Changelog

Event analysis

• Embedded OCR (Optical character recognition) that doesn't require any additional licenses
• Archived documents analysis
• Notifications on changes of hardware configuration
• Event description now contains all the data on an event
• Fast switch from events to nearest screenshots
• New dimensions: «Window title», «Time zone»
• Improvements of the credit card filter

Active Directory Integration

• Users can authorize in the admin interface with their AD accounts
• Assign account configuration according to AD groups

Work time tracking

• New time tracking report «Early coming and leaving» including that for lunch time
• Filter-event «Filter-event “Late users”»
• Improvements on calendar

Remote desktop and video recording

• Quad surveillance
• Export video to MP4
• Preview of every frame
• Pause/play when viewing video records
• Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns
• Remote desktop from “Accounts” dimension
• The ability to notify a user on taking remote control over his computer
• Clean desktop video records with “cleanup” command
• Optimized work of server at multiple remote connections

Filters and policies

• Improvements of the filter interface. The ability to create dashboards - complex objects that can contain filters of various types
• Filter preview

Windows-agent

• Intercept sound played on the device (“sound from speakers”)
• Intercept all files on a connected USB-drive.
• Block WiFi networks by black and white lists
• Intercept Gmail web-mail
• SecureBoot support
• Improvements of clipboard and printing interception
• Improvements of taking screenshots and webcam snapshots

Linux-agent

• Global variables support for file monitoring
• Extended file monitoring rules

Interface

• Safari browser is now supported
• Interface is optimized for displays with low resolution
• New color scheme, the menus have been regrouped
• New interface for server errors handling
• Quick filters reset in the dimension panel
• Customized columns when exporting to CSV
• Human-friendly file titles when exporting screenshots and sound records

Architecture

• Sharding - dividing database into parts
• Master/Slave mode for accumulating data from Slave servers to Master
• Optimized reports (sessions) recalculations after changing policies. Recalculation now can be performed 100 time faster.
• PostgreSQL settings optimized

Administration

• United control panel for administration
• Install, uninstall, upgrade agents and track their status in the admin interface
• Enable/disable ClickHouse database in admin interface
• Server and Endpoint agent can work with one port and IP-address with different SNI in the certificate
• Upgrade logs: /var/log/staffcop/upgrade.log
• Context tips for interface options
• Assign tags to computer groups
• Select time displaying formats in reports
• Sorting computer configurations by title
• Session recalculations are displayed in the admin interface
• Improvements of remote installer

Fixed

• Incorrect work with several partitions of USB-devices
• Error of uploading files to Bitrix24
• Error of application launch monitoring on Windows XP
• Error leading to inability of writing files to network disks
• Error appearing when playing recorded sounds
• Error of missing events at some cases when working with ClickHouse
• Incorrect filter creation in certain cases
• Sending empty reports on filters
• Control terminal server licenses
• Incorrect mouth coordinates when rescaling a remote desktop

Architecture

• Integration with ClickHouse – a high performance database of a new generation meant to significantly speed up data analysis and incident investigation
• Optimization of work with PostgreSQL.

Active Directory Integration

• Install by PC list imported from AD: connect from StaffCop agent installer to the domain controller for choosing workstations to install StaffCop agents on.
• Assign monitoring configurations by AD groups.
• Create administrator accounts via AD.
• Improvements on extracting user attributes

Work time tracking

• Production calendar and work schedule – ability to assign a work schedule with lunch breaks, vacations, days out and holidays for users and departments.
• Support for user time zone – display events in the local time of a monitored workstation. Support for several time zones for companies with geographically dispersed offices.
• New report on unproductivity: top by departments/users on a single page that can be exported to Excel.
• New reports by department:
  • Productivity by department;
  • Activity by department;
  • Absence at workplace by department.

Analytics

• Archived documents analysis.
• Export report «Fact» → «Table» to CSV.
• Export «Analysis» → «Table» to CSV.
• Improvements on report exporting: «Print», «Export to PDF», «Export to Excel», «Export to CSV», «Facts feed»
• Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns.
• Legend for a heat map is added.
• Events tree
  • display amount of events in the edge nodes;
  • export to printing;
  • click to «drill-down» to the list of events
• Files that can’t be downloaded are indicated.

Filters and policies

• Add applications and web-sites to policies from the “Time tracking” report.
• Edit hierarchical structure of filters.
• Search in filters.
• Updated fixtures.

Windows-agent

• Intercept passwords on web-sites
• Intercept Windows account passwords (when log in).
• Low-level keylogger.
• Monitor vk.com dialogs (outgoing).
• Monitoring using Google Drive in browsers, shadow copying of uploaded documents.
• Support for latest versions of Skype.
• Read-only mode for CD drives.
• Lock web-sites with domain names in Punycode (e.g. Extended Latin symbols, Cyrillic, Arabic).
• “Special control” for web-sites: taking screenshots at specified interval when visiting specified web-sites.

