Interception channels
- File scanner module is implemented to scan file system on endpoint PCs.
- File operations tracking on network disks was been improved.
- Telegram - dialogs display has been improved.
- DLP module now can block files of gerber format (Flex)
- Ibterception of text messaging and files in Skype 8.XXX./li>
GNU/Linux
- Linux-agent: interception of network traffic through proxy-server.
Admin interface
- Duplicating page numeration above the lists of computers and accounts has been added to the control panel.
- Now you can specify exact tine in the data picker
- A copy of the current report opens by clicking the right mouse button
- Displays percentage ratio in the pie chart
- The ability to save view settings in Lens
- Fixed blicking of table when scrolling
Administration
- Change of the algoritm for calculating free space for database backup.
- Pre-made configurations can be reset to their defaults.
- Configurations now store data on the last change made to it.
- Now you can choose the configuration that will be applied to newly-installed agents.
- StaffCop Server can now be correctly installed in UEFI mode in hypervisors.
- Enbedded file drivers have been updated to simplify server installation in KVM and Proxmox hypervisors.
- Accounts now can recieve the permission sets based on the info retrieved from AD (e.g. "Manager field).
- A new system policy that revokes license from PC that don't send any data for the specified number of days.
- Agents send data about the size of the data has been sent
- After calling agent uninstallation process in admin panel, agent receives "Agent uninstalled" status
- Option: whether to assign licenses to new agents or not
Filters and vocabularies
- Date of sending can be choosed for monthly e-mail report.
- Different vocabularies coloring.
- New complex report "Daily reports" in a zip archive.
- Optimized data representation when printing the productivity table.
- Optimized representaton of PDF reports sent to e-mail.
- Check for mistyping of symbols of regular expressions in filters.
- When creating a new "Threshold triggering" fields "Report format" and "Create incident".
- In the "No reports" detector the delay interval can now be specified in minutes.
- Save reports to files with the names identical to the names of the filters.
- The ability to receive e-mail notifications on alerts.
Analytical functions
- New options for commentaries of incidents.
- The ability to create policies by copying existing ones.
- Usage of machine learning mechanisms for face recognition on web-cam snapshots.
- Usage of machine learning mechanisms for stamps recognition on scanned documents and images.
Fixed bugs
- Clickhouse updated to 20.8.2.3.
- Fixed bug with clipboard intercepting module addecting MS Office applications (glitching, error messeging).
- Fixed bug with crushing agent on Windows XP.
- Fixed bug with incorrect operation of StaffCop Agent with revoked license.
- Automatic license revoking from users blocked in AD.
- Sharding deletion on CLI made similar to sharding deletion in admin panel.
- Fixed bug with agent mistakenly installed instead of testing the ability of installation.
- Fixed bug with incorrect exporting of activity timesheet to Excel.
- The ability to enable "Create incident" in a custom policy.
- Fixed bugs in admin panel appearing when using non-recommended web-browsers.
- Optimized data represebtation when printing time tracking report and combined report.
- Fixed bug with crushing at the attempt of sending a lrge-sized event to the server.
- Fixed bug with incorrect certificate replacement in MS Edge when searching with Google.
- Fixed bug "DatabaseError: value too long for type character varying(200)" when deleting a shard.
Integrations
- API requests with data commands by date and time of the server or by sending events by agent.
- StaffCop Server now supports Jatoba Database.
- The ability to add an employee to several departments when specifying access rights.
- Improved compatibility with Kaspersky anti-virus.
- Tested integration with RuSIEM.
- Tested integration with Max Patrol SIEM.
- Tested data export from StaffCop to PowerBI.
Interception channels
- New mechanism of network traffic interception through proxy-server, compatibility with applications and web-sites improved
- Record audio communications in any application (microphone + speakers in a single track)
- New tool for repeated document printing from admin console
- Import from Office365 (Ms graph API). E-mails and files
- Interception of email channel - IBM Lotus Notes through IMAP mailbox
- Recognition of Russian Passports and Stamps with usage of neural networks
- Face recognition on web-cam snapshots
GNU/Linux
- Now compatible with AltLinux 8.2
- Server-side support for interception of Linux terminal sessions
- Monitoring of privileged users
- StaffCop Server built on Astra Linux. Tested in Astra Linux Smolensk 1.6 Special Edition
- Take web-cam snapshots on Linux workstations.
