Hades: 31.0

Hades (/ˈheɪdiːz/; Ancient Greek: ᾍδης or Άͅδης, Háidēs) was the ancient Greek chthonic god of the underworld, which eventually took his name.
In Greek mythology, Hades was regarded as the oldest son of Cronus and Rhea, although the last son regurgitated by his father. He and his brothers Zeus and Poseidon defeated their father’s generation of gods, the Titans, and claimed rulership over the cosmos.
[Source: https://en.wikipedia.org/wiki/Hades (2017-01-18)]

31.7.9

31.7.9

Available for installation. 8 October 2020
Enhancements
Web Filtering A new, larger Web Categorization database has been implemented to provide enhanced local URL Categorization, reducing cloud lookups and improving performance for customers with CyberHound HR2 hardware.
Resolutions
Classroom Control Resolved an issue with Classroom Control that resulted in some YouTube videos (specifically those using googlevideos.com) to not allow as intended.
Direct Proxy with NTLM authentication Resolved an issue introduced in 31.7.8 detecting NTLM workgroups which caused issues joining certain Domain Controller forests.
LiveZone Resolved an issue with the Certificate Installer Frame not displaying correctly on some browsers.

31.7.8

31.7.8

3 August 2020
Enhancements
Content Scanning The ClearView instant messaging client scanning feature for scanning legacy XMPP based applications has been deprecated.
Resolutions
Classroom Control Resolved an issue where classroom controls were not working as intended for users logged in with their User Principal Name (UPN).
Web Proxy Resolved an issue between the Classroom Control API / Proxy that could sometimes result in “Scanner Error” being displayed for allowed URL’s.

31.7.7

31.7.7

6 July 2020
Enhancements
NGFW Improved Access Policy performance for custom domain lists containing regular expressions.
Internet Auth A new Pass-Through authentication method has been added to support enhanced Single Sign On integrations with Fortigate devices.
Information on how to configure the Pass-Through method can be found in help article ID:151013
Classroom Control When a user authentication session expires, they are now automatically redirected to the login screen.
Resolutions
Category Web Filtering Resolved an issue where errors with the local categorisation daemon were not handled correctly which could result in the need for a manual restart of Firewall services.
Direct Proxy Resolved an issue with the Direct Proxy that could result in some Direct Proxy Network Monitoring data not being recorded correctly.
Backup Restore Increased the file size limits for restoring/importing backup files.

 

31.7.6.1

31.7.6.1

2 June 2020
Enhancements
Advanced Firewall Added support for handling private IP ranges as part of GeoIP Blocking.
Core System Security improvements.
Web Proxy Resolved an issue where the Web Proxy for customers using External Integrations (e.g. SEQTA, SchoolBox) would occasionally break displaying Scanner Communication Error.
PipePlus Improved dead link detection on busy sites for connections where the first hop (e.g. to router) is up but internet access is unavailable.
YouTube Analytics Improved stability of the titling service.

31.7.6

31.7.6

2 April 2020
Enhancements
Port Forwards Improved performance and handling of port forwards with large port ranges configured.
Certificates The Generate Server Cert feature under Configuration > SSL Certificates will now create certificates which are valid for no longer than 397 days.
Resolutions
ChromeSafe Resolved an issue with server side timeouts that would result in repeated attempts to obtain generated whitelists.
ChromeSafe Resolved a performance related issue by reducing URL caches to a maximum of 500 URL’s entries.
Remote Syslog Resolved an issue with syslog forwarding when both port Forwards and 1:1 NAT logging was enabled.
LiveZone Resolved an issue within LiveZone where user (LDAP) lookups were not honouring group restrictions specified in LDAP active groups resulting in lookup failures.
Port Forwards Resolved an issue where large port forward ranges e.g. 15,000-45,000 would result in large delays when trying to apply configuration changes to the CyberHound.
WebUI Resolved an issue where the Users and Groups and some Network Tool pages were unable to Update.

31.7.5

31.7.5

Binary update to the RoamSafe agent for Mac (reboot required). 28 February 2020
Enhancements
Advanced Firewall Updated the help articles for configuring the Intrusion Prevention System.
Remote Syslog Added support for both plaintext and encrypted syslog on the same port using the remote syslog feature
Core Platform Improved system stability and security.
Resolutions
Advanced Firewall Resolved an issue which limited GeoIP rules to a maximum of 15 countries.
BYOD Cert Installer Signed the BYOD Certificate Installer for MacOS 10.15.2+
ChromeSafe Agent Resolved issues affecting reporting between the ChromeSafe agent and Appliance.
RoamSafe Agent for Mac Resolved an issue where HTTPS inspection on the Agent while off-network did not correctly resign certificates using Elliptic Curve ciphers or SHA384 hashes.
RoamSafe Agent for Mac Resolved an issue where certificates were being cached for longer than they were valid in certain circumstances.
RoamSafe Agent for Mac Signed the Agent Uninstaller for MacOS 10.15.2+
Web Interface Resolved issues within the WebUI where it was impossible to update various forms (e.g. Edit Groups).
Known Issues
Port Forwards The use of large Port Forward ranges causes unexpected errors. Users with large (>100 ports total) port ranges should upgrade to 31.7.6 or greater when available. The use of 1:1 NAT’s can also be used in certain circumstances.