Linux-agent

• Keylogger implemented at the kernel level to control terminal servers and systems where keyboard interception in X-sessions is unavailable (Astra Linux).
• Monitor external drives connections.
• File operations: type of file operation, shadow copying of intercepted files.
• Support for file monitoring rules (black and white lists).
• Search queries in Chrome and FireFox.
• Binding keyboard input (X11-keylogger) to activity events on web-sites.
• Improved keyboard input interception.
• Improved X-session recognition.
• New event type «System log».

Monitoring configurations

• Improved agent configuration panel: grouping by setting modules and monitoring rules, improved rules editor.
• Work schedules for users or computers.
• Command line tool for adding rules to configurations.
• Simplified managing of monitoring rules – ability to add rules from the left-part of the Constructor.

Administration

• User help is built in the web console.
• Notifications on database disks being filled up.
• Registry of actions in the administrative web-panel.
• Remote installer has been significantly improved.
• Improved access rights division.

Receive a new key before upgrade from earlier versions. Rollback to previous versions leads to data loss

Analysis

• Option of data upload and filtration by clicking the «Apply» button;
• Filter events and intercepted files in the communication by attributes "Sender domain"/"Recipient domain", "Recipient" (event types "E-mail", "Instant Messengers", "Intercepted file")
• Display events of types "Keyboard" and "Screenshot" as bound to web-sites, which means that events of these types contain information on visited web-sites
• Search and filter events by file extension
• Improvements on displaying event types "User activity", "Search query", "File operation", "Devices", "Printing";
• Corrected view of intercepted .txt files content, corrected view of parsed text from .xls;
• Search by attributes "Device type", "Device", "HWID", "Drive type", "Operation", "Product", "Provider";
• Improved search by word combinations, new abilities of full-text search in PostgreSQL 10 added;
• Detection of encrypted ZIP/RAR archives;
• Reverse sorting by time in the facts table
• OCR prototype (text recognition in images);
• Build queries for filters with conditions equals/not equals and contains/not contains, the ability to combine conditions with logical operators AND/OR;
• The loading indicator that used to cover data and bother working process in case of a long data loading has been removed

Reports

• Go to screenshots from user card
• Go to the facts list from reports "Time tracking", "Analysis"→"Table" and «Analysis"→"Pie chart";
• Productivity and applicationb policies have been improved;
• New report type - dimension card of triggered filters
• Histogram in the report «Analysis→Table»

User experience

• The time of loading of the Constructor with statistics disable has been reduced;
• Events in the "Snapshots" mode now loads faster
• Migration is carried out faster in case the full-text index has already been made;
• Optimized loading facts with large texts
• Faster filtration in Analysis;
• Improvements on file extentions at ZIP-exporting of the events "Screenshot", "MicRecording";
• Events from system users have been hidden;
• The problem occured while caching static content by browsers at the moment of upgrade;

Agent configuration

• The admin list of agent has been improved:
  • New informative table with status, agent version and configuration title;
  • Choose agent configuration from a list;
  • Agent grouping by "label", this attribute can be used when building filters
  • Search by computer name or IP-address;
  • Group operations when changing agent statuses;
• Option "setting sync_with_ad" - always upgate profile from AD;
• Option "name_auto_change" - update user name and domain when name is changed
• The list of exclusions for global configuration has been extended
• New rule "File monitoring - Read - Allow/Deny" to ignore read operations for applications without disabling file monitoring.

E-mail notifications

• E-mails contain unsubscribe links
• The ability to send user cards
• SMTP setting for sending medssages without autorizing

Windows-agent

• The ability to reset agent data;
• Удаление агента по команде с сервера; Remove agent by a command from the server
• Interception of Mail.ru mail with new interface;
• Interception of Mail.ru ICQ 10.0.12243;
• Improved algorithms of e-mail interception;
• Improved algorithms of file interception and shadow copying;
• Improved algorithms of live administration;
• Fixed bugs occuring at remote installation

Linux-agent

• Track .log files;
• Track activity time in Chrome and FireFox;
• Clipboard interception;
• Track printing events;
• Record sound form built-in microphones;
• Improved keyboard interception;
• Adapted for work in ОS Astra Linux;

• Dimension cards: summary reports on chosen dimensions
• Remote desktop video record;
• USB: «read-only» mode;
• USB: interception of a content of a file created on a USB storage device;
• SIP: SMS interception;
• Anomalies detector: manual configuration of sensitivity;
• Anomalies detector: one-click event detailing;
• Anomalies detector: sorting by columns;
• Remote desktop: automatic change of the viewing window;
• Remote desktop: faster connections;
• Remote desktop: remote desktop view on terminal servers;
• Network monitoring: monitor search queries in the following engines: Google, Yandex, Bing, Youtube, Rambler, Mail.RU;
• File monitoring: shadow copying size limitation;
• Remote installer: load a list of PC without requesting them;
• Remote installer: forced request of chosen PCs;
• User interface: interface navigation with the help of “Back”/”Forward” buttons of the web-browser;
• User interface: one-click server restart, settings reset and report rebuild from the admin panel;
• User interface: the “Home” button to reset all the filtering conditions;
• Log all the authorizations into the StaffCop admin panel, located in /var/log/staffcop/auth.log;
• Agent name auto-change in case its PC name is changed;
• User filters parameters are kept after running the “reinit” command;
• Optimized work of the terminal servers;
• Optimized speed of reports rebuild;
• Change certificate name when intercepting https, smtps.