Admin interface
- The ability to choose between "Executable" and "Description for applications in Combined report.
- Take screenshots of a remote desktop while viewin in real-time mode
- The buttons of managing admin panel are now in a single format and color scheme
- A copy of the current admin panel opens by clicking the mouse middle button
- Now compatible with Internet Explorer 11
Administration
- Now data filtered by any chosen filter can be removed for any chosen time period
- Improved export to Excel
- Now IP adress and port can be changed on a remote PC from admin panel
- Improved PC statuses indication on the "Computers" page
- StaffCop Server works is installed on Ubuntu Server 18.04.
- Screenshots module recieved an option for improved recognition of changing window focus
- Accounts now can recieve the permission sets based on the info retrieved from AD (e.g. "Manager field).
- Changed order of receiving "Name" and "Surname" from AD
- The "staffcop sane" command now reorganizes (unites separated data) by user
- Special build for banks - without "Keylogger", "Remote control" and "Clipboard" modules.
- New permissions for system administrators for more precise control distribution
- Disabled icon of microphone usage in Windows 10
Filters and vocabularies
- Now sending the report on triggered policies allows send the filter that was chosen in Constructor
- Now reports can be sent at specified time
- A triggered filter can be added as an incident to the "Incidents" console
Analytical functions
- The "Incidents" console for managing incidents
- Diagrams now can display columns names of any length
- Diagrams now can display columns names of any length
- New report - Group Summary Report
- "Overtime" column has been added ro the Summary Report
- New report - Accounting for early departures and arrivals by group
- New report - Summary Statistical Report
- New report - Extended Timesheet
- Display percentage on a pie chart
Fixed bugs
- Fixed bug with Telegram interception
- Fixed bug with recognition of USB-devices
- Fixed small bugs of admin panel
- Fixed exception rule for "Read" file operations
- Improvents of the remote installer
- Fixed exception rule for "Read" file operations
- Fixed bug with long saving of MS Office documents
- Fixed small bugs of Tags module
- Improved server performance on high loads
Interception channels
- Skype Web - interception of messages and sent files
- Mail.RU agent web-version
- ICQ web-version
- Improvemenst on Telegram interception
- IMAP e-mails extraction
- Web-form data interception for rare encodings
- Support for Disc-O cloud services aggregator
GNU/Linux
- Remote control of GNU/Linux workstations
- Printed documents tracking
- Improved installation/uninstallation process
- StaffCop logs can be obtained from command prompt
- StaffCop pre-loaded can be launched for specified paths
Admin interface
- Choose the deafault report to be displayed in the Lens
- Graphical editor for rules
- Viewing screenshots in the player backwards and forwards
- Graph events detailing in a separate window
- Alphabetical sorting of users and computers in Constructor
- Display time spent on searching or filtration
Administration
- Transferring agents to another server from the Admin interface
- Speed up of work with network drives
- Delete users and computers from the Admin panel (after running staffcop webshell)
- Manage device labels in command prompt
- SSH-console for StaffCop Server administration
- Interface for database sharding
- The ability to use database on a separate server
Filters and vocabularies
- Simple and complex filters can now be used together
- Fast view of the applied complex filter
- Exception phrases in vocabularies
- Increased accuracy of triggering vocabularies
Analytical functions
- Track file operations made with tagged files
- Waveforms for recorded sounds
- Software inventory: separate view for software products and their updates
- Surveillance quad for web-cam snapshots
- Time tracking reports: productivity coloring in a single time element
Fixed bugs
- Fixed bug with interception events from a shared printer
- Fixed bug with simultenous playing of multiple sound records
- Fixed bug with recorded sounds downloading
- Fixed bug with doubling of "Lateness" events
- Improvents of the remote installer
Reports and view modes
- Reports now are generated and cashed on StaffCop Server
- New view modes: «Radar», «River of events»
- New report «Recent screenshots»
- New report «Statistics»: displays summary results for the chosen dimension
