New features, improvements and changes

Below you will find a list of the new features, improvements and changes contained in version 2025.2.

This release introduces improvements that further enhance the security and stability of the application. Through targeted optimizations and refinements of existing security mechanisms, the new version provides even stronger protection against potential risks. In addition, measures have been implemented to make the product more robust and performant, ensuring a smoother and more reliable user experience overall.

A detailed description can be found in the chapter What's new? in the DriveLock Online Help.

With every release, additional functionality is migrated from the DriveLock Management Console (DMC) to the DriveLock Operations Center (DOC). Some features may behave slightly differently in the DOC due to technical differences in implementation. Please ensure that all agents have been updated to the latest version before using the new DOC features in production.

Installing the update may lead to changes in product behavior in certain areas. Before proceeding with the update, review your configuration to determine whether your current environment is affected. Relevant topics are marked with the following warning icon:

Application Control (AC)

  • Added two new optional columns in the rule overview in the DOC: 'Date created' and 'Date modified'. These enable better traceability of the rule history and facilitate the maintenance of complex sets of rules.

  • AC now uses the access rights of the evaluated process, e.g. when calculating hashes for network paths. Reference EI-2991

  • The option "Upload local whitelist to DriveLock Enterprise Service" is only displayed if it is activated in an existing policy.

  • Extended process evaluation: The check now also applies to non-service-based processes and their child processes.

  • There is a new setting to control when signatures are accepted.

  • AC rules now support multiple filters within a single rule. This allows more complex scenarios to be implemented more efficiently without the need for multiple rules.

  • The command line support in the Application Behavior Control (ABC) has been extended:

    • Command line checks can also be carried out for rules with several target objects.

    • There is a new comparison type "matches" for the use of wildcards in addition to "contains".

BitLocker Management

  • A new policy option allows the automatic suspension of BitLocker or DriveLock PBA logon during Windows system updates.

  • New event when suspending and resuming BitLocker encryption.

  • The dialog after encryption can now be suppressed for BitLocker/Disk Protection.

  • Remote wipe now also supports system partitions encrypted with BitLocker PBA or BitLocker TPM only.

  • You can now specify which TPM registers are set for BitLocker encryption. The only exception is PCR 11, which is always enabled.

  • BitLocker recovery with key ID: When recovering BitLocker-encrypted drives via the key ID in the DOC, a password can now be entered for certificate access. (EI-3048)

Defender Management

  • New option in the Defender dialog in the DMC: A Defender offline scan is now possible and can be triggered manually.

  • The following rules have been added to the list of predefined rules: (Reference EI-2940)

    • Block rebooting machine in Safe Mode (block rebooting of the computer in Safe Mode)

    • Block use of copied or impersonated system tools (Block use of copied or impersonated system tools)

Device Control (DC)

  • Extended functionality: Temporary unlock now supports custom device classes, targeted unlocks for individual devices, and multiple simultaneous unlocks. Unlock Request Wizard now supports temporary unlocks.

  • Event 787 is now generated instead of event 111 when a drive is completely blocked.

  • Drive and device control can now be activated separately in the DOC. Important: As long as not all agents have been updated to version 25.2, both activation settings must remain identical. Please refer to the note in the Known Issues if you have not changed the license settings since version 2020.2.

Disk Protection

  • The automatic suspension of the DriveLock PBA logon during Windows system updates is now also available for Disk Protection.

DriveLock Agent

  • The DriveLock Agent has been improved with regard to the handling of permissions.

  • Several enhancements have been made to improve overall product security.

  • Support for LDAPS on DriveLock Agent and DMC DriveLock Agent and the MMC now support LDAPS by default and use port 636 if the system requirements are met. Otherwise, LDAP queries will continue to use port 389, with SSL encryption applied where possible. System requirements: A valid certificate must be installed on the domain controller, and port 636 must be open.

DriveLock Enterprise Service (DES)

  • Server Setup Wizard: If the database compatibility level cannot be checked, there is now an option to continue the installation anyway.

  • A new option is now available in the Server Setup Wizard to automatically perform database maintenance after a database update. This option is activated by default and helps to avoid potential performance problems that can arise due to a lack of maintenance.

  • Improved event data validation with agent identity verification enabled: Incoming event data is now more reliably validated and filtered when agent identity verification is active.

  • New output of the syslog in JSON format: The forwarding of events via syslog is now also possible in JSON format. This structured format facilitates processing by SIEM systems.

