	Mac IP address reported.
   Group Management > All threats seen on Endpoint	Mac threats reported.
   Group Management > Threats Detected popup	Mac threats reported.
   Group Management > Scan History	Full scan history for Macs reported.

    
   Fig 7. Scan history.
    

   Alerts	Threat Alerts now supported for Macs. Note: ‘Active Directory’ and ‘Workgroup’ data points are not supported.
   Reports > Threat History (collated)	Mac threats reported.
   Reports > Threat History (Daily)	Mac threats reported.
   Reports > All Threats Seen	Mac threats reported.
   Reports > Endpoints with threats on last scan	Mac threats reported.
   Agent Commands	Agent commands supported with the exception of uninstall. Deactivation of an endpoint will also not uninstall the product.

   
    

NOTES:

1. Cloud determination not visible for Mac threats.
2. No restore from quarantine available.
3. No undetermined history report, as undetermined files are not reported.
4. Overrides are not supported.
5. Policies not supported. Macs will show as ‘Unmanaged’.
6. Macs can be added to group, but group based policies will not apply.
7. Active Directory not supported on endpoint views.
8. Vendor, product and version not supported on threat views.

 
 

---

PRODUCT UPDATE BULLETIN - Support System 2.1 - November 17^th 2015

  

A critical element of any security solution is how rapidly you are able to access and get hold of a Support person if an issue arises. Because of this OpenText™ Core Endpoint Protection already has web-based and telephone Support included at no extra cost.

However, with this latest release we are delighted to announce our new Customer Support Ticketing System. This system incorporates your feedback on the existing system and is designed to benefit all OpenText™ Core Endpoint Protection Customers by delivering greatly improved engagement with OpenText™ Core Endpoint Protection Support. Through a new integrated Ticket Management section within the console administrators are now able to easily monitor and track the history of each Support ticket’s progress until it’s closed.

The new ticketing support system incorporates the following enhancements:

1. NEW – Integrated Support Access – Customer support access is now integrated within your account login making it simpler and easier to directly access the Customer Support area from either the site level or the Global Site Manager (GSM) console.
2. NEW – Ticketing Based Support – Historically OpenText™ Core Endpoint Protection support was conversation based (fine for straightforward Support issues) but in more complex multi-site or customer deployments the granularity and accountability of a ticketing based system is needed.
3. NEW – Ticket Management Console – To accompany the new ticket based support system we have introduced a new ticket console from which it is much easier to manage any of your Support tickets or escalation requests.

Ticketing System Overview:

What follows is an overview of the new fully integrated ticket based support system that is now included as standard within OpenText™ Core Endpoint Protection.

1. INTEGRATED CONSOLE ACCESS
   
   Customer Support access is now integrated within your account login. Clicking the Support tab on the toolbar will launch the new Ticket Management console.
    
   Fig 1. Accessing Support through the Global Site Manager console.
    
   Fig 2. Accessing Support through the Endpoint (Site) console.
   
    
2. TICKET MANAGEMENT CONSOLE From the new Ticket Management console you can raise new Support requests and manage all your Open outstanding and Closed tickets. Links to Ticket Management help documentation are also included as part of the new console.
    
   Fig 3. NEW - Ticket Management Console.
   
   Key Features:
   • 2.1 Raising new support requests
   • 2.2 Managing existing tickets
    
   • 2.1 RAISING NEW SUPPORT TICKET REQUESTS
     
     ‘Create New Support Ticket’ will allow you to add details to a new support request.
      
     Fig 4. Create a New Support Ticket.
     
     
     A new Ticket is raised as follows:

     Subject	The message subject
     Site	Select the Site from the dropdown list that this query relates to. You may also select a ‘Non-Site-Specific’ query if the Support query is not site specific. All non-site-specific queries are automatically assigned to your ‘Parent’ Site to help you find them in the future.
     Category	A drop down list of categories, for example ‘Sales Inquiry’. You may also select ‘Other – Not Listed Here’ if there is not a suitable category.
     Message	A description of the issue this ticket relates to.
     Private Message	Tick this if you do not wish your ticket to be visible to other users who have access to the site that this ticket was raised against.

     
      
   • 2.2 Managing Existing Tickets
     
     Tickets are split into two categories – ‘Open Tickets’ and ‘Closed Tickets’. While a ticket remains open it will appear under the ‘Open Tickets’ tab. When Closed, either by the user or a Support Agent, the ticket will then appear within the ‘Closed Tickets’ tab. If you have management access to more than one Site then the list of displayed tickets can be filtered by Site by using the dropdown selector located in the header - area circled below. The Open Tickets or Closed Tickets tabs will then only show the tickets associated with the Site you selected in the dropdown filter. The default display is the Site or GSM used to access the Ticket Management section of the console. To see a list of ‘all tickets for all sites’, simply select ‘All Sites’ from the dropdown filter menu.
      
     Fig 5. Managing Open and Closed Tickets.
      

     Ticket #	The unique number that identifies this ticket
     Subject	The subject entered when the ticket was created
     Last Response	The time of the last response on this ticket.
     Date Created	The date and time of ticket creation
     Created By	The name of the user who raised the ticket
     Site	The site this ticket was raised against (only applicable if you have access to more than 1 Site)
     Visibility	Public - Visible to all users who have access to this Site. Private - Not visible to other users who have access to this Site.
     Actions	Edit the ticket. You may also click on the ticket number or subject. Mark the ticket as closed. Reopen a closed ticket.

     
      
3. Editing Tickets
    
   Fig 6. Edit ticket.
    

   Back to Support Tickets	Return to the Ticket Management console screen
   Mark Ticket as Closed	Close this ticket when no further assistance is needed. It will move to the closed tickets section of the Ticket Management screen. Closed tickets can be reopened by editing them.
   Mark Ticket as Private / Public	Toggle the tickets visibility.
   Add New Response	Add new information to this ticket by typing in the box.
   Attach	Choose an image or log file to attach to this query. File types permitted are: .jpeg; txt; .png; .bmp; .gif; .pcap; .pml; .log. (Maximum file size is 20Mb)

    
   • 3.1 Ticket Responses
      
     Fig 7. A Closed Ticket may be reopened to add further Information, or Request further assistance.
     
     
     Tickets with new responses are highlighted in the Ticket Management console and the ‘New’ icon appears next to them along with an updated ‘Last Response’ date. Edit the ticket by clicking on the ticket number, subject or edit icon to see the ticket responses.
      
     Fig 8. A Ticket with a New response.
      
     Fig 9. Detail of all Responses on a Ticket.
     
      
   • 3.2 Ticket Search
     
     Using the search box you can enter a search term to be matched in the subject, ticket number or ticket body. Tickets which match the entered search term are displayed under the ‘Search’ tab.
      
     
     Fig 10. Search Box and Results.
     
      
4. TICKET INTERACTION VIA EMAIL
   
   You may also interact with tickets via email. Whenever a ticket is raised or a reply added you will be sent an email to the address you have registered your account to. Using your preferred email client you may reply inline to the email to add further information. You can also create new tickets via email.
    
   • 4.1 NEW TICKET RAISED
     
     When you raise a new ticket (or a ticket is raised by a OpenText™ Core Endpoint Protection Support Agent on your behalf) you will receive a new email confirming the action.
      
     Fig 11. New ticket raised confirmation.
     
     
     Tickets can be also be raised from your email client.
     
     To raise a new ticket simply send your email query to wrcstickets@webrootanywhere.com.
     
     All email interactions will also be visible in the Ticket Management console.
   • 4.2 NEW REPLY ON A TICKET
     
     When a new response is received on a ticket you will receive an email containing the reply:
      
     Fig 12. Replying inline from your email client to a ticket.
     
     
     To respond inline via email simply click reply in your email client and type a reply above the line indicated. Your response will automatically be recorded against the ticket and be visible in your Ticket Management console, and by the OpenText™ Core Endpoint Protection Support agent. You will also receive an email when tickets’ are closed or reopened.
5. ASSIGNING A SITE TO ANY TICKETS RAISED DIRECTLY VIA EMAIL OR, RAISED BY AN AGENT ON YOUR BEHALF
   
   When a ticket is raised on behalf of a Customer by a OpenText™ Core Endpoint Protection Support agent, or raised via email, it will not have a Site set to which the query relates, and you will be required to add it to a Site. When the Ticket Management console is loaded, tickets without associated Sites will be shown as below:
    
   Fig 13. Tickets with no Assigned Site.
   
   
   You can assign all tickets to the same site using the master control, or assign individual tickets to different sites. The tickets will then appear under the relevant site in the site filer selector.

Notes:

• When replying ‘ in line’ to a ticket via email the prior conversation items present in the email will not be attached to the ticket. Only the most immediate response added above the line will be included each time a response is added.
• Not all email clients are supported for this functionality and some email clients may include the full content of the email for each response.
• If no Subject is included for tickets raised by email - the first 50 characters of the email body will be included.
• If no Subject and no email body text is present in a ticket raised by email - the ticket will not be successfully raised.
• Tickets which are raised, or responded to, in a language other than English will automatically be translated into English for OpenText™ Core Endpoint Protection Support. The response from OpenText™ Core Endpoint Protection Support is also automatically translated from English back into the original language.

---

 

PRODUCT UPDATE BULLETIN 22.1 - November 9^th 2015

 
OVERVIEW

This Data Filter release responds to the requests we have received to be able to filter out ‘irrelevant’ endpoint data from the console and reports. This new functionality is available for both Global Site Manager (GSM) and Endpoint Protection Site management consoles. It will let Administrators filter endpoints to more precisely reflect the actual endpoints under management and deployed within their management console and for more accurate reporting on their deployment(s).

It’s important to note that with these new data filter settings endpoint data is not deleted, but simply hidden from the console and reporting datasets. Selecting a different time period, or selecting to show all data, will always show all of the endpoint information relevant to your selection. Administrators are also able to set-up a master setting within the GSM console that is inherited by all Sites managed under that GSM, or they may set filtering rules individually by Site. Both the GSM Dashboard and Scheduled Reports will then show endpoints which have been seen in the time period option selected. The new master setting is located under the Account Settings tab and allows Admins to hide endpoints from their data sets that have not been seen for 1, 2, 3, 6 or 12 months.

Key features:

Global Site Manager

1. DATA FILTERING
   
   All changes made to the ‘Data Filter’ settings are audited and logged.
    
   Fig 1. Global Site Manager Data Filter Setting.
    

   Site/Console	The Site the change was applied to, or the GSM console parent setting that was changed.
   Setting	The selected option (1 month, 2 months, 3 months, 6 months, 12 months or show all).
   User	The user who made the change.
   Date	Date and time the change was made.