- Exports results (current state of "Lens") as an image
- «Time tracking» report is divided into three reports "Combined report", "Strip chart" and "Table"
- Improved visualization of time tracking graph
- Export to PDF from the "Analysis" menu
Filters and data analysis
- Search fo similar documents according to a sample
- "Luna" algorithm implemented in the credit card filter
- StaffCop Server performance has been significantly improved due to the changes in data receiving mechanism
- The algorithm of policies and vocabularies processing has been optimized and improved
- Updated vocabularies and policies
- Time tracking within the specified schedule
- Handy activity selecting for the specified period of time in the heatmap
- Luhn algorithm implemented in the credit card filter
- Enable/disable system keys displaying in the keylogger
- Display type of the clipboard content
- Search by columns in the "Devices" table
- Option for hiding/revealing empty entries on the server
- Simple and complex filter codes united
- "Employee" field is added to the information on computers
- Customized columns display in "Facts - Table"
- Configure parameters of resources consumption by OCR module
Blockings
- Specify and block groups of USB-devises
Admin interface
- Improvements of access rights dividing
- Splitter of the left panel: separate width regulation for Dimension panel, the ability to hide Dimension panel
- Store columns width in the facts table till the end of the session
- Enlarged sound playing controller
- Improved "Analysis" menu
- Navigation in sections of Control Panel
Interception channels
- Telegram for Desktops
- Skype 8*
- Screenshots made at the moment if printing
- Interception of text in XPS files printer spooler
- Interception of spooler fiels besides printed documents
- Interception of attachments send in GMail web-interface
Administration
- SSH-console for StaffCop Server administration
- Interface for database sharding
- The ability to use database on a separate server
Remote installer
- Easy readable agent configuratiuon log
- Receiving debug dump with the remote installer
- Remote agent instaallation over an old version
- Msi removal after installation with the tool
Event analysis
- Embedded OCR (Optical character recognition) that doesn't require any additional licenses
- Archived documents analysis
- Notifications on changes of hardware configuration
- Event description now contains all the data on an event
- Fast switch from events to nearest screenshots
- New dimensions: «Window title», «Time zone»
- Improvements of the credit card filter
Active Directory Integration
- Users can authorize in the admin interface with their AD accounts
- Assign account configuration according to AD groups
Work time tracking
- New time tracking report «Early coming and leaving» including that for lunch time
- Filter-event «Filter-event “Late users”»
- Improvements on calendar
Remote desktop and video recording
- Quad surveillance
- Export video to MP4
- Preview of every frame
- Pause/play when viewing video records
- Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns
- Remote desktop from “Accounts” dimension
- The ability to notify a user on taking remote control over his computer
- Clean desktop video records with “cleanup” command
- Optimized work of server at multiple remote connections
Filters and policies
- Improvements of the filter interface. The ability to create dashboards - complex objects that can contain filters of various types
- Filter preview
Windows-agent
- Intercept sound played on the device (“sound from speakers”)
- Intercept all files on a connected USB-drive.
- Block WiFi networks by black and white lists
- Intercept Gmail web-mail
- SecureBoot support
- Improvements of clipboard and printing interception
- Improvements of taking screenshots and webcam snapshots
Linux-agent
- Global variables support for file monitoring
- Extended file monitoring rules
Interface
- Safari browser is now supported
- Interface is optimized for displays with low resolution
- New color scheme, the menus have been regrouped
- New interface for server errors handling
- Quick filters reset in the dimension panel
- Customized columns when exporting to CSV
- Human-friendly file titles when exporting screenshots and sound records
Architecture
- Sharding - dividing database into parts
- Master/Slave mode for accumulating data from Slave servers to Master
- Optimized reports (sessions) recalculations after changing policies. Recalculation now can be performed 100 time faster.
