Interception channels

  • New mechanism of network traffic interception through proxy-server, compatibility with applications and web-sites improved
  • Record audio communications in any application (microphone + speakers in a single track)
  • New tool for repeated document printing from admin console
  • Import from Office365 (Ms graph API). E-mails and files
  • Interception of email channel - IBM Lotus Notes through IMAP mailbox
  • Recognition of Russian Passports and Stamps with usage of neural networks
  • Face recognition on web-cam snapshots


  • Now compatible with AltLinux 8.2
  • Server-side support for interception of Linux terminal sessions
  • Monitoring of privileged users
  • StaffCop Server built on Astra Linux. Tested in Astra Linux Smolensk 1.6 Special Edition
  • Take web-cam snapshots on Linux workstations.

Admin interface

  • The ability to choose between "Executable" and "Description for applications in Combined report.
  • Take screenshots of a remote desktop while viewin in real-time mode
  • The buttons of managing admin panel are now in a single format and color scheme
  • A copy of the current admin panel opens by clicking the mouse middle button
  • Now compatible with Internet Explorer 11


  • Now data filtered by any chosen filter can be removed for any chosen time period
  • Improved export to Excel
  • Now IP adress and port can be changed on a remote PC from admin panel
  • Improved PC statuses indication on the "Computers" page
  • StaffCop Server works is installed on Ubuntu Server 18.04.
  • Screenshots module recieved an option for improved recognition of changing window focus
  • Accounts now can recieve the permission sets based on the info retrieved from AD (e.g. "Manager field).
  • Changed order of receiving "Name" and "Surname" from AD
  • The "staffcop sane" command now reorganizes (unites separated data) by user
  • Special build for banks - without "Keylogger", "Remote control" and "Clipboard" modules.
  • New permissions for system administrators for more precise control distribution
  • Disabled icon of microphone usage in Windows 10

Filters and vocabularies

  • Now sending the report on triggered policies allows send the filter that was chosen in Constructor
  • Now reports can be sent at specified time
  • A triggered filter can be added as an incident to the "Incidents" console

Analytical functions

  • The "Incidents" console for managing incidents
  • Diagrams now can display columns names of any length
  • Diagrams now can display columns names of any length
  • New report - Group Summary Report
  • "Overtime" column has been added ro the Summary Report
  • New report - Accounting for early departures and arrivals by group
  • New report - Summary Statistical Report
  • New report - Extended Timesheet
  • Display percentage on a pie chart

Fixed bugs

  • Fixed bug with Telegram interception
  • Fixed bug with recognition of USB-devices
  • Fixed small bugs of admin panel
  • Fixed exception rule for "Read" file operations
  • Improvents of the remote installer
  • Fixed exception rule for "Read" file operations
  • Fixed bug with long saving of MS Office documents
  • Fixed small bugs of Tags module
  • Improved server performance on high loads

Interception channels

  • Skype Web - interception of messages and sent files
  • Mail.RU agent web-version
  • ICQ web-version
  • Improvemenst on Telegram interception
  • IMAP e-mails extraction
  • Web-form data interception for rare encodings
  • Support for Disc-O cloud services aggregator


  • Remote control of GNU/Linux workstations
  • Printed documents tracking
  • Improved installation/uninstallation process
  • StaffCop logs can be obtained from command prompt
  • StaffCop pre-loaded can be launched for specified paths

Admin interface

  • Choose the deafault report to be displayed in the Lens
  • Graphical editor for rules
  • Viewing screenshots in the player backwards and forwards
  • Graph events detailing in a separate window
  • Alphabetical sorting of users and computers in Constructor
  • Display time spent on searching or filtration


  • Transferring agents to another server from the Admin interface
  • Speed up of work with network drives
  • Delete users and computers from the Admin panel (after running staffcop webshell)
  • Manage device labels in command prompt
  • SSH-console for StaffCop Server administration
  • Interface for database sharding
  • The ability to use database on a separate server

Filters and vocabularies

  • Simple and complex filters can now be used together
  • Fast view of the applied complex filter
  • Exception phrases in vocabularies
  • Increased accuracy of triggering vocabularies

Analytical functions

  • Track file operations made with tagged files
  • Waveforms for recorded sounds
  • Software inventory: separate view for software products and their updates
  • Surveillance quad for web-cam snapshots
  • Time tracking reports: productivity coloring in a single time element