31.7.4

31.7.4

21 January 2020
Enhancements
Advanced Firewall GeoIP blocking no longer requires the Rule-Based IPS engine.
Reporting Improved performance of YouTube Analytics queries.
Resolutions
ClearView Resolved an issue where ClearView events were being deleted using the time for Email Monitoring events, rather than their configured time.
Web Proxy Resolved an issue where certificates were being cached for longer than they were valid in certain circumstances.
Web Interface Resolved a bug which could cause the Web Interface to not start if a LAN interface is unplugged when the box starts.
Web Interface Resolved an issue where Unicode characters in Port Forward comments could render the page unviewable.
YouTube Cache Improved handling of non-video pages, which now allows Channel pages to be served correctly.
Logging Resolved an issue with log rotation for HTTP Anti-Virus logs.
Dashboard Resolved an issue where Critical Alerts would not be shown on the Dashboard.
Reporting Resolved an issue where the Delete button of the Certificate Check report would redirect to <sitekey>.chsecure.zone regardless of the domain it was being accessed from.
Known Issues
Advanced Firewall We are currently limited to 15 countries in each of the Default and SMTP GeoIP block criteria.

31.7.3

31.7.3

29 October 2019
Enhancements
Port Forwards Added a new log view for connections triggering port forward and 1:1 NAT Advanced Firewall rules. You can access the enhanced logs via Administration > View Logs > Port Forwarding.
Remote Logging Added the ability to ship port forward and 1:1 NAT connection logs to third party syslog servers. You can configure this via Configuration > Remote syslog.
Web Proxy The certificate generation service has been enhanced to increase the performance of certificate generation and HTTPS inspection.
Core Platform Security and performance updates.
Resolutions
Roamsafe Agent for Windows Resolved an issue with the signing of the Windows RoamSafe Agent installer, so that it now correctly displays a known publisher of “Cyberhound”

31.7.2

31.7.2

Binary update to the RoamSafe Agent for Mac (reboot required). 3 October 2019
Enhancements
RoamSafe Agent for Mac Added support for MacOS 10.15.
RoamSafe Agent for Mac Added enhanced SSL Application exclusion for the MacOS RoamSafe agents. This can be found via RoamSafe Agent > General.
BYOD Cert Installer Added support for Apple iPadOS into the BYOD certificate installer to correctly identify and install the correct certificate package.
BYOD Cert Installer The cert.localnetwork.zone certificate is now compliant with the new the new Apple iOS 13 and MacOS 10.15 operating systems.
Remote Logging Added TLS security options for the remote syslog service.
Resolutions
Configuration Resolved an issue where a backup/restore process might fail to restore the configuration correctly.
Reverse Proxy Resolved a connection failure issue with the reverse proxy as a result of IPv6 DNS lookups not being handled correctly.
Quota Resolved an issue where applying quota using the API would not log a user out, and thus the additional quota would not apply correctly.

31.7.1.3

31.7.1.3

21 August 2019
Resolutions
Intrusion Prevention System Temporarily halted the system which disables and enables the Rule-based IPS engine based on system load, due to an incorrect load detection algorithm.
Port Forwards Resolved an issue introduced in 31.7.1.2 which caused validation errors for port forward ranges.
RoamSafe Agent for Windows Resolved an issue that resulted in the Agent services not running/starting after an update to either Windows 10 v1809 or v1903.
Known Issues
RoamSafe Agent for Mac OSX There is a known issue installing the agent package provided by this release on Mojave or above. We are currently investigating and hope to have this resolved in 31.7.1.4.

31.7.1.2

31.7.1.2

1 August 2019
Enhancements
Intrusion Prevention System Added a greylist for network addresses to be excluded from being blacklisted by the Intrusion Prevention Systems (IPS). Any malicious traffic from such endpoints will be dropped, but legitimate traffic is unaffected.
Resolutions
Intrusion Prevention System Improved the performance of the Intrusion Prevention Systems (IPS) by removing unnecessary username lookups for GeoIP events.
Intrusion Prevention System Resolved an issue with the Intrusion Prevention Systems (IPS) that resulted in traffic on an Internet Interface which is 1:1 NAT’ed to LAN-side IP to not be scanned correctly.
Authentication Resolved an issue with the Cisco ISE Authentication service where, in the event multipe Cisco ISE servers were specified, some authentication logs would be ignored.
Authentication Added improved handling within the Cisco ISE Authentication service to better facilitate authentication sessions.