- PostgreSQL settings optimized
Administration
- United control panel for administration
- Install, uninstall, upgrade agents and track their status in the admin interface
- Enable/disable ClickHouse database in admin interface
- Server and Endpoint agent can work with one port and IP-address with different SNI in the certificate
- Upgrade logs: /var/log/staffcop/upgrade.log
- Context tips for interface options
- Assign tags to computer groups
- Select time displaying formats in reports
- Sorting computer configurations by title
- Session recalculations are displayed in the admin interface
- Improvements of remote installer
Fixed
- Incorrect work with several partitions of USB-devices
- Error of uploading files to Bitrix24
- Error of application launch monitoring on Windows XP
- Error leading to inability of writing files to network disks
- Error appearing when playing recorded sounds
- Error of missing events at some cases when working with ClickHouse
- Incorrect filter creation in certain cases
- Sending empty reports on filters
- Control terminal server licenses
- Incorrect mouth coordinates when rescaling a remote desktop
Architecture
- Integration with ClickHouse – a high performance database of a new generation meant to significantly speed up data analysis and incident investigation
- Optimization of work with PostgreSQL.
Active Directory Integration
- Install by PC list imported from AD: connect from StaffCop agent installer to the domain controller for choosing workstations to install StaffCop agents on.
- Assign monitoring configurations by AD groups.
- Create administrator accounts via AD.
- Improvements on extracting user attributes
Work time tracking
- Production calendar and work schedule – ability to assign a work schedule with lunch breaks, vacations, days out and holidays for users and departments.
- Support for user time zone – display events in the local time of a monitored workstation. Support for several time zones for companies with geographically dispersed offices.
- New report on unproductivity: top by departments/users on a single page that can be exported to Excel.
- New reports by department:
- Productivity by department;
- Activity by department;
- Absence at workplace by department.
Analytics
- Archived documents analysis.
- Export report «Fact» → «Table» to CSV.
- Export «Analysis» → «Table» to CSV.
- Improvements on report exporting: «Print», «Export to PDF», «Export to Excel», «Export to CSV», «Facts feed»
- Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns.
- Legend for a heat map is added.
- Events tree
- display amount of events in the edge nodes;
- export to printing;
- click to «drill-down» to the list of events
- Files that can’t be downloaded are indicated.
Filters and policies
- Add applications and web-sites to policies from the “Time tracking” report.
- Edit hierarchical structure of filters.
- Search in filters.
- Updated fixtures.
Windows-agent
- Intercept passwords on web-sites
- Intercept Windows account passwords (when log in).
- Low-level keylogger.
- Monitor vk.com dialogs (outgoing).
- Monitoring using Google Drive in browsers, shadow copying of uploaded documents.
- Support for latest versions of Skype.
- Read-only mode for CD drives.
- Lock web-sites with domain names in Punycode (e.g. Extended Latin symbols, Cyrillic, Arabic).
- “Special control” for web-sites: taking screenshots at specified interval when visiting specified web-sites.
Linux-agent
- Keylogger implemented at the kernel level to control terminal servers and systems where keyboard interception in X-sessions is unavailable (Astra Linux).
- Monitor external drives connections.
- File operations: type of file operation, shadow copying of intercepted files.
- Support for file monitoring rules (black and white lists).
- Search queries in Chrome and FireFox.
- Binding keyboard input (X11-keylogger) to activity events on web-sites.
- Improved keyboard input interception.
- Improved X-session recognition.
- New event type «System log».
Monitoring configurations
- Improved agent configuration panel: grouping by setting modules and monitoring rules, improved rules editor.
- Work schedules for users or computers.
- Command line tool for adding rules to configurations.
- Simplified managing of monitoring rules – ability to add rules from the left-part of the Constructor.
Administration
- User help is built in the web console.
- Notifications on database disks being filled up.
- Registry of actions in the administrative web-panel.
- Remote installer has been significantly improved.
- Improved access rights division.
