What's new in version 2025.1?

Click here to find important information and bug fixes in the current patch version 2025.1 Patch 3.

The bug fixes in the major version 2025.1 are here.

Please note that some issues may cause a change in product behavior when you install the update. Before updating, make sure to check your settings to see if your existing environment is affected. These topics are marked with the icon .

The major version 2025.1 contains the following new features, general improvements and changes.

Application Control (AC)

• You can now specify whether events are generated or not in the rules for application or application behavior control (AC and ABC) in the DOC.

• The file path filter in AC rules is now always based on a wildcard comparison. Any existing rules, which previously checked for contained text, are automatically converted.

  Please note that this is not compatible with older agents!

• The file path filter in AC rules can now contain several values, one of which must apply. Please note that this is not compatible with older agents!

BitLocker Management

• The drive overview in the DOC now shows whether the BitLocker encryption of a partition is temporarily suspended.

• It is now possible to select active TPM registers for BitLocker.

Device Control (DC)

• Event generation during device learning is now supported. This is also possible with Linux agents.

• Relearning devices can be initiated directly in the DOC. This is also possible with Linux agents

• Device class configurations can now contain permissions that define which users are allowed to use devices of this class.

• It is now possible to configure (per device class) that an event is generated when a device is removed.

• DriveLock user groups can now be used in the permissions for MTP devices (including smartphones).

• The following has been added to the rules view in the DOC:

  • an optional column showing when the last event was generated by a rule,

  • a column in the list of devices or drives for a rule showing when an event was generated for a device or drive associated with that rule and

  • additional detailed view showing all events generated on agents by executing these rules.

• Archive scans now support 7z in addition to ZIP and RAR.

• The number of audit events for allowed or blocked access to a specific file has been reduced to one event per user/process/access type (read or write).

DriveLock Agent

• When filtering out duplicate events, individual parameters can now be excluded from the duplicate check.

• You can now disable collecting user certificates as part of the Active Directory inventory - provided that no functions are used that require these certificates (e.g. centrally managed folders). (Reference EI-2891)

DriveLock Enterprise Service (DES)

• You can now sync Entra ID groups even if there are duplicate names for computer objects in a group. In this case, the object with the higher Entra Object ID is kept.

• Timestamps are now exported in ISO format 8601 ("2025-03-12T10:48:44Z"). This ensures that the timestamp is unique even across multiple time zones.

• You can now control synchronization with Active Directory more precisely. In addition to selecting object types, you can now include or exclude individual objects from synchronization based on their DistinguishedName.

• The Server Setup Wizard now only allows database collations that are case-insensitive. Case-sensitive collations are not supported and shouldn't be used.

DriveLock groups

• You can now also export registered members of a group in the DOC.

• The filter criteria for dynamic groups in the DOC have been extended to include the option 'Registry key exists' (Yes/No).

File Protection

• The new option ‘Show overlay icon for encrypted files’ displays an icon overlay for files encrypted using the new format, providing a visual confirmation that the files are encrypted.

DriveLock events

• You can now configure events in the DriveLock Operations Center (DOC). This allows you to specify whether an event will be stored in the Windows event log and in DriveLock Enterprise Service (DES) or sent via SMTP or SNMP.

DriveLock API

• The DriveLock API now allows you to reset the Agent ID ('clearAgentId') or mark it for reinstallation ('markAgentForRejoin'). This lets you change the Agent ID once, which is useful when getting a computer ready for reinstallation.

• The DriveLock API now allows you to mark a computer as a base image for other computers. This is necessary to avoid issues with unique Agent IDs and cloned computers.

DriveLock Operations Center (DOC)

• Some of the global configuration settings from the DMC can now be configured directly in the DOC. We'll be adding more to this in future versions, so any settings that are missing right now aren't program errors. The way settings work in the DOC makes it possible to use combinations of settings that aren't possible in the DMC. Some older agents are not able to handle this. If you plan to manage global configuration and event settings (where possible) via the DOC in future, please update your agents first.

