conpal LAN Crypt 4.1.0 Client
release notes
conpal LAN Crypt 4.1.0
comes with support for new operating systems new functionality, improved
security functionality and new features
e.g.
·
Support for SGN/SafeGuard Fileshare customers
·
Portable file encryption
·
Minifilter with caching capabilities for SMB network shares
·
New .NET Administration API
·
Client API login with user context
·
LAN Crypt-Service functionality
·
Manipulation protection for processes
·
Multi factor Authentication based on 3rd party technology
·
Oracle 19 Support
The Legacyfilter has
been abandoned, but is still supported with the 4.00.x version of the product.
Older release notes for
LAN Crypt 4.00.x remain valid, if not stated otherwise.
Please note the LAN
Crypt 4.1.0 Administration release notes.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
Platforms supported
|
32-bit
|
64-bit
|
Pro/Enterprise
versions of Windows 10 1809 (LTSC), 1909 (19H2), 20H2, 21H1, 21H2, Windows 11
|
No
|
Yes
|
Windows
Server 2016
|
No
|
Yes
|
Windows
Server 2019
|
No
|
Yes
|
Windows
Server 2022
|
No
|
Yes
|
Citrix XenApp
7.18 on Windows Server 2016*
|
No
|
Yes
|
Citrix XenApp
7.15 LTSR on Windows Server 2016*
|
No
|
Yes
|
*Citrix Environments are supported, but
have not been extensively retested
New in conpal LAN Crypt Client release 4.1.0
- Support for SGN/SafeGuard FileShare keys. In
combination with a key export and an key import tool Fileshare encrypted
files can be handled by conpal LAN Crypt Client 4.00.3 or newer with
Minifilter.
- The legacy filter is deprecated by
Microsoft. Starting with LAN Crypt 4.1 the
Legacy driver is not part of the LAN Crypt Client
anymore. LAN Crypt 4.1 comes with a Minifilter.
Legacyfilter is no longer referenced in the code / called by any
component. Legacyfilter is removed from the installation package(s).
Information about Legacy driver is removed from customer facing
documentation. New installations are configured to use Minfilter driver.
Upgrades of existing installations use Minifilter driver.
Non-default Legacy-filter registry settings are migrated to respective
Minifilter Settings (where necessary) (LC-1681)
- LAN Crypt V4.1 comes with a new functionality that – in some cases
– can significantly improve the performance of accessing files on network
shares:
LAN Crypt version 4.1 supports cached access to SMB V2/SMB V3 network shares
(for this functionality it is required, that the SMB intrinsic encryption
functionality is not used). In LC version 4.1 Caching Mode WINDOWS_NATIVE
default is supported (LC-1506, LC-1559, LC-1560).
- Code security, replacement of functions (LC-1299, LC-1295,
LC-1286).
- Client
API login with user context is now possible. For example, a RunAs in user
context will have a LAN Crypt profile (LC-1501).
Changes in 4.1.0
- The
Legacy driver is not part of LAN Crypt 4.1.0 anymore. If older products
are updated, settings will be migrated automatically for the Minifilter
functionality. In some rare cases, there might be compatibility issues,
which will be fixed over the time. For the time being in such cases it is
recommended to stay with the LAN Crypt 4.00.x Legacyfilter. (LC-1681)
- Like in earlier LAN Crypt
versions NTFS Compression is not supported. Differently to earlier
versions files on network shares will not be automatically decompressed
any more (LC-2384, LC-1437).
- Improvements for IBM Doors have been implemented (LC-1403)
- The ‘old’ OptimizeNetwork switches should be removed and only be
reactivated, when essential for the specific use case. Corresponding
switches should be removed from the registry as well (LC-1928). Please
contact support in case of doubt.
- RemoveDomainFromRules works now as initially designed. When
switched off, full domainnames are used in rules and not cut off
(LC-1417).
- Further significant performance improvements for the Amesim
application due to cached access of SMB fileshares in the network
(LC-1364)
- Boost library removed for better maintenance of security relevant
functions (LC-474).
- Removal of the "Created with operating system" field in
the client status (LC-1344)
- DNSRuleCreationMode did not
create corresponding rules for all IP addresses of all found DFS targets
(LC-1476)
- ServicesDefaultIgnoreRules with
value "*" were not applied correctly. Accessing encrypted files
with a service in folders (and subfolders) having a DefaultIgnoreRule
would lead to an "access denied" (not correct), in other folders
the cipher text could be read (correct). (LC-2256). The wrong behaviour
has been corrected.
- Display and export of
DefaultIgnoredRules did not work properly in the client (LC-1311)
- Client status: "Cached
Policyfile Lifetime"/"Profile Update Interval" showed
period in rounded weeks instead of days (LC-1112)
- Secure Move - Confirm
File/Folder Replace contained complete target path instead of file/folder
name (LC-902).
- The Minifilter driver had a
conflict with the VirtualBox Shared Folders Redirector VBoxSF.sys.
(LC-1217)
- The client setup was not able
to install or modify single packages, when Minifilter was used in
VirtualBox.
The client with Minifilter had to be installed with all components,
otherwise it led to BSOD (LC-2291).
- Upgrade installation LCA and
LCC v3 -> v4: MSI ProductCode did not match with Registry ProductCode
(LC-1324).
- When opening files from an application
other than Windows Explorer, no key symbols were displayed in the Explorer
window (LC-1245).
- lcsdel.exe feedback regarding
deleting files from C:\Windows\ was incorrect (LC-1277).
- Explorer Extension: `Initialverschlüsselung` vs. `Encrypt according to
profile`. The message has been aligned between English and German version
of the LCC (LC-1005).
- Plaintext files existing in the
PreventPlainFiles path are now displayed without the key icon (local and
network). In the Explorer context menu, the LAN Crypt option "Encrypt
according to profile" is no longer offered (local and network)
(LC-1513).
- ClientAPI function
"SetTemporaryRule" key passing did not work (LC-1514).
- If the PolicyCache data is not
available, a load of a profile from the shared folder is requested
(LC-117).
New known issues
- The joint installation of LAN
Crypt Administration V3.97 (or earlier) and LAN Crypt Client V4.x is not
supported. The connection to LCSERVN.exe might get lost (LC-1929).
