New features, improvements and changes

Below you will find a list of the new features, improvements and changes contained in version 2025.1

A detailed description can be found in the chapter What's new? in the DriveLock Online Help.

When using DriveLock - especially for distributing configuration settings to secure the abc agent on client systems - we recommend deploying centrally stored policies. In contrast to Group Policy Objects (GPOs), these provide enhanced security, greater flexibility in assignment, and do not rely on Active Directory. They can also be applied over the internet.
For further details see the chapter Distribution of DriveLock configuration settings in the DriveLock Online Help.

Installing the update may lead to changes in product behavior in certain areas. Before proceeding with the update, review your configuration to determine whether your current environment is affected. Relevant topics are marked with the following warning icon:

Application Control (AC)

  • New in DOC: Rules for application and behavior control can now determine whether events are generated.

  • The file path filter in AC rules now always uses a wildcard comparison; existing rules are automatically converted.

  • The file path filter in AC rules now supports multiple values (paths). During evaluation, at least one of the specified paths must match. Please note that this is not compatible with older agents!

BitLocker Management

  • The drive overview in the DOC now indicates partitions with temporarily suspended BitLocker encryption.

  • It is now possible to select active TPM registers for BitLocker.

Device Control (DC)

  • Event generation during device learning is now supported. This functionality is also available on Linux systems.

  • The relearning of devices can be initiated directly in the DOC. Can also be set under Linux.

  • Device classes can now contain user permissions.

  • Triggering an event upon device removal can now be configured per device class.

  • DriveLock user groups can be used for MTP devices.

  • The event display in the DOC rule view has been improved.

  • Archive scans now support 7z in addition to ZIP and RAR.

  • Audit events for file operations are reduced - only one event per user/process/access type.

DriveLock Agent

  • Extended duplicate detection: Individual parameters can now be excluded from the duplicate check.

  • The collection of user certificates during AD inventory can now be optionally deactivated. (EI-2891)

DriveLock Enterprise Service (DES)

  • Entra ID groups now also synchronize with name duplicates; the object with the higher object ID remains.

  • Timestamps are now exported in the unique ISO 8601 format.

  • More granular configuration of Active Directory synchronization: Objects can now also be filtered by DistinguishedName.

  • The Server Setup Wizard now only allows database collations that are case-insensitive. Case-sensitive collations are not supported.

File Protection

  • New option 'Show icon for encrypted files' now shows an overlay for encrypted files.

DriveLock Operations Center (DOC)

  • Some of the global configuration settings from the DMC can now be configured directly in the DOC. Make sure that agents are updated before using them.

  • Registered members of a group can now also be exported in DOC.

  • Some new widgets for Vulnerability Scan have been added to the DOC.

  • The option "Registry key exists" (Yes/No) has been added to the filter criteria for dynamic groups in the DOC.

  • The Active Directory inventory can now be reloaded in the DOC and the object selection dialog can be updated.

  • Private and public reports can now be duplicated and edited.

  • The DOC now only displays rules in the selected folder. By selecting the relevant setting, any subfolder rules are also displayed.

  • It is now possible to sort by several columns: Press and hold the Shift key and click on the column header.

  • The list of all alerts assigned to this computer is now displayed in the computer detail view. The number of alerts is also listed under 'Associated objects'.

  • The computer context menu has been restructured and divided into categories.

  • Multi-factor authentication (MFA) can now be enforced based on a user's role assignment. It is also possible to enforce the authentication prompt at every login. (EI-2632)

  • Dashboards can now be assigned to roles - users automatically receive them according to their role.

  • Dashboard and widget templates can now be managed centrally:

    • Integrated dashboards (read-only)

    • Fully editable personal dashboards (create, read, change, delete - 'CRUD' functionality)

  • Users can add, rearrange and remove dashboard tabs.

  • Widget data is now cached for 300 seconds by default - with option to deactivate per tab.

  • Automatic updating of widgets: Users can specify for each dashboard tab whether widgets should update their data automatically. The update does not take place simultaneously for all widgets.

DriveLock API

  • The DriveLock API now offers new functions for resetting the agent ID and for preparing a new installation by changing the agent ID once.

  • The DriveLock API now supports marking a computer as a base image to avoid conflicts with agent IDs on cloned systems

DriveLock events

  • Events can now be configured in the DOC.

DriveLock policies

  • Policy deletion is now handled on a per-policy basis. This allows certain policies - such as particularly restrictive ones - to remain in effect even if a computer has been offline for an extended period of time.

  • The agent no longer checks policy signatures; signing can be deactivated in the MMC. See EoL announcements.

Linux Agent

  • It is now possible to specify settings for the proxy server directly on the Linux Agent.

  • Please note that the IgelOS 12.5 base system is now a prerequisite for the DriveLock IgelOS App 25.1 to function properly.

  • Linux Agents now support display and confirmation of usage policies with password options.

  • Linux Agents are now able to request unlocking locked drives and devices.

Licensing

  • There are now new license settings for updating licenses online.

  • User sessions on terminal servers are no longer included in the license count. The new column "Terminal server computer" shows the number of reported terminal servers with an active agent.

macOS Agent

  • On macOS, additional options for Encryption2-Go have been added, e.g. admin password, data backup, disk space filling and automatic mounting.

  • macOS Agents are now able to request unlocking locked drives and devices.

  • macOS Agents now support display and confirmation of usage policies with password options.

Self-service

  • In the self-service wizard, users are now offered predefined reasons to choose from.

Vulnerability management

  • Downloading vulnerability catalogs for agents with unstable Internet connections is now easier, as is reporting the results to the DES. (EI-2480)