   
    
   Additionally, any deactivated endpoints will now no longer be shown in the GSM Dashboards or within Scheduled Reports.
    
2. SITE LEVEL DATA FILTER
   
   By using the Data Filter setting located in the ‘Sites > More Info’ dropdown, the data filter setting for each individual site can be set. You can then choose the same time period options available under the master setting with the additional option to force this site to follow the master setting. This will be the default option.
    
   Fig 2. Data Filter Site - More Info dropdown.
   
   
   This master setting option is also available when creating or editing a site:
    
   Fig 3. Editing a Site.
   
   
   Admin Permissions:
   
   Note that the GSM ‘limited’ admin permissions have been updated to grant access to the settings tab when editing a site. From here you may change the default site policy, data filter setting and report distribution list.

Endpoint Protection Site Management Console

1. DATA FILTERING
   
   The data filtering option is also included within the Endpoint Protection Site management console to allow admins to remove endpoints that have not been seen for a set period of time, so the most accurate data views are available for the Site.
   
   Admins will now be able to select to hide all endpoints from their data sets which have not been seen for periods of 1 month, 2 months, 3 months, 6 months, 12 months, or inherit GSM data filter setting (if your Endpoint Protection Site console is managed under a GSM).
   
   You may also choose to show all data.
    
   Fig 1. Site Settings.
   
   
   The updated filtered data set will be applied to all areas of your Endpoint Protection management console wherever endpoints are listed, or totals counted—for example, under the Status and Group Management tabs.
    
2. REPORTS
   
   Just as deactivated endpoints had previously been available to include in reports, you can now choose to include deactivated and hidden endpoints in reports by checking the box when selecting the report type. This allows you to include all known endpoints in your deployment, or just the currently ‘active’ endpoints in your reports without adjusting your data filter settings.
    
   Fig 2. Site Reports.
   
    
3. DATA FILTER LOG
   
   All changes made to the Data Filter settings are captured in the Data Filter Log.
    
   Fig 3. Data Filter log
    

   Site/Console	The Site the change was applied to, or the GSM console parent setting that was changed.
   Setting	The selected option (1 month, 2 months, 3 months, 6 months, 12 months or show all).
   User	The user who made the change.
   Date	Date and time the change was made.

   
    

---

 

PRODUCT UPDATE BULLETIN 21.0 - July 28^th 2015

 
With this release we see the much requested File and Folder Overrides functionality introduced at both Global Site Manager and the Endpoint Protection management levels with some considerable enhancements to the Overrides user interface to support this new capability.

The following functionality is being released today:

NEW – GSM File and Folder Overrides – This allows Global Whitelisting Overrides to be set at the file and/or folder level, in addition to the whitelisting of MD5’s.

NEW – Endpoint File and Folder Overrides – This allows Whitelisting Overrides to be set at the file and/or folder level, in addition to the whitelisting of MD5’s.
 

1. NEW – GSM File and Folder Overrides – Global whitelist Overrides may now be set on a file or folder level as well as at the MD5 level. This allows much greater flexibility when using overrides and that multiple MD5 Overrides no longer have to be individually whitelisted as you can whitelist a whole directory. To help simplify the whitelisting of files and folders and improve clarity, the Overrides tabs are now split between Whitelist and Blacklist, which will improve management and retain the current familiar look and feel.
    
   New Tabs in UI as Phase One of UI and Feature Updates.
    
   Creating a new File / Folder Whitelist Override.
    
   To create a new File or Folder whitelist override click on the ADD+ button and from the New Whitelist Entry panel select the Folder/File Override. Then…
   
   File Mask: Target a file or group of files by specifying a file mask with optional wildcards, for example:
   1. >*.exe to target all executable files in the selected folder.
    
   This will default to all files in the selected folder/path if not specified.
   
   Path/Folder Mask: Defines the folder to target with the Override. You can specify an absolute path, for example:
   1. >‘x:\myfolder\’
    
   or a system variable with optional path, for example:
   1. >‘%SystemDrive%\myfolder’
    
   Default supported environment variables are displayed when you type ‘%.’ However, you may choose to use any variable you have setup on the target machine with the exception of user variables, which are not supported. You may not use ‘%temp%’ for example, as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported.
   
   Include Sub-folders: Select this if you wish to apply the override to all sub folders within a folder.
   
   Detect if Malicious: If this setting is enabled OpenText™ Core Endpoint Protection will continue to protect against any threats originating from the whitelisted file/folder override but this selection does also disable monitoring and journaling to avoid applying monitoring and journaling to a potentially large number of files with an unknown determination. Disabling this setting provides fully trusted whitelisting that allows files to run without any OpenText™ Core Endpoint Protection protection.
   
   IMPORTANT NOTES:
   1. To use file/folder Overrides you need to ensure all endpoints are running Agent version 9.0.1 or higher as earlier versions ONLY support MD5 overrides.
   2. Blacklist override functionality is unchanged.
   3. Override import functionality supports MD5 overrides only.
2. NEW – Endpoint File and Folder Overrides – This allows users of the Standard Endpoint management console to also apply whitelisted file and folder Overrides as well as continue to use MD5 whitelisting.
   
   Overrides are now split into Whitelist and Blacklist tabs to allow easier and more efficient management of the new file/folder Override functions but retain the familiar look and feel of the current Overrides Tabs.
    
   Whitelist Overrides now appear on a separate Whitelist Tab alongside Whitelisted MD5s.
    
   Creating a new File / Folder Whitelist Override.
    
   To create a Whitelisted File/Folder Override click on the +Create button and select the Path/File radio button.
   
   File Mask: Target a file or group of files by specifying a file mask with optional wildcards, for example, *.exe to target all executable files in the selected folder. This will default to all files in the selected folder/path if not specified.
   
   Path / Folder Mask: The folder to target with the override. You can specify an absolute path, for example, ‘x:\myfolder\’ or a system variable with optional path, for example, ‘%SystemDrive%\myfolder’.
   
   Default supported environment variables are displayed in a drop-down list. However, you may choose to use any variable you have setup on the target machine with the exception of user variables which are not supported. You may not use ‘%temp%’ for example, as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported.
   
   Include Sub-folders: Select this if you wish to apply the override to all sub folders within this folder.
   
   Detect if Malicious: If this setting is enabled OpenText™ Core Endpoint Protection will continue to protect against any threats originating from the whitelisted file/folder override but this selection does also disable monitoring and journaling to avoid applying monitoring and journaling to a potentially large number of files with an unknown determination. Disabling this setting provides fully trusted whitelisting that allows files to run without any OpenText™ Core Endpoint Protection protection.
   
   IMPORTANT NOTES:
   1. To use file/folder Overrides you need to ensure all endpoints are running Agent version 9.0.1 or higher as earlier versions ONLY support MD5 overrides.
   2. Blacklist override functionality is unchanged.
   3. Override import functionality supports MD5 overrides only.
   4. GSM Overrides cannot be edited at the Endpoint Protection level.

---

 

PRODUCT UPDATE BULLETIN 20.5 - June 3^rd 2015

Release 20.5 of OpenText™ Core Endpoint Protection delivers several new enhancements including CSV export of the Endpoints Needing Attention report; Override of Dwell Time pop-up; and the addition of Group Description to emails. These improvements are designed to provide enhanced product functionality. The new increased capabilities are outlined below and are now live.
 

1. NEW – CSV Export
   The way data is downloaded via CSV export from Endpoint Protection has changed. The export functionality is accessed as before, but now the user will be emailed a link to download the file to their logged-in email address rather than downloading directly through the browser. This change means that data sets of any size can be exported and made available for access in the future.
   
   CSV Export for endpoints needing attention. CSV export available wherever this icon exists.
    
   Confirmation will show that the file has been emailed successfully.
    
   The following email will be sent to the logged-in email address of the user.
    
   
    
2. NEW – Override from Dwell Time Pop-up
   For added convenience, it is now possible to create an override for a MD5 from the Dwell Time pop-up screen. This works like existing functionality to create overrides from elsewhere in Endpoint Protection, i.e. the Threats Detected pop-up.
    
    
3. NEW - Alert Group Description
   Group Description may be added to the subject and body of an alert. Select the ‘Group Description’ field when adding variables from the available list.
      
    

Additional Enhancements
 

• Fixed intermittent issue with ‘Alert Recipient’ text field missing when creating an alert.
• Updated link to Policy Help video.
• Silent audit description updated to read 'Non-remediating Security Audit with limited protection enabled.'

 

---

 

PRODUCT UPDATE BULLETIN 20.4 - May 7^th 2015

 
This console release delivers more flexibility around logging into the management console for all users and a new telephone login variation introduced for our Hikari Tushin users in Japan.
 

1. NEW – Security Code Override – It is now possible to disable the use of a Security Code during the management console login. This feature is for users wishing to remove this extra security step from the login process. While there are situations where this is relevant we are recommending that administrators continue to use the security code layer of security during login as that maximizes access protection. The option to turn off the Security Code is within User Account Settings under the Admins tab in the GSM console and also within the Endpoint and Mobile Protection “Manage Admins” drop down menu.
    
   Enabling/Disabling the Security Code for Login within the GSM console.
    
   Enabling/Disabling the Security Code for Login within standard Endpoint Protection console.
   
    
2. NEW – Hikari Tushin Telephone & Password Login – Hikari Tushin users can now login using a phone number and password, but this functionality is only available to Hikari Tushin users. The Hikari Tushin phone login will be visible to all users, but non-Hikari Tushin users must continue to login using their email and password.
    
   Optional Hikari Tushin Users Telephone Login.
   
   The reset password section has also been updated to allow Hikari Tushin users to reset using their phone number.
   
    
   Hikari Tushin Users Telephone Password Reset.


3. Update – GSM Onboarding Emails – The emails will now clearly distinguish in their text between the Trial and Full License key versions to avoid any confusion.

---

 

PRODUCT UPDATE BULLETIN 20.2 - February 4^th 2015

Our first release of 2015 sees the introduction of many new dashboard personalization enhancements and capabilities. All of these are designed to make it much easier for you to generate and create better visibility of the endpoint information that will be most useful to you for managing your endpoint environment. The following capabilities are now available with this release.

NEW – Dashboard Add Chart Button – this new functionality allows for the creation and personalization of the Administration Dashboard. It allows the easy creation of new Dashboard charts and managing how they are graphically presented within the console dashboard.

NEW – Dashboard Infection Visibility – allows you to create the Infection Dashboard reporting most appropriate to your management needs.

1. NEW – Dashboard Add Chart – allows administrators to personalize the dashboard view by creating, editing, deleting and managing all of their Dashboard charts.
    
