Resolved and Known Issues
This section lists the current resolved and known issues.
| Key ID | Description |
|---|---|
| NEO-19824 | Audit log — Incomplete entries for policy changes: Audit log entries for exception rules and classifier changes were missing details. All policy configuration changes are now fully recorded. |
| NEO-19778 | Cross-Site Request Forgery (CSRF) vulnerability remediated: A CSRF vulnerability identified in the authentication service, which could have allowed session tokens to be obtained by an attacker, has been addressed. Origin validation and CORS handling have been hardened. |
| NEO-19692 | Alerts — Rule Name filter returning incorrect results: The Rule Name column filter was performing a full-text search across all alert fields. It now correctly searches within the Rule Name field only. |
| NEO-19650 | Email notifications — DLP email notifications not sent consistently: DLP email notifications were intermittently failing to be delivered. Stability improvements to the underlying cache layer resolve this issue. |
| NEO-19645 | Endpoint notifications — OTA updates not notified in production: Over-the-Air update notifications were not reaching production tenants. Notifications are now reliably delivered. |
| NEO-19637 | When an email was sent to multiple recipients and one of them matched an exception, the rule action was taken (since it was the more restrictive action) but the associated email notification was not sent. Now, the email notification behavior is aligned with the action. |
| NEO-19618 | Cloud DLP portal was unstable after refresh. The issue was related to session expiry and was resolved. |
| NEO-19607 | Adding a custom Endpoint Application to an Application Group failed (the Endpoint Application was not added). Now, custom endpoint applications are associated with groups as expected. |
| NEO-19595 | Fixed an issue where endpoint downloads from the CSG portal were failing with a 404 error when triggered through the onboarding API. |
| NEO-19585 | Resolved an issue where some customers encountered an error when attempting to add or remove endpoint machines from an Endpoint Profile in the Cloud DLP portal. The operation now completes successfully. |
| NEO-19582 | Fixed an issue where an error occurred while adding an endpoint to a profile. |
| NEO-19566 | Resolved an issue where source inclusion and exclusion settings defined in a classifier were not being applied correctly for registered endpoints, causing policy rules to match incorrectly. Classifiers now evaluate source inclusions and exclusions as expected for all registered endpoints. |
| NEO-19557 | Fixed an issue where a customer was unable to save changes in endpoint management in DLP portal. |
| NEO-19522 | Resolved an issue where alerts were not reported when the alert payload exceeded the system size limit. To ensure reliable alert delivery, the amount of match data included in each alert is now capped when the number of matches exceeds 350. Alerts are now generated and reported regardless of match volume—if the number of matches exceeds the limit, the total number of matches is reported but information is provided for the first 350 matches only. |
| NEO-19483 | Resolved an issue where IoBs that are not supported by DSE were still visible in RAP. |
| NEO-19445 | Fixed an issue where the Cloud portal did not prevent the deletion of a classifier if there were exception rules that reference it. |
| NEO-19317 | Resolved multiple security vulnerabilities that could have allowed unauthorized disclosure of sensitive information or enabled user enumeration. These issues have been remediated to prevent potential exposure of user data. |
| NEO-19306 | Fixed an issue where the search functionality under the users tab was case-sensitive. |
| NEO-19282 | Fixed an issue where the classifier name was not updated within a DLP rule after the classifier name was changed. |
| NEO-19279 | Updated the date and time format used when exporting alerts to CSV. The new format allows exported data to be sorted chronologically by time without additional formatting, making it easier to analyze alert data in spreadsheet tools. |
| NEO-19277 | Fixed a bug in Policy Boolean Expressions that prevented the use of multiple left parentheses. |
| NEO-19275 | Fixed an issue where it was possible to edit synched users that should be treated as read only. |
| NEO-19274 | Fixed an issue where Policy Matching did not ignore deleted users. |
| NEO-19268 | Fixed and issue where the Cloud DLP Profile Settings were not saved properly. |
