What's New in DeviceLock 6.4.1 (versus 6.4) - Added new optional component - DeviceLock Content Security Server (DLCSS). DLCSS includes DeviceLock Search Server which enables you to instantly search text across shadowed files and other logs stored on DeviceLock Enterprise Server. - Added granular access control, auditing and shadowing for iPhone and iPod devices. Now you can set permissions for different objects (media, contacts, files, etc.) transferring to/from iPhone/iPod. Also, you can enable auditing and shadowing for objects copying from the PCs to iPhones/iPods. - Added access control and auditing for BlackBerry devices. Now you can control who can connect a BlackBerry device to a local computer and when they can do it. Also, you can audit any user activity involving the BlackBerry device type. - Added integration with Lexar JumpDrive SAFE S3000 encrypted flash drives. DeviceLock detects Lexar JumpDrive SAFE S3000 drives and applies special "encrypted" permissions to them. - Added integration with DriveCrypt. DeviceLock detects encrypted DriveCrypt disks (USB Flash Drives and other removable media) and applies special "encrypted" permissions to them. Using these "encrypted" permissions you can, for example, allow writing only to encrypted removable devices and deny writing to unencrypted media. - Added optional protection against anti-rootkit techniques that could be used to disable DeviceLock Service. When "Enable Unhook Protection" is checked on the "DeviceLock Administrators" dialog, the DeviceLock Driver controls the integrity of its code. If a violation is found, DeviceLock causes Windows to stop with a fatal error. - Added support for the TrueCrypt's "File-hosted (container)" volume type. - Added support for Microsoft Windows 7. What's New in DeviceLock 6.4 (versus 6.3) - DeviceLock now supports "Content-Aware Rules" which provide a flexible method to enforce more granular security at the file level. This method allows you to selectively grant or deny access to certain file types, regardless of preset permissions at the device-level. You can also use "Content-Aware Rules" to allow or deny shadowing of certain file types. DeviceLock uses a content-based file type detection algorithm. Recognition and identification of file types is based on their characteristic signatures. This efficient and reliable algorithm allows for correct identification and handling of files regardless of the file extension. More than 3000 file types are supported. - Added support for offline profiles. DeviceLock now allows you to define different online vs. offline security policies for the same user or set of users. A user's online policies are applied when connected to the corporate network, specified DeviceLock Enterprise Servers, or Active Directory domain controllers. Offline policies are applied when the user is working disconnected from the corporate network, specified DeviceLock Enterprise Servers or Active Directory domain controllers. - Now you can make graphical reports based on the logs (audit and shadow) stored on DeviceLock Enterprise Server. These reports can be automatically sent to you via an e-mail. - Now you can change audit log settings (maximum log size and Windows procedures in the event of full capacity) via Group Policies as for other DeviceLock's settings. - Added integration with SafeDisk. DeviceLock detects encrypted SafeDisk disks (USB Flash Drives and other removable media) and applies special "encrypted" permissions to them. Using these "encrypted" permissions you can, for example, allow writing only to encrypted removable devices and deny writing to unencrypted media. - Major improvements in the built-in DeviceLock Printer Viewer. - Improved support for Live File System for CDs in the Media White List. - Improved random DeviceLock Enterprise Server selection algorithm. - Improved USB keylogger detection algorithm. - Improved GUI. - Many other internal improvements and bug fixes. What's New in DeviceLock 6.3 (versus 6.2.1) - Added granular access control, auditing and shadowing for Palm OS devices. Now you can set permissions for different objects (pictures, contacts, e-mails, etc.) transferring to/from PDAs running Palm OS. Also, you can enable auditing and shadowing for objects copying from the PCs to PDAs. All connection interfaces (USB, COM, IrDA, Bluetooth, WiFi) are supported. - Added granular access control, auditing and shadowing for local and network printers. Now you can control who can send documents to printers as well as when printing is permissible. All connection interfaces (USB, LPT, network, etc.) are supported. Also, you can enable auditing and shadowing of printing activities. Later, saved copies of any printed documents can be viewed using the built-in viewer. - New flag for Security Settings parameters - "Access control for virtual printers". By disabling this flag you can prevent control, audit and shadowing of those printers which do not send documents to real devices, but instead print to files (e.g. PDF converters). - Now using the Temporary White List it is possible to allow a device for a current user's session. - Improved Windows 2000 TrueCrypt support. - Improved support for PGP Whole Disk Encryption version 9.8. - Enhanced compatibility with the Intel GM965 Express chipset. - Improved compatibility with Windows Vista Service Pack 1. - Reduced loading of SQL Server while processing logs in DeviceLock Enterprise Server. What's New in DeviceLock 6.2.1 (versus 6.2) - Added support for Microsoft Windows Vista. Now DeviceLock Service and management consoles can be installed and used on Windows Vista. DeviceLock Service natively supports both platforms: 32-bit and 64-bit. DeviceLock management consoles are available only as 32-bit applications and can be used on 64-bit platforms in the emulation mode. - To control Windows Mobile devices on Windows Vista, DeviceLock now supports Windows Mobile Device Center (WMDC). - Added integration with TrueCrypt. TrueCrypt is free open-source disk encryption software. DeviceLock detects encrypted TrueCrypt disks (USB Flash Drives and other removable media) and applies special "encrypted" permissions to them. Using these "encrypted" permissions you can, for example, allow writing only to encrypted removable devices and deny writing to unencrypted media. - Added real-time monitoring of DeviceLock Services across the network. DeviceLock Enterprise Server can now monitor remote computers in real-time, checking DeviceLock Service status (running or not), policy consistency and integrity. The detailed information is written to the Monitoring log. Also, it is possible to define a master policy that can be automatically applied across selected remote computers in the event that their current policies are suspected to be out-of-date or damaged. - Now in DeviceLock management consoles it is possible to create a custom MSI package for DeviceLock Service. This feature allows administrators to create their own MSI packages and deploy DeviceLock Service instances across the network with predefined policies. - DeviceLock Service now adds itself to the exception list of Windows Firewall on Windows XP/Server 2003/Vista. - DeviceLock Enterprise Server can now extract files from shadowed CD/DVD images. When the "Unpack ISO images" parameter is enabled, all files are extracted from CD/DVD images upon delivery to the server and stored in the database separately (one record per file). - Improved the data post-processing of CD/DVD burner shadowed files. - Now DeviceLock Service and DeviceLock Enterprise Server are set to use specific TCP ports. These are 9132, 9133 and thereafter. If these ports are unavailable on the local computer, then other ports will be allocated dynamically. What's New in DeviceLock 6.2 (versus 6.1.1) - Added granular access control, auditing and shadowing for Windows Mobile devices. Now you can set permissions for different objects (files, contacts, e-mails, etc.) transferring from/to PDAs running Windows Mobile OS. Also, you can enable auditing and shadowing for files and other objects (contacts, e-mails, etc.) copying from the PCs to PDAs. All connection interfaces (USB, COM, IrDA, Bluetooth, WiFi) are supported. - Added integration with PGP Whole Disk Encryption. DeviceLock now can detect encrypted PGP disks (USB Flash Drives and other removable media) and apply special "encrypted" permissions to them. Using these "encrypted" permissions you can, for example, allow writing only to the encrypted removable devices and deny writing to the unencrypted media. - Added integration with Lexar SAFE PSD encrypted flash drives. DeviceLock detects Lexar SAFE PSD drives and applies special "encrypted" permissions to them. - Now DeviceLock can prevent PS/2 keyloggers from recording keystrokes. DeviceLock obfuscates PS/2 keyboard's input and forces PS/2 keyloggers to record some garbage instead of the real keystrokes. - Added stream compression for audit logs and shadow data sending from DeviceLock Services to DeviceLock Enterprise Server. By enabling stream compression you can decrease the size of data transfers and thus reduce the network load. - Now white-listed USB devices which have access control on both interface (port) and type levels can be allowed to bypass control on the type level. For example, by disabling the "Control as Type" flag for a USB flash drive that has been added to the USB Devices White List, you can bypass security checking on the Removable level. Also, this "Control as Type" flag is always disabled for devices authorized via a Temporary White List. This new feature allows you to avoid permissions conflicts (double control) for white-listed devices and simplifies defining access control policies. - In DeviceLock Enterprise Manager, a new Set Service Settings plug-in is added, replacing the former Set Permissions/Auditing plug-in. Using this Set Service Settings plug-in you can apply DeviceLock Service parameters (including permissions, audit and shadowing rules, settings, etc.) to remote computers. - Added a DeviceLock Service Settings Editor which allows you to create and modify all DeviceLock Service parameters (including permissions, audit and shadowing rules, settings, etc.) in an external file. Later this file can be loaded into DeviceLock Management Console and DeviceLock Group Policy Manager, used in the Set Service Settings plug-in of DeviceLock Enterprise Manager or signed using the DeviceLock Signing Tool. The DeviceLock Service Settings Editor is a snap-in for MMC and has the same interface as DeviceLock Management Console and DeviceLock Group Policy Manager. - Changed the interface of Permissions and Audit & Shadowing dialogs. Now these dialogs support new permissions and audit and shadowing rules for Windows Mobile devices, encrypted PGP and Lexar SAFE PSD disks. - In DeviceLock Management Console's audit and shadowing logs viewers, parameters in the filter dialogs can now be