- When a file is encrypted with a key that cannot be accessed, the
hex error 1B is erroneously reported (LC-1884)
- There is a difference between Legacy and Minifilter. With Legacy,
deleting files on network without key access (red key) while the profile
is loaded, is not permitted.
With Minifilter the behaviour is different, these files can be deleted.
Opening, renaming, copying is still not possible. This affects LAN Crypt
4.0.x and 4.1.(LC-2464).
- The VisualStudio runtime might not be available on some machines.
In this case e.g. deinstallation of the product might not be possible.
https://docs.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170
https://aka.ms/vs/17/release/vc_redist.x86.exe
https://aka.ms/vs/17/release/vc_redist.x64.exe
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to downloads,
documentation and knowledge items.
The
client manuals in French language will be available in form of a pdf manual a
couple of days after release for download. For the time being an old manual
with a testpage will be available at the link for the French manual.
Download
the client product documentation at
https://docs.lancrypt.com/de/client/lc_410_hdeu.pdf in German language, at
https://docs.lancrypt.com/en/client/lc_410_heng.pdf in English language and at
https://docs.lancrypt.com/fr/client/lc_410_hfra.pdf in French language. Please note, the French manual will be published
delayed, for the time being use the English manual
conpal LAN Crypt 4.00.3 Client release notes
conpal LAN Crypt 4.00.3 comes with support for additional
operating systems, support for SGN/SafeGuard FileShare and bugfixes. Older
release notes for LAN Crypt 4.00.x remain valid, if not stated otherwise.
Please note the LAN Crypt 4.00.3 Administration
release notes.
Requirements
The below listed platforms have been tested and are
officially supported. Other Service Pack levels might work as well but have not
run through a QA cycle and won´t be analysed in case of occurring issues.
Platforms supported
|
32-bit
|
64-bit
|
Windows 10 1909 (19H2), 2004 (20H1) Pro/Enterprise, 20H2
Pro/Enterprise, 21H2 Pro/Enterprise, Windows 11
|
No
|
Yes
|
Windows
Server 2012 R2
|
No
|
Yes
|
Windows Server
2016
|
No
|
Yes
|
Windows
Server 2019
|
No
|
Yes
|
Citrix XenApp
7.9 on Windows Server 2012 R2
|
No
|
Yes
|
Citrix XenApp
7.18 on Windows Server 2016
|
No
|
Yes
|
Citrix XenApp
7.15 LTSR on Windows Server 2016
|
No
|
Yes
|
New in conpal LAN Crypt Client release
4.00.3
- Windows 11 support
- Windows 10 21H2 support
- Support for SGN/SafeGuard FileShare keys. In
combination with a key export and an key import tool Fileshare encrypted
files can be handled by conpal LAN Crypt 4.00.3 with Minifilter.
Changes in
4.00.3
- Minifilter: When verifying
permission for the AntiVirus programs, configured short names led to a
complete search for the configured files in the protected directories
(windows, program files, program files (x86)). The verification process
has been changed to improve the loading time of the profile (LC-1846
Determine AV full path in Verify procedure)
Bugfixes in 4.00.3
- Minifilter: When USB keys are
inserted the first time and forced to a specific driver letter, which got
LAN Crypt encryption rules, encryption is not executed. After inserting
the USB key the second time, the encryption rule is enforced. (LC-1965)
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to downloads,
documentation and knowledge items.
The client manuals in French language will be available
in form of a pdf manual a couple of days after release for download. For the
time being an old manual with a testpage will be available at the link for the
French manual.
Download the client product documentation at
https://docs.lancrypt.com/de/client/lc_400_hdeu.pdf in German language, at
https://docs.lancrypt.com/en/client/lc_400_heng.pdf in English language and
at
https://docs.lancrypt.com/fr/client/lc_400_hfra.pdf in French language.
conpal LAN Crypt
4.00.2 Client release notes
conpal LAN Crypt 4.00.2 is
a maintenance release.Older release notes for LAN Crypt 4.00.x remain valid, if
not stated otherwise.
Please note the LAN
Crypt 4.00.2 Administration release notes.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
Platforms supported
|
32-bit
|
64-bit
|
Windows 10 1909 (19H2),
2004 (20H1) Pro/Enterprise, 20H2 Pro/Enterprise
|
No
|
Yes
|
Windows
Server 2012 R2
|
No
|
Yes
|
Windows
Server 2016
|
No
|
Yes
|
Windows
Server 2019
|
No
|
Yes
|
Citrix XenApp
7.9 on Windows Server 2012 R2
|
No
|
Yes
|
Citrix XenApp
7.18 on Windows Server 2016
|
No
|
Yes
|
Citrix XenApp
7.15 LTSR on Windows Server 2016
|
No
|
Yes
|
Bugfixes in 4.00.2
- Minifilter:
Office files are not decrypted when preview window in file explorer is
active and registrykey IgnoredApplicationsChildProcs =2 (LC-1603)
- Minifilter: FSLogix profiles are
not created / mounted (LC-1717)
- Minifilter: Loadprof crashes
sporadically without loading rules (LC-1730)
- Minifilter and Legacyfilter:
encrypted p12pwlog.csv sometimes gets filled with garbage (LC-1793,
LC-1825)
- Client cannot find user certificate if
profile was created with LAN Crypt Administration 4.00.x, client cannot
load the profile with the error message: " User certificate not found
(LC-1597, LC-1686)
- V4.00.1 Minifilter: Explorer crashes
sporadically when accessing encrypted directory (LC-1688)
- Minifilter: Isilon 8.x shows
wrong behaviour handling timestamps. Isilon 9.x fixes this issue. As a
workaround the registrykeys NovellSupport / Alwayswritethroughonmup
corrects the wrong Isilon timestamp handling in older versions (LC-1758)
- Client cannot find SO certificate if
profile was created with LCA 4.00.x (LC-1860)
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to downloads,
documentation and knowledge items.
The client manuals in French language will be available
in form of a pdf manual a couple of days after release for download. For the
time being an old manual with a testpage will be available at the link for the
French manual.
Download the client product documentation at
https://docs.lancrypt.com/de/client/lc_400_hdeu.pdf in German language, at
https://docs.lancrypt.com/en/client/lc_400_heng.pdf in English language and
at
https://docs.lancrypt.com/fr/client/lc_400_hfra.pdf in French language.
conpal LAN Crypt
4.00.1 Client release notes
conpal LAN Crypt 4.00.1 is
in focus a maintenance release and brings support for W10 20H2. If not
referenced in the sections New in conpal LAN Crypt Client release 4.00.1,
changes in 4.00.1, Bugfixes in 4.00.1 the release notes for LAN Crypt 4.00
remain valid.