Receive a new key before upgrade from earlier versions. Rollback to previous versions leads to data loss
Analysis
- Option of data upload and filtration by clicking the «Apply» button;
- Filter events and intercepted files in the communication by attributes "Sender domain"/"Recipient domain", "Recipient" (event types "E-mail", "Instant Messengers", "Intercepted file")
- Display events of types "Keyboard" and "Screenshot" as bound to web-sites, which means that events of these types contain information on visited web-sites
- Search and filter events by file extension
- Improvements on displaying event types "User activity", "Search query", "File operation", "Devices", "Printing";
- Corrected view of intercepted .txt files content, corrected view of parsed text from .xls;
- Search by attributes "Device type", "Device", "HWID", "Drive type", "Operation", "Product", "Provider";
- Improved search by word combinations, new abilities of full-text search in PostgreSQL 10 added;
- Detection of encrypted ZIP/RAR archives;
- Reverse sorting by time in the facts table
- OCR prototype (text recognition in images);
- Build queries for filters with conditions equals/not equals and contains/not contains, the ability to combine conditions with logical operators AND/OR;
- The loading indicator that used to cover data and bother working process in case of a long data loading has been removed
Reports
- Go to screenshots from user card
- Go to the facts list from reports "Time tracking", "Analysis"→"Table" and «Analysis"→"Pie chart";
- Productivity and applicationb policies have been improved;
- New report type - dimension card of triggered filters
- Histogram in the report «Analysis→Table»
User experience
- The time of loading of the Constructor with statistics disable has been reduced;
- Events in the "Snapshots" mode now loads faster
- Migration is carried out faster in case the full-text index has already been made;
- Optimized loading facts with large texts
- Faster filtration in Analysis;
- Improvements on file extentions at ZIP-exporting of the events "Screenshot", "MicRecording";
- Events from system users have been hidden;
- The problem occured while caching static content by browsers at the moment of upgrade;
Agent configuration
- The admin list of agent has been improved:
- New informative table with status, agent version and configuration title;
- Choose agent configuration from a list;
- Agent grouping by "label", this attribute can be used when building filters
- Search by computer name or IP-address;
- Group operations when changing agent statuses;
- Option "setting sync_with_ad" - always upgate profile from AD;
- Option "name_auto_change" - update user name and domain when name is changed
- The list of exclusions for global configuration has been extended
- New rule "File monitoring - Read - Allow/Deny" to ignore read operations for applications without disabling file monitoring.
E-mail notifications
- E-mails contain unsubscribe links
- The ability to send user cards
- SMTP setting for sending medssages without autorizing
Windows-agent
- The ability to reset agent data;
- Удаление агента по команде с сервера; Remove agent by a command from the server
- Interception of Mail.ru mail with new interface;
- Interception of Mail.ru ICQ 10.0.12243;
- Improved algorithms of e-mail interception;
- Improved algorithms of file interception and shadow copying;
- Improved algorithms of live administration;
- Fixed bugs occuring at remote installation
Linux-agent
- Track .log files;
- Track activity time in Chrome and FireFox;
- Clipboard interception;
- Track printing events;
- Record sound form built-in microphones;
- Improved keyboard interception;
- Adapted for work in ОS Astra Linux;
- Dimension cards: summary reports on chosen dimensions
- Remote desktop video record;
- USB: «read-only» mode;
- USB: interception of a content of a file created on a USB storage device;
- SIP: SMS interception;
- Anomalies detector: manual configuration of sensitivity;
- Anomalies detector: one-click event detailing;
- Anomalies detector: sorting by columns;
- Remote desktop: automatic change of the viewing window;
- Remote desktop: faster connections;
- Remote desktop: remote desktop view on terminal servers;
- Network monitoring: monitor search queries in the following engines: Google, Yandex, Bing, Youtube, Rambler, Mail.RU;
- File monitoring: shadow copying size limitation;
- Remote installer: load a list of PC without requesting them;
- Remote installer: forced request of chosen PCs;
- User interface: interface navigation with the help of “Back”/”Forward” buttons of the web-browser;
- User interface: one-click server restart, settings reset and report rebuild from the admin panel;
- User interface: the “Home” button to reset all the filtering conditions;
- Log all the authorizations into the StaffCop admin panel, located in /var/log/staffcop/auth.log;
- Agent name auto-change in case its PC name is changed;
- User filters parameters are kept after running the “reinit” command;
- Optimized work of the terminal servers;
- Optimized speed of reports rebuild;
- Change certificate name when intercepting https, smtps.