31.7.1.1

31.7.1.1

  1 July 2019
Major Feature Release
Version 31.7.1.1 Introduces an all new Intrusion Prevention System (IPS) with enhanced network protections and network data. This feature set requires the CyberHound UTM module set.
Enhancements
Intrusion Prevention System A new flow based Intrusion Prevention System (IPS) has been implemented to actively scan network traffic for malicious activity. The flow based IPS System can be enabled via Advanced Firewall > IPS Configuration > Enable IPS rules engine. More information on the Flow based IPS System can be found in article ID 250001 within the help menu.
Intrusion Prevention System New Intrusion Prevention System (IPS) threat management signatures have been introduced, delivering 12,000+ rules in 9 granular categories with alert, drop, blacklist and ignore actions. IPS rules are distributed via the Superloop Cloud with regular updates to provide enhanced protections. IPS policy configuration can be found via Advanced Firewall > IPS Configuration > Configure Flow Based IPS.
Note: Not all rules are available for all hardware configurations.
Intrusion Prevention System An administrator can manually override specific IPS rule action to allow, block, blacklist or ignore future connections via the Threat Management datasource. You may view rule overrides via Advanced Firewall > IPS Configuration > IPS Rule Overrides.
Intrusion Prevention System You may specify any networks to be excluded from the Intrusion Prevention System (IPS). IPS Network exclusions can be accessed via Advanced Firewall > IPS Configuration > Network Exclusions.
3rd Party Integration The CyberHound UTM now supports Intrusion Prevention System (IPS) integration with HPE Aruba ClearPass network access control system. The integration delivers real time threat management feeds to Aruba ClearPass to automate the enforcement network policy such as quarantining an infected device, or removing a device from the network. A technical configuration guide can be found here. You can enabled the HPE Aruba integration via Advanced Firewall > IPS Configuration > Enable Aruba ClearPass Integration. Note: Integration supports multiple ClearPass servers.
Intrusion Prevention System You may now enforce enhanced GEO IP network protections by restricting access to countries of specified origin with additional protocol based controls. GEO IP management can be accessed via Advanced Firewall > IPS Configuration > Geo IP Management.
Reporting A new dedicated “Threat Management” data source has been added to the XGen reporting system to provide enhanced visibility if threats identified on the network by the Intrusion Prevention System (IPS). This can be accessed via Reporting > Threat Management.
Reporting A new dedicated “GeoIP Events” data source has been added to the XGen reporting system to provide enhanced visibility of threats identified on the network by the Intrusion Prevention System (IPS). This can be accessed via Reporting > GeoIP Events.
Reporting You can now create custom reports using data within the new “Threat Management” and “GeoIP Events” data sources.
Logging A new real time log view of Intrusion Prevention and GEO IP system events can be found via Administration > View Logs > Rule Based IPS.
System An Intrusion Prevention System (IPS) monitoring service has been implemented to measure system resource utilisation and engage an automated, temporary disablement of the IPS service under heavy load.
Remote Logging You may now log ship Intrusion Prevention System (IPS) event logs to a remote syslog server for analysis. This can be enabled via Configuration > Remote Syslog. Note, it is recommended that remote syslog is utilised over a secure network connection.
Resolutions
Reverse Proxy Improved handling in the reverse proxy to not always send the destination port number which has been observed to result in a broken connection to some web applications using a standard port.
Reverse Proxy Resolved an issue with reverse proxying a resource which requires a HTTP authentication method.
Access Policies Resolved an issue with “Don’t record blocks” not working as intended within Access Policies.
Email Resolved an issue with bounce emails being rejected by Gmail.
HTTP AV Resolved an issue that could stop the HTTP-AV service from starting correctly.

 

31.7.0.5.1

31.7.0.5.1

31 May 2019
Enhancements
Access Policies Added support for Bing Safesearch enforcement using the DNS method. This allows Safesearch to be enforced for the Bing search engine when HTTPS inspection is disabled.
Certificates You can now generate Certificate Signing Requests (for creating an intermediate CA to use for HTTPS inspection) from the Certificate page under Configuration > SSL Certificates.
Resolutions
Web Interface Resolved an issue where web UI was not immediately available on newly added local IP addresses.
Web Interface Resolved an issue with the System Analysis dashboard widget that incorrectly displayed alert counts.
Web Interface Resolved an issues with the Active Directory configuration group filters that could result in user group membership being displayed incorrectly within “update and test settings” page. It will now only show members of the filtered groups.
Web Interface Fixed an issue that resulted in the web management interface to be inaccessible when a custom LiveZone domain name was configured.
Certificates Resolved an issue where LAN-side clients accessing the web management interface using sitekey.chsecure.zone were incorrectly served the SSL certificate for localnetwork.zone.
Networking Resolved an issue where disabling the WebUI on the Internet interface did not apply correctly when the device CyberHound was moved to bridge mode.
IPSec Resolved an issue where Active Directory passthrough authentication failed if there is a broken IPsec connection.
Logging Resolved an issue that could incorrectly display “hash is full” errors in IPS logs.
Logging Resolved an issue that could incorrectly display blacklisting in the IPS logs when Bruteforce detection was disabled.
Reverse Proxy Resolved an issue reverse-proxying to Active Directory Federated Services endpoints.
Internet Auth Resolved an issue for iOS devices where showing the certificate installer page in the Captive Portal Detection environment would incorrectly record that the device has the certificate installed.

31.7.0.4

31.7.0.4

10 April 2019
Enhancements
AuthenticationImproved the scalability and performance of Internet Authentication service to provide a significant increase to the number of new authenticated user sessions per minute.
Web ProxyOptimised resource use of the Web Proxy to provide a modest stability increase under heavy load.
Resolutions
LiveZoneResolved an issue that resulted in AD groups being unable to be removed from within a LiveZone profile.
ClearViewResolved an issue (due to recent changes made by Google) scanning Google Hangout conversations.
ChromeSafeResolved an issue where some images embedded in Google Docs from the local file system (filesystem:https://docs.google.com/…) did not render correctly.
Access PoliciesResolved an issue that caused Google Voice to Text to fail when Google domain restrictions were enforced. (The voice to text service responds with an undocumented error when passed the X-GoogApps-Allowed-Domains header).
Packet CaptureResolved an issue that could result in a timeout error occurring when running a packet capture to screen.
Link TestsResolved and issue with the link tests not working correctly that could also result in PipePlus not failing over correctly during an WAN circuit outage.
User InterfaceResolved an issue where password fields became corrupt when applying changes to a page where no configuration was changed.
RoamSafe AgentResolved an issue which would stop the Windows Agent being installed on machines which have not had an agent installed previously.

31.7.0.3

31.7.0.3

Available for installation by the support team. 14 March 2019
Enhancements
Authentication Added a new Authenticaton plugin to faciltate the use of a UPN (User-Principal-Name) with Internet Auth rather than samAccountName. This can be enable via Configuration > Authentication > Add Authentication Plugin. UPN is currently not supported on RoamSafe Agents or Direct Proxy.
Resolutions
Logs Resolved an issue where the Web Management logs IP address was recorded incorrectly.

