Hades: 31.0

Hades (/ˈheɪdiːz/; Ancient Greek: ᾍδης or Άͅδης, Háidēs) was the ancient Greek chthonic god of the underworld, which eventually took his name.
In Greek mythology, Hades was regarded as the oldest son of Cronus and Rhea, although the last son regurgitated by his father. He and his brothers Zeus and Poseidon defeated their father’s generation of gods, the Titans, and claimed rulership over the cosmos.
[Source: https://en.wikipedia.org/wiki/Hades (2017-01-18)]

31.6.1

31.6.1

Available for installation by the support team. 24 Oct 2018
Enhancements
Category Web Filtering When requesting a URL recategorisation, an email is now sent with those details to the Alert email address.
HTTP AV Optimised disk performance with HTTP AV scanning.
Internet Authentication The Active Directory Pass through Authentication Service can now be installed on a Windows member server. You may specify a server other than the AD Server via Configuration > Authentication > Edit AD Plugin > Configure > Pass through server.
Internet Authentication The WMI Passthrough authentication method now allow logins using an account other than the account specified for LDAP. You may specify these credentials via Configuration > Authentication > Edit AD Plugin > Configure > Pass through server.
Internet Authentication You can now use an email address to check username resolutions. This can be found under Configuration > Authentication > Test Authentication.
Reverse Proxy The Reverse proxy has been upgraded to handle larger volumes of incoming connections.
SSL Certificates Added support for trusting uploaded certificates. This is primarily used to allow upstream firewalls to SSL inspect traffic from the CyberHound to gain access to the X-Forwarded-For header for the source IP. The X-Forwarded-For header can be enabled via Configuration > Advanced > Send X-Forwarded-For headers. Firewall SSL Inspection certificates can be uploaded via Configuration > SSL Certificates.
Web Proxy For sites with large Internet links you can now disable the RAM cache completely under Configuration > Web Proxy > Advanced Configuration.
Web Proxy The proxy can be configured to automatically perform certificate revocation checks against Mozilla’s OneCRL list. This can be enabled via Configuration > Web Proxy > HTTPS Inspection. Note: Enabling the certificate revocation checking may slow down HTTPS inspection.
YouTube Cache Added support to the YouTube cache for a new YouTube video format.
Resolutions
ClearView SimpleTextCriteria ClearView rule criteria now evaluates the given regular expression against both the body and the subject.
LiveZone Resolved an issue where LiveZone add quota was not working correctly if the user’s quota was specified as up/down limits rather than a total.
Network Monitoring Resolved an issue with network monitoring so that Apple iCloud usage is now recorded more accurately.
NGFW Resolved an issue where Custom IP lists in NGFW were unable to be edited after creation.
Reporting Resolved an issue where video titles were unable to be retrieved in certain circumstances.
Reporting Resolved an issue where multiple instances of the service which populates the SMTP Block Events data source could be launched, unnecessarily increasing resource utilisation.
SSL Certificates Resolved an issue where a certificate could not be replaced by another with the same Subject Key Identifier.
Major Feature Release
Version 31.6.1 introduces the Cyberhound Google Chrome Extension “ChromeSafe” to provide enhanced filtering and protection of Google Chromebooks both on and off the network.
Download The ChromeSafe Extension can be downloaded from the Cyberhound UI (.crx format) via Administration > Downloads > ChromeSafe Extension. It is recommended ChromeSafe be distributed using the Google Admin Console. Permissions to add and remove Chrome extensions should me managed by the Google Administrator. It is very strongly advised to disable the Google Developer console on policies with the ChromeSafe extension installed.
Configuration The ChromeSafe configuration file for the Google Admin Console can be downloaded via RoamSafe Agent > ChromeSafe > Download configuration.
Configuration Google ChromeSafe filtering can be enabled or disabled when behind the CyberHound Appliance (LAN). If a Chromebook leaves the network, it will initiate automatically. This can be configured under RoamSafe Agent > ChromeSafe.
Configuration When off the network, the administrator may configure the extension to NOT send any Web filtering or ClearView reporting data to the CyberHound Appliance. Web filtering will work as configured via Access Policies. This can be configured via RoamSafe Agent > ChromeSafe.
Authentication Google Oauth2 has been implemented to authenticate ChromeSafe users based on their Google Domain email address. Information on the setup and configuration of ChromeSafe Authentication can be found in Help Article ID: 260002 within your Cyberhound appliance. It is recommended that ChromeSafe be used in situations where shared use of Chromebooks occurs.
ClearView ClearView (when enabled) will scan search engines including Google, Bing, Yahoo both on and off the network.
Machine Leaning ChromeSafe utilises machine learning to create enhanced client side caches, improving performance and scalability. When enabled, the system will determine commonly accessed sites (group aware) and distribute automatically to the ChromeSafe extension based on policy.