Please note the LAN
Crypt 4.00.1 Administration release notes.
Requirements
The below
listed platforms have been tested and are officially supported. Other Service
Pack levels might work as well but have not run through a QA cycle and won´t be
analysed in case of occurring issues.
Platforms supported
|
32-bit
|
64-bit
|
Windows 10 1803 (RS4),
1809 (RS5), 1903 (19H1), 1909 (19H2), 2004 (20H1) Pro/Enterprise, 20H2
Pro/Enterprise
|
No
|
Yes
|
Windows
Server 2012 R2
|
No
|
Yes
|
Windows
Server 2016
|
No
|
Yes
|
Windows
Server 2019
|
No
|
Yes
|
Citrix XenApp
7.9 on Windows Server 2012 R2
|
No
|
Yes
|
Citrix XenApp
7.18 on Windows Server 2016
|
No
|
Yes
|
Citrix XenApp
7.15 LTSR on Windows Server 2016
|
No
|
Yes
|
- Windows 10 20H2 support
- Significant performance improvements especially in large network
environments
- DefaultIgnoreRules and
ServicesDefaultIgnoreRules for Minifilter (LC-1238)
- Enable PreventPlainFiles Rules for local drives (LC-1156)
- Separate Legacy components from Utimaco DiskEncrypt (LC-1275)
- Add IBM ClearCase redirector to the list of ignored NetworkNames
(LC-1413)
- Add translations for error message on unsupported OS (LC-1251)
- (Re-)Enable Windows File
Indexing support on Clients (LC-1323)
- Limited support for VMWare
Shared Folders (LC-1338)
- Allow FECGetTrustedVendors as
Minifilter internal ClientAPI ACL (LC-1529)
- Configure which network names should be
resolved and create additional rules for certain/all possible access ways
automatically. The Registry-Entry DNSRuleCreationMode has been created to offer
fine grained administration. (LC-1476)
- remove client api docs from
setup (LC-1436)
- Configuration options for unsupported EFS collaboration (LC-1429)
- Default DFS handling changed to "Do not normalize network
names" (LC-1395)
- Do not load PreventPlainFiles for internal System SIDs
(LC-1156)
- Adjust encryption state
messages and overlay icons for PreventPlainFiles (Minifilter only) (L C-1513)
- FECGetTrustedVendors for
SGFEApi set by Setup (LC-1503)
Bugfixes
in 4.00.1
- BSOD "bad pool caller"
when switching from Minifilter to legacy driver (LC-1358)
- Incompatibility of the Minifilter with the VirtualBox Shared Folders Redirector VBoxSF.sys. (LC-1217)
- When opening a file, no key icons are displayed in the Explorer
window. (LC-1245)
- ignore child processes in Minifilter driver (LC-1270)
- Empty REG_MULTI_SZ settings are handled properly (LC-1238)
- Problem with DirSizeCorrection = PROFILE (LC-1346)
- Rules that start with an asterisk and do not have a path are not
correctly executed(LC-1396)
- Fix Minifilter Network Performance Issues (LC-1346, LC-1364)
- CertificateVerification Switches did not execute correctly in
V4.00.0 (LC-1318)
- Broken German in context menu(LC-1005)
- Performance problems when enumerating directory in shares with
large number of files (LC-1346)
- Incorrect handling of rules
starting-with-angle-brackets (LC-1407)
- lcsdel gives the impression that
files can be deleted from C:\Windows /corrected error message (LC-1277)
- Key wrapping could not be
disabled (LC-1231)
- Setup issues (LC-1424, LC-1312,
LC-1391, LC-1392)
- Fix for PreventPlainFiles parsing error (LC-1156)
- Install edc files without
ReadOnly flag (LC-1452)
- Minifilter Driver sometimes
stores wrong padding information for large files (>16777216 bytes)
(LC-1500)
- Client-API-Dll can handle long
pathnames now (LC-1454)
- Branding topics (LC-1518) (LC-1537)
- Fixed issue with the LAN Crypt
PreventPlainFiles (LC-1237).
New known issues
- Overlay Icons might not be
displayed correctly, depending on total number of registered icons and
position in the Microsoft registry entries (LC-1370)
- The known issues remain valid,
if not listed in the above chapters
- Under VMWare Shared Folders,
both the Minifilter and Legacy drivers have issues with Notepad. Both
filters seem to affect memory mapped functionality, not only with Notepad,
but overall. (LC-1442)
- DNSRuleCreationMode does not yet create corresponding rules for all
IP addresses of all found DFS targets (LC-1476)
- Unhandled Applications can be
registered. How they are handled, can be configured with
IgnoredApplicationsChildProcs. 0 means switched off, 1 means apps are
handled untrusted and 2 means childs are handled untrusted as well. LAN
Crypt comes with default registered applications (e.g. svchost, onedrive,
WindowsSearchHost).
The switch IgnoredApplicationsChildProcs is used for
the internal default processes as well. That leads to problems especially with
Office applications, when preview and accessing lead to concurrent access.
The workaround recommendation is to avoid the setting 2 for inheritance to
childs and to use 1 instead. (LC-1603).
Manuals,
documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to downloads,
documentation and knowledge items.
The
client manuals in French language will be available in form of a pdf manual a
couple of days after release for download. For the time being an old manual
with a testpage will be available at the link for the French manual.
Download
the client product documentation at
https://docs.lancrypt.com/de/client/lc_400_hdeu.pdf in German language, at
https://docs.lancrypt.com/en/client/lc_400_heng.pdf in English language and at
https://docs.lancrypt.com/fr/client/lc_400_hfra.pdf in French language.
conpal LAN Crypt 4.00.0 Client release notes
Please note the LAN Crypt 4.00.0 Administration
release notes.
conpal LAN Crypt is the successor of SafeGuard LAN
Crypt.
conpal LAN Crypt 3.97 Client was the initial release
of conpal for the client. It contained fixes and hotfixes of the previous
SafeGuard LAN Crypt 3.95 Client version, fixed several known issues and came
with support for current operating systems.
conpal LAN Crypt 4.00 Client is a significant rework
of the client technology. The cryptographic base has been reworked for
potential certifications and approvals. The underlying filter technology has
been built on Minifilter technology to be future-proof and assure long term
support for the technology by Microsoft.
conpal will develop new client features based on the
Minifilter technology.