   New Add Chart to Dashboard Button.
   
      
   Pop-Up Add A Chart Wizard lets you define the Chart Data Field topic; a unique Chart Name and the Chart (display) Type.
   
      
   There are over 24 different customizable chart Dashboard options.
   
      
   Dashboard Chart Type lets you display any Chart in the most sensible way.
   
      
   All the Dashboard Charts you create are able to be Edited or Deleted (Remove).
   
    
    
2. NEW – Dashboard Infection Visibility – lets the administrator customize and select the infection data and period to display within the Dashboard.
    
   Time period for the “Threats Detection History” and “Device Activations” is now configurable.
   
    

---

 

PRODUCT UPDATE BULLETIN 20.1 - November 27^th 2014

Further to the release last week of Global Site Manager console Release 20.0 we have seen some issues with the BETA and are releasing the following updates and patches for the GSM Dashboard immediately. Additionally, we are releasing an enhancement to reduce confusion around the last 50 endpoints to see threats by adding the current Status column to that view.
 

1. GSM Global Site Manager Dashboard fixes:
   1. It was previously possible to filter the sites whilst a previous filter was being saved (filter multiple times continuously), leading to Dashboard charts crashing. The “Site Filter” button is now unavailable until the Dashboard has completed loading, and it is also disabled now when carrying out a current filter call.
   2. Site filter was re-calling the summary bar data – even through the summary bar is not affected by this. This call has been removed.
   3. Button mousedown styling (active / pressed state) was not occurring.
   4. Global error handling plugged in. Previously if the server returned success: true, but an error (no data / error message from the server), this wasn’t being handled.
   5. Duplicate data in chart drill-down has been removed (Sometimes the same endpoint was listed multiple times).
   6. Ability to drill down into an endpoint’s site / detailed information has been removed, where the logged in user no longer has access to the endpoint’s site.
   7. Ability to drill down from a chart when the data point was zero has been disabled.
   8. Dashboard page was not handling the state where a GSM customer had zero sites (e.g. New GSM customer). User now receives a welcome message with steps to get started.
   9. Endpoint (more information) drilldown from chart – VM and OS Firewall data points removed (not yet supported by Agent software). All other data points also re-ordered into sensible groupings.
   10. Buttons to create / edit / delete chart removed from the page code completely, instead of being hidden via CSS (user could possibly get access to these via CSS file not loading correctly, manipulating the page in debug console, etc).
   11. Site filter popup now has a paragraph explaining its intention.
   12. General code hardening for dashboard charts cross-browser (margins, line colors, sizing, spacing, changing the size of the charts when using the 1/2/3/4 options, resizing window, etc).
   13. Standard “Loading Dashboards” message now shown on entry. All controls (site filter, reset, etc) removed / hidden until load complete.
   14. Threat and Activation charts now set to “Area-Spline” by default.
   15. Dashboard code files now included inside the generic code combining, minifying and versioning routine to ensure customers never receive cached files on publish.
   16. Fixes to dashboard charts/tables when changing the selected time period (future release).
   17. Error messaging shown to user changed to improve clarity.
   18. If an error occurs when parsing dashboard setup data, option for the user to reset their dashboard configuration presented in the error message.
        
2. Endpoint Protection enhancements:
   To help avoid customer confusion on the Status screen the endpoint Status column has been added to the ’50 most recent endpoints encountering threats (last 7 days)’

 

New Status column added to avoid confusion over actual threat status.

---

 

PRODUCT UPDATE BULLETIN 20.0 - November 20^th 2014

As part of our continuing development of the Global Site Manager, console Release 20.0 introduces new GSM Dashboard functionality. Administrators will get immediate value from these new Dashboard capabilities as they allow you to have a far better overview of either multi-customer or multi-site deployments.

On a note of caution - we are aware of certain scenarios in which the dashboard data may not be 100% representative. This occurs because the Dashboard uses our latest agent version data sets to create Dashboard charts and you may have some agents that have not yet been upgraded to a version that provides these new data sets. However, we are very confident that for vast majority of users they will see the correct Dashboard data.

1. NEW – Global Dashboard – Gives Administrators a new configurable Dashboard that provides immediate insight at a Global level of their multi-site (or multi-location) deployments of endpoint protection. This release includes ‘canned’ dashboard charts for the following 7 default data points:

1. Threat Detection History – A historic view of all threats encountered over a 7 day period.
2. Device Activations – A historic view of new device activations over a 7 day period.
3. Realtime Shield Status – Count of devices with their Reatime shield switched on/off.
4. Managed by Policy – Count of devices which are managed versus any that are unmanaged.
5. Agent version Spread – Count of WSA agent versions installed.
6. Remediation Status – Count of devices with remediation (clean up) enabled by default.
7. Expired Status – Count of devices that are on an expired keycode.

NOTES:

1. The ability to add a new chart (based on the list of over 20 data points) will be part of a future release early next year.
2. As this is a partial release please note that with the exception of 'Threat Detection History' and 'Device Activations', only endpoints running agent version 8.0.4.134 onwards will be accurately represented in any Dashboard totals.
3. Migrated keycodes may also cause some slight anomalies in counts.

 

New – Global Site Manager Dashboard Views.

Here are some of the other management console updates that are part of this BETA release.

New Console Tab

New Global Site Manager Console Tab.

Summary Bar
The summary bar gives a quick overview of the deployment with the ability to hover over the Sites reference to get further site information. The ‘Needing attention’ will take the Administrator to the list of sites.

Simply hover over ‘Needing attention’ to get more information.

Site Filter
The ability to configure which sites you would like to have be part of the dashboard charts is available using this button:
 

New Site Filter button.

Note:
The ability to configure a single chart to render a selection of sites will be part of a future release.

Configurable Dashboard Layout
All charts can be rearranged according to the customer’s preference with the ability to toggle layout format via the following buttons:
 

Toggle Layout with these Buttons.

And simply drag and drop charts into your preferred positioning.
 

Drop and drag charts into desired Dashboard position.

Drill down capabilities
Each chart provides a drill-down to view the Top 50 specific sites/devices relating to the chart, with a further drill down into the specific site, this will be enhanced in the upcoming release with a list of sites being shown first, rather than endpoints.
 

Interactive Drill Downs

Dashboard reset
 

The reset button allows administrators to reset the dashboard to its default configuration.

---

 

PRODUCT UPDATE BULLETIN 19.3 - November 4^th 2014

Release 19.3 introduces OpenText™ Core Endpoint Protection ‘Endpoint Forensics – File Intelligence Views.’ These let Administrators quickly get relevant information on any threat or unknown files within their network and compliments the release of the ‘dwell time’ reporting we introduced in our last release. This new feature is also part of our longer term plan to provide more context to Administrators on the threat landscape within their endpoint environment.

NEW – Endpoint Forensics - File Intelligence Views – Administrators need to understand the risks posed by threats and ‘undetermined’ file types. Our endpoint forensics file intelligence views provide that insight quickly and easily for any filename.

1. NEW – Endpoint Forensics - File Intelligence Views – Administrators can access these views by clicking on any filename in the console. They will then see:
   1. Agent, Rule, and Cloud determination information when hovering the mouse cursor over a determination.
   2. Integrated Webroot Intelligence Network (WIN) data providing information on the first time that a file has been first seen (FS) by WIN and its Global ‘popularity’ – how much it has been seen by others.
   3. Product/Vendor links to Google – to allow the Admininstrator to get a wider context on the file, which is useful for occasions when they are unsure on the classification.
   4. Ability to override the file for white or blacklisting purposes.
   5. Console Dwell time and Popularity – how many times it has been seen within the console deployment and when.
   6. Endpoint Dwell time – how long the file has been seen on the device in question.

 

An example of a single threat seen twice with a ‘0s’ zero seconds (instantly remediated) Dwell Time

 

---

 

PRODUCT UPDATE BULLETIN 19.2 -  September 11^th 2014

Release 19.2 introduces a wide range of interrelated new features and capabilities that considerably enhance the management and overall development of OpenText™ Core Endpoint Protection and Global Site Manager (GSM). Many of them are a result of direct requests from our customers.

We are making it very easy for administrators to not only group sites, but also to mark-up sites with similar features so they can then be filtered to create new subsets within groups of sites. We are also making it simpler to sort sites using the headings within the sites section of the UI. We are introducing the concept of suspending and resuming protection, in addition to being able to deactivate a customer or site. And, until now, deleting administrators was complicated - so we have made it straightforward to do so at both the GSM and Site levels. Policy application and control has been improved as well, with the new option to apply policies to groups.

Most unique of all, we have added a new view called ‘Dwell Time’. This view makes visible for the first time ever in endpoint malware prevention history the time a malware infection was first active to the time it was last seen, showing just how long it takes OpenText™ Core Endpoint Protection from zero seconds upwards to remove the threat from the system. Finally, a new data point called ‘ARC’ has been added that gives more information on how the current file determination has been reached. More details on these updates follows.

NEW – Site Tagging – GSM administrators often need to group customer sites together based on a shared attribute and then be able to view sites by selecting one of these attributes. By implementing the site “tagging” feature they are now able to do this.

NEW – Site Filtering - Site tagging also allows the administrator to filter their site list using the tag, and any sites that match that tag will be found and returned. This allows an administrator to quickly filter their site list in many different ways and return the sites they wish to view from the entire site list. In addition to filtering the site list by tags, administrators may now also filter using the site name or site comments.

NEW – Site Sorting – A common feature request has been the ability to sort using the site view headings. This is now available.

NEW – Suspend/Resume Protection – There are circumstances where, rather than deactivate a site or customer (which expires the keycode and uninstalls WSA software from all endpoints), administrators need to ability to suspend the service. This new suspend and reactivate capability has now been added.

NEW – Deleting Administrators – Deleting an administrator is now straightforward at both GSM and Site levels.

NEW – Group Based Policies – It is now possible to apply policies to Groups.

NEW – ‘Dwell Time’ View – A new data point showing just how effectively WSA is working is being made available by OpenText™ Core Endpoint Protection, ‘bubbling-up’ the valuable information being processed by the WSA Agent and WIN (Webroot Intelligence Network). This is the first time any such view of malware detection and prevention has been made available by any endpoint anti-malware vendor. It also reflects the high degree of transparency and visibility OpenText™ Core Endpoint Protection is happy to provide to help our customers see what is going on in their endpoint security environment.

NEW – ‘ARC’ (Agent, Rule, Cloud Determination) - Following on from ‘Dwell Time,’ this new data point is added to all views where malicious or ‘undetermined’ files are listed and provides richer information into how the determination has been reached.
 