31.7.0.2

31.7.0.2

Available for installation by the support team. 1 March 2019
Enhancements
Authentication CyberHound local User Accounts now support Google Oauth for use with the ChromeSafe Extension. A Google mail addresses may now placed in Edit User > Primary Email Address field and be included as part of the CSV upload facility.
Logging The retention period for Web Management logs has been extended to 3 years.
Logging Web Management logs may now be shipped to external systems using remote syslog feature under Configuration > Remote syslog.
ChromeSafe Extension The ChromeSafe download link has been added to the ChromeSafe configuration page.
Reporting Added an option to select all columns in the Edit Query screen.
Resolutions
Dashboard Resolved an issue where names on Interface Bandwidth widgets were not being displayed correctly.
Dashboard Resolved an issue where the dashboard did not display correctly when the Appliance was in bridge mode.
Dashboard Resolved an issue that limited the number of available network interfaces for use in dashboard tiles to 6.
Web Interface Resolved an issue that resulted in the Web User Interface being accessible via the public IP despite being set to disabled from the Internet.
Web Interface Resolved an issue which caused localnetwork.zone sites to present only their leaf SSL certificate, rather than the full certificate chain.
Web Interface Resolved an issue where custom domains configured for the web user interface did not to redirect to https:// correctly.
Reverse Proxy Resolved an issue to improved reverse proxy behaviour with upstream web servers that don’t merge forward slashes.
Reverse Proxy Resolved an issue where sometimes the host name was not being added to the upstream request, resulting in SNI failures.
Reverse Proxy Resolved an issue that could result in broken connections via the reverse proxy where hostnames were very long (thisisanexampleonly.example.myschool.qld.edu.au).
ChromeSafe Extension Resolved an issue that resulted in the ChromeSafe Extension failing when it was unable to retrieve the ChromeSafe whitelist from the Appliance after authentication.

31.7

31.7

Available for installation by the support team. 14 Dec 2018
Major Feature Release
Version 31.7 introduces a new dashboard, as well as a portal for students to report bullying and other antisocial behaviour.
Dashboard A new dashboard has been introduced offering greater visibility of key data and visualisation customisation enhancements.
Group Permissions Added new permissions to control dashboard visibility. Administrators should recheck all group permissions to ensure that all users have the correct access.
LiveZone/SpeakUp The LiveZone portal has been enhanced with the introduction of SpeakUp, a platform built to assist students register incidents of bullying, threatening behaviour, self harm and more. Detailed information on SpeakUp can be found here. To enable SpeakUp within a LiveZone profile go to Configuration > Web Interface > LiveZone > Edit profile. Set Show SpeakUp to Yes. SpeakUp is configurable per profile.
LiveZone/SpeakUp Email notifications may be sent to users when a new SpeakUp event is created. To configure email alerts go to Configuration > Web Interface > Livezone > Edit profile and enter an email into the SpeakUp email address field when SpeakUp is enabled.
Reporting A SpeakUp Events datasource has been added for storing SpeakUp entries. To enable permissions for this datasource go to Manage Groups > Edit Group > Datasource permissions and enable.

31.5.3

31.5.3

Available for installation by the support team. 14 December 2018
Enhancements
Log Viewer Web Interface log retention increased from the current default of up to 4 weeks to up to 3 years.

31.6.3

31.6.3

Available for installation by the support team. 14 December 2018
Enhancements
Web Interface HTTPS is enabled by default for the web UI and all *.localnetwork.zone requests are automatically redirected to HTTPS. HTTP WebUI will be deprecated in a future release.
Resolutions
Administration Test configuration page no longer fails when behind an upstream proxy.
Network Monitoring Resolved an issue which would cause Network Monitoring not to record upload usage for HTTPS traffic bypassed from inspection.

31.6.2.1

31.6.2.1

Available for installation by the support team. 4 December 2018
Enhancements
Access Policies The default Access Policy configuration has been updated to reflect best practice in security configuration. This can be accessed when adding access policies via the Setup Wizard if required
Resolutions
Roamsafe VPN Resolved an issue where changes to which subnets have passthrough authentication enabled would only apply after a reboot.
802.1x RADIUS Resolved an issue with 802.1x passthrough authentication ignoring RADIUS packets without the Called-Station-ID attribute. This is relevant to wired 802.1x environments only.
Reverse Proxy Resolved an issue with the Reverse Proxy not supplying intermediate certificates correctly.
Log View Resolved an issue that resulted in the Log View being slow or occasionally becoming non-responsive.