saved/loaded to/from the external files. - Changed parameters for the silent setup. Now all DeviceLock Service settings, permissions, audit and shadowing rules can be defined in the external XML file and applied during the silent setup. To load an external XML file during the silent setup, specify the "SettingsFile" parameter. What's New in DeviceLock 6.1.1 (versus 6.1) - Build 9011: Fixed incompatibility issues with Guardant USB tokens, MS SoftGrid and Blackberry Desktop. - DeviceLock Service now works on 64-bit platforms (Windows XP/2003). - Changes in the remote installation routine. Management consoles can now install DeviceLock Service to 64-bit platforms. - Added the new MSI package with 64-bit DeviceLock Service. - Renamed parameters in Security Settings. "Enable access control for..." renamed to "Access control for...". What's New in DeviceLock 6.1 (versus 6.0) - Audit records can now be automatically collected from remote computers and centrally stored on DeviceLock Enterprise Server. This provides a level of security beyond using the standard Windows Event Log on every computer. Even users with local admin privileges can't edit, delete or otherwise tamper with audit logs set to transfer to DeviceLock Enterprise Server. - Now you can define what log should be used to store audit records. DeviceLock Service can write audit records to the standard Windows Event Log that stores locally and/or to its own protected log that sends to DeviceLock Enterprise Server for centralized storage. - DeviceLock can now detect hardware keyloggers. Hardware keyloggers are devices that record keystrokes. DeviceLock detects USB keyloggers and blocks keyboards connected to them. - DeviceLock now supports Resultant Set of Policy (RSoP). Now you can use the standard Windows RSoP snap-in to view the DeviceLock policy currently being applied, as well as to predict what policy would be applied in a given situation. - DeviceLock now supports traffic shaping, allowing you to define bandwidth limits for sending audit and shadow logs from DeviceLock Service to DeviceLock Enterprise Server. When the Quality of Service component is installed on a computer running DeviceLock Service, you can set three types of traffic priority: high, medium and low. Medium and low priorities reduce the network load. - Now DeviceLock Service can choose the fastest available DeviceLock Enterprise Server from the list of servers. When the "Fast Servers First" parameter is enabled, all servers are divided into three groups depending on their network speed and preference is given to the fastest. If all of the fastest servers are unavailable, DeviceLock Service attempts to select a server from the group of next fastest servers and so on. If the "Fast Servers First" parameter is disabled, DeviceLock Service randomly selects a server from the list. - A new access right for DeviceLock Administrators, "Change", has been added in DeviceLock Service and DeviceLock Enterprise Server. Users with this access right can change settings, install, and uninstall DeviceLock Service or DeviceLock Enterprise Server, but they can't add new users to the list of DeviceLock Administrators or change access rights for existing users in this list. - DeviceLock Enterprise Server can now automatically cleanup logs (Audit, Shadow, Server) according to defined rules and in a way that avoids database overflow. - A read-only access right for tape devices has been added. - Now you can enable audit for tape devices. - You can now export/import all DeviceLock Service parameters (including permissions, audit and shadowing rules, settings, etc.) to/from an external file from DeviceLock Management Console or DeviceLock Group Policy Manager. To avoid unauthorized modification this file can be signed with DeviceLock Certificate using the DeviceLock Signing Tool. Upon receiving this signed file, the user can import new settings using the DeviceLock applet from the Control Panel. This setup method is ideal when a user computer is not online and thus out-of-reach via management consoles. Moreover, using this export/import feature, DeviceLock Administrators can create and save a standard template and use it for applying settings to new computers. - The DeviceLock Temporary White List Administration Tool is now a part of the DeviceLock Signing Tool. - The DeviceLock Temporary White List Authorization Tool is now a part of the DeviceLock applet. To use the Temporary White List feature, users should run the DeviceLock applet from Control Panel. What's New in DeviceLock 6.0 (versus 5.73) - DeviceLock now supports data shadowing - the ability to mirror all data copied to external storage devices (removable, floppy, DVD/CD-ROM) and transferred via COM and LPT ports. A full copy of the files and data is saved. Shadowing is an extended function of DeviceLock Audit and like auditing can be defined on a per-user basis. - A new Media White List feature allows you to uniquely identify a specific DVD/CD-ROM disk by the data signature and authorize access to it, even when DeviceLock has otherwise blocked the DVD/CD-ROM drive. Any change to the content of the media will change the data signature, thus invalidating authorization. In this way, a white-listed disk cannot be used to introduce unwanted data to the network. A DeviceLock Media White List can be configured to grant access to a collection of approved DVD/CD-ROM disks by certain users and groups, so that only authorized users are able to use the