1. NEW – Site Tagging – Global Site Manager administrators have requested the ability to group their sites together based on a shared attribute and then be able to view a subset of those sites by selecting one of those attributes. To accommodate this, we have implemented a new feature known as site “tagging”. This allows an administrator to “tag” a site with any free-form string of information that they want to use.
    
   Simply add ‘tags’ to each site and then view selectively all sites with the same tag.
    
2. NEW – Site Filtering – Administrators can now filter their site list by using tags, names, or comments. This allows the administrator to quickly filter their site list in many different was, but return only the sites with the information they wish to view from the entire list.
    
   Sites returned by filtering on an EU tag.
   
    
   In addition to tags you can also filter by site Name or site Comments.
    
3. NEW – Site Sorting - Another customer feature request has been to have the ability to sort the site list by the various headings. This has now been implemented so administrators are able to sort the site list by “Status,” “Name,” “Number of Devices,” and “Number of Allocated Seats.” This makes it far more convenient to bring the information administrators need to the top of their list.
    
   Easily sort sites by ‘Status,’ ‘Name,’ ’Devices,’ and ‘Seats’ headings.
    
4. NEW – Suspend/Resume Protection - Sometimes a GSM administrator may wish to temporarily disable a site. Until now, their only option was to “deactivate” the site, which expires the keycode and uninstalls the software from all site endpoints. This isn’t ideal, as to “re-activate” their only option is to create a new site and re-deploy WSA using a brand new keycode. To resolve this problem, we have implemented the ability to “Suspend” and “Resume” protection for a site.
   
   Suspending protection will now only temporarily expire the keycode, meaning the endpoints will revert into “Detection Only” mode. The OpenText™ Core Endpoint Protection software will continue to reside on the endpoints and detect malicious software, but it will not clean-up any malware encountered. Site level administrators access permissions will also be reduced to “View Only” mode when accessing the OpenText™ Core Endpoint Protection console. Then, once protection is ready to be re-enabled, the GSM administrator can simply select “Resume Protection,” at which point all that site’s endpoints will return to full clean-up functionality and access to the OpenText™ Core Endpoint Protection web console is returned to any site-level only administrator(s).
    
   Simply, quickly, and easily suspend and reactivate sites.
    
5. NEW – Administrator Deletion - Another important feature request has been for the ability to delete administrators from the OpenText™ Core Endpoint Protection web console. This feature is now available at both the GSM and Site levels, with the ability to delete administrators being available from within both the GSM “Admins” page, and the Site level “Manage Admins” pages.
    
   Delete an Administrator at the GSM level.
   
    
   Delete an Administrator at the Site level.
    
6. NEW – Group Based Policies - Inside the OpenText™ Core Endpoint Protection console it is now possible to apply policies to Groups.
   
   This offers two significant management benefits:
    
   1. If deploying the OpenText™ Core Endpoint Protection software via the command line and specifying a Group to install into - then the new endpoint will automatically pick up the Policy, as it was applied to that Group. This is especially useful for Servers or Point of Sale (POS) systems to ensure that these types of critical systems report into a separate Group from all other endpoints and pick up the correct Server or POS Policy.
   2. When moving endpoints between Groups, the option for these endpoints to inherit the Group Policy is now available, rather than having to rely on moving the endpoints and then also updating their Policy to match that Group.
    
   Now it’s simple to inherit policies using Groups.
    
7. New Dwell Time – We’ve added a new data point called “Dwell Time” to all views where malicious or undetermined files are listed. Dwell Time relates to the total time a threat has been present on an endpoint device. It is calculated from the first time the file is active, to when the file was last seen.
   
   A Dwell Time of zero seconds means that the file was blocked immediately. Dwell Times greater than zero seconds mean that the file has been present for a period of time prior to OpenText™ Core Endpoint Protection removing the file from the endpoint. The reasons for this may be because a user has yet to complete the clean-up routine, the file has been re-introduced onto the system after being originally removed, or the file did not display any malicious behaviour when first seen on the endpoint - therefore the file was not immediately classified as malicious.
   
   While a dwell time on an endpoint may exist, it’s equally important to understand that OpenText™ Core Endpoint Protection is constantly monitoring the endpoint and journaling any changes being made by any potentially malicious file activities so OpenText™ Core Endpoint Protection will be able to roll back those changes. There are also other protection mechanisms in place that ensure the endpoint’s system is protected against malicious attacks no matter how long the Dwell Time is.
   
   By uniquely delivering and being able to see and understand endpoint Dwell Times, we believe security administrators are much better placed to fully appreciate the risks associated with every endpoint they have under management and are also quickly able to see any of those endpoints where clean-up has been disabled.
    
   A new data point showing just how effectively WSA is working.
    
8. ARC (Agent, Rule, Cloud Determination) - A new data point called ARC – Agent, Rule, Cloud Determination - has now been added to all views where malicious or undetermined files are listed.
   
   This builds upon the existing “Cloud Determination” column – but instead of us simply listing what the current file determination is (Good, Bad, or Undetermined) - now by hovering over this value a breakdown of how this determination was reached is displayed.
   
   This new data point is designed to show the flow from “Agent” through the OpenText™ Core Endpoint Protection “Rule” system, and finally to the OpenText™ Core Endpoint Protection “Cloud” intelligence network, when OpenText™ Core Endpoint Protection is deciding upon a malicious file determination.
    
   More Information on why a file has been categorized as malicious.

---

 

PRODUCT UPDATE BULLETIN 19.1 -  August 12^th 2014

Following the release of version 19.0 in early July, we are continuing the development of the OpenText™ Core Endpoint Protection Global Site Manager (GSM) console by adding Global Alerts with the release of version 19.1. We have also made optimizations to allow hundreds of sites to be managed under a single GSM console. This now lets our MSP Partners and large enterprise customers manage a large number of sites from one GSM console.

In this release we have also added to our Standard console the ability to easily deploy additional endpoints to a specific group.

NEW – Global Alerts – This latest addition to the OpenText™ Core Endpoint Protection “Global Site Manager” (GSM) console adds new “Global Alerts” features within the Global Settings section of the GSM console.

Updated – Group Endpoint Deployment - Improves the ability to deploy endpoints to a specified group from within the Endpoint Protection console.
 

1. New - Global Alerts - Allows an administrator to create alerts at a Global level, which are then be applied to any ‘child’ Endpoint Protection ‘site’ (customer) below. This significantly reduces the maintenance overhead as these can now all be handled from one shared location instead of having to manually manage individual site alerts.
    
   New centralized Global Alerts available within Global Settings tab.
   
   Alerts can now be setup and managed centrally by simply selecting which type of alert you wish to receive (Infection Alert, Installation Alert, Infection Summary, or Installation Summary), along with the frequency at which these alerts should be sent.
    
   Simply add a new Alert using intuitive pull-down selections from Basic Settings tab.
   
   
   Use the Recipients tab to select an existing distribution list or create a new distribution list.
   
   
   Use the Sites tab to select which sites you want to trigger the alert from.
   
   
   Then use the Email Template tab to create the message that should be sent out.
   
   Email distribution lists are easily setup and managed by simply selecting an existing distribution list and editing it as necessary, or creating a new one by assigning a name and entering the email addresses you want to use for a new distribution list.
    
   Simply select and edit an existing Alert Distribution List.
   
   
   Or, easily create a new one from scratch.
   
   The new Global Alerts created at the GSM level are also visible in a “View Only” mode at the ‘Site’ level, as changes to Global Alerts are only permitted at the GSM level.
    
   List view differentiates between Global and local Site level alerts.
   
   Clicking on a Global Alert provides the following site level details.
    
   Read only view of Global Alerts at Site level.
    
2. Updated – Group Endpoint Deployment - The ability to deploy endpoints to a specified Group has been improved, and added as an additional option within the Endpoint Protection console.
   
   To perform this action, an administrator simply selects the Group they wish to deploy endpoints into, and selects “Deploy Endpoints to this Group” from the new “Actions” drop down menu.
   
   This then displays the information required to install the software via the command line, and automatically adds the endpoint into the correct Group.
    
   New ‘Actions’ drop down menu.
   
   
   Creates Command line to deploy endpoints to a specific Group.

---

 

PRODUCT UPDATE BULLETIN 19.0 -  July 1^st 2014

As part of the ongoing development of the OpenText™ Core Endpoint Protection Global Site Manager (GSM) console, we are releasing version 19.0. This major release incorporates brand new "Global Settings" to make the management of multiple sites and customers more efficient by removing the need to manage policies individually.

NEW – Global Settings – Enables a GSM Super Admin to create policies and overrides at the GSM level, which can then be applied to any Endpoint Protection site.

• Sites the current user has access to are now displayed, along with the number of sites in total which are active under the GSM console.
• Quick overview of which sites have global policies and overrides enabled or disabled.
• Visibility of the default policy for each site, along with the ability to quickly change this.
• Days remaining is visible for any “Trial” sites created, along with expiring and expired statuses for each row.

 

1. NEW – Global Settings – This new capability dramatically reduces the maintenance overhead for GSM administrators’, as these can now all be handled from one shared location, instead of having to manually manage each individual sites policies and overrides.
    
   
   New Global Settings for faster and easier administration of multiple endpoint sites or customers.
    
   
   Full capabilities to create and manage policies are now available at the GSM level.
    
   
   When creating or editing a site, you can now select whether this site should have global policies available and select which policy to apply as the "default" policy that endpoints will inherit upon installation.
    
   
   Full capabilities to create and manage overrides are now available at the GSM level.
    
   
   When creating or editing a site, you can now select whether this site should have global overrides available.


2. NEW – Import and Export Policies & Overrides – This update applies to both the GSM and Standard consoles. Within the policies page at both GSM and Site level, you can now select an “Import” option.
   • Automatic Import - by default, this is set to “auto” mode which displays a list of all policies across all sites which the logged on account has access to.
   • Select the policy you wish to import from the list, then click “Import” to transfer this into your current console.
   
   This once again drastically reduces the maintenance overhead for any Endpoint Protection administrator, since they no longer have to manually recreate identical policies across multiple sites. Instead, you can create the policy once, then import into all sites where you wish it to be available. This is also useful at GSM level, since the GSM Super Admin can import a site level policy into the GSM console, make it global, and then instantly make it available across all sites with global policies enabled.
   • Manual Import – for circumstance where an administrator wishes to import a policy from a site they do not have access to, only manual import is available.
   • Select the policy you wish to import manually, then click the “Export” button. This will display a “Transfer Code” which you can then enter during an import process to import that policy.
   
   This is extremely useful for administrators’ who may have multiple accounts under different email addresses, or who may simply wish to email their transfer code to a friend for them to import into their own site.
   
   
   Auto and Manual Import of Policies.
   
