Release Notes Endpoint Data Protection 25.4

Build Information

• Download: Marketplace
• Initial Build Version: 25.4.0.0

System Requirements and Deprecations

Over time, there have been changes to system requirements as well as deprecations of certain features. To ensure a smooth update process and avoid unexpected issues, we strongly recommend reviewing the Update Guide: Endpoint Data Protection beforehand. It provides an overview of both recent and historical changes that may impact your environment.

Kerberos Authentication for EgoSecure Management Console

With this release, we have added support for Kerberos authentication when accessing the Admin Console. Administrators can now log in using their existing Kerberos credentials, enabling seamless single sign-on (SSO) and stronger integration with enterprise identity infrastructures. This enhancement improves security by relying on trusted authentication mechanisms and simplifies the login experience for administrators.  

Before you begin, please review the following information:

• Configure an EgoSecure administrator or super administrator based on an Active Directory account.
• Ensure to have enabled HTTPS server and connecting components to connect the Console via SSL.
• After launching the EgoSecure Management Console, ensure to have Use username and password in the login dialog unchecked.
• By default, authentication will be performed using the user who is logged in to the client and runs the EgoSecure Management Console.
• Clients must be able to obtain valid Kerberos tickets (TGT and Service Tickets) from the Key Distribution Center (KDC) to authenticate successfully.
• The Servers must be able to reach the KDC or relevant ticket validation service to verify incoming Kerberos tickets.

To activate and use the Kerberos login, please perform the following steps:

• Open the Registry on your Endpoint Data Protection server
• Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EgoSecureServer\Parameters
• Create a new DWORD (32-bit) value named AllowSSOAuthentication and set 0 as value.
• Create a new DWORD (32-bit) value named KerberosAuthenticationOn and set 1 as value.

New Option to remain Cryption Informer open 

In the new agent version, users with the Encryption tab enabled will see a new Cryption Informer tab. The Cryption Informer displays the progress of file and folder encryption or decryption tasks. Previously, the Cryption Informer would close automatically upon successful completion. With this update, users now have the option to keep the Cryption Informer open after a task completes successfully. This provides:

• Improved troubleshooting: Allows users to review completed tasks more easily.
• Enhanced accessibility: Supports users who require additional time or tools to interact with the application.

Option to Keep Cryption Informer Open	Aftr finishing tasks, the window remains open

Usability Improvements for Large Environments

In large-scale environments, administrators may face specific usability challenges when working with the console. With this release, we have introduced several improvements to streamline workflows, enhance responsiveness, and make managing extensive device landscapes more efficient. The key enhancements are the following: 

• Improved Device Database Dialog performance: We optimized the loading of large dropdown lists by reconfiguring redraw handling and memory management. In test scenarios with 50,000 entries, loading time decreased from 16 seconds to 4 seconds, with linear performance improvements expected for larger datasets.
• Optimized TreeView performance: The TreeView in the left panel, which is used for grouping, has been enhanced with on-demand loading. Instead of inserting very large collections at once, items are now loaded progressively. You can configure a registry key to define the maximum number of objects displayed before a More button is shown. This significantly improves performance when working with large environments. Add a new DWORD (32-bit) value named TreeViewLoadOnDemandCount under Computer\HKEY_CURRENT_USER\Software\EgoSecure\ManagementConsole\Settings and set a value higher than 0 to limit the desired number of items loaded by default. For example, with a value of 50, 50 entries will be displayed before the More button is shown. A value of 0 will disable the feature. 
• Improved Network Folder Encryption (NFE) list: We implemented a case-insensitive sorting of paths for NFE records. This means that upper and lower case letters are not distinguished anymore, ensuring consistent ordering and easier navigation. In addition, focus is maintained when notifications about changes in NFE trigger an automatic refresh of the view.
• Enhanced Search Usability: A new tab will allow to switch to a list view of the results, avoiding the current behavior of jumping directly to individual findings. This will make navigating search results more intuitive and efficient.

Additional Fixes and Improvements

• Improved Microsoft Graph integration: Added a simplified group query that no longer uses the expand attribute, reducing the required Graph API permissions when performance optimization is not enabled.
• Enhanced hybrid identity performance: Optimized user lookups for environments with hybrid Entra ID and on-premises Active Directory by adding an index for Alternate SID–based searches.
• Fixed synchronization error: Resolved an on-premises Active Directory sync issue where a “structured exception occurred” error was triggered by an incorrect iterator in ReadDSMembership.
• Subdomain User Synchronization Fix: Fixed an issue where users from subdomains were not synchronized when part of a main-domain group. Users are now correctly synchronized and receive the products and rights assigned to their groups.
• Mitigation of DLL Injection Risks: Strengthened agent executables to reduce potential DLL injection vulnerabilities
• Database Security: Improved password handling and hashing mechanisms used in Secure Audit and IntellAct for stored credentials to increase overall database security.