Changelog

Interception channels

• New mechanism of network traffic interception through proxy-server, compatibility with applications and web-sites improved
• Record audio communications in any application (microphone + speakers in a single track)
• New tool for repeated document printing from admin console
• Import from Office365 (Ms graph API). E-mails and files
• Interception of email channel - IBM Lotus Notes through IMAP mailbox
• Recognition of Russian Passports and Stamps with usage of neural networks
• Face recognition on web-cam snapshots

GNU/Linux

• Now compatible with AltLinux 8.2
• Server-side support for interception of Linux terminal sessions
• Monitoring of privileged users
• StaffCop Server built on Astra Linux. Tested in Astra Linux Smolensk 1.6 Special Edition
• Take web-cam snapshots on Linux workstations.

Admin interface

• The ability to choose between "Executable" and "Description for applications in Combined report.
• Take screenshots of a remote desktop while viewin in real-time mode
• The buttons of managing admin panel are now in a single format and color scheme
• A copy of the current admin panel opens by clicking the mouse middle button
• Now compatible with Internet Explorer 11

Administration

• Now data filtered by any chosen filter can be removed for any chosen time period
• Improved export to Excel
• Now IP adress and port can be changed on a remote PC from admin panel
• Improved PC statuses indication on the "Computers" page
• StaffCop Server works is installed on Ubuntu Server 18.04.
• Screenshots module recieved an option for improved recognition of changing window focus
• Accounts now can recieve the permission sets based on the info retrieved from AD (e.g. "Manager field).
• Changed order of receiving "Name" and "Surname" from AD
• The "staffcop sane" command now reorganizes (unites separated data) by user
• Special build for banks - without "Keylogger", "Remote control" and "Clipboard" modules.
• New permissions for system administrators for more precise control distribution
• Disabled icon of microphone usage in Windows 10

Filters and vocabularies

• Now sending the report on triggered policies allows send the filter that was chosen in Constructor
• Now reports can be sent at specified time
• A triggered filter can be added as an incident to the "Incidents" console

Analytical functions

• The "Incidents" console for managing incidents
• Diagrams now can display columns names of any length
• Diagrams now can display columns names of any length
• New report - Group Summary Report
• "Overtime" column has been added ro the Summary Report
• New report - Accounting for early departures and arrivals by group
• New report - Summary Statistical Report
• New report - Extended Timesheet
• Display percentage on a pie chart

Fixed bugs

• Fixed bug with Telegram interception
• Fixed bug with recognition of USB-devices
• Fixed small bugs of admin panel
• Fixed exception rule for "Read" file operations
• Improvents of the remote installer
• Fixed exception rule for "Read" file operations
• Fixed bug with long saving of MS Office documents
• Fixed small bugs of Tags module
• Improved server performance on high loads

Interception channels

• Skype Web - interception of messages and sent files
• Mail.RU agent web-version
• ICQ web-version
• Improvemenst on Telegram interception
• IMAP e-mails extraction
• Web-form data interception for rare encodings
• Support for Disc-O cloud services aggregator

GNU/Linux

• Remote control of GNU/Linux workstations
• Printed documents tracking
• Improved installation/uninstallation process
• StaffCop logs can be obtained from command prompt
• StaffCop pre-loaded can be launched for specified paths

Admin interface

• Choose the deafault report to be displayed in the Lens
• Graphical editor for rules
• Viewing screenshots in the player backwards and forwards
• Graph events detailing in a separate window
• Alphabetical sorting of users and computers in Constructor
• Display time spent on searching or filtration

Administration

• Transferring agents to another server from the Admin interface
• Speed up of work with network drives
• Delete users and computers from the Admin panel (after running staffcop webshell)
• Manage device labels in command prompt
• SSH-console for StaffCop Server administration
• Interface for database sharding
• The ability to use database on a separate server

Filters and vocabularies

• Simple and complex filters can now be used together
• Fast view of the applied complex filter
• Exception phrases in vocabularies
• Increased accuracy of triggering vocabularies

Analytical functions

• Track file operations made with tagged files
• Waveforms for recorded sounds
• Software inventory: separate view for software products and their updates
• Surveillance quad for web-cam snapshots
• Time tracking reports: productivity coloring in a single time element