Fixed bugs

  • Fixed bug with interception events from a shared printer
  • Fixed bug with simultenous playing of multiple sound records
  • Fixed bug with recorded sounds downloading
  • Fixed bug with doubling of "Lateness" events
  • Improvents of the remote installer

Reports and view modes

  • Reports now are generated and cashed on StaffCop Server
  • New view modes: «Radar», «River of events»
  • New report «Recent screenshots»
  • New report «Statistics»: displays summary results for the chosen dimension
  • Exports results (current state of "Lens") as an image
  • «Time tracking» report is divided into three reports "Combined report", "Strip chart" and "Table"
  • Improved visualization of time tracking graph
  • Export to PDF from the "Analysis" menu

Filters and data analysis

  • Search fo similar documents according to a sample
  • "Luna" algorithm implemented in the credit card filter
  • StaffCop Server performance has been significantly improved due to the changes in data receiving mechanism
  • The algorithm of policies and vocabularies processing has been optimized and improved
  • Updated vocabularies and policies
  • Time tracking within the specified schedule
  • Handy activity selecting for the specified period of time in the heatmap
  • Luhn algorithm implemented in the credit card filter
  • Enable/disable system keys displaying in the keylogger
  • Display type of the clipboard content
  • Search by columns in the "Devices" table
  • Option for hiding/revealing empty entries on the server
  • Simple and complex filter codes united
  • "Employee" field is added to the information on computers
  • Customized columns display in "Facts - Table"
  • Configure parameters of resources consumption by OCR module


  • Specify and block groups of USB-devises

Admin interface

  • Improvements of access rights dividing
  • Splitter of the left panel: separate width regulation for Dimension panel, the ability to hide Dimension panel
  • Store columns width in the facts table till the end of the session
  • Enlarged sound playing controller
  • Improved "Analysis" menu
  • Navigation in sections of Control Panel

Interception channels

  • Telegram for Desktops
  • Skype 8*
  • Screenshots made at the moment if printing
  • Interception of text in XPS files printer spooler
  • Interception of spooler fiels besides printed documents
  • Interception of attachments send in GMail web-interface


  • SSH-console for StaffCop Server administration
  • Interface for database sharding
  • The ability to use database on a separate server

Remote installer

  • Easy readable agent configuratiuon log
  • Receiving debug dump with the remote installer
  • Remote agent instaallation over an old version
  • Msi removal after installation with the tool

Event analysis

  • Embedded OCR (Optical character recognition) that doesn't require any additional licenses
  • Archived documents analysis
  • Notifications on changes of hardware configuration
  • Event description now contains all the data on an event
  • Fast switch from events to nearest screenshots
  • New dimensions: «Window title», «Time zone»
  • Improvements of the credit card filter

Active Directory Integration

  • Users can authorize in the admin interface with their AD accounts
  • Assign account configuration according to AD groups

Work time tracking

  • New time tracking report «Early coming and leaving» including that for lunch time
  • Filter-event «Filter-event “Late users”»
  • Improvements on calendar

Remote desktop and video recording

  • Quad surveillance
  • Export video to MP4
  • Preview of every frame
  • Pause/play when viewing video records
  • Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns
  • Remote desktop from “Accounts” dimension
  • The ability to notify a user on taking remote control over his computer
  • Clean desktop video records with “cleanup” command
  • Optimized work of server at multiple remote connections

Filters and policies

  • Improvements of the filter interface. The ability to create dashboards - complex objects that can contain filters of various types
  • Filter preview


  • Intercept sound played on the device (“sound from speakers”)
  • Intercept all files on a connected USB-drive.
  • Block WiFi networks by black and white lists
  • Intercept Gmail web-mail
  • SecureBoot support
  • Improvements of clipboard and printing interception
  • Improvements of taking screenshots and webcam snapshots


  • Global variables support for file monitoring
  • Extended file monitoring rules


  • Safari browser is now supported
  • Interface is optimized for displays with low resolution
  • New color scheme, the menus have been regrouped
  • New interface for server errors handling
  • Quick filters reset in the dimension panel
  • Customized columns when exporting to CSV
  • Human-friendly file titles when exporting screenshots and sound records


  • Sharding - dividing database into parts
  • Master/Slave mode for accumulating data from Slave servers to Master
  • Optimized reports (sessions) recalculations after changing policies. Recalculation now can be performed 100 time faster.
  • PostgreSQL settings optimized