Due to the strong customer demand, even stronger
during Corona times, we have decided to deliver legacy and Minifilter
technology with the client and also to implement some features, which were
originally only intended for the Minifilter, also for the legacy filter.
This was done primarily in order to offer business
continuity for the client based on the legacy filter.
We recommend the use of the legacy filter for existing
customers, if Minifilter functionality is not essentially required.
We have invested a great effort in compatibility with
old encryption methods from LAN Crypt and were able to ensure extensive
compatibility and thus also simple migration.
Nevertheless, we strongly recommend piloting the use
of the new technologies.
Manuals, documentation and support
At https://support.conpal.de registered
customers with active maintenance contracts get access to downloads,
documentation and knowledge items.
The client manuals in
French language will be available in form of a pdf manual a couple of days
after release for download. For the time being an old manual with a testpage
will be available at the link for the French manual.
Download the client
product documentation at
https://docs.lancrypt.com/de/client/lc_400_hdeu.pdf in
German language, at
https://docs.lancrypt.com/en/client/lc_400_heng.pdf in
English language and at
https://docs.lancrypt.com/fr/client/lc_400_hfra.pdf in
French language.
Last
minute changes
Due to recently urgent customer requests, we decided
at the very last moment to consider the legacy driver as the primary filter
driver, which is now also installed by default. This was requested by the
clients mainly because new technologies are currently difficult or impossible
to pilot.
In this context, we therefore recommend that the
necessity for the use of the Minifilter be carefully examined once again.
Requirements
The below listed platforms have been tested and are
officially supported. Other Service Pack levels might work as well but have not
run through a QA cycle and won´t be analysed in case of occurring issues.
Platforms supported
|
32-bit
|
64-bit
|
Windows 10 1803 (RS4), 1809 (RS5), 1903 (19H1), 1909 (19H2), 2004
(20H1) Pro/Enterprise, 20H2 Pro/Enterprise
|
No
|
Yes
|
Windows
Server 2012 R2
|
No
|
Yes
|
Windows
Server 2016
|
No
|
Yes
|
Windows
Server 2019
|
No
|
Yes
|
Citrix XenApp
7.9 on Windows Server 2012 R2
|
No
|
Yes
|
Citrix XenApp
7.18 on Windows Server 2016
|
No
|
Yes
|
Citrix XenApp
7.15 LTSR on Windows Server 2016
|
No
|
Yes
|
Upgrade
conpal LAN
Crypt 4.00 Client has been essentially tested to upgrade conpal LAN Crypt 3.97.
SafeGuard LAN Crypt 3.95.3.2. or newer might be upgraded to conpal LAN Crypt
4.00 on the supported platforms, but the upgrades have not been tested on a
broader base and might require paid professional service.
We recommend
that you install the latest Windows security patches on your clients before
installing the conpal LAN Crypt Client release.
New in conpal LAN Crypt Client release
4.00.0
- Windows 10 2004 (20H1) support
- Support of OneDrive Files on demand (the OneDrive
sync app must be unhandled application)
- New crypto libraries (for security reasons, to be
future-proof and for potential certification and approval)
- Replacement and updates of 3rd party libraries
- Integration of earlier patches for LAN Crypt
- Support of Removables, Opticals,
Local Volumes, Boot Volume and Network Shares as keywords in rules.
This functionality was developed for the Minifilter and has been adopted
due to strong customer demand in the legacy filter. Some behaviour is different. Opticals are supported for the
Minifilter only.
Ignored Device types are supported with Minifilter only.
- With Minifilter Office365
print-to-pdf-functionality is supported
- One client installation package for standard and terminal server
clients
Operation of LAN Crypt 4.00 environments
A mixed operation of LAN Crypt v4 Admin and LAN Crypt v3.x Admin is not supported.
It is possible to run a v3.97 Admin with
v4 Clients and v3 Clients.
It is possible to run a v4.00 Admin with
v4 Clients and v3 Clients.
XML is the only supported policy file
format of v4.00 Admin and v4.00 Clients.
New profile files are created by v4.00,
with sections for v3 and v4 Clients.
The new encryption rules for Removables,
Opticals etc. are transported in the new section.
Once new rules have been created with
v4.00, it is no longer possible to create profiles with a v3 Admin. Doing so
would potentially have negative effects on the client.
Changes
- LAN Crypt 4.00 Client makes use of conpal registry keys
- The LAN Crypt 4.00 Administration still uses
Utimaco/Sophos settings
- Client-side a service copies the settings into
the new, appropriate paths
- This way, customer-side no migration of registry
keys is needed
- Integration of new cryptographic libraries (for security reasons)
- Renewal of 3rd party libraries (for security reasons)
- Integration of a new random number generator (for security reasons)
- The usage of the Client API must be configured in the LAN Crypt
Administration and – in case the Minifilter is used on client-side - the
included script to enable permissions for specific applications has to be
adopted and executed on the client-side.
- New client API function ClearProfile
- The EULA has been updated (German, English and French)
- The 3rd parties' inventory has been consolidated and
updated
- The Minifilter behaves different in details, compared to the
Legacyfilter, most of the differences in respect to a more correct
handling of encryption
- LAN Crypt tools have been moved to the folder LAN Crypt\tools
(LC-694)
- EFS Encryption is not supported with the Minifilter (LC-1240)
- Some Registrykeys have been changed
Bugfixes
- BSOD "bad pool caller" when configuring
python3-cryptography fixed (LC-263)
- The LAN Crypt Filter is not "attached” in certain
configurations (LC-101)
- Warning indicates loading of a
cached profile although none is in the cache (LC-1117)
- Better error message when loading from cached profile (LC-1026)
- Login to DB (Azure SQL) with
Azure AD Interactive authentication leads to crash (LC-1015)
- Display error in encryption
status (LC-428)
- Offlinefolder: Officefiles
cannot be saved (LC-225)
- Several spelling errors and
wordings in the product and error messages
- "sglcinit.exe -D" not
all sub directory levels are processed (LC-486)
- Explorer Extension à Encryption status: Gaps / incorrect results with multi-select of
directories (LC-1001)
- Office files cannot be written,
temporary files remain (LC-696)
- New MSO cert is not loaded on
client after recovery (LC-248)
- The displayed drives, apps and
devices in the client status were limited to a string length of 260. This
lead to the problem that e.g. not all apps were displayed when the
character limit was reached. The character limit has now been removed. (LC-29)
- LAN Crypt Registry settings for explorer integration are lost
during Windows 10 in-place upgrade:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\LC
Settings (LC-198)
Known issues
- AES-OFB (LC-715)
- AES-OFB encrypted files can be read and can be
reencrypted to more modern AES modes, like CBC and XTS.
