ADAudit Plus Release Notes
Build 7102 (January 21, 2023)
- A bandwidth issue that occurred during data transmission between older agents (versions 7055 and earlier) and ADAudit Plus server has been fixed.
Build 7101 (January 12, 2023)
- An issue with the Service Account Auditing Scheduler in non-English editions of ADAudit Plus has been fixed.
Build 7100 (December 28, 2022)
- ADAudit Plus' mail server configuration now supports the more secure Modern authentication.
- The trust browser cookie for two-factor authentication has now been set as HttpOnly for enhanced security.
- An issue in resolving the name GUID of the WMI filter Objects for the reports under Advanced AD Objects report profile has been fixed.
- Technicians assigned the operator role will no longer be able to configure object-level auditing and the default domain controllers policy.
- The agent sync issue in build 7090 has been fixed.
- An XSS vulnerability in logon failure reports that was reported by Ryan has been fixed.
Build 7091 (December 14, 2022)
- Issue while archiving using 7zip being blocked in anti-virus environments has been handled
Build 7090 (December 06, 2022)
- Amazon FSx auditing: You can now audit file accesses, modifications, and deletions across your Amazon FSx Windows file systems.
- In the User Services report, you can now filter the services running on your computers based on the managed service accounts, local accounts, or other accounts that are used to run them.
- In NetApp auditing, you can now audit share permission changes and deletions.
- A new dashboard containing the graphical and summary view of the Azure AD reports has been introduced.
- New reports that let you track when a service starts, stops, or fails and monitor the startup type changes have been introduced.
- Event data from the processed folder is now processed faster than ever in the Database and DataEngine.
- ADAudit Plus now supports EMC Isilon version 9.4
- The Java version has been upgraded to ZuluJDK_8_0_322.
- The Tomcat version has been upgraded to 9.0.54.
- New options have been added to the Rebranding Settings to:
- enable or disable the PDF cover logo.
- enable or disable the logo in alert mail.
- An option has been added to exclude the events of users who are deleted from an OU from appearing in the OU-based custom reports.
- The self-signed certificate bundled along with ADAudit Plus now uses the more secure SHA-256 algorithm for encryption.
- An issue that prevented the DataEngine from starting has been fixed.
- A new notification has been introduced to notify when the DataEngine is restarting frequently.
- An issue with updating the custom query cache when creating an alert profile has been fixed.
- An issue that prevented the Caller Machine Name column from displaying the session recording link has been fixed.
- An issue with exporting the Print Job based reports in printer auditing has been fixed.
- The agent installation process that is interrupted due to ADAudit Plus server's unavailability will now resume once the server is available.
- A column mismatch issue in the RADIUS Logon Failure (NPS) and RADIUS Logon History (NPS) reports has been fixed.
- An issue that prevented account lockout events from displaying in the User Object History report in multi-domain environments has been fixed.
- An issue with applying the license for trial users and license-expired accounts has been fixed.
- When creating new technicians, the parent technicians can now delegate only the domains to which they have access.
- An issue with auditing Packaged app Rules under AppLocker settings in certain cases has been fixed.
- An issue with SAML-SSO IDP-initiated login giving a blank page for the first time has been fixed.
Build 7082 (November 01, 2022)
- Third-party requirement for NTLMv2 SSO: To enable NTLMv2 SSO for ManageEngine ADAudit Plus in builds 7082 and above, you have to manually download the Jespa JAR file and add it to ADAudit Plus' lib folder (\ManageEngine\ADAudit Plus\lib).
- The Apache Commons Text jar has been upgraded from version 1.8 to 1.10.0.
Build 7081 (October 28, 2022)
- An unauthenticated remote code execution vulnerability (CVE-2022-47966) reported by Khoadha of Viettel Cyber Security has been fixed.
Build 7080 (August 12, 2022)
- Azure Active Directory Domain Services (Azure AD DS) auditing: You can now audit logon activity and track changes to users, groups, computers, GPOs, and more across your Azure AD DS domains.
- New Risk Detection reports that provide insights into risky sign-in attempts to Azure AD have been introduced.
- New reports on Conditional Access Policy changes in Azure AD have been introduced.
- New Rebranding settings that let you customize the logos and icons in ADAudit Plus' user interface and exported reports have been introduced.
- You can now audit file accesses and permission changes across Huawei OceanStor Dorado All-Flash Storage and OceanStor Hybrid Flash Storage devices.
- A separate AdminSDHolder Permission Changes report has been added.
- A new alert profile has been added to detect ransomware attacks.
- A new alert profile has been added to notify when Windows is unable to write events to the security log.
- Azure AD auditing now supports the following cloud types when using Microsoft Azure AD Premium license:
- Azure GCC High Cloud
- Azure for US Government (DOD) Cloud
- Azure China Cloud
- Azure Germany Cloud
- Performance enhancements have been made for faster processing of permission change events.