- GNU/Linux endpoint agent released;
- Remote desktop control;
- “Hardware registry” module;
- “Software registry” module;
- Automatic detector of user behavior anomalies;
- Correlation by file hashes;
- Correlation and locking USB devices by device classes;
- New event type “Search queries”;
- E-mail interception by Exchange ActiveSync protocol;
- SIP channel interception: UDP interception, calls detailing;
- Text objects: handy content filtration method by keywords, phrases and regular expressions;
- Morphological text search in intercepted files;
- “Tree” mode of data visualization;
- Audio-player for playing audio files in the web-panel;
- New report on user activity for better visualization;
- New detailed report on user activity: chronological list of events with grouping;
- One-click switching from linear graph and histogram by clicking on a graphical element;
- Improvements of the calculation algorithm of activity time on web-sites;
- Manual setting of web-can snapshots intervals;
- Now compatible with Kaspersky Endpoint Security 10;
- New attributes for the “Agent” dimension: “OS version”, “Agent version”; for the “File” dimension: “File hash”; for the “Device” dimension: “Device class”;
- Black and white lists of monitored accounts;
- Fixed incorrect display of html-tags in the text of intercepted e-mails;
- Administrative interface remade;
- Relation graph updated;
- Linear graph updated: Time-line, Constructor;
- Anomalies report in the form of histogram;
- Drill-down function for all the main reports;
- Scheduled report sending by e-mail;
- Optimized calculation of time spent on web-sites;
- Custom event categorization;
- Flexible settings of microphone recording;
- Highlighted words in triggered alerts;
- StaffCop kernel optimized – system speed significantly increased;
- Content file analysis;
- Remote desktop view;
- Relation graph constructor;
- Driver agent;
- Linear graph for anomalies detector;
- Floating license revocation from the admin panel;
- Tile view of screenshots;
- Python-based filters;
- Access rights dividing;
- New algorithm for calculation productive/unproductive time;
- Calculation of web-site time activity;
- Extended work time reports;
- Improved mechanism of receiving files by the server;
- TLS traffic interception for Firefox Portable;
- Improved file transferring mechanism;
- Optimized screenshots compression
- "Constructor" is the default view of the administrative panel
- Improvements of agents and system architecture
- Manual activation/deactivation of filtering
- New dimension attribute - "Domain" (AD domain)
- StaffCop Server restart from the web-panel;
- View screenshot in a slider;
- New report "Statistics";
- Improvements of the lateness report;
- Backup option for disk cleanup;
- Interception of webmail with attachments;
- Linear graph for activity time;
- Manual setup of the time of start and end of the working day, break intervals;
- Active Directory — receive full user details;
- Dimensions and event attributes united;
- New attributes for events of network monitoring, application monitoring;
- New dimensions «Hour of day» and «Weekday»;
- Support for energy-saving modes of PC;
- Interception of files transferred in Mail.ru agent;
- Cut-off interception of redundant HTTP/HTTPs traffic;
- Separate user sorting for applying configurations;
- Record sound from microphones;
- Full-fledged interception of FTPs;
- File requests interception on a file server;
- Special control of documents;
- Optimized user interface;
- Improved XMPP interception;
- Option of disabling network monitoring;
- Active Directory recieve user name and department;
- Improved work time reports;
- Dimensions that are not applicable to a filter are not displayed;
- Agents auto-update option;
- Displaying the number of events in the Constructor;
- "Absence at workplace" module;
- USB-devices locking;
- Messaging direction (Incoming\Outgoing) for e-mail and instant-messengers;
- Access rights dividing for administartor/user;
- Shadow copying can be disabled for the "File monitoring" module;
- Screenshots taking can be disabled without disabling "Application activity";
- Improved preview of e-mail messages;
- Block HTTP/HTTPs traffic;
- User activity monitoring;
- OS restart option in the agent installer;
- User interface improved;
- Table view mode for each event type;
- HTTP/HTTPs traffic filtering by content-type;
- Clickable hyperlinks in the "Facts - Table";
- E-mail attachments interception. All mail clients and protocols are supported (excluding webmail);
- Fixed file driver;
- First attempt to maximize results from the chosen architecture. Basic concepts are updated to the level of beta-version;
- Remote installer is in encased in msi-package. Agent is not bound to the local network;
- First small bugs fixing. Web-interface implementation;