- Existing OFB encrypted files might get
reencrypted automatically to the configured CBC or XTS mode, when opened.
- We strongly recommend, to do an initial
encryption with the wizard to migrate files encrypted with weak
algorithms to state-of-the-art algorithms.
- OneDrive:
- SharePoint synchronization must be switched off
- Files stored on the local file systems are
handled by the LAN Crypt driver. Browser and WebDAV-Transport is not
handled. Storing encrypted files by downloading it with SharePoint or the
browser might lead to double-encrypted files (which can be decrypted with
the wizard).
- Microsoft’s
handling of overlay icons is buggy. The LAN Crypt icons can therefore not
be shown correctly. (LC-121)
- FilesOnDemand is supported with Minifilter
driver only (LC-1258).
- Microsoft’s Vault is handled by Minifilter only.
The Legacyfilter displays the wrong encryption state (LC-1258).
- OneNote (LC-1256, LC-1243)
- Encryption of OneNote is not supported.
Especially multiuse might lead to corrupted data.
- Windows 10 upgrades:
When an upgrade to Windows 10 is
done or a feature update is applied to Windows 10 all data stored in the
registry hive HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Utimaco will
be removed.
- After
applying the current group policies to the client, these registry
settings will be configured again. If there were some custom settings
made in this registry hive, these settings must be manually applied after
the Windows 10 upgrade has finished.
- Due to the
client-sided copy into the new paths, the functionality remains. For the
time being the key should be restored by GPO. In a follow-on version the
administration will be based on the conpal path in the registry (LC-63)
- Utimaco Disk Encryption (UDE)
- Interaction with Utimaco Disk Encryption
requires pre- and post-installation care during installation,
uninstallation, and upgrades. Please contact support to ensure clean
operation. (LC-1229)
- Overlay Icons might not be displayed (LC-1370)
- Windows 2004 (20H1):
- Windows W10 20H1 Bug when renaming files on
network shares (LC-1006)
The problem occurs when an unencrypted file on a network drive is moved
(=renamed) to an encrypted folder.
In this case the driver should encrypt the file when moving / renaming.
With 20H1, however, this does not happen because it cannot determine the name
of the target file due to an error in the filter manager of Microsoft.
The error was fixed by Microsoft with KB4557957
https://support.microsoft.com/de-de/help/4557957/windows-10-update-kb4557957
https://support.microsoft.com/en-us/help/4557957/windows-10-update-kb4557957
- Minifilter and Legacyfilter (LC-281, LC-1234):
Some regular expressions in rules might be handled differently than in
3.97, and different between legacy- and Minifilter:
- Some
(exotic) expressions are handled different in the filters of v4 and v3
- Minifilter differences to Legacyfilter (1106)
- Move encrypted file from an unregulated to a
regulated network directory: File is stored encrypted
- Move an encrypted file from a regular network
directory to a different one: File is stored encrypted
- Now it finally behaves as you would expect it
to, but it doesn't match with the legacy drivers behaviour.
- Minifilter (LC-1360)
- Wrong handling of explicit rules for file
extensions
- The Minifilter does not execute rules like *.ext
correctly for encryption and ignore rules.
- As a workaround, we recommend to add an
additional rule like *\*.ext
- Having both rules, *.ext and *\*.ext active,
works as well for V3.9x and V4.0 clients
- Minifilter (LC-1262, LC-1323)
- Indexing was and is default switched off with
the legacy filter (V3.97, V4.0)
- The Minifilter requires to add
Searchprotocolhost.exe as an unhandled application to prohibit indexing.
- Further versions will implement the original
behaviour of the Legacyfilter, where Indexing has to be switched
explicitly on (Parameter AllowIndexing).
- Minifilter (LC-1169):
Files are not handled properly according to the profile rules:
- If <Boot Volume> and <Local Volume>
and <Network Shares> are configured as ignored devices at the same
time, files may no longer be handled correctly according to the encryption
rules, or a wrong encryption status is determined.
- Minifilter (LC-1293)
- EFS is not supported. The EFS attribute can
neither be set nor removed from files or folders, and access to EFS
encrypted files is denied.
- NTFS Compression is not supported, files will be
automatically decompressed.
- Minifilter (LC-1156):
Shared folders in VMware virtual machines are not supported properly:
- Prevent
plain files not executed properly.
- Encryption
rules are not applied correctly.
- Ignore
rules are not applied correctly.
- Minifilter (LC-1217)
- There is an
incompatibility of the Minifilter with the VirtualBox Shared
Folders Redirector VBoxSF.sys.
Minifilter leads to a BSOD with Oracle Box (tested with 5.238, 6.1.14).
- Minifilter (LC-1106):
Encryption behaviour has changed when moving files:
- Move
encrypted file from an unregulated to a regulated network directory: File
is stored encrypted.
- Move
encrypted file from a regular network directory to another regular
network directory: File is dropped in an encoded file.
- The
behaviour is correct, but may differ from the description in the manual
and from the legacy filter.
- Minifilter (LC-1000)
The registry key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LCENCM\Parameters]
"NovellSupport"=dword:00000001
used
for a different timestamp handling, compared to windows fileservers, e.g. for
Isilon support, has been removed for the Minifilter.
Please use instead
[HKLM\SYSTEM\CurrentControlSet\Services\cplcisolate]
"AlwaysWriteThroughOnMUP"=dword:00000001
- Minifilter and Legacy Filter (LC-802):
Key visualization and handling in recycle bin might be different to LAN
Crypt version 3.97 and in particular wrong (red key symbol visible, when key is
accessible).
- Deleted
files might end up in the recycle bin with a red key, differently to
Version 3.97
- Restoring
and deleting from the recycle bin works anyway.