31.5.2.2

31.5.2.2

Available for installation by the support team. 11 September 2018
Resolutions
Network Monitoring Resolved an issue where users watching malformed video content or changing groups at an inopportune time would cause Network Monitoring to not show some events, which caused incongruities with Quota.

31.5.2.1

31.5.2.1

Available for installation. 8 Aug 2018
Enhancements
LiveZone Improved widget loading and user searching performance
Resolutions
Internet Auth Resolved an issue which would occasionally cause the health check system to incorrectly restart the Internet Auth pass-thru queue service every 2 seconds following an auth restart while the auth system is under load.
Dynamic DNS Resolved an issue where the sitekey.chsecure.zone domain would not be updated if the Appliance was unable to contact the dynamic DNS servers directly.

31.5.2

31.5.2

Available for installation by the support team. 29 Jun 2018
Enhancements
Core Platform Changed the way limits were applied to various services, improving system stability and improving performance on large sites.
Core Platform Security and performance updates.
Authentication Added a new pass-through authentication option for domain-bound MS Windows devices, using WMI from the Appliance rather than RRS from the AD server.
HTTP AV Added the ability to whitelist content from HTTP Anti-Virus.
Remote Syslog Module Added the ability to send HTTP-AV alerts via syslog, and improved the UI to select between HTTP-AV, Proxy logs or both for remote syslog. NOTE: This setting is global, it is currently not possible to select this on a per-remote server basis.
Reporting Added a new datasource for HTTP Anti-Virus detections.
Reporting Updated ClearView reports generated by the wizard to reflect current best practice. Please contact your reseller if you would like further training in reporting.
SNMP Added support for 64-bit Interface counters and addition Disk I/O OIDs.
SNMP Access to the SNMP service can now be restricted to specific IPs or Networks. SNMP access is not optionally configurable on the Internet interface.
Resolutions
Access Policies Fixed a conflict between Remote Host Blacklist and Access Policy Exclusions.
Reporting Reporting permissions are now correctly applied as soon as a group is edited, rather than once their cached credentials have expired.
Reporting Resolved an issue exporting to CSV where group exclusions were not being applied in all cases, leading to information from all groups being exported.
Email Greylisting Resolved a memory leak, improving system stability.
HTTP AV Improved performance of HTTP Anti-Virus scanning.

31.4.6

31.4.6

Available for installation. Binary update to the RoamSafe Agent (reboot required). 21 May 2018
Customers using the RoamSafe Agent in certain configurations may be required to do a small piece of housekeeping to ensure a clean transition. The three configuration types are listed below along with what if any action may be required from you:
  1. For customers with conditional DNS forwarders in place for safenetbox.biz domain you will need to add an additional conditional forwarder for the new chsecure.zone domain on your DNS server. 
  2. For customers with the CyberHound configured as the system wide DNS forwarder no action is required.
  3. For customers with the CyberHound configured as the only DNS server no action is required.
Enhancements
Domain Names As part of a system wide DNS upgrade, a new domain chsecure.zone has been introduced. The new domain will serve the CyberHound web interface sitekey.chsecure.zone and additional services such as VPN host names. The current safenetbox.biz will be deprecated in a future release but may continue to be used as is.
Category Web Filtering Added several new Categories to the Category Web Filtering: Terrorism, Cryptocurrency, Cryptocurrency Mining (malicious), Blockchain, Fake News, API’s, Internet of Things, A.I. & M.L.
Site to Site VPN (IPSEC) Added help articles to assist with configuring IPSec SNAT policies
RoamSafe Agent RoamSafe Agent certificate installation now installs inspection certificates in the correct location for FireFox 58+
Resolutions
Core Platform Enhanced memory management with the proxy for enhanced scalability and reliability
ClearView Resolved an issue with ClearView resulting in excessive memory usage when scanning WebSockets content
Setup Wizard In situations when using the wizard to add reporting templates to the CyberHound and the reports already exist, the page no longer displays an error. Any reports or queries from the templates which do not exist are created correctly.