| NEO-19265 | Corrected the display of the matched rule in Alert Details, where the product name was incorrect and the policy name was missing. |
| NEO-19240 | Endpoint profiles — Error when adding or removing machines: Users encountered an error when modifying endpoint machines in a profile. Profile management now works as expected. |
| NEO-19238 | Fixed an issue where deleting an Exception rule was resulting in an error. |
| NEO-19234 | Fixed an issue where AWS Replication Service replicated the logs but not the alerts and events. |
| NEO-19233 | Compound classifiers that cannot be used independently were incorrectly shown in the classifier list. These classifiers are now hidden to prevent confusion. |
| NEO-19176 | Fixed an issue where clicking a DLP alert resulted in failure. |
| NEO-19123 | Addressed a failure that prevented policy deployment across multiple tenants. |
| NEO-19109 | Fixed a problem where some tenants did not manage to deploy policies. |
| NEO-19101 | Forensic file names were duplicated in email notifications. This issues is fixed now and the email notifications now display unique forensic file names without duplication. |
| NEO-19085 | Filtering in policy rule → source did not work when searching for sources to include or exclude. Fix: Source filtering now functions as expected when adding or removing sources in policy rules. |
| NEO-19063 | Exception rule did not match for a specific email. Fix: Exception rules now correctly apply to all relevant emails. |
| NEO-19062 | The same condition for a header inside a rule and inside an exception worked for the rule but did not work in the exception. |
| NEO-19029 | Fixed an issue where MIP Sensitivity Labels within email were not being detected. |
| NEO-18778 | Fixed an issue where it was not possible to add local users to a Business Unit. |
| NEO-18624 | Resolved misleading rule summaries caused by adding exclusions. |
| NEO-18623 | Fixed the Alert Activity Filter to display the correct list of values and allow filtering by rule. |
| NEO-18594 |
User enumeration via error messages resolved: Authentication error responses were disclosing information that could allow account enumeration. Error messages have been normalised. Internal file paths removed from error responses: Internal server paths were being exposed in error output. These have been removed from all responses. API documentation restricted to development environments: API documentation endpoints were publicly accessible. Access is now limited to development environments only. |
| NEO-18588 | Print Screen from an endpoint app was blocked even though the app’s setting was “Permit” or “Permit and Audit.” Fix: Print Screen actions now respect the configured app settings and are allowed when set to “Permit” or “Permit and Audit.” |
| NEO-18587 | Resolved a user interface crash that occurred when generating an alert related to “No Match” and attempting to unmask forensics data. |
| NEO-18545 | Fixed an issue where forensics metadata was missing in the alerts for F1A only tenants. |
| NEO-18544 | Notification email was sent for a rule despite an applicable exception. Fix: Exceptions are now correctly applied, preventing notifications when a rule should be excluded. |
| NEO-18536 | Corrected the match count displayed in the Classifiers section when multiple classifiers were triggered by the same rule. |
| NEO‑18520 | DPS resource resolver stability: Corrected an issue in the DPS resource resolver that occasionally caused errors during full resource updates. Resource updates now complete reliably. |
| NEO‑18490 | Profile distribution issue: Resolved a problem where profiles were not properly distributed when a custom endpoint application was configured to monitor screen capture. Profiles now propagate correctly in this scenario. |
| NEO‑18486 | Profile name length: Fixed a problem that prevented profiles with long names from being updated. Profiles can now be updated regardless of name length. |
| NEO-18482 | Fixed an issue where no alerts were displayed for complex classifiers since the classifier was reported as null. |
| NEO‑18414 | Addressed incorrect data shown in the Unique Value field by hiding it when Cloud DLP returns either total or unique match counts based on policy configuration. |
| NEO‑18389 | Resolved a problem where multiple file names were incorrectly displayed for the same transaction in alert details. |
| NEO-18374 | Fixed an issue where changes to referenced Endpoint Application Groups in Policy Elements did not trigger a profile update. |