- Support of placeholders in the legacy filter (LC-857)
- The <Network>,
<Bootvolume>,
<Removable>, <Optical>, <Local> placeholders are decoded in the legacy filter and translated into
the corresponding directory names or drive letters
- Minifilter missing functionality compared to Legacyfilter
- DefaultIgnoreRules and
ServicesDefaultIgnoreRules are not yet supported (LC-1238)
- Ignored Drives (LC-1060):
The encryption status of legacy and Minifilter is determined and
visualized differently.
- The
Minifilter correctly determines the encryption status of encrypted files
on ignored shares as ENCRYPTED_IGNORED and displays the red key.
- The legacy
filter determines the encryption status of encrypted files on ignored
shares as PLAIN_IGNORED and does not display an overlay key. The
behaviour of the legacy filter is basically wrong (at least since
SafeGuard LAN Crypt 3.95) but will not be corrected.
- Ignored Device Types (LC-1242)
Ignored device types are not supported with the legacy filter
- Legacyfilter
- AES with Legacyfilter installed may lead to wrong encryption method
displayed when files are moved into a folder with different AES rule. (LC-1177)
If the legacy filter is operated with CBC and a file encrypted with a
respective rule is moved (cut and pasted) to a folder with a different AES rule
(XTS), the display of the encryption method remains on CBC.
Moving XTS encrypted files to CBC ruled folders as well display the
wrong initial method.
- LAN Crypt loads a certificate
based on the provided PIN, not necessarily the newest p12-file (LC-120)
- LAN Crypt
searches a sorted list of the users p12 files until it finds the first
p12 file that can be accessed with the entered PIN. If not every p12 file
has a different PIN, an older certificate can be loaded.
- Citrix Terminal Server:
- Client Drive Redirection:
Encryption of files on client drives mapped on a Citrix Terminal Server
is not supported and these drives will be ignored by the LAN Crypt
encryption filter driver.
- Streamed applications:
Citrix application streaming is not supported.
- Virus scanners:
- Virus scanner services:
Virus scanner services need to be explicitly authorized to have access to
encrypted files in order to be able to find viruses inside.
- There is a changed behaviour regarding
permissions for security improvement:
Long path names can be used for. For convenience reasons short names are
internally completed by searching some protected paths when program names are
configured without path information. The client will search in the following
directories:
CSIDL_SYSTEM (typical C:\Windows\System32,
non-recursive)
CSIDL_WINDOWS (typical C:\Windows, non-recursive)
CSIDL_PROGRAM_FILES (typical C:\Program Files,
recursive)
If an EXE file with the specified name is found, the
full path will be internally added.
Other paths are now untrusted for short file names. (LC-1218).
When mixed environments (LAN Crypt 3.9x and 4.0) are administrated by LAN Crypt
Administration 4.00.0, it is best practice to add the executable names for
virus scanners in short form (executable name only), when the virus scanner is
located in one of the referenced paths (note, that program files on 64 bit
system includes the 64 bit path only). When the scanner executables are in
other paths, the long pathname including the executable and a second entry with
a short name should be used. The long name for the version 4 clients and the
short name for the version 3 clients.
- We recommend on-access and background scanning
tests
- LAN Crypt Tools:
- The LAN Crypt executables DriveNotifier.exe,
lchelper.exe, lcinit.exe, lcsdel.exe, lcstatus.exe, lcuser.exe,
loadprof.exe, SGFEApi.exe, lcservn.exe should be trusted by the antivirus
software.
- Minifilter:
A new random number generator was implemented (LC-881, LC-882).
This may have some effects on runtimes when encrypting while the virus
scanner is running.
- Tested virus scanners (among others):
The following virus scanners have been tested with the LAN Crypt Client:
Virus Scanner
|
Executable
|
Authenticode
|
Avast 20.6.2420 (Build 20.6.2420.5495.561)
|
AvastSVC.exe
|
Yes
|
TotalAV(5.8.7)
|
SecurityService.exe
|
No
|
Norton
Security (22.17.3.50)
|
NortonSecurity.exe;
nsWscSvc.exe
|
No
|
BullGuard (20.0.0.381)
|
BullGuardCore.exe; BullGuardScanner.exe;
BullGuardFileScanner.exe
|
No
|
Microsoft Defender
|
msseces.exe
MsMpEng.exe
or
without configuration
|
|
FSecure v17.8
|
fsulprothoster.exe,
fshoster64.exe, fshoster32.exe, fsorsp64.exe
|
No
|
Kaspersky Antivirus 20.0.14.1085
|
avp.exe
avpui.exe
|
Yes
Yes
|
TrendMicro 16.0.1151
|
|
|
Eset NOD32 Antivirus
|
ekrn.exe,
egui.exe, eguiProxy.exe
|
No
|
McAfee Total Protection 16.0 R25
|
Mcshield.exe
mfeavfk.sys
|
Yes
Yes
|
Symantec Endpoint Protection 14.2
|
ccSvcHst.exe
|
|
|
|
|
- Configuration
of other virus scanners tested with earlier versions (not tested with
this release):
Virus Scanner
|
Executable
|
Authenticode
|
Sophos
Endpoint Security and Control, Version 10.8.4
|
SavService.exe
|
Yes
|
McAfee
Security Center v16.0, McAfee SC 17.8
|
Mcshield.exe
mfeavfk.sys
|
Yes
Yes
|
Symantec
Endpoint Protection 14.2
|
ccSvcHst.exe
srtsp.sys
|
Yes
No
|
Trend Micro
Antivirus+ 15.0.1163
|
coreServiceShell.exe
|
Yes
|
Microsoft
Security Essentials 4.8.1904.1
|
msseces.exe
MsMpEng.exe
|
Yes
Yes
|
FSecure v17.6
|
Fshoster32.exe
Fshoster64.exe
|
Yes
Yes
|
Kaspersky
v19.0.0.1088(b)
|
avp.exe
avpui.exe
|
Yes
Yes
|
Sophos Endpoint Security and Control, Version 11.3.1 Cloud
|
SavService.exe
|
Yes
|
Symantec
Endpoint Protection 11.0.6 MP1
|
rtvscan.exe
|
Yes
|
McAfee
Endpoint Security 10.2
|
Mcshield.exe
mfeavfk.sys
|
Yes
Yes
|
Microsoft
Forefront client
|
msseces.exe
MsMpEng.exe
|
Yes
Yes
|
- Known issues:
- There might be an issue with the LAN Crypt
PreventPlainFiles functionality with some virus scanners when the legacy
filter is used. This behaviour is the same in conpal LAN Crypt 3.97,
SafeGuard LAN Crypt 3.95 and probably earlier versions (LC-1237).