31.3.5.1

31.3.5.1

Available for installation by the support team. 11 May 2018
Enhancements
Domain Names As part of a system wide DNS upgrade, a new domain chsecure.zone has been introduced. The new domain will serve the CyberHound web interface sitekey.chsecure.zone and additional services such as VPN host names. The current safenetbox.biz will be deprecated in a future release but can continue to be used as is.
Categorisation DNS supporting infrastructure has been upgraded for improved performance of cloud based category lookups.
Web Proxy The X-Forwarded-For header option has been added to provide the source IP. This can be accessed via Configuration > Advanced.
SSL Certificates You can now utilise the CH Inspection CA to create valid SSL certificates. This will replace the existing behaviour. Certificate Management can now be accessed via Configuration > SSL Certificates.
Remote Access  IKEv2 remote access SAN certificate support
Resolutions
SSL Certificates Resolved an issue that prevented SSL certificate generation if organisation contact fields aren’t set.

 

31.4.4

31.4.4

Available for installation by the support team. 15 February 2018
Enhancements
Authentication New detailed logging when using 802.1x Authentication using the SYSLOG method.
Site to Site VPN (IPSEC) IPsec tunnels can now bind to a secondary link IP Address.
Site to Site VPN (IPSEC) Added configuration UI for using SNAT on IPSEC tunnels.
Resolutions
Authentication Fixed an error in the Test Authentication page looking up user by IP address, which only printed some of the available data.
Livezone
LiveZone now displays correctly when looking up users with a space character in their username.
Roamsafe Agent
Resolved an issue where the RoamSafe Agent did not successfully upload ClearView event logs correctly.

31.4.3

31.4.3

Available for installation by the support team. 10 January 2018
Enhancements
Administration The download link for the AIM client has been removed.
Configuration Enhanced the validation of values in the Internet Link configuration page.
Roamsafe Agent Enhanced help information for inspection exclusions on Windows clients.
Resolutions
Authentication Fixed an error that could prevent Internet authentication sessions from being terminated after the configured inactivity timeout.
Configuration Fixed an issue with Chrome browsers reporting an error when submitting configuration changes on pages that contain a HTML WYSIWYG widget.
Livezone The Livezone portal can now be configured to be served from a custom domain with a custom certificate.
Roamsafe Agent The Roamsafe Agent uninstall password is now again displayed on the configuration page.

31.4.2

31.4.2

Available for installation by the support team. 7 December 2017
Enhancements

Authentication

Active Directory Passthru Authentication can process RADIUS accounting records sent by Cisco ISE via syslog.
Roamsafe Agent User interface to allow managing MS Windows 8/10 application exclusions.
Resolutions
Authentication Resolved an issue that prevented reordering of authentication plugins.
Web Interface Fix an issue that resulted in sidebar opening sub menus that were not related to the user’s current location.
Update Process Improved reliability for customers using port forwards to access firmware updates.
Livezone Resolved an issue where disabled users would appear in user search results.
SIS Connector Improved validation of data and feedback of encountered problems during configuration and data synchronisation operations.
Reporting Resolved an issue where viewing Host/Username associations would result in an error.

31.4.1

31.4.1

Available for installation by the support team.

Binary update to the RoamSafe Agent (reboot required).