  • United control panel for administration
  • Install, uninstall, upgrade agents and track their status in the admin interface
  • Enable/disable ClickHouse database in admin interface
  • Server and Endpoint agent can work with one port and IP-address with different SNI in the certificate
  • Upgrade logs: /var/log/staffcop/upgrade.log
  • Context tips for interface options
  • Assign tags to computer groups
  • Select time displaying formats in reports
  • Sorting computer configurations by title
  • Session recalculations are displayed in the admin interface
  • Improvements of remote installer


  • Incorrect work with several partitions of USB-devices
  • Error of uploading files to Bitrix24
  • Error of application launch monitoring on Windows XP
  • Error leading to inability of writing files to network disks
  • Error appearing when playing recorded sounds
  • Error of missing events at some cases when working with ClickHouse
  • Incorrect filter creation in certain cases
  • Sending empty reports on filters
  • Control terminal server licenses
  • Incorrect mouth coordinates when rescaling a remote desktop


  • Integration with ClickHouse – a high performance database of a new generation meant to significantly speed up data analysis and incident investigation
  • Optimization of work with PostgreSQL.

Active Directory Integration

  • Install by PC list imported from AD: connect from StaffCop agent installer to the domain controller for choosing workstations to install StaffCop agents on.
  • Assign monitoring configurations by AD groups.
  • Create administrator accounts via AD.
  • Improvements on extracting user attributes

Work time tracking

  • Production calendar and work schedule – ability to assign a work schedule with lunch breaks, vacations, days out and holidays for users and departments.
  • Support for user time zone – display events in the local time of a monitored workstation. Support for several time zones for companies with geographically dispersed offices.
  • New report on unproductivity: top by departments/users on a single page that can be exported to Excel.
  • New reports by department:
    • Productivity by department;
    • Activity by department;
    • Absence at workplace by department.


  • Archived documents analysis.
  • Export report «Fact» → «Table» to CSV.
  • Export «Analysis» → «Table» to CSV.
  • Improvements on report exporting: «Print», «Export to PDF», «Export to Excel», «Export to CSV», «Facts feed»
  • Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns.
  • Legend for a heat map is added.
  • Events tree
    • display amount of events in the edge nodes;
    • export to printing;
    • click to «drill-down» to the list of events
  • Files that can’t be downloaded are indicated.

Filters and policies

  • Add applications and web-sites to policies from the “Time tracking” report.
  • Edit hierarchical structure of filters.
  • Search in filters.
  • Updated fixtures.


  • Intercept passwords on web-sites
  • Intercept Windows account passwords (when log in).
  • Low-level keylogger.
  • Monitor dialogs (outgoing).
  • Monitoring using Google Drive in browsers, shadow copying of uploaded documents.
  • Support for latest versions of Skype.
  • Read-only mode for CD drives.
  • Lock web-sites with domain names in Punycode (e.g. Extended Latin symbols, Cyrillic, Arabic).
  • “Special control” for web-sites: taking screenshots at specified interval when visiting specified web-sites.


  • Keylogger implemented at the kernel level to control terminal servers and systems where keyboard interception in X-sessions is unavailable (Astra Linux).
  • Monitor external drives connections.
  • File operations: type of file operation, shadow copying of intercepted files.
  • Support for file monitoring rules (black and white lists).
  • Search queries in Chrome and FireFox.
  • Binding keyboard input (X11-keylogger) to activity events on web-sites.
  • Improved keyboard input interception.
  • Improved X-session recognition.
  • New event type «System log».

Monitoring configurations

  • Improved agent configuration panel: grouping by setting modules and monitoring rules, improved rules editor.
  • Work schedules for users or computers.
  • Command line tool for adding rules to configurations.
  • Simplified managing of monitoring rules – ability to add rules from the left-part of the Constructor.


  • User help is built in the web console.
  • Notifications on database disks being filled up.
  • Registry of actions in the administrative web-panel.
  • Remote installer has been significantly improved.
  • Improved access rights division.