• GNU/Linux endpoint agent released;
• Remote desktop control;
• “Hardware registry” module;
• “Software registry” module;
• Automatic detector of user behavior anomalies;
• Correlation by file hashes;
• Correlation and locking USB devices by device classes;
• New event type “Search queries”;
• E-mail interception by Exchange ActiveSync protocol;
• SIP channel interception: UDP interception, calls detailing;
• Text objects: handy content filtration method by keywords, phrases and regular expressions;
• Morphological text search in intercepted files;
• “Tree” mode of data visualization;
• Audio-player for playing audio files in the web-panel;
• New report on user activity for better visualization;
• New detailed report on user activity: chronological list of events with grouping;
• One-click switching from linear graph and histogram by clicking on a graphical element;
• Improvements of the calculation algorithm of activity time on web-sites;
• Manual setting of web-can snapshots intervals;
• Now compatible with Kaspersky Endpoint Security 10;
• New attributes for the “Agent” dimension: “OS version”, “Agent version”; for the “File” dimension: “File hash”; for the “Device” dimension: “Device class”;
• Black and white lists of monitored accounts;
• Fixed incorrect display of html-tags in the text of intercepted e-mails;
• Administrative interface remade;

• Relation graph updated;
• Linear graph updated: Time-line, Constructor;
• Anomalies report in the form of histogram;
• Drill-down function for all the main reports;
• Scheduled report sending by e-mail;
• Optimized calculation of time spent on web-sites;
• Custom event categorization;
• Flexible settings of microphone recording;
• Highlighted words in triggered alerts;

• StaffCop kernel optimized – system speed significantly increased;
• Content file analysis;
• Remote desktop view;
• Relation graph constructor;
• Driver agent;
• Linear graph for anomalies detector;
• Floating license revocation from the admin panel;
• Tile view of screenshots;
• Python-based filters;
• Access rights dividing;
• New algorithm for calculation productive/unproductive time;
• Calculation of web-site time activity;
• Extended work time reports;
• Improved mechanism of receiving files by the server;

• TLS traffic interception for Firefox Portable;
• Improved file transferring mechanism;
• Optimized screenshots compression

• "Constructor" is the default view of the administrative panel
• Improvements of agents and system architecture
• Manual activation/deactivation of filtering
• New dimension attribute - "Domain" (AD domain)

• StaffCop Server restart from the web-panel;
• View screenshot in a slider;

• New report "Statistics";
• Improvements of the lateness report;
• Backup option for disk cleanup;

• Interception of webmail with attachments;
• Linear graph for activity time;
• Manual setup of the time of start and end of the working day, break intervals;
• Active Directory — receive full user details;
• Dimensions and event attributes united;
• New attributes for events of network monitoring, application monitoring;
• New dimensions «Hour of day» and «Weekday»;
• Support for energy-saving modes of PC;
• Interception of files transferred in Mail.ru agent;
• Cut-off interception of redundant HTTP/HTTPs traffic;
• Separate user sorting for applying configurations;

• Record sound from microphones;
• Full-fledged interception of FTPs;
• File requests interception on a file server;
• Special control of documents;
• Optimized user interface;

• Improved XMPP interception;
• Option of disabling network monitoring;
• Active Directory recieve user name and department;
• Improved work time reports;

• Dimensions that are not applicable to a filter are not displayed;
• Agents auto-update option;
• Displaying the number of events in the Constructor;
• "Absence at workplace" module;
• USB-devices locking;
• Messaging direction (Incoming\Outgoing) for e-mail and instant-messengers;

• Access rights dividing for administartor/user;
• Shadow copying can be disabled for the "File monitoring" module;
• Screenshots taking can be disabled without disabling "Application activity";
• Improved preview of e-mail messages;

• Block HTTP/HTTPs traffic;
• User activity monitoring;

• OS restart option in the agent installer;
• User interface improved;
• Table view mode for each event type;
• HTTP/HTTPs traffic filtering by content-type;
• Clickable hyperlinks in the "Facts - Table";
• E-mail attachments interception. All mail clients and protocols are supported (excluding webmail);
• Fixed file driver;

• First attempt to maximize results from the chosen architecture. Basic concepts are updated to the level of beta-version;
• Remote installer is in encased in msi-package. Agent is not bound to the local network;
• First small bugs fixing. Web-interface implementation;