Fixed bugs

• Fixed bug with interception events from a shared printer
• Fixed bug with simultenous playing of multiple sound records
• Fixed bug with recorded sounds downloading
• Fixed bug with doubling of "Lateness" events
• Improvents of the remote installer

Reports and view modes

• Reports now are generated and cashed on StaffCop Server
• New view modes: «Radar», «River of events»
• New report «Recent screenshots»
• New report «Statistics»: displays summary results for the chosen dimension
• Exports results (current state of "Lens") as an image
• «Time tracking» report is divided into three reports "Combined report", "Strip chart" and "Table"
• Improved visualization of time tracking graph
• Export to PDF from the "Analysis" menu

Filters and data analysis

• Search fo similar documents according to a sample
• "Luna" algorithm implemented in the credit card filter
• StaffCop Server performance has been significantly improved due to the changes in data receiving mechanism
• The algorithm of policies and vocabularies processing has been optimized and improved
• Updated vocabularies and policies
• Time tracking within the specified schedule
• Handy activity selecting for the specified period of time in the heatmap
• Luhn algorithm implemented in the credit card filter
• Enable/disable system keys displaying in the keylogger
• Display type of the clipboard content
• Search by columns in the "Devices" table
• Option for hiding/revealing empty entries on the server
• Simple and complex filter codes united
• "Employee" field is added to the information on computers
• Customized columns display in "Facts - Table"
• Configure parameters of resources consumption by OCR module

Blockings

• Specify and block groups of USB-devises

Admin interface

• Improvements of access rights dividing
• Splitter of the left panel: separate width regulation for Dimension panel, the ability to hide Dimension panel
• Store columns width in the facts table till the end of the session
• Enlarged sound playing controller
• Improved "Analysis" menu
• Navigation in sections of Control Panel

Interception channels

• Telegram for Desktops
• Skype 8*
• Screenshots made at the moment if printing
• Interception of text in XPS files printer spooler
• Interception of spooler fiels besides printed documents
• Interception of attachments send in GMail web-interface

Administration

• SSH-console for StaffCop Server administration
• Interface for database sharding
• The ability to use database on a separate server

Remote installer

• Easy readable agent configuratiuon log
• Receiving debug dump with the remote installer
• Remote agent instaallation over an old version
• Msi removal after installation with the tool

Event analysis

• Embedded OCR (Optical character recognition) that doesn't require any additional licenses
• Archived documents analysis
• Notifications on changes of hardware configuration
• Event description now contains all the data on an event
• Fast switch from events to nearest screenshots
• New dimensions: «Window title», «Time zone»
• Improvements of the credit card filter

Active Directory Integration

• Users can authorize in the admin interface with their AD accounts
• Assign account configuration according to AD groups

Work time tracking

• New time tracking report «Early coming and leaving» including that for lunch time
• Filter-event «Filter-event “Late users”»
• Improvements on calendar

Remote desktop and video recording

• Quad surveillance
• Export video to MP4
• Preview of every frame
• Pause/play when viewing video records
• Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns
• Remote desktop from “Accounts” dimension
• The ability to notify a user on taking remote control over his computer
• Clean desktop video records with “cleanup” command
• Optimized work of server at multiple remote connections

Filters and policies

• Improvements of the filter interface. The ability to create dashboards - complex objects that can contain filters of various types
• Filter preview

Windows-agent

• Intercept sound played on the device (“sound from speakers”)
• Intercept all files on a connected USB-drive.
• Block WiFi networks by black and white lists
• Intercept Gmail web-mail
• SecureBoot support
• Improvements of clipboard and printing interception
• Improvements of taking screenshots and webcam snapshots

Linux-agent

• Global variables support for file monitoring
• Extended file monitoring rules

Interface

• Safari browser is now supported
• Interface is optimized for displays with low resolution
• New color scheme, the menus have been regrouped
• New interface for server errors handling
• Quick filters reset in the dimension panel
• Customized columns when exporting to CSV
• Human-friendly file titles when exporting screenshots and sound records

Architecture

• Sharding - dividing database into parts
• Master/Slave mode for accumulating data from Slave servers to Master
• Optimized reports (sessions) recalculations after changing policies. Recalculation now can be performed 100 time faster.
• PostgreSQL settings optimized