   Override Import - under the overrides page at both GSM and Site level, you can now select an “Import” option.
   • Selecting this option displays a list of all sites which the logged on account has access to.
   • Simply select the site from where you wish to import all overrides and select from the various import options (overwrite existing overrides, etc.). Click “Import”. This will proceed to import all overrides from that site into your currently selected site.
   
   Once again this proves extremely useful for administrators who wish to simply copy identical overrides from one site to another instead of manually having to create the same override for each site. For GSM Super Admins, this also means they can pull up overrides from a site, make them global, and apply them to all other sites which have the global overrides option selected.
    
   
   Simple importing of overrides.
   
    
3. NEW – UI Informational Enhancements – A number of improvements to the UI now provide relevant information that simplifies administration.
    
   
   1. Number of sites the logged on user has access to is now displayed, along with the number of sites in total which are active under the GSM console.
   2. Quick overview of which sites have global policies and overrides enabled / disabled.
   3. Visibility into the default policy for each site, along with the option to change this.
   4. Days remaining is now visible for any “Trial” sites created, along with expiring and expired states for each row.
   
    

---

 

PRODUCT UPDATE BULLETIN 18.0.3 -  May 7^th 2014

Until now, accessing information via the management console has been limited to scrolling through data views and there were not many sophisticated search options. These restrictions are now swept away within this incremental 18.0.3 release for both the Standard and the new OpenText™ Core Endpoint Protection Global Site Manager consoles. Both now provide advanced search and filtering. In the Global Site Manager console we have also added more information around Administrator Permissions.

NEW – Advanced Search and Filtering – Allows the administrator to use a wide range of parameters to create refined filtered searches, adding a great deal of speed and flexibility when looking to identify individual or groups of endpoints. This search and filtering is available within both Standard and Global Site Manager consoles.

1. NEW – Advanced Search and filtering option under Change Console button in all console views.
    
   
   Easily access advanced search and filtering options for any endpoint managed
   
   The new search and filtering options include:

   Field	Options / Example
   Hostname	[Free form Query]
   Status	Protected Infected Expired Infected & Expired Not seen recently
   Group	[Generated from site groups]
   Policy	[Generated from site policies]
   Active Directory	[Free form Query] + [Generated from AD Tree]
   Keycode	[Generated from attached keycodes]
   Operating System	Windows XP Windows Vista Windows 7 Windows 8 Mac OS Other
   Advanced:
   Agent Version	[Free form Query]
   Agent Language	[Pre-set list of all supported languages]
   VM	Yes No
   Device MID	[Free form Query]
   Instance MID	[Free form Query]
   Current User	[Free form Query]
   Public IP Address	[Free form Query]
   Internal IP Address	[Free form Query] + [Generated form internal IP ranges]
   Workgroup	[Generated from workgroups detected]
   MAC Address	[Free form Query]

   
   Clicking on the Advanced Search button under the Change Console button results in the following pop-up window appearing:
    
   
   Advanced Search pop-up window with Advanced options available by simply clicking on Advanced.
   
   The Advanced Search function is also selectable directly from within the Group Management beside the Groups and Views tabs.
    
   
   Advanced Search from within the Group Management tab
    
2. NEW - Admin Permissions Pop-Up Window to aid clarity of permissions being granted to each type of administrator.
    
   
   Create Admin pop-up window to clarify Admin capabilities
   
    

---

 

PRODUCT UPDATE BULLETIN 18.0.2-  April 16^th 2014

The Early Adopter release of the new OpenText™ Core Endpoint Protection Global Site Manager console has included a stream of planned updates and additional requests.  With this release of 18.0.2, we are introducing over ten enhancements and refinements to both Global Site Manager (GSM) and the Standard console.

NEW – Search for and report on deactivated endpoints – Allows the administrator to easily search for any deactivated endpoints as well as using report option to create a deactivated endpoints report. (GSM and Standard console)

1. NEW - In the Group Management view, Admins can easily search for and uncover any deactivated endpoints.
    
   
   Easily search for deactivated endpoints
   
    
2. NEW – Admins can use the new report option to create a deactivated endpoints report.
    
   
   Simply select deactivated endpoints to report on them
   
    
3. Web Threat Shield has expanded Tooltip information to clarify the effect of switching web filtering setting on or off 
    
   
   Clearer Tooltip for Web Filtering policy option 
   
    
4. NEW – Direct access to Release Notes from the Administrator Login page.
    
   
   Easier access to Release Notes & Community links on the Login page
   
    
5. NEW – Administrators now have the option to add explanatory comments to policy Overrides to explain the reason for the override to other Administrators.
    
   
   Easily add explanatory comments to policy overrides
   
    
6. NEW – A new Change Log file provides transparency about when and who made changes to any Overrides.
    
   
   Easily track and audit any override changes
   
    
7. The Administrator sign-in drop down menu has been changed to read “Manage Admins” instead of “Manage Users.”
    
   
   Changed Manage Users to Manage Admins
   
    
8. NEW – The rename of Global Site Manager Admins (View Only) clarifies the two Global Site Manager multi-site administration levels versus the basic Site Administration level.
    
   
   Easily distinguish and assign Administration levels
   
    
9. NEW – The highlight trial sites function lets you allocate Trials and have those seat counts excluded from the chargeable license count.
    
   
   Easily manage Trials
   
    
10. NEW - Rename a GSM console lets you edit Console names for easier administration.
     
    
    Simply edit Console names
    
     
11. NEW - Add new billing cycles lets an Administrator set-up the Billing cycle they want to charge for individual sites/customers.
     
    
    Easily set charging rules
    
     
12. NEW – The ability to export GSM data to CSV lets an Administrator download and export usage reports to a CSV file.
     
    
    Easily report on endpoint license usage by site
    
     
13. NEW – The Site Administrators’ for each site and their Administration levels are now made visible on the Admins page.
     
    
    Easily see who has site Administration rights

---

 

PRODUCT UPDATE BULLETIN 18.0.1 - March 27^th 2014

In continuation to the announcement of the new OpenText™ Core Endpoint Protection Global Site Manager earlier this month, we are now introducing a number of developments. The majority of these are aimed at helping our Managed Service Provider (MSP) customers.

The first enhancements to Global Site Manager (GSM) included in this release, adding many administration benefits, are as follows:
 

• NEW – Allow Trials under a Full Parent Key – The option to create a “Trial” site has been added, allowing MSPs to create a “Trial” account from within the GSM without the need to provision a separate keycode.
• NEW – Add Keycode Logic – Administrators now have the ability to create a new console without needing to go through the existing registration process.
• NEW – Global Site Manager – Product Tour – Now, when launching GSM for the first time, a new Product Tour will be displayed. The tour highlights all the current capabilities of the GSM and can also be accessed via your administrator drop-down menu.
• NEW – Global Site Manager – Trial Notification Header – All GSM trials will have the remaining trial duration clearly stated on the console header. Clicking on the notification will bring up the standard Renew/Upgrade popup for GSM.
• NEW – Show Site Creator – The Site creator will not be visible in the drop-down under a site.
• NEW – Global Site Manager EULA Logic – The super Global Site Manager administrator will accept the EULA on behalf of all sites (customers) – meaning that if an MSP gave access to a site to one of their customers, the customer will not be presented with a EULA.
• NEW – Coming Soon Tab – We have added a new “Coming Soon” tab to highlight new additions planned for the Global Site Manager console as it develops over the next few months, the features OpenText™ Core Endpoint Protection is working on for GSM, and to help answer your GSM development questions.

---

 

PRODUCT UPDATE BULLETIN 18.0 - March 20^th 2014

What's NEW!
 
Release 18 delivers a brand new management console option, the Global Site Manager console, that will be continuously enhanced with new features and capabilities during 2014.

It has been specifically designed to simplify the management of OpenText™ Core Endpoint Protection by Managed Services Providers (MSPs) and larger enterprise sized business customers that need more flexibility and ease of management over multiple customers, groups, locations, and multi-administrated deployments.

The first phase - Release 18.0 – will introduce basic Global Site Manager console functionality and features. It will also provide the multi-layered hierarchical management architecture that helps to deliver better visibility, easier administration, and smoother day-to-day operation of complex deployments. Global Site Manager is an additional and optional management console that is available instead of the standard management and deployment available through OpenText™ Core Endpoint Protection’s current web-based management console.

Any OpenText™ Core Endpoint Protection customer with over 100 seats under management and needing the flexibility of the Global Site Manager console will be able to migrate from their existing console. The first phase of Global Site Manager, release 18.0, offers the following benefits:
 

• NEW - Auto-Provisioning – A new parent and child keycode structure now means it’s a seamless process to provision new customers or locations, with no need to contact OpenText™ Core Endpoint Protection about issuing a new keycode. These are now controlled and automatically issued from within Global Site Manager.
• NEW - Unique Site Consoles – The new hierarchical management views now enable you to issue individual customers, or locations, with their own unique console and keycode – simplifying deployment of new customers and also any individual account terminations.
• NEW - Top Level Views – There are new top-level views of the customers or locations under management that provide real-time data on:
  • Do any of endpoints need attention?
  • How many devices have been deployed at this customer?
• NEW - Site Notes – There is now the ability for administrators to add and write notes about each customer or location, for example:
  • Customer billing cycles (for MSP reference only).
  • Seats allocated to a customer/location – to more easily see how many seats have been used and avoid going over.
• NEW – Delegated Console Access Rights – There are now delegated administration access rights and permissions for every customer or location/site console under management. This lets you provide customized access to individual management consoles and allocate multi-tiered access rights and permissions.
• NEW - Direct Access Management – The new Global Site Manager console User Interface allows direct access to any customer or location console along with seamless integration to existing console selection screens. There is also the option to populate multiple MSP portals under a single account.

IMPORTANT:

Release 18 is the first phase in a number of releases that will provide a new Global Site Manager console.

If you would like to look further into the new Global Site Manager console, or are considering migrating to Global Site Manager, please contact your OpenText™ Core Endpoint Protection Channel Account Manager or OpenText™ Core Endpoint Protection Sales Representative for more details.

---

 

PRODUCT UPDATE BULLETIN 17.1 -  November 7^th 2013

Release 17.2 follows releases 17 & 17.1, which offered many management console enhancements and basic support for Apple Mac devices. This next release features the brand new 2014 user endpoint GUI, new protection features, and some very important additions to the console that will simplify the detection of a threat on multiple PCs, as well as allow the easy deactivation of redundant endpoint Agents.
 