- FSecure SAFE 17.8: viruses are detected and
deleted during scanning, zipped files are detected and deleted when
opened
- There is an issue with Sophos Anti-Virus that
may cause encrypted files to be locked (either only for write or for
read and write access). This is caused by a timing issue of Sophos
Anti-Virus if the on-access scanning level is set to 'intensive'.
- There is an issue with Sophos Anti-Virus that
may lead to damaged Microsoft Office documents when saving them in a
folder that is made available when offline (“OfflineFolder”). To avoid
this issue please configure the Sophos Anti-Virus on-access scanner to
exclude the folder “C:\Windows\CSC”.
- After receiving a new virus scanner executable
via the policy file, the client has to be rebooted.
- If Antivirus and LAN Crypt are installed on
Windows, it may happen that the LAN Crypt profile cannot be loaded. As a
workaround, the folder for the policy file cache (default
"%LOCALAPPDATA%\conpal\LAN Crypt\Local Policy Cache") must be
excluded from the virus scan. Alternatively registering the LAN Crypt
processes with Antivirus to be trustworthy, might solve the problem.
- DFS:
- Domain-based DFS:
In a domain-based DFS, you can access the DFS either via the server name
or via the domain name.
The encryption rules must always be created in the same way as used to
access DFS.
If the DFS is accessed via the server name, the encryption rule must be
based on a server name. If DFS is accessed via the domain name, the rule
must be domain name based.
If you want to access the DFS both ways, you must define two encryption
rules, one with the domain name and one with the server name.
e.g.:
Y: is mapped to \\DOMAIN\DFSROOT
Encryption rule:
Y:\*.*
or
\\DOMAIN\DFSROOT\*.*
Z: is mapped to \\SERVER.DOMAIN\DFSROOT
Encryption rule:
Z:\*.*
or
\\SERVER\DFSROOT\*.*
- Nested DFS links:
Nested DFS links (DFS links to other DFS links or DFS roots) can be used but
encryption rules must not include a physical path to the DFS link and
there are some known problems in combination with persistent encryption.
When copying an encrypted file to a plain folder it may become decrypted.
When moving encrypted files to an ignored/excluded folder it may stay
encrypted.
- Rules using IP address:
It is not possible to use rules for DFS that contain the IP address of
the server hosting the DFS share.
- DFS and persistent encryption:
When copying encrypted files to ignored or excluded folders on DFS drives
they may not be stored decrypted.
- Viewing folders in Windows Explorer:
Viewing folders on a DFS share cause problems that either the display
takes very long or the folder selection jumps to the root folder after a
while.
In this case the following registry value can be set:
[HKEY_LOCAL_MACHINE\Software\Policies\Utimaco\SGLANCrypt\LCShellx]
IgnoreBuildInOverlayIcons=dword:00000001
A reboot is necessary to activate the change. Afterwards the Windows
overlay icons for shared folders and links are not displayed if a LAN
Crypt overlay icon is displayed.
- Network Attached Storage (NAS) devices:
In general, LAN Crypt will operate with network shares hosted on NAS
devices. If it is planned to use a NAS device, conpal recommends the
execution of intensive tests prior to using LAN Crypt in a productive
environment.
However, due to various SAMBA implementations and versions, not every NAS
device will act like a Windows Server. Protocol variations are possible
and therefore a few special cases might not work properly in combination
with LAN Crypt; for example, a user’s “my documents” folder might not be
encrypted on a file share. Therefore, conpal does not guarantee that
encrypted file shares on NAS devices will work in every condition and only
provides limited support in cases where issues arise.
- Volume mount points:
LAN Crypt does not support volume mount points. (An encryption rule for a
directory that is a volume mount point will not work.)
The same is true for virtual drives generated with the SUBST.exe command.
- EFS encryption and NTFS compression:
LAN Crypt encrypted files cannot be (additionally) EFS encrypted or NTFS
compressed.
It is possible to EFS decrypt (provided that the EFS key is available)
and/or NTFS decompress files during initial encryption.
- NTFS rights:
While Windows is able to create new files or copy files to a folder where
the NTFS rights
- Traverse Folder / Execute File
- List Folder / Read Data
- Read Attributes
- Read Extended Attributes
- Create Files / Write Data
- Read Permissions
are granted to a user, the following additional rights have to be granted
if there is an encryption rule on a folder:
- Create Folders / Append Data
- Write Attributes
- Write Extended Attributes
- Backup programs:
Backup programs should be configured as unhandled applications. If you do
this, the files will retain their encryption state after a restore. The
backup applications from Windows should be automatically treated as
unhandled application.
The backup target files themselves must not be encrypted, because they
cannot be restored by the backup application as it does not decrypt the
backup files. Because the files included in the backup are already
encrypted, it is not necessary to encrypt the backup target files itself.
- Configuration data:
Because the client reads the configuration data from the Registry during
the boot and login process, you may need to reboot the PC to include any
changes to this data.
In some cases two reboots are necessary.
- SafeGuard Enterprise:
- There is no tested compatibility with SafeGuard
products.
- It is likely, that newer SafeGuard products like
Central are interoperable.
- Piloting is essential, there are no guarantees
for compatibility.
- SafeGuard PrivateDisk:
LAN Crypt cannot be used to encrypt SafeGuard PrivateDisk volume files
(*.vol).
- <Opticals>:
- The Opticals rule works for Minifilter only.
- The Opticals rule leads to errors with the
legacy filter, e.g.
when using UDF formatted DVD+RW media, with installed LAN Crypt
Legacyfilter massive problems occur after a few accesses. (LC-1138)
- CD burning with legacy filter or tools:
- Burning encrypted CDs with Windows Explorer
built-in mechanism
To create a CD with LAN Crypt encrypted files, use a separate burning
application that you must add to the list of unhandled applications. All
encrypted files remain encrypted if you now burn them onto a CD.
As the Windows native burning tool is implemented as an Explorer Extension,
you cannot use this tool for creating encrypted CDs (you would have to
specify Explorer as an unhandled application, which has a huge number of
unwanted side effects).