Administration

• United control panel for administration
• Install, uninstall, upgrade agents and track their status in the admin interface
• Enable/disable ClickHouse database in admin interface
• Server and Endpoint agent can work with one port and IP-address with different SNI in the certificate
• Upgrade logs: /var/log/staffcop/upgrade.log
• Context tips for interface options
• Assign tags to computer groups
• Select time displaying formats in reports
• Sorting computer configurations by title
• Session recalculations are displayed in the admin interface
• Improvements of remote installer

Fixed

• Incorrect work with several partitions of USB-devices
• Error of uploading files to Bitrix24
• Error of application launch monitoring on Windows XP
• Error leading to inability of writing files to network disks
• Error appearing when playing recorded sounds
• Error of missing events at some cases when working with ClickHouse
• Incorrect filter creation in certain cases
• Sending empty reports on filters
• Control terminal server licenses
• Incorrect mouth coordinates when rescaling a remote desktop

Architecture

• Integration with ClickHouse – a high performance database of a new generation meant to significantly speed up data analysis and incident investigation
• Optimization of work with PostgreSQL.

Active Directory Integration

• Install by PC list imported from AD: connect from StaffCop agent installer to the domain controller for choosing workstations to install StaffCop agents on.
• Assign monitoring configurations by AD groups.
• Create administrator accounts via AD.
• Improvements on extracting user attributes

Work time tracking

• Production calendar and work schedule – ability to assign a work schedule with lunch breaks, vacations, days out and holidays for users and departments.
• Support for user time zone – display events in the local time of a monitored workstation. Support for several time zones for companies with geographically dispersed offices.
• New report on unproductivity: top by departments/users on a single page that can be exported to Excel.
• New reports by department:
  • Productivity by department;
  • Activity by department;
  • Absence at workplace by department.

Analytics

• Archived documents analysis.
• Export report «Fact» → «Table» to CSV.
• Export «Analysis» → «Table» to CSV.
• Improvements on report exporting: «Print», «Export to PDF», «Export to Excel», «Export to CSV», «Facts feed»
• Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns.
• Legend for a heat map is added.
• Events tree
  • display amount of events in the edge nodes;
  • export to printing;
  • click to «drill-down» to the list of events
• Files that can’t be downloaded are indicated.

Filters and policies

• Add applications and web-sites to policies from the “Time tracking” report.
• Edit hierarchical structure of filters.
• Search in filters.
• Updated fixtures.

Windows-agent

• Intercept passwords on web-sites
• Intercept Windows account passwords (when log in).
• Low-level keylogger.
• Monitor vk.com dialogs (outgoing).
• Monitoring using Google Drive in browsers, shadow copying of uploaded documents.
• Support for latest versions of Skype.
• Read-only mode for CD drives.
• Lock web-sites with domain names in Punycode (e.g. Extended Latin symbols, Cyrillic, Arabic).
• “Special control” for web-sites: taking screenshots at specified interval when visiting specified web-sites.

Linux-agent

• Keylogger implemented at the kernel level to control terminal servers and systems where keyboard interception in X-sessions is unavailable (Astra Linux).
• Monitor external drives connections.
• File operations: type of file operation, shadow copying of intercepted files.
• Support for file monitoring rules (black and white lists).
• Search queries in Chrome and FireFox.
• Binding keyboard input (X11-keylogger) to activity events on web-sites.
• Improved keyboard input interception.
• Improved X-session recognition.
• New event type «System log».

Monitoring configurations

• Improved agent configuration panel: grouping by setting modules and monitoring rules, improved rules editor.
• Work schedules for users or computers.
• Command line tool for adding rules to configurations.
• Simplified managing of monitoring rules – ability to add rules from the left-part of the Constructor.

Administration

• User help is built in the web console.
• Notifications on database disks being filled up.
• Registry of actions in the administrative web-panel.
• Remote installer has been significantly improved.
• Improved access rights division.