• NEW – 2014 Agent – Updates to the Agent GUI to the new 2014 version that offers a far simpler user interface design and many other Agent enhancements.
• NEW – Infrared Shield & Settings – A new multi-layer defense which incorporates several key components of the Webroot Intelligence Network™ to block new threats very early in their lifecycle, often before OpenText™ Core Endpoint Protection Threat Researchers have even seen a single sample.
• NEW – Scan Settings – The option to detect Potentially Unwanted Applications (PUAs) and designate them as being malicious files.
• NEW – Pop-Up Threat Window – Identifying propagation of the same threat within your endpoints.
• NEW – Agent Deactivation – Allowing Administrators to easily deactivate Agents not seen from the license count.

 

1. NEW – 2014 Agent
   The new 2014 user Agent introduces many enhancements, including a much cleaner and simpler GUI (graphical user interface), the inclusion of the new Infrared Shield, and much better threat detection of non-portable execution files like VBScripts. Together, these improvements significantly advance overall endpoint protection.
    
   
   New 2014 Agent User Interface
   
    
2. NEW – Infrared Shield & Settings
   Infrared is a unique multi-layer defense shield that incorporates several components from within the Webroot Intelligence Network to immediately block threats early on in their lifecycle – often before OpenText™ Core Endpoint Protection’s Threat Researchers have even seen a sample. This is achieved through a number of threat intelligence “engines” working together to enhance the overall protection of every endpoint.
   
   Another layer of Infrared is its interpretation of user behavior and overall assessment of the safety level of the user. If a user is classified as a higher risk, the heuristics and background processing are dynamically turned to increase their effectiveness for that individual user, while preventing false positives for other “less risky” users.
   
   The new Infrared Shield is now also supported within the Policy section of the management console.
3. NEW – PUP Scan Settings
   This new configuration setting has been added to the new 2014 Agent to enable the detection of Potentially Unwanted Applications (PUAs). These are applications that, while not malicious themselves, are generally considered undesirable within business networks. PUAs are application hidden in the license agreements, or Terms & Conditions, when new software or data is downloaded. Because of this, users end up with a computer full of programs they don’t want or need.
    
4. NEW – Threat Propagation View
   This console enhancement displays all the endpoints that have seen the same threat (based on the MD5 values the Agent creates) to help Administrators immediately understand the propagation of any new threats (like worms) and their spread within the network.
   
   Simply by clicking on the button “Show All PCs that have encountered this file” generates a pop-up window that displays all of the endpoints that have seen this particular threat. This makes managing such situations faster, simpler, and a lot easier than before.
    
   
   A New Threat Appears on a Single Endpoint
   
   
   Clicking the "Show All PCs" Button Pups-up a New Window Showing All Threatened Endpoints
   
    
5. NEW – Agent Deactivation
   Directly accessible from the Status tab screen, an Administrator may now launch the “Endpoints Activity” panel and see any Agents not seen within a pre-determined time frame. Then the Administrator can select single or multiple Agents from the list and click the “Deactivate” button.
   
   This makes it much easier to deactivate and remove redundant Agents from the license count that have not been seen or are considered to be “inactive.”
    
   
   Easily Deactivate Single or Multiple Agent Licenses

---

 

PRODUCT UPDATE BULLETIN 17.1 - October 1^st 2013

 

---

 

PRODUCT UPDATE BULLETIN 17 - September 3^rd 2013

In this release OpenText™ Core Endpoint Protection delivers many of the highly requested management console features which have formed a major part of the development roadmap for 2013. In this update we are introducing new 'Data Points,' basic support for the Apple Mac platform, and all new Group Management 'Views.'

• NEW - Data Points - Following the release of the Alerting Templates made in May this year, more new data points are now available in key areas of the management console. With these enhancements, you will now be able to see who has been infected and when.
• NEW - Group Management 'Views' - As part of our ongoing enhancements, this year we are introducing new Group Management 'Views.' These use the endpoint agents to automatically generate new hierarchical group management views for simpler management of complex environments and allow the Administrators see deployed endpoints based on their Active Directory, IP Range, or Workgroup information. The Group Management 'Views' are especially useful for managing users at multiple locations or, if the Administrator is a service provider, the management of multiple customers within a single management console.
• NEW - Basic Apple Mac Support - A common request made to OpenText™ Core Endpoint Protection is, "Can you support Macs?" With this release, Administrators are now able to support Apple Macs, installing OpenText™ Core Endpoint Protection on them within their environment and having them report back to the management console.

 

1. NEW - Data Points
    
   1. Group Management and Scan Data
      
      Within Group Management, both the 'Endpoint' panel and the 'Scan History' panel have the following updates.
       
      
      New Group Management Data Points
      
      The new Endpoint views are:
      1. Last Internal IP Address
      2. MAC Address
      3. Last Active Directory Information
      4. Last Logged in User
       
      
      New Scan History Console Views
      
      The new Scan History Views are:
      1. Internal IP at time of scan
      2. MAC Address
      3. Active Directory information at time of scan
      4. Workgroup information
      5. Logged in User at time of scan
   
   
   2. Reports Data
      All Management Console Reporting will not be able to use the same new data points covered above.


2. NEW - Group Management 'Views'
   
   Based upon the information being sent by the agent, there will now be the new auto-group 'Views' in addition to the custom Group Management currently offered.
    
   
   New Active Directory, IP Range, and Workgroup Views
   
   The auto-group views allow Administrators to have hierarchical views of endpoints and users based upon their:
   1. Active Directory hierarchy, "mirror mode" views
   2. IP Range views
   3. Workgroup information views
   
   The Administrator cannot move endpoints from within the auto-grouped Group Management 'Views' as this visibility is based upon data provided by the agent. However, the 'View' will change if an endpoint is moved to another group and the agent resends its new view data to the management console.


3. NEW - Basic Mac Support
   
   Administrators are now able to install OpenText™ Core Endpoint Protection on Apple Macs as part of their OpenText™ Core Endpoint Protection environment and have them report back to the Endpoint management console.
    
   
   Visual differentiation of Macs from Windows endpoints
   
   We have also added visual identification of Macs differently to Pcs from within the Group Management area to make the Mac agent deployments more visible to Administrators.
   
   However, as it is an Apple Mac OS environment, not all the functions available under Windows are enabled. Below is a list of the enabled and disabled functions.
    

   Enabled Functions:	Disabled Functions:
   Mac device visibility/check in Scan Agent Command Cleanup Agent Command System Cleanup Agent Command Lock PC Agent Command Log Off Agent Command Reboot Agent Command Shutdown Agent Command Deactivate (no uninstall) Agent Command	Health/Infection Status Reports Policies Alerts Overrides

    
   
   Resources Apple Mac Agent Deployment
   
   Additionally, we have updated the Resources area to now include a download button for the Mac agent so it may be deployed as easily as the Windows agent.

 

---

 

PRODUCT UPDATE BULLETIN 16 - June 20^th 2013

A few weeks ago, we introduced Customizable Alerting within the Management Console. We are now working on further feature enhancements on this based upon Community feedback we've received.

In this release we are introducing brand new policy settings specifically for the System Cleaner and Identity Shield functions. With these new policy settings, we are releasing an updated version of the Agent so these new policies may be used.

• NEW - Identity Shield for non-Latin Systems - The default setting of this capability is 'OFF.' This allows an Administrator to run the Identity Shield in compatibility mode with non-Latin language based systems and provide full keylogging protection.
• NEW - Identity Shield compatibility mode - The default setting of this capability is 'OFF.' This protects the Endpoints with the Identity Shield's core functionality without interfering with another application's functions that the Shield might block.
• NEW - System Cleaner Local Settings Policy - The System Cleaner local policy settings have now been moved to the central Management Console. The default setting of this new policy is 'ON.'
  
  

What happens to my existing policies?

Any existing policies you have created will remain the same. You will need to update your Endpoints to the lastest release before you are able to update your existing policies to incorperate the new settings.

If you have just used the pre-configured or default policies that OpenText™ Core Endpoint Protection provides, then these will be automatically updated to reflect the policy changes above. The same will apply to all the new policies that you create.

Watch out for:

New Data Point additions which will soon be added to the central Management Console to provide further details on these new policy settings.

Refined Reporting data will also be on the way in a future release.


 

---

 

PRODUCT UPDATE BULLETIN 15 - May 15^th 2013

OpenText™ Core Endpoint Protection has received many requests for the ability to edit the alert messages being sent from the management console. There have also been requests for integrating console alerts into existing ticketing management and support systems, and broadening the distribution of the alerts. With the release of our new Customizable Alerts we now deliver this highly requested functionality.

New:

Customizable Alerting - Allows an Administrator to fully customize the alerts sent from their OpenText™ Core Endpoint Protection console.


 

There are 6 main areas being introduced with the Alert Templates feature:

1. Alert Type - As before, there are various alert types that may be subscribed to that act as rules for when the Administrator should be alerted. The alert types available with this release are:
   • Instant Alerts for newly infected PCs.
   • Instant Alerts for newly installed PCs.
   • Scheduled Summary Alerts for recently infected PCs.
   • Scheduled Summary Alerts for recently installed PCs.
2. Configurable Distribution - Distribution lists can be configured for multiple users to receive an alert. Alert message recipients may also unsubscribe from an alert directly in the alert email.
    
3. Configurable Data - With a simple mechanism, Administrators can now configure where specific data will appear in alert messages. These configurable data variables include: username, active directory/OU information, workgroup, and local IP data.
    
4. Configurable Subject Line - Allows the Administrator to configure the subject line of any alert messages by using both plain text and the variables available for the type of alert. This allows the Administrator to have the subject of the email alert reflect non-generic data, such as the hostname of the machine triggering the alert
    
5. Configurable Body Message - Allows the Administrator to fully customize the message body using the data point variables available for the alert.
    
6. Customized Alerts Wizard - There is new wizard to guide the Administrator through the steps to create and configure new or existing alerts.

Watch out for:

While not in this release, there are plans for further refinements to make alert messaging more customizable:

• HTML encoding - the ability to change the body of the message using HTML, such as: font, color, bold/italicize, etc.
• Alert Preview - the ability to see a preview of the template created.

 

---

 

PRODUCT UPDATE BULLETIN 14 - January 10^th 2013

Because OpenText™ Core Endpoint Protection is being deployed onto Windows Servers with increasing frequency, we are proud to introduce the new default server policy.  See below for details.

New:

• Recommended Server Defaults Policy – Allows an administrator to easily deploy a default policy designed specifically for servers.
   