  • The protection of agent identity has been further improved to reliably prevent unauthorized access - e.g. through man-in-the-middle attacks.

  • Improved security when uploading trace data: Only ZIP archives can now be uploaded via the upload interface for trace data.

  • The DES now prefers Secure LDAP via port 389 for LDAP access.

  • Security improvements have been implemented in the areas of tenant name validation and system information access control.

  • Deprecated or unused methods have been removed from the DES SOAP interfaces.

DriveLock Operations Center (DOC)

  • Various improvements to the DriveLock Operations Center (DOC) user interface:

    • The view settings of individual or all workspaces can now be exported and imported.

    • All view-related settings have been consolidated under a new menu item (Configure views). The associated dialogs have been simplified for improved usability.

    • The header of the DOC now always shows the logged-in user and the current tenant.

    • Assignments can now be added directly from the policy view via the toolbar or context menu.

    • Improved object selection in the DOC: Improved handling of large lists in the object selection dialog by adding paging and enhanced filtering options.

    • Context menus for linked objects: Right-clicking on linked objects in list views now displays the appropriate context menu (e.g., computer menu).

    • Context menus for grouped items: Items representing a specific object (e.g., computer or user name) now show the full context menu for that object.

    • The column selection dialog has been redesigned to offer a clearer structure, with categories and improved search and filtering options.

    • External links can now be executed via an object’s context menu and can also be imported and exported.

    • Reports now also support the A3 paper format and printing in landscape format.

    • In the views for policies, policy versions and policy assignments, a column can now optionally be displayed that shows the number of computers from which a policy has been reported.

    • Added a widget to the policy detail view that displays which computers received the selected policy.

    • Groups can now be created and filled directly from the computer or user view.

    • Temporary unlocks can now be performed directly in the DriveLock Operations Center (DOC), eliminating the need to use the DMC interface. This also applies when responding to unlock requests.

  • Improvements to widgets and dashboards:

    • Added new widgets for custom Awareness Campaigns to the user dashboard.

    • Introduced a redesigned widget selection dialog with categories, filters, search, and preview.

    • Regular dashboard widgets can now also be used in detail views.

    • Widgets can now be created based on additional, shared schemas.

    • Drilldown widgets and expert mode queries have been reworked and are now easier to configure.

    • The detail view configuration has been simplified and now supports context-aware widgets such as computer, user, or device widgets.

    • Improved “Arrange My Dashboards” dialog: Drag-and-drop is now clearly left-to-right, and a text search has been added.

DriveLock environment

  • Schema extensions using custom properties: Added support for creating, reading, updating, and deleting custom properties (CRUD) for users, computers, drives, devices, and software via the DOC and the scripting API.

  • Schema extensions can also be imported and exported

  • Newly defined properties can now also be used as filter criteria in dynamic computer groups.

Linux Agent

  • IgelOS: The agent now reports the correct user name, even if the user is not logged on to the domain.

  • If a temporary unlock request is denied by an administrator, Linux endpoints can now display a custom message explaining the reason for the denial. This provides immediate feedback to users about their request.

  • Linux clients now support configuring access permissions with the “Block with exceptions” option. This allows blocking access to drives or devices while granting access to specific users or groups – including AD users if AD integration is enabled.

  • DriveLock Agents on Linux now correctly recognize AD users when the system is joined using Samba Winbind, enabling accurate user-based access control for AD environments.

  • The DriveLock Agent now supports file filter configuration within drive rules on Linux. This enables fine-grained control over access to individual files without blocking the entire device.

Licensing

  • Selected modules can now be activated directly in the DriveLock Operations Center (DOC), eliminating the need to switch to the DriveLock Management Console (DMC).

macOS Agent

  • Drive control now supports user- and group-based rules — including Active Directory users and groups.

Self-service

  • Self-service rules: Default unlock duration can now be configured: In addition to defining a maximum unlock duration, administrators can now configure a default duration that is preselected in the self-service dialog. Users can still adjust this value as needed.

Encryption

  • Configuration of all three encryption types – container-based encryption, File Protection, and BitLocker To Go – is now fully supported in the DOC. This includes all available options for settings, recovery rules, and enforced encryption.

  • The behavior of the general encryption settings in the DOC has been revised. Configuration now differs slightly from the DMC. Note: If older agent versions are still in use, care must be taken, as not all settings may be fully supported.