Enhancements
Roamsafe Agent Added support for macOS High Sierra.
Dashboard Added an alert if the Cyberhound needs to be rebooted after a change in the enabled module set.
Network Configuration Added validation to detect configuration of multiple Ethernet or DHCP links on the same parent interface.
ClearView Updated default ClearView rules.
ClearView Added user’s full name to ClearView alerts.
Resolutions
Classroom Control Adjusted handling of YouTube requests to ensure they are allowed as configured in the lesson.
SNMP Resolved an issue where network interface stats were sometimes not reported correctly.
Web Interface Resolved an issue where the appliance’s web interface would not come up when a reverse proxy entry on port 443 was configured.
Configuration Fix errors in the IKEv2, Port Forwards and Reverse Proxy configuration pages.
Reporting Fix sender address in the email distributing reports.
Livezone Gracefully handle incorrect configuration of Web Filtering Policy groups.

31.4

31.4

Available for installation by the support team.

Enhancements
LiveZone LiveZone introduces a new web based framework allowing access to real time Internet usage Dashboards, Classroom Controls, BYOD certificate on-boarding and more. LiveZone can be configured by accessing Configuration > Web Interface > LiveZone Configuration. Detailed information on LiveZone for Teachers, a setup & administration guide and explanatory video can be found here.
LiveZone New LiveZone parent portal allowing parents/guardians to view their child/dependents’ Internet usage and manage Internet access permissions “off campus”. The LiveZone parent portal requires the use of a supported Student Information System (SIS) or MS Active Directory and the installation of a RoamSafe Agent on the device. Integration with Seqta parent portal is fully supported.
SIS Connector Added support for the CyberHound to connect to MS SQL Server based Student Information Systems. The data provides CyberHound with a parent/guardian to child/dependent mapping for use with LiveZone parent portal.
Internet Auth Added support for the customization of the BYOD Certificate installation page presented to users. This can be located at Internet Auth > BYOD Certificate Installation.
Remote Access (IKEv2) Added support for split VPN tunneling.
Advanced Firewall Allow source address restrictions for port forward rules.
Authentication Allow network exclusions for the “Welcome Page”.
Resolutions
Reporting When drilling down in to YouTube analytics from Network Monitoring the query time range will now be preserved.
Network Monitoring Corrected accounting of streaming uploads.
Access Policies Corrected a problem where username and reason was not shown correctly in Access Policies > Blacklisted Hosts.
Reporting Improvements to the graph rendering of scheduled reports.
IPSec Fixed an error in the tunnel list page that prevented it from displaying correctly in languages other than English.

31.3.4

31.3.4

Available for installation by the support team.

Enhancements
Configuration Interface Minor user interface enhancements.

31.3.3

31.3.3

Available for installation by the support team.

Resolutions
YouTube  Cache Adapt YouTube cache to handle recent changes of the YouTube website.

31.3.2

31.3.2

Available for installation by the support team.

Resolutions
VPN Clients connected using IKEv2 remote access can now access other sites connected via the Cyberhound site to site VPN.
Email scanning Messages released from quarantine will now be resent using the original sender address. This can help avoid messages being blocked by third-party spam filtering solutions including Google Mail.
Email Scanning Microsoft Office documents are now scanned by the text match criteria (if configured to do so).
Email Scanning Spam definition updates will now use the upstream proxy if it is configured.
Email Scanning Greylist reverse learning now works correctly when SPF is enabled.
Dashboard The alerts page accessible from the dashboard would incorrectly show no alerts on some sites. This has now been resolved.
Access Policies Enforce SafeSearch no-longer causes Google searches to display Captchas.
Access Policies Using Google G Suite domain restrictions no longer breaks Google Drive.
Reporting If network interface names are changed, this will now be correctly reflected in reports.
Reporting Improved reliability for gathering YouTube Analytics data.
Web Proxy Uploading YouTube videos will now work as expected.

31.3.1

31.3.1

Binary update to the RoamSafe Agent (reboot required).
Available for installation by the support team.