31.6.1

31.6.1

Available for installation by the support team. 24 Oct 2018
Enhancements
Category Web Filtering When requesting a URL recategorisation, an email is now sent with those details to the Alert email address.
HTTP AV Optimised disk performance with HTTP AV scanning.
Internet Authentication The Active Directory Pass through Authentication Service can now be installed on a Windows member server. You may specify a server other than the AD Server via Configuration > Authentication > Edit AD Plugin > Configure > Pass through server.
Internet Authentication The WMI Passthrough authentication method now allow logins using an account other than the account specified for LDAP. You may specify these credentials via Configuration > Authentication > Edit AD Plugin > Configure > Pass through server.
Internet Authentication You can now use an email address to check username resolutions. This can be found under Configuration > Authentication > Test Authentication.
Reverse Proxy The Reverse proxy has been upgraded to handle larger volumes of incoming connections.
SSL Certificates Added support for trusting uploaded certificates. This is primarily used to allow upstream firewalls to SSL inspect traffic from the CyberHound to gain access to the X-Forwarded-For header for the source IP. The X-Forwarded-For header can be enabled via Configuration > Advanced > Send X-Forwarded-For headers. Firewall SSL Inspection certificates can be uploaded via Configuration > SSL Certificates.
Web Proxy For sites with large Internet links you can now disable the RAM cache completely under Configuration > Web Proxy > Advanced Configuration.
Web Proxy The proxy can be configured to automatically perform certificate revocation checks against Mozilla’s OneCRL list. This can be enabled via Configuration > Web Proxy > HTTPS Inspection. Note: Enabling the certificate revocation checking may slow down HTTPS inspection.
YouTube Cache Added support to the YouTube cache for a new YouTube video format.
Resolutions
ClearView SimpleTextCriteria ClearView rule criteria now evaluates the given regular expression against both the body and the subject.
LiveZone Resolved an issue where LiveZone add quota was not working correctly if the user’s quota was specified as up/down limits rather than a total.
Network Monitoring Resolved an issue with network monitoring so that Apple iCloud usage is now recorded more accurately.
NGFW Resolved an issue where Custom IP lists in NGFW were unable to be edited after creation.
Reporting Resolved an issue where video titles were unable to be retrieved in certain circumstances.
Reporting Resolved an issue where multiple instances of the service which populates the SMTP Block Events data source could be launched, unnecessarily increasing resource utilisation.
SSL Certificates Resolved an issue where a certificate could not be replaced by another with the same Subject Key Identifier.
Major Feature Release
Version 31.6.1 introduces the Cyberhound Google Chrome Extension “ChromeSafe” to provide enhanced filtering and protection of Google Chromebooks both on and off the network.
Download The ChromeSafe Extension can be downloaded from the Cyberhound UI (.crx format) via Administration > Downloads > ChromeSafe Extension. It is recommended ChromeSafe be distributed using the Google Admin Console. Permissions to add and remove Chrome extensions should me managed by the Google Administrator. It is very strongly advised to disable the Google Developer console on policies with the ChromeSafe extension installed.
Configuration The ChromeSafe configuration file for the Google Admin Console can be downloaded via RoamSafe Agent > ChromeSafe > Download configuration.
Configuration Google ChromeSafe filtering can be enabled or disabled when behind the CyberHound Appliance (LAN). If a Chromebook leaves the network, it will initiate automatically. This can be configured under RoamSafe Agent > ChromeSafe.
Configuration When off the network, the administrator may configure the extension to NOT send any Web filtering or ClearView reporting data to the CyberHound Appliance. Web filtering will work as configured via Access Policies. This can be configured via RoamSafe Agent > ChromeSafe.
Authentication Google Oauth2 has been implemented to authenticate ChromeSafe users based on their Google Domain email address. Information on the setup and configuration of ChromeSafe Authentication can be found in Help Article ID: 260002 within your Cyberhound appliance. It is recommended that ChromeSafe be used in situations where shared use of Chromebooks occurs.
ClearView ClearView (when enabled) will scan search engines including Google, Bing, Yahoo both on and off the network.
Machine Leaning ChromeSafe utilises machine learning to create enhanced client side caches, improving performance and scalability. When enabled, the system will determine commonly accessed sites (group aware) and distribute automatically to the ChromeSafe extension based on policy.

31.5.2.3

31.5.2.3

Available for installation. 24 October 2018

 

Enhancements
Authentication Added support to use different AD user credentials for WMI pass through authentication. Updated help articles have been added to assist with WMI configuration
HTTP-AV Improved performance throughput of the HTTP AV Engine when scanning large file sizes
Resolutions
Access Policies Resolved an issue where IP lists were unable to be edited and or saved.

31.5.2.2

31.5.2.2

Available for installation by the support team. 11 September 2018
Resolutions
Network Monitoring Resolved an issue where users watching malformed video content or changing groups at an inopportune time would cause Network Monitoring to not show some events, which caused incongruities with Quota.

31.5.2.1

31.5.2.1

Available for installation. 8 Aug 2018
Enhancements
LiveZone Improved widget loading and user searching performance
Resolutions
Internet Auth Resolved an issue which would occasionally cause the health check system to incorrectly restart the Internet Auth pass-thru queue service every 2 seconds following an auth restart while the auth system is under load.
Dynamic DNS Resolved an issue where the sitekey.chsecure.zone domain would not be updated if the Appliance was unable to contact the dynamic DNS servers directly.

31.5.2

31.5.2

Available for installation by the support team. 29 Jun 2018
Enhancements
Core Platform Changed the way limits were applied to various services, improving system stability and improving performance on large sites.
Core Platform Security and performance updates.
Authentication Added a new pass-through authentication option for domain-bound MS Windows devices, using WMI from the Appliance rather than RRS from the AD server.
HTTP AV Added the ability to whitelist content from HTTP Anti-Virus.
Remote Syslog Module Added the ability to send HTTP-AV alerts via syslog, and improved the UI to select between HTTP-AV, Proxy logs or both for remote syslog. NOTE: This setting is global, it is currently not possible to select this on a per-remote server basis.
Reporting Added a new datasource for HTTP Anti-Virus detections.
Reporting Updated ClearView reports generated by the wizard to reflect current best practice. Please contact your reseller if you would like further training in reporting.
SNMP Added support for 64-bit Interface counters and addition Disk I/O OIDs.
SNMP Access to the SNMP service can now be restricted to specific IPs or Networks. SNMP access is not optionally configurable on the Internet interface.
Resolutions
Access Policies Fixed a conflict between Remote Host Blacklist and Access Policy Exclusions.
Reporting Reporting permissions are now correctly applied as soon as a group is edited, rather than once their cached credentials have expired.
Reporting Resolved an issue exporting to CSV where group exclusions were not being applied in all cases, leading to information from all groups being exported.
Email Greylisting Resolved a memory leak, improving system stability.
HTTP AV Improved performance of HTTP Anti-Virus scanning.