- Known problem with Nero InCD
There is an issue with Nero InCD and Office 2003 together with LAN Crypt
when encryption rules are set for the CD drive. If an Office 2003 file is
stored on the CD a BSOD may occur during processing the file (e.g. open,
save).
- Certificates:
User and administrator certificates must be located in the current user’s
certificate store. Certificates located in the local computer’s
certificate store cannot be used for LAN Crypt.
- Folder overlay icons:
Overlay icons for folder icons in the left-hand tree-view are sometimes
missing.
- No key column in Explorer:
It is not possible to have a column added in Explorer that shows key names
or GUIDs for encrypted files.
- Offline files:
On some machines it may happen that some encrypted offline files are not
accessible in offline mode.
To avoid this problem please disable indexing of offline files.
- UAC dialog on not accessible encrypted files:
If an encrypted file is renamed or deleted and the corresponding key is
not available in the LAN Crypt profile, a User Account Control dialog is
shown because the file is not accessible.
Providing credentials of an administrator does not allow the file
operation in this case, because even as administrator the file cannot be
modified as the proper key is not available.
- Manual/Helpfile
- Client help is provided by default via
https://docs.lancrypt.com/de/client/lc_400_hdeu.pdf,
https://docs.lancrypt.com/en/client/lc_400_heng.pdf
or
https://docs.lancrypt.com/fr/client/lc_400_hfra.pdf,
depending on the language.
The first part of the URL (domain name) can be specified in strictly
internally operated environments in the registry under "HKLM\SOFTWARE\Policies\conpal\LAN
Crypt\HelpURL”
- Offline Folders:
If Windows Offline Folders are used it may happen that not all files get
synchronized if LAN Crypt is installed. Subsequent synchronization
requests should complete the synchronization.
If the default location of the offline folder cache (usually
C:\Windows\CSC) is changed, an ignore rule should be set on this folder
(e.g. D:\CSC).
- Known problem with crypto.sys:
The driver crypto.sys is shipped with different products, like SafeNet
Netscreen Remote, SafeNet VPN and others. There is a known problem with
this driver that can lead to a BSOD.
- Multiple smartcard PIN entries:
When LAN Crypt is used together with certain smartcard middlewares, e.g.
Nexus Personal Edition 4.0.1, it may happen that the user has to enter the
smartcard PIN multiple times.
- Compatibility issues with Microsoft SharePoint:
Downloading documents from a SharePoint server may fail if there is an
encryption rule set on the folder containing the temporary internet files.
- Restricted support of short path names:
Following restrictions exist in relation to short path names:
- The path used in the encryption rule must exist
at profile load time (except paths on shares)
- The path used in the encryption rule must not be
renamed after the profile was loaded, otherwise it may happen that the
short path name will not work anymore on this path
- Only for absolute path rules the short path name
is also handled (relative path rules are only considered in the way they
are entered during profile creation)
- Encrypted applications on network shares:
If an executable file is started which is stored encrypted on a network
share, it may happen that the file remains to be used, even if the
application is no longer running.
To replace such files it is necessary to rename the existing executable
file at first and then copy the new file.
- User elevation for encrypted executables:
If an encrypted executable or installation package is started and requires
a user elevation, it may happen that the elevation doesn’t take place and
the executable is not started.
- Profile expiration:
If the folder where the LAN Crypt user profiles are stored is made
available for offline access, the profile expiration will not work if
there is no network connection available.
- Deletion of files using psexec.exe:
LAN Crypt prevents the deletion of files which are encrypted and the user
is not in possession of the proper key. However, if psexec.exe is used to
connect to a machine where LAN Crypt is installed, it is possible to
delete encrypted files without having the proper key. Opening encrypted
files is not possible in such a way.
- Encryption rules on %USERPROFILE%\AppData\Roaming:
Setting encryption rules on %USERPROFILE%\AppData\Roaming may result in
several error situations, as some of these files (e.g. desktop background
image) are already accessed by Windows at a very early logon stage where
the LAN Crypt profile is not yet loaded.
In general it is not recommended to encrypt files in this folder.
Encryption will only work for files which are accessed after the LAN Crypt
profile was loaded.
- Multiple rules for the same target:
If more than one rule is defined for the same target path (e.g. rule 1 for
x:\*.*, rule 2 for y:\*.*, x: and y: are both mapped to the same share),
only the first matching rule according to the current rule sort order is
applied.
- Missing overlay icons:
The number of different overlay icons is limited by Windows, so if another
application is installed which also uses overlay icons (e.g. SharePoint
extension in Microsoft Office and OneDrive) the LAN Crypt overlay icons
may disappear.
Please see the following knowledgebase article how you can enable the
overlay icons again: https://www.sophos.com/en-us/support/knowledgebase/108784.aspx
- When a shortcut to a web page is right clicked, no LAN Crypt entry
is visible in the Explorer context menu.
- Rules using IP addresses (v4/v6) will only match if the network
share was mapped using the IP address. There is no DNS resolving done in
the filter driver, so when the very same network share is mapped using the
server name, the rule will not match.
- Verification of the encryption status using the Initial Encryption
Wizard:
- Encrypted files for which the user has no key
are counted as "failed to open" instead of "already
encrypted".
- Encrypted files which are encrypted with an
algorithm which is not the current configured one (e.g. encrypted with
XTS-AES, but configured is CBC), are reported as "Encrypted with
another key" instead of "Encrypted with another
algorithm".
- Encryption of VHD (Virtual Hard Disk) and WIM (Windows Imaging
Format) files is not supported.
- Paths which are longer than 259 characters are not supported.
- Legacy filter and Minifilter might behave different in
visualization of encryption status, and behaviour and features.
- API
- If a key KEY_NAME_WITH_SPECIAL_CHAR =
"key!§$%&()=}][{@üäö" in a group
GROUP_NAME_WITH_SPECIAL_CHAR ="group!§$%&()=}][{@üäö" is
assigned by calling the API, group and key are created without errors, but
the assignment does not take place.
- lcapi.WriteKey(GROUP_NAME_WITH_SPECIAL_CHARS,
KEY_NAME_WITH_SPECIAL_CHAR, 3, 1, isSpecific, "", COMMENT,
strKeyShortName) (LC-541)
- The rebranding of Sophos SafeGuard to conpal is comprehensive but
may inadvertently be incomplete.