  Basic Configuration

  • Favor low disk usage over verbose logging – ON
  • Allow OpenText™ Core Endpoint Protection to be shutdown manually – ON
  • Poll Interval – 1 Hour

  
  Scan Schedule

  • Scan before 8:00am when computer is idle
  • Do not perform scheduled scans when a full screen application or game is open – OFF
  • Randomize the time of scheduled scans up to one hour for distributed scanning – OFF

  
  Scan Settings

  • Scan archived files – OFF

  
  Real-time Shield Settings

  • Scan files when written or modified – OFF
     

  User Interface

  • GUI – Show

 

---

 

PRODUCT UPDATE BULLETIN 13 - November 28^th 2012

 
We are always looking at ways to improve the convenience and ease of use of the OpenText™ Management Console. The changes being introduced this week are all designed to further those aims.
 
New:

• Reactivate Deactivated Endpoints – There is a new 'Reactivate' button in the toolbar within the 'Deactivated Endpoints' group, which allows you to restore a deactivated endpoint.

Updates:

• Restore Multiple Items from Quarantine – Administrators can now select multiple files and restore them from Quarantine at the same time.
   
• Hyperlinked Infection Statistics – Allows immediate access via hyperlink to the infected endpoint(s).
   
• Console Switching – Rather than go back to the ‘Home Tab’ to switch management consoles, Administrators can now switch from within the current management console.
   
• Improved Report Filtering – All suitable reports now feature filtering by Group or Policy.  This gives you a more granular view of your reports that is customized to contain only the data you're looking for with no extra data to need to parse through.  Additionally, the All Threats and All Undetermined Software reports now have the ability to filter by specific time period.

 
Reactivate Deactivated Endpoints
 

1. The ‘Deactivated Endpoints’ group within 'Group Management' now features a new ‘Reactivate’ button in the toolbar that makes it easy to reactivate deactivated endpoints individually or as a group.
   
   

Restore Multiple Items from Quarantine
 

2. An administrator can now restore multiple files from quarantine at the same time, rather than individually.
   
   
    

Hyperlinked Infection Statistics
 

3. A new hyperlink has been added to the Endpoint Protection panel on the console ‘Home Page’ that allows an administrator to immediately access infected endpoints.
   
   

Console Switching
 

4. It’s now possible to switch quickly from any tabbed page of the current console to an alternative management console without going back to the ‘Home’ Tab.
   
   

 
Improved Report Filtering
 

5. All suitable reports now feature filtering by Group or Policy.  This gives you a more granular view of your reports that is customized to contain only the data you're looking for with no extra data to need to parse through.  Additionally, the All Threats and All Undetermined Software reports now have the ability to filter by specific time period.
   
   

 

---

 

PRODUCT UPDATE BULLETIN 12 - September 12^th 2012

New:

• Infected Endpoint Cleanup Icon Command – Clicking Endpoints need attention from within the Management Website Status page, or viewing the Endpoints with threats on last scan report, now offers the administrator a Clean Up Now icon that sends the cleanup agent command.

Infected Endpoint Cleanup Icon Command

1. As a result of requests made through the OpenText™ Core Endpoint Protection Business Community, we have simplified the process of cleaning up infected endpoints. Many of our customers run their endpoints in Audit Mode, meaning the administrator has to clean up the endpoint manually. This involved using a multi-step process via Group Management.
   
   Now, by clicking Endpoints need attention from within the Management Website’s Status page, or viewing the Endpoints with threats on last scan report, an administrator can use the Clean up Now icon to send the cleanup agent command. When you click the icon, the endpoint is scanned and any threats found are quarantined.
   
   
   
   "Endpoints need attention" on the Status page
   
   
   
   New "Clean Up Now" icons on Status page
   
   
   By clicking the icon next to the user or hostname, you send the cleanup command to that endpoint, speeding up the process considerably.
   
   
   New "Clean Up Now" icons on the Reports page

 

---

 

PRODUCT UPDATE BULLETIN 11 - AUGUST 16^th 2012

A number of significant updates have been made to the OpenText™ Core Endpoint Protection Account Management website this week.

New:

• Turkish Language Support – Turkish is now available from the pull-down language selection panel on the homepage.
   
• JavaScript Charting – The Flash based charts in the Account Management website have now all been replaced with a JavaScript based charting framework.
   
• Software Deployment & Deployment Tab – Provides an easy-to-use download link for the installer distribution with the license keycode already embedded.

Updates:

• Status Tab Updating – The Status tab now refreshes dynamically to update the statistics for total endpoints seen, recently infected endpoint counts, etc.

Turkish Language Support

1. Turkish has been added as language option in the Account Management website.
    
   
   Update – Console Turkish Language Support

JavaScript Charting
 

2. The Flash based charts in the Account Management website have all been replaced with a JavaScript based charting framework, which will allow them to be viewed from a wider range of platforms including Android Jellybean and Apple iOS.

Software Download & Deployment Tab
 

3. To facilitate ease of downloading and installing the OpenText™ Core Endpoint Protection agent, as well as deployment by email, MSI, GPO, etc., we have added a new Software Download & Deployment tab.
    
   
   Account Management website – New Deployment tab

Status Tab Updating
 

4. The Status tab is now refreshed dynamically to update the statistics for total endpoints seen, recently infected endpoint counts etc.
    
   1. In an empty console: Once a single endpoint reports in, the Status and Group lists will automatically update and remove the deployment text (see below) to show the standard charts and grids. On detecting a change of infection status, the infected charts/grids will also reload for the next two minutes in the background to ensure the latest data is shown.
       
   2. In a populated console: If all endpoints are removed/transferred to another management console (by entering a different Keycode in the Agent) the console will do the opposite – hiding the charts/grids, and reverting to the deployment text below being shown.
       
   3. In Group Management: The Group Management tab now updates dynamically every 2 minutes to reflect new additions to the account. When updating the Group Management endpoint count, an additional check is performed to ensure that the user is currently registered within the Group Management tab. If they are, this data does not update immediately.  Instead, the Account Management website will check every 5 seconds on that user’s location.  Once the user is on another tab, the data will update. The Account Management website also ensures that, upon reloading this data, any previous group/ endpoint selections are maintained where possible.
       
   4. Status Page: If no endpoints are reporting to the Account Management website, the left navigation bar hides itself and the Status Page content shows the following:
      
      
      Account Management website – Status Page Text

 

---

 

PRODUCT UPDATE BULLETIN 10 - July 26^th 2012

This week, we made a minor update to the way some reporting popups are delivered in the OpenText™ Core Endpoint Protection Account Management Website.

Updates:

• Reports Popup Dialogs – When requesting certain Reports, we have revised the popup dialogs to be more helpful.

Reports Popup Dialogs

1. Previously when it took longer than 3 seconds to finish running either the All Threats Seen or All Undetermined Software Seen reports, the Account Management Website would simply deliver a "Please try again in 5 minutes" popup.  We have replaced that popup with one that says "Your report has been successfully requested…" while a check for the requested report runs in the background at 30 second intervals.
   
   
   
   When the report is available, the website displays a "Report Ready" popup, allowing Administrators to view the reports the moment they are available.
   
   

 

---

 

PRODUCT UPDATE BULLETIN 9 - July 16^th 2012

In addition to the recently made Status Tab updates, further enhancements to the functionality and capabilities of the OpenText™ management console are released this week.

New:

• Restore This File from Quarantine Buttons – Beside all instances of the ‘Create override’ button a new ‘Restore this file from Quarantine’ button has been added.
   
• Footer – A footer has been added to each console tab with direct links to OpenText™ Privacy Policy; Website Terms of Service and the License Agreement.
• Policy and Agent Command Poll Interval Alerts – When an administrator promotes a Policy to live, or actions an Agent Command, there are now reminders about Agent poll intervals and how to accelerate the changes, if necessary.

Updates:

• Multiple Overrides Deletion – Administrators may now select and delete multiple Overrides at the same time rather than being restricted to doing this one at a time.
   
• Multiple Console Sorting – Should an Administrator operate multiple management consoles they will now be presented in alphabetical name order, not as previously in date added/created order.

Restore This File From Quarantine Buttons

1. Beside all instances of the ‘Create override’ button a new ‘Restore this file from Quarantine’ button has been added. This allows an administrator to quickly restore files that have been incorrectly quarantined (i.e., a false positive) without having to find the file’s MD5 value and then manually perform the restore via the Commands>Malware>Tools>Restore File route. This new restore function is restricted to one file at a time.
   
   

Footer

2. A new footer has been added to all of the management console’s pages with direct links to OpenText™ Privacy Policy; Website Terms of Service and the License Agreement.
   
   

Policy and Agent Command Poll Interval Alerts

3. Now, as soon as an administrator promotes a Policy to live, or actions an Agent Command, there are reminders about Agent poll intervals and how to accelerate the changes, if necessary.
   
   
     Policy Poll Interval Alert
   
   
   Agent Command Poll Interval Alert

Multiple Overrides Deletion

4. Administrators may now select and delete multiple Overrides at the same time and are no longer restricted to doing this one at a time.
   
   

Multiple Console Sorting

5. For administrators who look after more than one OpenText™ Management Console, the console names will now be ordered alphabetically, rather than by the date the console was created and added.

 

---

 

PRODUCT UPDATE BULLETIN 8 - June 30^th 2012

Fixes and updates are continuous, but what follows are the significant enhancements that have recently been made to the functionality and capabilities of OpenText™ Core Endpoint Protection.

New:

• Status Tab Useful Information Panels – The Status Tab now features 3 new panels covering threat information from the OpenText™ Core Endpoint Protection Threat Blog, direct links to different Help and Support information and News and Updates.

Updates:

• Reset Agent Command – There was higher than expected CPU usage when this command was sent to an Agent on Windows Server Small Business Server 2011. This has now been addressed by updating the behavior of the Agent Command.

Status Tab Useful Information Panels

1. Three new panels on the right hand side of the Status Tab dashboard. The first provides a direct feed from the OpenText™ Core Endpoint Protection Threat Blog. The second Help and Support links to the most recent Administrator Guide, OpenText™ Core Endpoint Protection Instructional Videos and the Support web page. The third News and Updates panel links to OpenText™ Core Endpoint Protection News, the Threat Blog web page and to release notes like this bulletin.
   
   

Reset Agent Command

2. With Windows Small Business Server 2011 in both physical and VM configurations Agent Commands were causing unexpected spikes in CPU usage. Both the Reset Agent and general Agent Command processing have been updated to address this anomaly.
   
   

 

---

 

PRODUCT UPDATE BULLETIN 7 - June 6^th 2012

The following enhancements were made to the functionality and capabilities of OpenText™ Core Endpoint Protection from within its web-based management console.

New:

• Community Access – You can now immediately access the OpenText™ Core Endpoint Protection Community from the Home page of the management console.
• Identity (ID) Shield Agent Commands – You now can control which applications are protected by the Identity Shield via the management console.