31.4.6

31.4.6

Available for installation. Binary update to the RoamSafe Agent (reboot required). 21 May 2018
Customers using the RoamSafe Agent in certain configurations may be required to do a small piece of housekeeping to ensure a clean transition. The three configuration types are listed below along with what if any action may be required from you:
  1. For customers with conditional DNS forwarders in place for safenetbox.biz domain you will need to add an additional conditional forwarder for the new chsecure.zone domain on your DNS server. 
  2. For customers with the CyberHound configured as the system wide DNS forwarder no action is required.
  3. For customers with the CyberHound configured as the only DNS server no action is required.
Enhancements
Domain Names As part of a system wide DNS upgrade, a new domain chsecure.zone has been introduced. The new domain will serve the CyberHound web interface sitekey.chsecure.zone and additional services such as VPN host names. The current safenetbox.biz will be deprecated in a future release but may continue to be used as is.
Category Web Filtering Added several new Categories to the Category Web Filtering: Terrorism, Cryptocurrency, Cryptocurrency Mining (malicious), Blockchain, Fake News, API’s, Internet of Things, A.I. & M.L.
Site to Site VPN (IPSEC) Added help articles to assist with configuring IPSec SNAT policies
RoamSafe Agent RoamSafe Agent certificate installation now installs inspection certificates in the correct location for FireFox 58+
Resolutions
Core Platform Enhanced memory management with the proxy for enhanced scalability and reliability
ClearView Resolved an issue with ClearView resulting in excessive memory usage when scanning WebSockets content
Setup Wizard In situations when using the wizard to add reporting templates to the CyberHound and the reports already exist, the page no longer displays an error. Any reports or queries from the templates which do not exist are created correctly.

31.3.5.1

31.3.5.1

Available for installation by the support team. 11 May 2018
Enhancements
Domain Names As part of a system wide DNS upgrade, a new domain chsecure.zone has been introduced. The new domain will serve the CyberHound web interface sitekey.chsecure.zone and additional services such as VPN host names. The current safenetbox.biz will be deprecated in a future release but can continue to be used as is.
Categorisation DNS supporting infrastructure has been upgraded for improved performance of cloud based category lookups.
Web Proxy The X-Forwarded-For header option has been added to provide the source IP. This can be accessed via Configuration > Advanced.
SSL Certificates You can now utilise the CH Inspection CA to create valid SSL certificates. This will replace the existing behaviour. Certificate Management can now be accessed via Configuration > SSL Certificates.
Remote Access  IKEv2 remote access SAN certificate support
Resolutions
SSL Certificates Resolved an issue that prevented SSL certificate generation if organisation contact fields aren’t set.

 

31.4.4

31.4.4

Available for installation by the support team. 15 February 2018
Enhancements
Authentication New detailed logging when using 802.1x Authentication using the SYSLOG method.
Site to Site VPN (IPSEC) IPsec tunnels can now bind to a secondary link IP Address.
Site to Site VPN (IPSEC) Added configuration UI for using SNAT on IPSEC tunnels.
Resolutions
Authentication Fixed an error in the Test Authentication page looking up user by IP address, which only printed some of the available data.
Livezone
LiveZone now displays correctly when looking up users with a space character in their username.
Roamsafe Agent
Resolved an issue where the RoamSafe Agent did not successfully upload ClearView event logs correctly.

31.4.3

31.4.3

Available for installation by the support team. 10 January 2018
Enhancements
Administration The download link for the AIM client has been removed.
Configuration Enhanced the validation of values in the Internet Link configuration page.
Roamsafe Agent Enhanced help information for inspection exclusions on Windows clients.
Resolutions
Authentication Fixed an error that could prevent Internet authentication sessions from being terminated after the configured inactivity timeout.
Configuration Fixed an issue with Chrome browsers reporting an error when submitting configuration changes on pages that contain a HTML WYSIWYG widget.
Livezone The Livezone portal can now be configured to be served from a custom domain with a custom certificate.
Roamsafe Agent The Roamsafe Agent uninstall password is now again displayed on the configuration page.

31.4.2

31.4.2

Available for installation by the support team. 7 December 2017
Enhancements

Authentication

Active Directory Passthru Authentication can process RADIUS accounting records sent by Cisco ISE via syslog.
Roamsafe Agent User interface to allow managing MS Windows 8/10 application exclusions.
Resolutions
Authentication Resolved an issue that prevented reordering of authentication plugins.
Web Interface Fix an issue that resulted in sidebar opening sub menus that were not related to the user’s current location.
Update Process Improved reliability for customers using port forwards to access firmware updates.
Livezone Resolved an issue where disabled users would appear in user search results.
SIS Connector Improved validation of data and feedback of encountered problems during configuration and data synchronisation operations.
Reporting Resolved an issue where viewing Host/Username associations would result in an error.

31.4.1

31.4.1

Available for installation by the support team.

Binary update to the RoamSafe Agent (reboot required).

Enhancements
Roamsafe Agent Added support for macOS High Sierra.
Dashboard Added an alert if the Cyberhound needs to be rebooted after a change in the enabled module set.
Network Configuration Added validation to detect configuration of multiple Ethernet or DHCP links on the same parent interface.
ClearView Updated default ClearView rules.
ClearView Added user’s full name to ClearView alerts.
Resolutions
Classroom Control Adjusted handling of YouTube requests to ensure they are allowed as configured in the lesson.
SNMP Resolved an issue where network interface stats were sometimes not reported correctly.
Web Interface Resolved an issue where the appliance’s web interface would not come up when a reverse proxy entry on port 443 was configured.
Configuration Fix errors in the IKEv2, Port Forwards and Reverse Proxy configuration pages.
Reporting Fix sender address in the email distributing reports.
Livezone Gracefully handle incorrect configuration of Web Filtering Policy groups.