Receive a new key before upgrade from earlier versions. Rollback to previous versions leads to data loss


  • Option of data upload and filtration by clicking the «Apply» button;
  • Filter events and intercepted files in the communication by attributes "Sender domain"/"Recipient domain", "Recipient" (event types "E-mail", "Instant Messengers", "Intercepted file")
  • Display events of types "Keyboard" and "Screenshot" as bound to web-sites, which means that events of these types contain information on visited web-sites
  • Search and filter events by file extension
  • Improvements on displaying event types "User activity", "Search query", "File operation", "Devices", "Printing";
  • Corrected view of intercepted .txt files content, corrected view of parsed text from .xls;
  • Search by attributes "Device type", "Device", "HWID", "Drive type", "Operation", "Product", "Provider";
  • Improved search by word combinations, new abilities of full-text search in PostgreSQL 10 added;
  • Detection of encrypted ZIP/RAR archives;
  • Reverse sorting by time in the facts table
  • OCR prototype (text recognition in images);
  • Build queries for filters with conditions equals/not equals and contains/not contains, the ability to combine conditions with logical operators AND/OR;
  • The loading indicator that used to cover data and bother working process in case of a long data loading has been removed


  • Go to screenshots from user card
  • Go to the facts list from reports "Time tracking", "Analysis"→"Table" and «Analysis"→"Pie chart";
  • Productivity and applicationb policies have been improved;
  • New report type - dimension card of triggered filters
  • Histogram in the report «Analysis→Table»

User experience

  • The time of loading of the Constructor with statistics disable has been reduced;
  • Events in the "Snapshots" mode now loads faster
  • Migration is carried out faster in case the full-text index has already been made;
  • Optimized loading facts with large texts
  • Faster filtration in Analysis;
  • Improvements on file extentions at ZIP-exporting of the events "Screenshot", "MicRecording";
  • Events from system users have been hidden;
  • The problem occured while caching static content by browsers at the moment of upgrade;

Agent configuration

  • The admin list of agent has been improved:
    • New informative table with status, agent version and configuration title;
    • Choose agent configuration from a list;
    • Agent grouping by "label", this attribute can be used when building filters
    • Search by computer name or IP-address;
    • Group operations when changing agent statuses;
  • Option "setting sync_with_ad" - always upgate profile from AD;
  • Option "name_auto_change" - update user name and domain when name is changed
  • The list of exclusions for global configuration has been extended
  • New rule "File monitoring - Read - Allow/Deny" to ignore read operations for applications without disabling file monitoring.

E-mail notifications

  • E-mails contain unsubscribe links
  • The ability to send user cards
  • SMTP setting for sending medssages without autorizing


  • The ability to reset agent data;
  • Удаление агента по команде с сервера; Remove agent by a command from the server
  • Interception of mail with new interface;
  • Interception of ICQ 10.0.12243;
  • Improved algorithms of e-mail interception;
  • Improved algorithms of file interception and shadow copying;
  • Improved algorithms of live administration;
  • Fixed bugs occuring at remote installation


  • Track .log files;
  • Track activity time in Chrome and FireFox;
  • Clipboard interception;
  • Track printing events;
  • Record sound form built-in microphones;
  • Improved keyboard interception;
  • Adapted for work in ОS Astra Linux;

  • Dimension cards: summary reports on chosen dimensions
  • Remote desktop video record;
  • USB: «read-only» mode;
  • USB: interception of a content of a file created on a USB storage device;
  • SIP: SMS interception;
  • Anomalies detector: manual configuration of sensitivity;
  • Anomalies detector: one-click event detailing;
  • Anomalies detector: sorting by columns;
  • Remote desktop: automatic change of the viewing window;
  • Remote desktop: faster connections;
  • Remote desktop: remote desktop view on terminal servers;
  • Network monitoring: monitor search queries in the following engines: Google, Yandex, Bing, Youtube, Rambler, Mail.RU;
  • File monitoring: shadow copying size limitation;
  • Remote installer: load a list of PC without requesting them;
  • Remote installer: forced request of chosen PCs;
  • User interface: interface navigation with the help of “Back”/”Forward” buttons of the web-browser;
  • User interface: one-click server restart, settings reset and report rebuild from the admin panel;
  • User interface: the “Home” button to reset all the filtering conditions;
  • Log all the authorizations into the StaffCop admin panel, located in /var/log/staffcop/auth.log;
  • Agent name auto-change in case its PC name is changed;
  • User filters parameters are kept after running the “reinit” command;
  • Optimized work of the terminal servers;
  • Optimized speed of reports rebuild;
  • Change certificate name when intercepting https, smtps.