• Some new widgets for Vulnerability Scan have been added to the DOC.

• You can now reload the Active Directory inventory in the DOC and update the object selection dialog.

• Reports that you have created yourself or that have been made publicly available can now be duplicated and then edited.

• When viewing rules in DOC, you will now only see rules that are stored directly in the selected folder. Rules that are not assigned to a folder will appear below the root node. The “Enable recursive view” setting can be activated in the context menu of a folder in order to also display rules in the subfolders.

• It is now possible to sort by multiple columns. To do so, hold down the Shift key and click on the column headers you want to sort by. The order of the columns is retained, allowing you to sort by multiple criteria.

• The context menu for computer objects has been redesigned. The actions it contains are now grouped by category, which makes it easier to navigate and use. See example in the 'Unlocking DriveLock Agents temporarily' topic.

• The list of all alerts assigned to this computer is now displayed in the computer detail view. The number of alerts is also listed under 'Associated objects'.

• Multi-factor authentication (MFA) in DOC has been significantly enhanced. Administrators now have more detailed control over when and how MFA is applied, depending on user roles or login methods. (EI-2632)

• Automatic updating of widgets on the dashboard: users now have the option to set if widgets update their data automatically for each tab. Each widget has its own 'data age' setting, so the refresh does not happen at the same time.

• Widget caching for better performance: the data in widgets is cached for 300 seconds by default. The cached data is displayed for further queries within this period. The behavior can be customized via the backend settings (only for supervisors). Caching can also be deactivated on a tab-by-tab basis.

• This version includes extensive improvements to dashboard management and usage.

  • Role-based assignment of dashboards: You can now assign dashboards to roles. Users will automatically get all dashboards that match the roles assigned to them.

  • Management of integrated and custom dashboards and widgets: All integrated dashboards and widgets can be viewed in read-only mode in the new Dashboard management overview. Custom content can be fully edited there (create, view, edit, delete).

  • Personal dashboard tab customization: Users can add, rearrange or remove their own dashboard tabs. Predefined dashboards appear as non-editable shortcuts. Custom dashboards can be added and freely designed via a separate menu item.

DriveLock policies

• The policy wipe is now checked and executed individually for each policy. This means that individual policies – such as those with a restrictive nature – can remain in place even if a computer has been offline for a long time.

• The agent no longer checks policy signatures. Signing can be disabled in the MMC. For compatibility reasons with older agents, the option is still available and can be used if required.

Self-service

• You can now define a list of reasons for requesting self-service in the DOC and display this list to end users.

Linux Agent

• You can now specify settings for the proxy server directly on the Linux Agent.

• The IgelOS 12.5 base system is required for the DriveLock IgelOS App 25.1 to function properly.

• Linux Agents now support the “Show usage policy” setting for devices and drives. When enabled, the user is required to confirm the usage policy in order to unlock a device. The options “No password” or “System password” can be selected for confirmation.

• Linux Agentscan now request unlocking locked devices and drives.

Licenses

• New license settings are available for online license updates.

• User sessions on terminal servers are no longer included in the license count. The new column Terminal server computer shows the number of reported terminal servers with an active agent.

macOS Agent

• macOSAgents can now request to unlock locked drives.

• macOS Agents now support the “Show usage policy” setting for drives. When enabled, the user must confirm the usage policy in order to unlock the drive. The options “No password” or “System password” can be selected for confirmation.

• On macOS, the Encryption 2-Go features have been expanded. Available features now include:

  • Support for an administrator password for additional security,

  • the option to back up existing data on the USB stick before encryption,

  • the option to fill unused space on the USB stick to increase data security,

  • and automatic mounting of the encrypted container after creation or when the USB stick is connected.

Vulnerability management

• The downloading of vulnerability catalogs for agents whose Internet connection is not stable and the reporting of results to the DES have been improved. (EI-2480)