31.4

31.4

Available for installation by the support team.

Enhancements
LiveZone LiveZone introduces a new web based framework allowing access to real time Internet usage Dashboards, Classroom Controls, BYOD certificate on-boarding and more. LiveZone can be configured by accessing Configuration > Web Interface > LiveZone Configuration. Detailed information on LiveZone for Teachers, a setup & administration guide and explanatory video can be found here.
LiveZone New LiveZone parent portal allowing parents/guardians to view their child/dependents’ Internet usage and manage Internet access permissions “off campus”. The LiveZone parent portal requires the use of a supported Student Information System (SIS) or MS Active Directory and the installation of a RoamSafe Agent on the device. Integration with Seqta parent portal is fully supported.
SIS Connector Added support for the CyberHound to connect to MS SQL Server based Student Information Systems. The data provides CyberHound with a parent/guardian to child/dependent mapping for use with LiveZone parent portal.
Internet Auth Added support for the customization of the BYOD Certificate installation page presented to users. This can be located at Internet Auth > BYOD Certificate Installation.
Remote Access (IKEv2) Added support for split VPN tunneling.
Advanced Firewall Allow source address restrictions for port forward rules.
Authentication Allow network exclusions for the “Welcome Page”.
Resolutions
Reporting When drilling down in to YouTube analytics from Network Monitoring the query time range will now be preserved.
Network Monitoring Corrected accounting of streaming uploads.
Access Policies Corrected a problem where username and reason was not shown correctly in Access Policies > Blacklisted Hosts.
Reporting Improvements to the graph rendering of scheduled reports.
IPSec Fixed an error in the tunnel list page that prevented it from displaying correctly in languages other than English.

31.3.4

31.3.4

Available for installation by the support team.

Enhancements
Configuration Interface Minor user interface enhancements.

31.3.3

31.3.3

Available for installation by the support team.

Resolutions
YouTube  Cache Adapt YouTube cache to handle recent changes of the YouTube website.

31.3.2

31.3.2

Available for installation by the support team.

Resolutions
VPN Clients connected using IKEv2 remote access can now access other sites connected via the Cyberhound site to site VPN.
Email scanning Messages released from quarantine will now be resent using the original sender address. This can help avoid messages being blocked by third-party spam filtering solutions including Google Mail.
Email Scanning Microsoft Office documents are now scanned by the text match criteria (if configured to do so).
Email Scanning Spam definition updates will now use the upstream proxy if it is configured.
Email Scanning Greylist reverse learning now works correctly when SPF is enabled.
Dashboard The alerts page accessible from the dashboard would incorrectly show no alerts on some sites. This has now been resolved.
Access Policies Enforce SafeSearch no-longer causes Google searches to display Captchas.
Access Policies Using Google G Suite domain restrictions no longer breaks Google Drive.
Reporting If network interface names are changed, this will now be correctly reflected in reports.
Reporting Improved reliability for gathering YouTube Analytics data.
Web Proxy Uploading YouTube videos will now work as expected.

31.3.1

31.3.1

Binary update to the RoamSafe Agent (reboot required).
Available for installation by the support team.

Resolutions
Reverse proxy Fixed HTTPS redirect option for reverse proxy entries.
Email Scanning Fixed identification of Microsoft Office documents in E-mail attachments
Enhancements
Core Platform Security and performance updates.

31.2.4

31.2.4

Available for installation by the support team.

Resolutions
Email Scanning Resolved an issue with whitelist entries not applying immediately to spam filtering.
Web Proxy Resolved an issue with downloading of custom inspection certificates.
Enhancements
Reporting Added a new ClearView welfare report template to be added using the “add suggested reports” function.
Wizard Updated the setup wizard to allow adding policies, rules and reports individually.
Roamsafe Improved performance of Roamsafe with large numbers of simultaneous users.
Lesson override Added support for unicode characters in Classroom Control lesson URLs.

31.2.3

31.2.3

Available for installation.

Resolutions
Reporting Resolved issues with IP address validation in query conditions.
Access Policies Fixed DNS level enforcement of SafeSearch.
Web Proxy Resolved issue with handling of custom SSL inspection certificates.
Enhancements
Intrusion prevention system Improved detection of malicious SMTP and POP3 logins.

31.2.2

31.2.2

Resolutions
Reporting Resolved an issue with migrating queries saved that utilise a time range.
Reporting Changed the unit of measure within the Interface traffic data source and dashboard to always be Bytes per second.
Reporting Added the ability to query specific ports not listed in the suggestions pick list
Reporting Improved behaviour when inputting an E-mail address for reports
Logging Resolved an issue with automatically removing old log files and data.
Enhancements
SNMP Added additional OIDs for actual system uptime and load.
Authentication Performance improvements when restarting during active times

31.2.1

31.2.1

Resolutions
Proxy Resolved an issue where the site inspection certificate was regenerated on installation, if a custom certificate was present on the appliance.
Reporting Fixed an issue with reporting-based frame redirected pages.
Reporting Fixed time graphs in the YouTube Analytics datasource.
SNMP Added additional OIDs.

31.2

31.2

Binary update to the RoamSafe Agent (reboot required).