  • GNU/Linux endpoint agent released;
  • Remote desktop control;
  • “Hardware registry” module;
  • “Software registry” module;
  • Automatic detector of user behavior anomalies;
  • Correlation by file hashes;
  • Correlation and locking USB devices by device classes;
  • New event type “Search queries”;
  • E-mail interception by Exchange ActiveSync protocol;
  • SIP channel interception: UDP interception, calls detailing;
  • Text objects: handy content filtration method by keywords, phrases and regular expressions;
  • Morphological text search in intercepted files;
  • “Tree” mode of data visualization;
  • Audio-player for playing audio files in the web-panel;
  • New report on user activity for better visualization;
  • New detailed report on user activity: chronological list of events with grouping;
  • One-click switching from linear graph and histogram by clicking on a graphical element;
  • Improvements of the calculation algorithm of activity time on web-sites;
  • Manual setting of web-can snapshots intervals;
  • Now compatible with Kaspersky Endpoint Security 10;
  • New attributes for the “Agent” dimension: “OS version”, “Agent version”; for the “File” dimension: “File hash”; for the “Device” dimension: “Device class”;
  • Black and white lists of monitored accounts;
  • Fixed incorrect display of html-tags in the text of intercepted e-mails;
  • Administrative interface remade;

  • Relation graph updated;
  • Linear graph updated: Time-line, Constructor;
  • Anomalies report in the form of histogram;
  • Drill-down function for all the main reports;
  • Scheduled report sending by e-mail;
  • Optimized calculation of time spent on web-sites;
  • Custom event categorization;
  • Flexible settings of microphone recording;
  • Highlighted words in triggered alerts;

  • StaffCop kernel optimized – system speed significantly increased;
  • Content file analysis;
  • Remote desktop view;
  • Relation graph constructor;
  • Driver agent;
  • Linear graph for anomalies detector;
  • Floating license revocation from the admin panel;
  • Tile view of screenshots;
  • Python-based filters;
  • Access rights dividing;
  • New algorithm for calculation productive/unproductive time;
  • Calculation of web-site time activity;
  • Extended work time reports;
  • Improved mechanism of receiving files by the server;

  • TLS traffic interception for Firefox Portable;
  • Improved file transferring mechanism;
  • Optimized screenshots compression

  • "Constructor" is the default view of the administrative panel
  • Improvements of agents and system architecture
  • Manual activation/deactivation of filtering
  • New dimension attribute - "Domain" (AD domain)

  • StaffCop Server restart from the web-panel;
  • View screenshot in a slider;

  • New report "Statistics";
  • Improvements of the lateness report;
  • Backup option for disk cleanup;

  • Interception of webmail with attachments;
  • Linear graph for activity time;
  • Manual setup of the time of start and end of the working day, break intervals;
  • Active Directory — receive full user details;
  • Dimensions and event attributes united;
  • New attributes for events of network monitoring, application monitoring;
  • New dimensions «Hour of day» and «Weekday»;
  • Support for energy-saving modes of PC;
  • Interception of files transferred in agent;
  • Cut-off interception of redundant HTTP/HTTPs traffic;
  • Separate user sorting for applying configurations;

  • Record sound from microphones;
  • Full-fledged interception of FTPs;
  • File requests interception on a file server;
  • Special control of documents;
  • Optimized user interface;

  • Improved XMPP interception;
  • Option of disabling network monitoring;
  • Active Directory recieve user name and department;
  • Improved work time reports;

  • Dimensions that are not applicable to a filter are not displayed;
  • Agents auto-update option;
  • Displaying the number of events in the Constructor;
  • "Absence at workplace" module;
  • USB-devices locking;
  • Messaging direction (Incoming\Outgoing) for e-mail and instant-messengers;

  • Access rights dividing for administartor/user;
  • Shadow copying can be disabled for the "File monitoring" module;
  • Screenshots taking can be disabled without disabling "Application activity";
  • Improved preview of e-mail messages;

  • Block HTTP/HTTPs traffic;
  • User activity monitoring;

  • OS restart option in the agent installer;
  • User interface improved;
  • Table view mode for each event type;
  • HTTP/HTTPs traffic filtering by content-type;
  • Clickable hyperlinks in the "Facts - Table";
  • E-mail attachments interception. All mail clients and protocols are supported (excluding webmail);
  • Fixed file driver;

  • First attempt to maximize results from the chosen architecture. Basic concepts are updated to the level of beta-version;
  • Remote installer is in encased in msi-package. Agent is not bound to the local network;
  • First small bugs fixing. Web-interface implementation;