Receive a new key before upgrade from earlier versions. Rollback to previous versions leads to data loss

Analysis

• Option of data upload and filtration by clicking the «Apply» button;
• Filter events and intercepted files in the communication by attributes "Sender domain"/"Recipient domain", "Recipient" (event types "E-mail", "Instant Messengers", "Intercepted file")
• Display events of types "Keyboard" and "Screenshot" as bound to web-sites, which means that events of these types contain information on visited web-sites
• Search and filter events by file extension
• Improvements on displaying event types "User activity", "Search query", "File operation", "Devices", "Printing";
• Corrected view of intercepted .txt files content, corrected view of parsed text from .xls;
• Search by attributes "Device type", "Device", "HWID", "Drive type", "Operation", "Product", "Provider";
• Improved search by word combinations, new abilities of full-text search in PostgreSQL 10 added;
• Detection of encrypted ZIP/RAR archives;
• Reverse sorting by time in the facts table
• OCR prototype (text recognition in images);
• Build queries for filters with conditions equals/not equals and contains/not contains, the ability to combine conditions with logical operators AND/OR;
• The loading indicator that used to cover data and bother working process in case of a long data loading has been removed

Reports

• Go to screenshots from user card
• Go to the facts list from reports "Time tracking", "Analysis"→"Table" and «Analysis"→"Pie chart";
• Productivity and applicationb policies have been improved;
• New report type - dimension card of triggered filters
• Histogram in the report «Analysis→Table»

User experience

• The time of loading of the Constructor with statistics disable has been reduced;
• Events in the "Snapshots" mode now loads faster
• Migration is carried out faster in case the full-text index has already been made;
• Optimized loading facts with large texts
• Faster filtration in Analysis;
• Improvements on file extentions at ZIP-exporting of the events "Screenshot", "MicRecording";
• Events from system users have been hidden;
• The problem occured while caching static content by browsers at the moment of upgrade;

Agent configuration

• The admin list of agent has been improved:
  • New informative table with status, agent version and configuration title;
  • Choose agent configuration from a list;
  • Agent grouping by "label", this attribute can be used when building filters
  • Search by computer name or IP-address;
  • Group operations when changing agent statuses;
• Option "setting sync_with_ad" - always upgate profile from AD;
• Option "name_auto_change" - update user name and domain when name is changed
• The list of exclusions for global configuration has been extended
• New rule "File monitoring - Read - Allow/Deny" to ignore read operations for applications without disabling file monitoring.

E-mail notifications

• E-mails contain unsubscribe links
• The ability to send user cards
• SMTP setting for sending medssages without autorizing

Windows-agent

• The ability to reset agent data;
• Удаление агента по команде с сервера; Remove agent by a command from the server
• Interception of Mail.ru mail with new interface;
• Interception of Mail.ru ICQ 10.0.12243;
• Improved algorithms of e-mail interception;
• Improved algorithms of file interception and shadow copying;
• Improved algorithms of live administration;
• Fixed bugs occuring at remote installation

Linux-agent

• Track .log files;
• Track activity time in Chrome and FireFox;
• Clipboard interception;
• Track printing events;
• Record sound form built-in microphones;
• Improved keyboard interception;
• Adapted for work in ОS Astra Linux;

• Dimension cards: summary reports on chosen dimensions
• Remote desktop video record;
• USB: «read-only» mode;
• USB: interception of a content of a file created on a USB storage device;
• SIP: SMS interception;
• Anomalies detector: manual configuration of sensitivity;
• Anomalies detector: one-click event detailing;
• Anomalies detector: sorting by columns;
• Remote desktop: automatic change of the viewing window;
• Remote desktop: faster connections;
• Remote desktop: remote desktop view on terminal servers;
• Network monitoring: monitor search queries in the following engines: Google, Yandex, Bing, Youtube, Rambler, Mail.RU;
• File monitoring: shadow copying size limitation;
• Remote installer: load a list of PC without requesting them;
• Remote installer: forced request of chosen PCs;
• User interface: interface navigation with the help of “Back”/”Forward” buttons of the web-browser;
• User interface: one-click server restart, settings reset and report rebuild from the admin panel;
• User interface: the “Home” button to reset all the filtering conditions;
• Log all the authorizations into the StaffCop admin panel, located in /var/log/staffcop/auth.log;
• Agent name auto-change in case its PC name is changed;
• User filters parameters are kept after running the “reinit” command;
• Optimized work of the terminal servers;
• Optimized speed of reports rebuild;
• Change certificate name when intercepting https, smtps.