Resolutions
Reverse proxy Fixed HTTPS redirect option for reverse proxy entries.
Email Scanning Fixed identification of Microsoft Office documents in E-mail attachments
Enhancements
Core Platform Security and performance updates.

31.2.4

31.2.4

Available for installation by the support team.

Resolutions
Email Scanning Resolved an issue with whitelist entries not applying immediately to spam filtering.
Web Proxy Resolved an issue with downloading of custom inspection certificates.
Enhancements
Reporting Added a new ClearView welfare report template to be added using the “add suggested reports” function.
Wizard Updated the setup wizard to allow adding policies, rules and reports individually.
Roamsafe Improved performance of Roamsafe with large numbers of simultaneous users.
Lesson override Added support for unicode characters in Classroom Control lesson URLs.

31.2.3

31.2.3

Available for installation.

Resolutions
Reporting Resolved issues with IP address validation in query conditions.
Access Policies Fixed DNS level enforcement of SafeSearch.
Web Proxy Resolved issue with handling of custom SSL inspection certificates.
Enhancements
Intrusion prevention system Improved detection of malicious SMTP and POP3 logins.

31.2.2

31.2.2

Resolutions
Reporting Resolved an issue with migrating queries saved that utilise a time range.
Reporting Changed the unit of measure within the Interface traffic data source and dashboard to always be Bytes per second.
Reporting Added the ability to query specific ports not listed in the suggestions pick list
Reporting Improved behaviour when inputting an E-mail address for reports
Logging Resolved an issue with automatically removing old log files and data.
Enhancements
SNMP Added additional OIDs for actual system uptime and load.
Authentication Performance improvements when restarting during active times

31.2.1

31.2.1

Resolutions
Proxy Resolved an issue where the site inspection certificate was regenerated on installation, if a custom certificate was present on the appliance.
Reporting Fixed an issue with reporting-based frame redirected pages.
Reporting Fixed time graphs in the YouTube Analytics datasource.
SNMP Added additional OIDs.

31.2

31.2

Binary update to the RoamSafe Agent (reboot required).

Resolutions
System Resolved an issue where configuration tasks could fail, if the system time was changed through the NTP service during boot up.
Email scanning Optimised database resource usage of the Email Scanning service.
Enhancements
YouTube Video Title Service This feature uses a new CyberHound YouTube service to retrieve titles and categories of YT videos viewed, enriching data for detailed analytics. Users can further drill down on Network Monitoring youtube.com data into the new YouTube Analytics datasource.
This feature does not require either the YT cache or ClearView modules.
YouTube Analytics Datasource YouTube Video title data collected by the YT Title service are stored in a new YouTube Analytics data source. Queries of this data source can be added to existing or new reports. Video titles are Hyper-linked so that users can click on the video title and it will open that exact video in a new tab.
Web Filtering Google G Suite Domain Enforcement allows an organization to restrict access to specific G Suite domains only. This will block gmail.com. Group exclusions are available to exclude specific groups such as staff.
Web Filtering The new “Header in session” method of YouTube Restricted Mode enforcement allows for group based exclusions for both strict and moderate restricted mode. The DNS method now also allows for moderate restricted mode, but does not support group exclusions.
SNMP Monitoring SNMP Monitoring is now available on the LAN Interface of the CyberHound. SNMP V2 is being used with a community string to access the box. The OIDs that are provided will cover system, CPU, Memory, Network Interface and Disk. This information is available in the corresponding help article.
Configuration Users may now specify their own “From” email address for the sending of reports, alerts and notifications.
Configuration Configuration of custom certificates is now available in the Web Interface and IKEv2 server certificates can now be generated on the same Certificate Manager page.
Reporting Enhanced display of query results table with variable column widths and handling of columns with very long values, e.g. URLs.
 Administration A user now needs a higher level of administration permissions to access the Shutdown and Update functions of the appliance.
Reporting Reports can now be emailed directly from the Generate Report dialog.
Reporting Reporting now offers the ability to run saved queries via URL, authenticating with Basic Auth and retrieving the results as CSV files to aid automated data retrieval and reporting.
RoamSafe VPN Added the ability to disable pass-through authentication for RoamSafe VPN to facilitate bulk device authentication and user authentication via Captive Portal.

