Release Notes Endpoint Data Protection 25.0.1
About This Release
Endpoint Data Protection 25.0.1 provides new and improved features that have been implemented. During the development of this version, we have been focusing on valued feedback from our customers and partners to provide an ideal feature selection.
Visit the following playlists on the Matrix42 YouTube channel to get a short overview presentation of the major new features: English Video Playlist | German Video Playlist.
Build Information
- Download: Marketplace
- Initial Build Version: 25.0.1.0
Important Information
Before you start the update, please review the following information.
System Requirements and Deprecations
Over time, there have been changes to system requirements as well as deprecations of certain features. To ensure a smooth update process and avoid unexpected issues, we strongly recommend reviewing the Update Guide: Endpoint Data Protection beforehand. It provides an overview of both recent and historical changes that may impact your environment.
Retirement of Mobile Applications
We have officially discontinued our mobile applications EgoSecure Passwords and EgoSecure Encryption Anywhere for iOS/iPadOS and Android. These apps have not been available for new device installations for some time, and usage across existing environments has steadily declined. Based on this trend and evolving platform focus, we have decided to end support for the mobile offerings altogether. We recommend removing the apps from managed environments and transitioning to supported alternatives where applicable.
Graph API Permission Optimization for Entra ID Synchronization
As part of our continuous efforts to improve security and simplify configuration, we have reviewed the required Microsoft Graph API permissions for Entra ID (formerly Azure AD) synchronization. We’ve identified that Directory.Read.All provides all the necessary access for use with our product. As a result, broader permissions like Group.Read.All and User.ReadBasic.All are unnecessary and can be safely removed to minimize the permission footprint.
Registry Key for Entra ID Performance Optimization
In Endpoint Data Protection 24.0 Update 3, we introduced a significant performance improvement for synchronizations with Microsoft Entra ID (formerly Azure Active Directory). This optimization included the use of the expand parameter in Microsoft Graph API calls, resulting in drastically reduced synchronization times—especially in large environments. Starting with version 25.0.1, this optimization is disabled by default. To enable the optimization, create a new Key for the location and add a DWORD value with value data set to 1.
| Location | Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EgoSecureServer\Parameters\Entra |
|---|---|
| Type | DWORD (32-bit) Value |
| Value Name | UseMembershipOptimizationForEntraIDSync |
| Value Data | 1 |
New Features and Improvements
- Optional Deactivation of “Log in as Different User” Function
- Improved Active Directory Synchronization Performance
- Memory Leak Fixes in Agent Communication
Optional Deactivation of “Log in as Different User” Function
In response to customer feedback and growing security requirements—particularly in the context of compliance frameworks — we have introduced a new configuration option that allows administrators to disable the “Log in as different user” feature in the agent interface. When deactivated, this option is no longer visible to end users, helping to enforce stricter access controls and reduce potential misuse.
Improved Active Directory Synchronization Performance
We have significantly optimized the synchronization process with Active Directory. Synchronization now runs up to four times faster than before, resulting in noticeably reduced CPU and memory consumption—especially in large-scale environments. This enhancement ensures more efficient resource usage and faster data availability across the system.
Memory Leak Fixes in Agent Communication
We have resolved two memory leaks on the server side related to agent communication. One occurred during the retrieval of encryption rules, while the other was caused by general XML parsing and could affect any type of agent message. These fixes improve the overall stability and memory efficiency of the platform, particularly in environments with frequent agent interactions.
Additional Fixes and Improvements
- Updated Bitdefender SDK from 3.0.1.353 to 3.0.1.371
- Removed 32-bit installer configuration for FDE from Console
- Strengthened permission handling for administrative operations to align backend and UI restrictions
- Fixed an issue with the Generate a random password feature of the Password Manager
- Fixed an issue in the EgoSecure Agent that may cause a Blue Screen of Death when opening or copying files by improving how the driver handles missing context when reading trailer data.
- Fixed an issue in the Management Console where the Connect through a proxy setting was applied even when it was unchecked, but a proxy address was entered when using the Synchronize option from the Directory Service Settings menu.
Additional Information
- For details about system requirements, please refer to Software and hardware requirements.
- For details about installation and update setup, please refer to Installation and Update.