• GNU/Linux endpoint agent released;
• Remote desktop control;
• “Hardware registry” module;
• “Software registry” module;
• Automatic detector of user behavior anomalies;
• Correlation by file hashes;
• Correlation and locking USB devices by device classes;
• New event type “Search queries”;
• E-mail interception by Exchange ActiveSync protocol;
• SIP channel interception: UDP interception, calls detailing;
• Text objects: handy content filtration method by keywords, phrases and regular expressions;
• Morphological text search in intercepted files;
• “Tree” mode of data visualization;
• Audio-player for playing audio files in the web-panel;
• New report on user activity for better visualization;
• New detailed report on user activity: chronological list of events with grouping;
• One-click switching from linear graph and histogram by clicking on a graphical element;
• Improvements of the calculation algorithm of activity time on web-sites;
• Manual setting of web-can snapshots intervals;
• Now compatible with Kaspersky Endpoint Security 10;
• New attributes for the “Agent” dimension: “OS version”, “Agent version”; for the “File” dimension: “File hash”; for the “Device” dimension: “Device class”;
• Black and white lists of monitored accounts;
• Fixed incorrect display of html-tags in the text of intercepted e-mails;
• Administrative interface remade;

• Relation graph updated;
• Linear graph updated: Time-line, Constructor;
• Anomalies report in the form of histogram;
• Drill-down function for all the main reports;
• Scheduled report sending by e-mail;
• Optimized calculation of time spent on web-sites;
• Custom event categorization;
• Flexible settings of microphone recording;
• Highlighted words in triggered alerts;

• StaffCop kernel optimized – system speed significantly increased;
• Content file analysis;
• Remote desktop view;
• Relation graph constructor;
• Driver agent;
• Linear graph for anomalies detector;
• Floating license revocation from the admin panel;
• Tile view of screenshots;
• Python-based filters;
• Access rights dividing;
• New algorithm for calculation productive/unproductive time;
• Calculation of web-site time activity;
• Extended work time reports;
• Improved mechanism of receiving files by the server;

• TLS traffic interception for Firefox Portable;
• Improved file transferring mechanism;
• Optimized screenshots compression

• "Constructor" is the default view of the administrative panel
• Improvements of agents and system architecture
• Manual activation/deactivation of filtering
• New dimension attribute - "Domain" (AD domain)

• StaffCop Server restart from the web-panel;
• View screenshot in a slider;

• New report "Statistics";
• Improvements of the lateness report;
• Backup option for disk cleanup;

• Interception of webmail with attachments;
• Linear graph for activity time;
• Manual setup of the time of start and end of the working day, break intervals;
• Active Directory — receive full user details;
• Dimensions and event attributes united;
• New attributes for events of network monitoring, application monitoring;
• New dimensions «Hour of day» and «Weekday»;
• Support for energy-saving modes of PC;
• Interception of files transferred in Mail.ru agent;
• Cut-off interception of redundant HTTP/HTTPs traffic;
• Separate user sorting for applying configurations;

• Record sound from microphones;
• Full-fledged interception of FTPs;
• File requests interception on a file server;
• Special control of documents;
• Optimized user interface;

• Improved XMPP interception;
• Option of disabling network monitoring;
• Active Directory recieve user name and department;
• Improved work time reports;

• Dimensions that are not applicable to a filter are not displayed;
• Agents auto-update option;
• Displaying the number of events in the Constructor;
• "Absence at workplace" module;
• USB-devices locking;
• Messaging direction (Incoming\Outgoing) for e-mail and instant-messengers;

• Access rights dividing for administartor/user;
• Shadow copying can be disabled for the "File monitoring" module;
• Screenshots taking can be disabled without disabling "Application activity";
• Improved preview of e-mail messages;

• Block HTTP/HTTPs traffic;
• User activity monitoring;

• OS restart option in the agent installer;
• User interface improved;
• Table view mode for each event type;
• HTTP/HTTPs traffic filtering by content-type;
• Clickable hyperlinks in the "Facts - Table";
• E-mail attachments interception. All mail clients and protocols are supported (excluding webmail);
• Fixed file driver;

• First attempt to maximize results from the chosen architecture. Basic concepts are updated to the level of beta-version;
• Remote installer is in encased in msi-package. Agent is not bound to the local network;
• First small bugs fixing. Web-interface implementation;