| NEO-18370 | DLPaaS now supports local users for source-user-based policy criteria. |
| NEO-18330 | Incident CSV exports now include AM/PM time indicators |
| NEO-18317 | Agent downloads now function properly in Cloud WEB portal |
| NEO-18316 | Email Notifications | Incident link was in a format of a standalone tenant, even in case of a platform tenant |
| NEO-18273 | Email domain validation now accepts valid domain formats correctly |
| NEO-18248 | Forensic data now displays correctly when processing multiple simultaneous alerts |
| NEO-18199 | Cloud portal no longer incorrectly reports missing forensic data |
| NEO-17812 | Policy notification setting was disabled if the minimum number of matches was greater than one.Fix: Admins can now assign at least one template per rule, even when the minimum number of matches exceeds one. |
| NEO-17630 | Source is not populated properly in email notifications |
| NEO-17273 | Email address is displayed in the incident instead of the user full name |
| NEO-16859 | Agents can now be removed from deleted tenants |
| NEO-16580 | Email Settings: Certificate configurations now persist correctly after loading |
| NEO-16785 | File types can now be successfully removed from File Types Classifier lists. |
| NEO-16705 | Provided a tool to remove Endpoints when DLP tenant is unavailable or deleted. |
| NEO-16670 | Fixed an issue where Forensics and Incident Management were incorrectly unavailable for customers without endpoint DLP licenses, and resolved an SSO sign-in error message. |
| NEO-16650 | Removed unnecessary API calls causing errors when a specific license is missing. |
| NEO-16624 | Imported users can now be successfully removed by administrators. |
| NEO-16016 | Fixed an issue where forensics were not available for incidents that were caused by a rule that is already deleted. |
| NEO-16580 | Added visual confirmation when email settings certificates are successfully uploaded. |
| NEO-16072 | Incident Management Workflows: Resolved multiple issues related to the Status field, including missing CSV export data and user interface display problems. |
| NEO-14760 | Profile | General | Endpoint Connectivity to Forcepoint: Proxy settings changes affect all profiles, not just the current profile. |
| Key ID | Description |
|---|---|
| NEO‑18414 | Match count display: Cloud DLP now displays either the number of unique matches or the total number of matches, depending on the policy configuration. The displayed value aligns with whether the threshold is set by unique or total matches. |
| NEO-14509 | Profile Management change from Cloud to On-Premise requires endpoint restart to take effect. |
| NEO-14381 | If you work with multiple tenants, sign out of one tenant before accessing another. Closing the browser without signing out may cause log in issues when trying to sign to other tenants. |
| NEO-14165 | It is currently possible to download the evidence file. Downloading attachments separately is not supported yet. |
| NEO-14124 | Microsoft MIP setting is disabled until it is properly supported by the agent. |
| NEO-13158 | It is currently not possible to use OUs or Computers from the Active Directory as resources since the there is no manual import option and the API with the Active Directory is not available yet. |
| NEO-12931 | Some actions available in the email channel are supported only with the Heritage Forcepoint Web Security solution. If you use the Forcepoint Cloud Email, then only the "Permit" or "Quarantine" (block) actions are supported. |
| NEO-10643 | Mapping violation triggers to classifiers is currently not supported. Violation triggers are currently mapped to files and rules. |
| NEO-10589 | Investigation - Alerts: In case more than one rule is matched, the more severe action plan is taken (as required), but the severity displayed in the alerts screen is the severity of the lower severity matched rule. |
| NEO-9836 | Audit Log: When deleting multiple policies, only part of the required information about the changes is displayed in the audit log. |
| DLP-25904 | Classifier errors out when switching from SaaS to On-prem and On-prem to SaaS. |
| DLP-24200 | Classifier: When text that contains sensitive data is UTF encoded, the respective DLP Policy is not enforced. |
| DLP-23462 | Agent Install: After first reboot, the DLP service takes 25% of the CPU usage. The problem is resolved after the second reboot. |
| IP-611 | Forensic data is currently supported for DPS channels (Cloud Email, Online WEB, CASB). Forensic data is not currently supported for endpoint channels. |