approved information. - DeviceLock Enterprise Server is added for centralized collecting and storing of shadow files. DeviceLock Enterprise Server uses MS SQL Server to store received data. - DeviceLock Management Console (MMC snap-in) now includes a module for remote administration of DeviceLock Enterprise Server. Using this console, you can manage DeviceLock Service and administer DeviceLock Enterprise Server at the same time. - For each DeviceLock Service you can now define the name of the DeviceLock Enterprise Server to which the service reports shadow files as soon as they arrive. - In the Service Options dialog you can now set a disk quota for shadowed data, ensuring that the user's free disk space is not overburdened. - Now you can view logged files using a built-in viewer on the Shadow Log Viewer dialog. - Even deleted shadow data is now logged. When records are removed from the shadow data log, the binary data is deleting from the database but the information about these records is written to a Deleted Shadow Data Log and can be conveniently viewed from the DeviceLock Management Console. - A special log for DeviceLock Enterprise Server writes its internal information, warnings and errors for convenient viewing from DeviceLock Management Console. - A custom message can now be displayed when temporary access permission expires for devices that were authorized via Temporary White List. - Now all DeviceLock components install via a single installation package - setup.exe. Using this package you can install DeviceLock Service, DeviceLock Enterprise Server, all management consoles, as well as documentation and help files. The setup_gp.exe packaged was removed. - The user manual and help-files have been significantly updated to include information about all new features and for easier reference overall. What's New in DeviceLock 5.73 (versus 5.72) - Devices in the USB White List can now be assigned to users and groups. This allows you to have more granular control over which users have access to what USB devices on their computers. One user can be allowed to use a certain device, while another user can't use it on the same computer. - Minor interface's changes. What's New in DeviceLock 5.72 (versus 5.71) - A new function, Temporary White List, has been added. Useful in exceptional situations, this function grants users temporary access to USB devices when there is no network connection. In use, DeviceLock administrators provide users with special access codes over the phone. These codes will unlock DeviceLock and enable temporary access to requested devices. Two new administration tools have also been added to support this function: "Temporary White List Administration Tool" and "Certificate Generation Tool". Also, the Control Panel applet "Temporary White List Authorization Tool" installs on computers running DeviceLock Service. - Now you can define a discrete list of accounts that are able to administer (install, uninstall, modify permissions and other settings, etc.) DeviceLock. Even users with local administrator privileges can't disable DeviceLock Service or remove it from their computers, if they are not in this list of DeviceLock administrators. - The USB White List now supports devices with unique serial numbers, so you can now allow access to a unique device and lock out all others, as long as the device vendor assigns serial numbers to its products individually. - You can now define a custom message to be displayed to users when a denied attempt is made to plug in a USB or FireWire device. - In DeviceLock Enterprise Manager you can now browse the LDAP tree and select computers for processing directly from directory services (such as MS Active Directory, Novell eDirectory, Open LDAP, etc.). - The new interface for DeviceLock Group Policy Manager. Now it allows you to set parameters to the "not configured" state. - Added the "Set Default" button on the "Audit" dialog. It allows you to add predefined accounts (Everyone and Users) to the auditing list. - There is now the option to "Enable access control for FireWire storage devices" for situations when you want to lock all non-storage FireWire devices on the port level and control access to storage devices on the Removable type level. - Using the context menu, you can add devices to the USB White List from the plug-in window "Report PnP Devices". What's New in DeviceLock 5.71 (versus 5.7) - Build 85: In DeviceLock Enterprise Manager you can now select computers from Active Directory organizational units (OUs). - Build 85: Now permissions are working correctly for global groups. - Build 85: Fixed bug in the DeviceLock driver. This bug caused BSOD with some USB devices. - Build 85: Eliminated the memory leak in DeviceLock Service on Windows 2000 Professional computers. - Build 85: The minor bug in the "Report Permissions" function is fixed. - A new checkbox "Enable Individual Settings" is available in the "Set Permissions/Auditing" plug-in of DeviceLock Enterprise Manager for when you want to set different permissions and/or audit rules for different types of devices. - Improvements in access control features for CD burners and non-storage USB devices. - There is now the option to "Enable access control for virtual CD-ROMs" for situations when you want to lock CD-ROM drives, but allow user access to software-emulated CDs. - The new audit plug-in, "Report PnP Devices" creates a report showing all USB, FireWire and PCMCIA devices that are