DriveLock Customer Forum
Information
104 results found
-
Selective Simulation Mode for each different Device class type
Currently there is only a Global Simulation Mode available and would like the option to be able to select a class type and put that device class type into simulation mode, our environment is already in production and initially we only implemented Drive Policies but would now like to implement more restrictive Device control but this is extremely risky
* Emable simulation Mode (Globally) and we disable our current security posture on Drives
* lock down Devices by Device Class and without simulation first and we risk bringing every device in our estate to a standstill (testing on just a…3 votesThis feature request will be part of the 24.2 release
-
Dark Mode bzw. Dunkelmodus
Es wäre schön, dass im DOC die Möglichkeit besteht (Toggle), dieses auch im Dark Mode anzeigen zu lassen. Ist mittlerweile in sehr vielen Apps standard und extrem gut genutzt. :)
4 votesThis feature request will be part of the 24.2 release
-
COM Port Management
We would like to control and manage COM Ports (especially Virtual COM Ports, USB-Serial adapters) in the same way per whitelist rules equal to Drives or other devices like Smartphones, HID devices etc.
In short, possibility of User and Computer combination.
2 votespart of 24.1
-
Nicht beenden Modus bei SW-Verteilung
Wir würden gerne den nicht beenden Modus aktivieren, damit keine User oder Admins lokal die Drivelock Dienste beenden können. Da wir eine Software Verteilung nutzen, ist dies aktuell nicht möglich. Wäre es möglich diese Option so zu erweitern, dass die Agent Updates trotzdem funktionieren, ohne dass wir gezwungen sind die Verteilung von Drivelock zu nutzen?
1 voteToday, you can configure the unstoppable mode as a conditional setting in the policy. To do this, proceed as follows, for example: Define a dynamic group to a registry value. Create a config filter in the policy that filters for this dynamic group. Then configure the unstoppable mode as a conditional setting based on this config filter. On the DriveLock side, that's it.
The software distribution can now control the unstoppable mode and stop the DriveLock service by temporarily setting the registry value followed by an UpdateConfig.
In addition, DriveLock Application Behavior Control can ensure that only the software distribution is allowed to set this registry value. The latter requires the AC module.
-
Freigabe von Skripten in der Application Control
Es sollte möglich sein, bestimmte Skripte durch die Application Control freizugeben. Rein generell soll es Usern ja lieber nicht möglich sein die cmd.exe oder Powsershell.exe auszuführen. Teilweise ist dies aber für einige Programme erforderlich, sodass bestimmte Skripte ausgeführt werden müssen. Diese Skripte liegen unter fest definierten Pfaden auf Servern oder lokal) und können durch die User im Normalfall nicht bearbeitet werden. Zudem wäre es möglich, Powershellskripte zu signieren und das dazugehörige Zertifikat + Pfadangabe würde so zu einer erhöhten Sicherheit bei der Freigaberegel beitragen. Also eigentlich wie bei einer Datei-Eigenschaftsregel oder meinetwegen eine Erweiterung der Datei-Eigenschaftsregeln durch Angabe von Skripten
1 voteWhat is already possible today is authorization for individual scripts. In addition, you can build rules that check whether a parameter following PowerShell, for example, is permitted or not. This is possible with AC or Application Behavior Control (ABC).
-
DOC Companion should be part of ALF special rule DriveLock
Even if a "DriveLock" special rule is created to allow drivelock components to runf doc-companion is blocked by AC. DOC-copanion online and offline installer should be include into the special Drivelock-Rule.
3 votesSince 2023.2 the installed doc companion (not the one downloaded by the user) is now included in the "installed drivelock components" special ac rule
-
DOC Kampagne Auswertung
Anzeige ist irreführend,
hier sollte man bei Dia gram anzeigen / einstellen können das das die Anzeige Richtig auswertet in Bestanden Abgebrochen und nicht bestanden.hierbei sollten User die Abgebrochen haben nicht doppelt im Diagramm zählen.
z.B. ein User bricht das Training ab und wiederholt es danach sollte dieser es nicht Doppelt gezählt werden oder es müssten zwei Diagramme geben damit man besser erkennt ob das Training alle absolviert haben.
stand jetzt sieht man in Diagramm das von einer Gruppe z.B. 50 Pers Bestanden 50 abgebrochen 25
interessanter wäre doch ein Diagramm über die 50 Personen welche haben Bestanden welche…
1 voteThis feature request will be included in the 24.2 release.