31.0.7

31.0.7

Resolutions
Firewall Updated intrusion detection signatures.
Content Acceleration platform Optimised channel handling.

31.0.6

31.0.6

Resolutions
Spam Filtering Resolved an issue where sender white lists were not honoured in all cases.
Reporting Rectified a number of  minor issues in query screens and reporting output.
Configuration Changes to the Content Scanning > General settings can now are now saved correctly – even if the ClearView module is not installed.
Network Monitoring Fixed an issue where group information was incorrect for users with usernames consisting of numerals only.
System Updated the IBM MegaRAID driver.
Proxy Fixed an issue that prevented the “.google” top level domain from being resolved correcly.

31.0.5

31.0.5

Resolutions
Reporting Resolved an issue that could result in an incorrect display of ClearView query results in reports
Reporting Resolved an issue causing certain queries migrated from 30.x to fail
Enhancements
IKEv2 Remote Access Enhance online help information
Configuration Ensure appliance configuration is valid after an update.

31.0.4

31.0.4

Resolutions
IKEv2 Remote Access Resolved an issue where the service would not start if there was no intermediate certificate.
 IKEv2 Remote Access Increased number of threads to allow more simultaneous clients.
Reporting Resolved an issue where entries in the SMTP block events query would be counted multiple times, resulting in inflated statistics.
Reporting Resolved an issue that could result in reports not being sent.
Reporting Queries using network range filters now work correctly.
Reporting Reduce unwanted duplicate queries created during migration from release 30.x
Reporting Resolved an issue causing certain queries migrated from 30.x to never match any results.
Reporting Resolved an issue causing incorrect results in network monitoring when Roamsafe Agents are off the network.
Reporting Network interface graphs now display correctly when more than 5 interfaces are in use.
3rd-party Integrations Integration with Learning Management Systems now works correctly when the web interface is published a non-standard port.
Enhancements
Spam Filtering Added support for additional online spam signature services.
Spam Filtering Added support for the Truncate blacklist.
Spam Filtering Added support for additional malware signatures.

31.0.3

31.0.3

Enhancements
Reporting Added the ability to export query results as CSV files.
Reporting Implemented a number of minor tweaks to the reporting user interface.
Reporting Simplified generation of user or group specific reports.

31.0.2

31.0.2

Enhancements
Reporting Added online help content for the XGEN Reporting.
Reporting Implemented a number of minor tweaks to the reporting user interface.
Reporting Ensure that groups with full “Reporting Administration” permission have access to all data sources.

31.0.1

31.0.1

Resolutions
Reporting Resolved an issue where modified reports could not be saved.
Reporting Resolved an issue that could result in incorrect values  in the “Other” category of result tables.
Reporting Resolved an issue where multiple instances of a report in a schedule were not migrated to the new Reporting correctly.
Spam filtering Resolved an issue with spam filtering configuration migration.
Online Help Resolved an issue where not all help pages were available after an upgrade.

31.0

31.0

Binary update to the RoamSafe Agent (reboot required).

Enhancements
Reporting The reporting functions have been completely reworked and are now all available under the “Reporting” menu item in the side bar. For details refer to XGEN Reporting.
Dashboard The appliance home page is now a dashboard that shows important indicators of the current state of the appliance and the traffic going through it. Release and module information which was previously shown on the home page is now available under Administration > Release Info.
Alerts previously pinned to the home page can now be found in the “Alerts” tile on the Dashboard or under Administration > Current Alerts.
Spam Control The spam filter functions of the appliance have been improved to make use of the latest filtering techniques.
Remote Access VPN Added the ability to create IKEv2 VPN connections with RADIUS authentication.
RoamSafe Agent The software package that facilitates web filtering on Windows and MacOS computers formerly known as BIC agent has been formally renamed to RoamSafe Agent.