Updates:

• Management Enhancements – The Command Log now tracks the parameters passed to an Agent Command. From within the Policies tab, you are now able to view the endpoints on each policy, as well as all endpoints on each policy & group. You can also move all machines on a specific policy and group to a different group.

Community Access

1. A new Community tab on the management console Home screen allows you to easily access the OpenText™ Core Endpoint Protection Community. From this site, you can interact with other OpenText™ Core Endpoint Protection users on the Community Forum and discuss security news, suggest features, and access the Community Knowledge Base.
   
   
   New - Community Panel
   
   
   Immediate Access to the OpenText™ Core Endpoint Protection Community Knowledge Base

Identity (ID) Shield Agent Commands

2. You now have considerable control over which applications you want to Protect, Allow or Deny by using the new Identity Shield Agent Commands and the MD5 values of applications. In addition, the Allow and Deny functions let you white- or blacklist applications' access to protected data.
   
   
   New - Identity Shield Agent Commands

Management Enhancements

3. The following enhancements and updates have been made to the management console.
    
   1. The Command Log now tracks the parameters passed to an Agent Command.
      
      
      Command Log Tracking
       
   2. Policies:
       
      1. The Access Control ‘read-only’ section has been removed, as it caused confusion.
      2. From the bottom panel, you are now able to view the endpoints on each policy (toolbar button), as well as all endpoints on each policy and group (“view” link in the grid).
      3. From the bottom panel, you now have the ability to move all the machines on a specific policy and group to a different group (double click the group to select a different group, then “Save changes”).
      
      
      
      Move all the machines on a specific policy and group to a different group

---

 

PRODUCT UPDATE BULLETIN 6 - MAY 15^th 2012

Our mission at OpenText™ is to take the misery out of Internet security for consumers and businesses worldwide. As part of that commitment, we are pleased to announce that we are updating the web management console to provide language support in 11 languages, including Chinese Traditional and Simplified.

Please note, this update ONLY applies to the web management console, language support for the endpoint agent will follow shortly.

• Multi-Language Management Console – Administrators can now select from the pull-down menu on their Log in screen from any of 11 languages for their console to operate under.

Multi-language Management

1. A new pull-down menu offers administrators to choose from the eleven languages available the one they wish to operate their web management console with. The languages now supported are: Chinese Traditional/Simplified; Dutch; English; French; German; Italian; Japanese; Korean; Portuguese; Russian and Spanish.
   
   

 

---

 

PRODUCT UPDATE BULLETIN 5 - April 30^th 2012

The customer management console has been updated to make it easier to track how many endpoints are being installed each day with the new "Agents Installed" Report. This Report will be especially useful during larger deployments to keep track of new agents. Other changes have also been introduced to make finding and sorting endpoints even simpler.

New:

• New Report > "Agents Installed – This report allows an administrator to easily query and view the agents that were installed in a given period.

Updates:

• Export to CSV > Group Management – By clicking on "Export to CSV," the administrator now has the increased option of 5 directionally-sortable fields with which to sort user agents.
• "Group Name" – The Group Name is now added as an additional column labelled "Group" within the "All Endpoints" table, making it easy to see and sort by Group Name when using the "All Endpoints" table.

New Report > "Agents Installed"

1. This new report lets an administrator easily share the OpenText™ Core Endpoint Protection agents that were installed within any period.
   
   

Export to CSV > Group Management

2. Five sort selection fields are now available under the Export to CSV option – (Agent) Hostname; (Agent) First Seen; (Agent) Last Seen; Agent Version; (Agent) Last Infected.
   
   
   
   In addition, the direction can be set as ascending or descending.
   
   

"Group Name"

3. Now under the Group Management tab, and by selecting the 'All Endpoints' Group, it is also possible to sort "All Endpoints" under their "Group" name. A 'Default Group' name sort is illustrated below.
   
   

---

 

PRODUCT UPDATE BULLETIN 4 - April 2^nd 2012

Further management console updates are introduced this week.

• Policies – The Policy edit panel now has pop-up hover over tooltips to explain each of the settings (as applicable).
• Group Management – The “Move Endpoints” and “Apply Policy” buttons are now disabled until at least one endpoint is selected. Then, upon checking the master checkbox to select all endpoints (and you have more than one page of endpoints), you will then receive the “Single Page or All Page” options as seen when sending commands. This is also available when moving groups or applying a policy, making the actions performed from the “Endpoints” toolbar far more consistent.
• Status Page – The bottom right panel “Most recent threats seen” has been replaced with “Recently Infected Endpoints”. This panel lists all endpoints which have encountered an infection over the past 7 days, and includes the ability to drill down to view the infections on each of these PCs, as well as to jump directly into the policy they are on (if not in the ‘Unmanaged’ policy group).

Policies

1. To make modifying Policy even easier, pop-up ‘tooltips’ have been added (see below). Simply hovering your mouse over a setting launches a pop-up window that explains the item.
   
   

Group Management

2. To avoid errors when using the “Move Endpoints” and “Apply Policy” buttons they are disabled until an Endpoint or Group of endpoints are selected. Until this is done, you will not see the ‘Single Page’ or ‘All Pages’ option panel.
   
   

Status Page

3. “Most recent threats seen” has been replaced with “Recently Infected Endpoints”. This panel lists all endpoints which have encountered an infection over the past 7 days, and includes the ability to drill down to view the infections on each of these PCs, as well as to jump directly into the policy they are on (if not in the ‘Unmanaged’ policy group).
   
   This makes the Status Page more functional and gives you fast and easy direct drill-down access on any infection issues.

 

---

 

PRODUCT UPDATE BULLETIN 3 - March 19^th 2012

A minor but very useful console management update is introduced this week.

• Group Agent Command – Currently Agent Commands are user specific. This new capability lets you choose to execute the Agent Command to all selected users or user groups assembled within a page view.

Group Agent Command

1. Agent Commands have been restricted to individual users, but there are instances where you may wish to batch execute agent commands to individual users, or user groups. Now under the “Group Management’ tab by selecting endpoints under the “Group Name’ and ticking the “Select All’ check box at the top of the Endpoints Table you can select multiple endpoints for an Agent Command to be executed upon.
   
   
   
   As you can see from the example above, this view covers two pages of endpoints. When you have more than 1 page of endpoints selected, you will get a popup that gives you the choice of selecting PAGE or selecting a GROUP of endpoints.
   
   
   
   Note: The Panel also shows the Agent Command that is going to be executed, in this case ‘Scan’.

 

---

 

PRODUCT UPDATE BULLETIN 2 - March 12^th 2012

Further enhancements to OpenText™ Core Endpoint Protection have been released this week to make it more flexible and easy to use. These enhancements have been driven by early Customer and Support enhancement requests.
 

• Console Listing Grid – When you have multiple active consoles this new grid listing layout shows more information and allows keycode actions to easily and quickly be taken from this screen view.
• Multi-File Batch Overrides – Adds the ability to create an override for multiple files at the same time and for these overrides to be visible in all relevant areas of the web console.
• WIN File Categorization – Within the Overrides Panel, adds a ‘Cloud Determination’ column that shows how Webroot’s Intelligence Network is classifying the file i.e., as Good, Bad, or Undetermined.

More detail on these enhancements follows:

Console Listing Grid

1. This view is seen when you have the access rights to multiple consoles. This enhanced Console Listing Grid view immediately gives you the Keycode status of every console you have access rights to, plus the ability to then trigger a Keycode upgrade, or request a renewal directly from this screen.
   
   

Multi-File Batch Overrides

2. This is a Customer requested enhancement and adds the ability to create overrides on multiple files at the same time, in addition to the file by file control method currently available. Visibility of the overrides in force are also propagated to other relevant areas of the web console.
   
   The bottom line is that ‘batch’ overrides will make changes far quicker to perform, as you can now select multi-filenames and run the override as a batch activity.
   
   

WIN File Categorization

3. The Webroot Intelligence Network (WIN) categorization of each file in the overrides area is now visible, and in other relevant panel by adding a new ‘Cloud Determination’ column.
   
   This assists your decision making when you are deciding about whether to allow or deny a file, as you will now know how OpenText™ Core Endpoint Protection have already categorized the file in WIN as: ‘Good’; ‘Bad’ or ‘Undetermined’. It will also help prevent ‘Bad’ files from accidentally being flagged as ‘Good’.
   
   

 

---

 

PRODUCT UPDATE BULLETIN 1 - March 1^st 2012

Since the launch of OpenText™ Core Endpoint Protection on February 13th a number of enhancements have already been made and our regular Product Update Bulletins will document the continuous changes and enhancements being made.

• Console Update – The number of keycode licenses used and the total number of endpoints managed under a keycode have been added to the ‘Status’ view within the “Endpoint Activity” panel.
• CSV Export Button – The ability to now export most panels in the portal to a CSV file.
• Adobe Flash Detection – Adobe Flash detection added and warnings when it’s non-existent, or lower than version 6.
• Grid State Logic – The order, width, and which columns are switched on/off in the console UI are now remembered and stored.
• Localization – Preparatory work on replacing text strings with variables completed in preparation for localization.
• New Group Management Columns – Additional columns have been added to the Group Management > Hostnames table.
  
  These are:
   
  Status – Will show Protected, Infected, Expired, or Infected and Expired.
  Keycode – Will show keycode for selected hostname.
   
• Endpoint Search – To make it far easier to look for a particular endpoint.

More detail on these enhancements follows:

Console Update:

1. The number of used and total seats under a keycode has been added the Status dashboard screen “Endpoint Activity” panel (e.g. Total: 27/20) as per example below, which now highlights when you have installed more endpoints than your keycode allows:
   
   

CSV Export Button

2. The ability to export most panels in the portal to a CSV file. (this now appears as a small icon in the top right of most panels/tables)
   
   

Adove Flash detection

3. Flash detection on an endpoint and provide warning when it’s non-existent or lower than version 6. Adobe Flash is used by many web programs to render moving images it is also a primary vector for malware attacks.

Grid State Logic

4. Grid state logic has been added. This means the order, width, and which columns are switched on/off are remembered (stored in a cookie). The picture below shows an example of how you can select to show different columns.
   
   

Localization

5. All text strings have been lifted out and replaced with variables in preparation for localization. Which means we can more easily change the language when we launch our multi-language versions later in 2012

New Group Management Columns

6. Additional columns added to the Group Management > Hostnames table. These are:
    
   • Status: Will show Protected, Infected, Expired, or Infected and Expired
   • Keycode
   
   
    

Endpoint Search

7. Endpoint search is now implemented (binoculars icon in the top right of the endpoint grid/table). This makes it much easier to look for an find a particular known endpoint.
   
   

Is this article helpful?