-
MQTT (Port 8883) using an 30years SelfSigned Certificate
MQTT Port 8883 is using an 30years (running time) SelfSigned Certificate, which will be not replaced by ChangeDesCert.exe
Please implement a Feature within ChangeDesCert.exe tool that
MQTT Port 8883 will use the same SSL certificate, used by the other DES Server TCP Ports (6667 and 4568)Our Company Security Audit (vulnerability scan) detected the Port 8883 with this old SelfSigned Certificate behind.
3 votesThis feature request will be part of the 24.2 release
-
Offer the possibility to remove the "blur" effect in the PBA
It should be possible to remove the "blur" effect in the PreBoot Authentication.
For customers who, for example, store a background image with company data in case the device is stolen / lost, this is not practical.
The "Show Pre-Boot User Information Message" feature is not really useful here, as probably only a few people will click on the small message icon at the bottom right of the screen. Alternatively, of course, this feature could be reworked to make this more present.5 votesThis feature request will be part of the 24.2 release
-
Defender management / Send e-mail alert from the server-side
I would like to receive an e-mail alert when a "Severe" Defender-event is fired. This might be possible to be done via SMTP on the agent/client which seems a little odd in 2023.
Such E-Mail-Alerts should be configurable for certain events on the server-side (Web-Interface).
2 votes -
Seperate Permissions to Add / Delete Devices from a Device Collection
Currently in depth Whitelist rules can only be set in the Management Console. In there we mostly work with Device Collection. We set a rule with a certain behavior, people it affects, etc. and then connect it with a Device Collection. After that the main effort is in adding new devices to that Device List.
We would like to split the administrative load and have main administrators that set up rules and policies. And then we would like a seperate user group with limited permissions that can only add or remove devices from existing device collections. It is important for…
2 votesThis feature request will be included in the 24.1 release.
-
Ability to enforce different password when changing BitLocker password
some users may prefer to have the ability to enforce different passwords when changing their BitLocker password. This additional layer of security can prevent unauthorized access to the encrypted data in case the original password is compromised
1 votealready possible
-
AppControl WhileList rules
New AppControl WhileList rules, created from Events (from DOC Event Report) should not only go
hardcoded into the so called "Permanent unlock policy", but ist should
be also possible to define another (existing) DriveLock Policy as a target for this rule.2 votespart of 24.1
-
The hardcoded 1440min Defender State Reporting should be configurable by policy
The DriveLock Agent sents the Defender state today (hardcoded) every 1440min to the DES.
We want to have it configurable over Policy Settings, to allow a more frequent Status Report
sent by the Agent to the DES, to get a more sufficient and useful view within the DOC.
Just manual registry Settings are not sufficient for us, we want to rollout a Defender reporting Interval of every 6hours
to all of our clients - configured by policy.5 votesSince version 2023.2, the interval is 6 hours and no longer 24 hours. In addition, the Defender add-on sends messages as soon as something happens on the agent (virus, pattern updated, ...).
-
Would like an order for EDR Responses implemented
While merging two policies, both policies have created a response for the same event, the order in which these responses are actioned are currently at random, we would like to request that the policies be implemented in order.
To do this we would like to request that the policies are:
sorted by Numerical policy position order at RSOP, and for the policies to be executed by their Numerical policy position order.Kind Regards
1 vote23.2
-
Make inventory data acessible via REST API or oDATA interface
It would make it a lot easier to identify gaps between my AD computers and my DriveLock devices if there would be an API interface, either as oDATA or REST API implementation. While there is a way to export all these lists and view to CSV and import them into Power BI, connecting a live data source would be so much easier....
1 voteIt is already possible to get a list of computers by a DL API
In DOC goto Settings, then APIs, then Documentation
-
Get Local Admin Password via DOC (Native Security)
It should be possible to retrieve the password of a user created via the OS management in the DOC and not only via the agent.
Maybe if the Trust to the AD gets lost, the user won´t be able to login to his computer anymore.
5 votes -
Allow multi-factor authentication (2FA/MFA) for DOC login
Drivelock is a security tool connected to the Active Directory.
It should be possible to have consoles with dual authentication (MFA).
For me it is mandatory to avoid an hacker to do what he wants.3 votes23.2
-
License in use view for cloud customers
We want to have a License in Use view (Cloud) same or similar way as it exist for DriveLock onPrem installations.
2 votesThis feature request will be part of the 24.2 release
-
Ability to support two password protectors like Encryption2Go
please add for Bitlocker2Go the ability to support two password protectors like Encryption2Go.
Currently the product seems to offer the usage of an administrator password in combination with a user password.
Drivelock Support explained that currently only 1 Passwort Protektor is supported3 votesWith the release 2022.2 publicly available, the status of this idea is updated to "released".
- Don't see your idea?