Resolutions
System Resolved an issue where configuration tasks could fail, if the system time was changed through the NTP service during boot up.
Email scanning Optimised database resource usage of the Email Scanning service.
Enhancements
YouTube Video Title Service This feature uses a new CyberHound YouTube service to retrieve titles and categories of YT videos viewed, enriching data for detailed analytics. Users can further drill down on Network Monitoring youtube.com data into the new YouTube Analytics datasource.
This feature does not require either the YT cache or ClearView modules.
YouTube Analytics Datasource YouTube Video title data collected by the YT Title service are stored in a new YouTube Analytics data source. Queries of this data source can be added to existing or new reports. Video titles are Hyper-linked so that users can click on the video title and it will open that exact video in a new tab.
Web Filtering Google G Suite Domain Enforcement allows an organization to restrict access to specific G Suite domains only. This will block gmail.com. Group exclusions are available to exclude specific groups such as staff.
Web Filtering The new “Header in session” method of YouTube Restricted Mode enforcement allows for group based exclusions for both strict and moderate restricted mode. The DNS method now also allows for moderate restricted mode, but does not support group exclusions.
SNMP Monitoring SNMP Monitoring is now available on the LAN Interface of the CyberHound. SNMP V2 is being used with a community string to access the box. The OIDs that are provided will cover system, CPU, Memory, Network Interface and Disk. This information is available in the corresponding help article.
Configuration Users may now specify their own “From” email address for the sending of reports, alerts and notifications.
Configuration Configuration of custom certificates is now available in the Web Interface and IKEv2 server certificates can now be generated on the same Certificate Manager page.
Reporting Enhanced display of query results table with variable column widths and handling of columns with very long values, e.g. URLs.
 Administration A user now needs a higher level of administration permissions to access the Shutdown and Update functions of the appliance.
Reporting Reports can now be emailed directly from the Generate Report dialog.
Reporting Reporting now offers the ability to run saved queries via URL, authenticating with Basic Auth and retrieving the results as CSV files to aid automated data retrieval and reporting.
RoamSafe VPN Added the ability to disable pass-through authentication for RoamSafe VPN to facilitate bulk device authentication and user authentication via Captive Portal.

31.0.7

31.0.7

Resolutions
Firewall Updated intrusion detection signatures.
Content Acceleration platform Optimised channel handling.

31.0.6

31.0.6

Resolutions
Spam Filtering Resolved an issue where sender white lists were not honoured in all cases.
Reporting Rectified a number of  minor issues in query screens and reporting output.
Configuration Changes to the Content Scanning > General settings can now are now saved correctly – even if the ClearView module is not installed.
Network Monitoring Fixed an issue where group information was incorrect for users with usernames consisting of numerals only.
System Updated the IBM MegaRAID driver.
Proxy Fixed an issue that prevented the “.google” top level domain from being resolved correcly.

31.0.5

31.0.5

Resolutions
Reporting Resolved an issue that could result in an incorrect display of ClearView query results in reports
Reporting Resolved an issue causing certain queries migrated from 30.x to fail
Enhancements
IKEv2 Remote Access Enhance online help information
Configuration Ensure appliance configuration is valid after an update.

31.0.4

31.0.4

Resolutions
IKEv2 Remote Access Resolved an issue where the service would not start if there was no intermediate certificate.
 IKEv2 Remote Access Increased number of threads to allow more simultaneous clients.
Reporting Resolved an issue where entries in the SMTP block events query would be counted multiple times, resulting in inflated statistics.
Reporting Resolved an issue that could result in reports not being sent.
Reporting Queries using network range filters now work correctly.
Reporting Reduce unwanted duplicate queries created during migration from release 30.x
Reporting Resolved an issue causing certain queries migrated from 30.x to never match any results.
Reporting Resolved an issue causing incorrect results in network monitoring when Roamsafe Agents are off the network.
Reporting Network interface graphs now display correctly when more than 5 interfaces are in use.
3rd-party Integrations Integration with Learning Management Systems now works correctly when the web interface is published a non-standard port.
Enhancements
Spam Filtering Added support for additional online spam signature services.
Spam Filtering Added support for the Truncate blacklist.
Spam Filtering Added support for additional malware signatures.

31.0.3

31.0.3

Enhancements
Reporting Added the ability to export query results as CSV files.
Reporting Implemented a number of minor tweaks to the reporting user interface.
Reporting Simplified generation of user or group specific reports.

31.0.2

31.0.2

Enhancements
Reporting Added online help content for the XGEN Reporting.
Reporting Implemented a number of minor tweaks to the reporting user interface.
Reporting Ensure that groups with full “Reporting Administration” permission have access to all data sources.

31.0.1

31.0.1

Resolutions
Reporting Resolved an issue where modified reports could not be saved.
Reporting Resolved an issue that could result in incorrect values  in the “Other” category of result tables.
Reporting Resolved an issue where multiple instances of a report in a schedule were not migrated to the new Reporting correctly.
Spam filtering Resolved an issue with spam filtering configuration migration.
Online Help Resolved an issue where not all help pages were available after an upgrade.

31.0

31.0

Binary update to the RoamSafe Agent (reboot required).

Enhancements
Reporting The reporting functions have been completely reworked and are now all available under the “Reporting” menu item in the side bar. For details refer to XGEN Reporting.
Dashboard The appliance home page is now a dashboard that shows important indicators of the current state of the appliance and the traffic going through it. Release and module information which was previously shown on the home page is now available under Administration > Release Info.
Alerts previously pinned to the home page can now be found in the “Alerts” tile on the Dashboard or under Administration > Current Alerts.
Spam Control The spam filter functions of the appliance have been improved to make use of the latest filtering techniques.
Remote Access VPN Added the ability to create IKEv2 VPN connections with RADIUS authentication.
RoamSafe Agent The software package that facilitates web filtering on Windows and MacOS computers formerly known as BIC agent has been formally renamed to RoamSafe Agent.