or were connected to computers in the network. - The selection of audit types has been extended to include "Full Audit", "Audit Read" and "Audit Write" to provide greater flexibility and resource conservation. - Two new installation parameters have been added for unattended ("silent") setup: you can now define audit rules for devices and accounts with read-only access to devices in the devicelock.ini file; and you can disable the adding of administrators and SYSTEM accounts to a device's permissions list. - Support has been added for the recent Windows 2003 Server Service Pack 1 - Other internal improvements. What's New in DeviceLock 5.7 (versus 5.62) - Added the new function - Auditing. DeviceLock can audit user's activity for a particular device type. This capability allows you to audit activities that belong to a certain user or user group. DeviceLock employs the standard event logging subsystem and writes audit records to the Windows event log so they can be read using any event viewer software (such as EventViewer) as well as with DeviceLock's built-in Audit Log Viewer. - The new management tool is added. DeviceLock Enterprise Manager is a new generation of the "Batch Permissions" function available in DeviceLock Manager. Based on the multithreaded engine, it speeds up all activity - including installation/uninstallation of DeviceLock Service, setting permissions and reporting permissions - making it one of the most powerful management systems for large networks. - Now you can control DeviceLock via Group Policy in an Active Directory domain. DeviceLock Group Policy Manager allows you to manage DeviceLock settings and permissions via Group Policy as an alternative to installing DeviceLock Manager on the server. You can deploy DeviceLock Service and its settings to the entire network using standard policy management tools because Group Policy is a built-in mechanism of Active Directory. DeviceLock Group Policy Manager ships as a separate tool so you need to obtain it from our website. - The read-only access type can be set directly for USB and FireWire ports. However, it affects storage devices only. - Now you can instruct DeviceLock to use a fixed TCP port for the RPC communication between DeviceLock Service and DeviceLock Manager, making it easier to configure a firewall. What's New in DeviceLock 5.62 (versus 5.61) - Added the MSI installation package for DeviceLock Service. Using Group Policy you can install DeviceLock Service on target computers in a AD domain. - Now external USB and FireWire hard drives are recognizing as removable devices instead of hard disks. - Added support for the USB 2.0 on Windows 2000 systems with Service Pack 4. - Fixed problems with the "USB\Unknown" device in the USB White List. - Fixed several problems with the network tree in DeviceLock Manager. What's New in DeviceLock 5.61 (versus 5.6) - Improved support for USB Tokens. - Fixed several problems in the DeviceLock driver. What's New in DeviceLock 5.6 (versus 5.53) - Added support for the USB "white list". The white list allows you to authorize only specific devices that will not be locked regardless of any other settings. - Added the "Report Permissions" function that allows you to generate a report concerning the permissions that have been set. You can see which users are assigned for what device, which parameters in Security Settings are disabled, and what devices are on the USB White List on all the computers across your network. - Now DeviceLock is able to block CD/DVD burning programs (such as Roxio Easy Media Creator) which are using non-standard drivers. - Fixed problem with USB scanners. - Major internal and interface improvements. What's New in DeviceLock 5.53 (versus 5.52) - Now DeviceLock is able to control CDs with the UDF file system. - Improved support of Windows XP Service Pack 2. - Now you can disable access control for serial modems and for USB storage devices. - Fixed several problems with the Bluetooth access control on Windows XP. What's New in DeviceLock 5.52 (versus 5.51) - Now you can define the read-only access type for devices (floppy, removable, CD-ROM, hard disk) to allow the reading of files and directories. - Changes in the user manual and in the help-file. - Major internal improvements. What's New in DeviceLock 5.51 (versus 5.5) - Now you can set permissions for WiFi (802.11) and Bluetooth adapters. - Added the Security Settings dialog, where you can define additional security parameters for USB and FireWire ports. - Now Setup protects DeviceLock Service by allowing only members of the Administrators group or the SYSTEM account to stop or delete the service. - Changes in the user manual and in the help-file. - An Italian version of the user manual is available for download. What's New in DeviceLock 5.5 (versus 5.02) - DeviceLock now allows you to set permissions for USB, FireWire and infrared ports. - DeviceLock Manager does not try to enumerate all your network at once. Instead it enumerates only requested domains. - Solved conflicts with applications that extensively use COM and LPT ports. - During the Silent setup, you can specify the user or group that should be added to the permissions list for a device. - Better scalability for networks with thousands of computers. - Major internal improvements. - Changes in the interface. - Changes in the user manual and in the help-file. Copyright(c) 1997-2009 DeviceLock, Inc. All rights reserved. DeviceLock is a registered trademark.