- Performance enhancements have been made for faster event processing from Windows File Clusters and Synology NAS devices.
- An issue in resolving the response data for pointer records in the DNS Record Changes report has been fixed.
- An authentication issue that occurred when using the User Principal Name (UPN) in multi-domain environments has been fixed.
- An issue that prevented the default admin from deleting custom reports created by technicians has been fixed.
- An issue that prevented technicians from accessing scheduled reports from delegated domains has been fixed.
- An issue that caused EMC Isilon clusters to remain undeleted has been fixed.
Build 7065 (July 08, 2022)
- An admin-only SQL injection vulnerability reported by hir0ot has been fixed.
Build 7063 (June 28, 2022)
- An issue with GPO alerts not getting generated when ADAudit Plus is unable to resolve the objectGUID of a GPO has been fixed.
- An issue with error message not getting displayed when the EVTX file is not written has been fixed.
Build 7062 (May 17, 2022)
- When 2FA is enabled, the second factor of authentication can now be reset for the default Admin account if you have lost your authentication device or if you are unable to retrieve the authentication codes.
- ADSync settings can now be changed only by technicians with write access to the Domain Settings page.
- An issue with displaying scheduled reports with special characters in the file names has been fixed.
- In file share auditing, an issue with collecting events from mounted drives in agent mode has been fixed.
- When creating alert profiles, an issue that caused previously selected report profiles to disappear has been fixed.
- In Azure auditing, an issue with displaying MFA information when using Microsoft graph API has been fixed.
- Performance improvements have been made to NetApp C-mode event processing.
- A fix has been added to support EMC Isilon's change of syslog format in the latest versions.
- A fix has been added to support authentication in the latest EMC Isilon versions.
Build 7060 (March 30, 2022)
- Agent to server communication is now authenticated.
- UI alerts and email notifications have been introduced to force password change for the default Admin account after license application. (Note: For licensed users, Technicians will not be able to login until the default Admin password is changed.)
- Multiple alert profiles can now be copied in bulk across multiple domains.
- An unauthenticated remote code execution vulnerability (CVE-2022-28219) reported by Naveen Sunkavally at Horizon3.ai has been fixed.
- An issue that caused a delay in exporting reports has been fixed.
- An issue with filtering group names using underscore (_) in custom reports has been fixed.
- The timestamps in custom report charts now display the date and time instead of epoch time.
- In the aggregate search feature, an issue in retrieving logon summary data has been fixed.
- In scheduled reports, an issue that prevented charts from being exported when business hours is selected has been fixed.
- The user session recording frames collector issue has been fixed.
- An issue that caused newer credentials to get rejected during EMC Isilon configuration has been fixed.
Build 7055 (March 2022)
- Custom URLs can now be set for service providers while enabling SAML SSO.
- A privilege escalation vulnerability (CVE-2022-24978) reported by Sahil Dhar that allowed a low privileged user to access the plain text password of the integrated ADManager Plus login account has been fixed.
- Old Log4j jar files are now deleted automatically during the upgrade.
- The issue that prevented Logon and File Audit reports from displaying old data after upgrading to build 7054 has been fixed.
Build 7054 (February 2022)
- DataEngine, the data store of ADAudit Plus, can now query more than 2 billion records in a single search.
- An issue in the event collection status column of AlertMe reports has been fixed.
- A logon failure issue that occurred when a user configured in ADAudit Plus is part of multiple domains has been fixed.
- Agent service no longer stops due to RemCom unavailability when updating the agent.
Build 7053 (February 2022)
- Due to a bug event logs were repeatedly read from LDAP, DNS, System event logs. This caused sudden growth in disk space and duplicate alert issues. This has been fixed.
Build 7052 (January 2022)
- An issue in processing the Azure alert data has been fixed.
- The session recording process startup issue on the agent has been fixed.
Build 7051 (January 2022)
- The sync issues between the old agent and new server have been fixed.
- A few out-of-memory issues have been fixed.
- All configured file servers will now be added automatically for analysis by the DataSecurity Plus powered File Analysis functionality.
Build 7050 (December 2021)
- User Session Recording: Keep track of user actions using a video recording of the users' session for all Active Directory activities.
- A new File Analysis feature powered by DataSecurity Plus has been introduced.
- The old and new names of renamed files are now displayed for File server auditing, File cluster auditing, and File integrity monitoring.
- All Active Directory change activities are now reported with details about the computer from which they have been performed.
- Branch Office Direct Printing auditing is now supported.
- In Azure AD auditing, information about Client app and Applied conditional access policies is now available.
- Graphs have been added for Azure AD reports.
- Alert profiles can now be copied across domains.
- Alert processing has been improved by introducing an alert queue.
- Performance improvements have been made to the User Work Hours report to get more accurate readings.
- Performance improvements have been made to the UBA modelling engine to consume less system resources.
- The notification banners for audit policy alert and privileged domain user alert can now be hidden.
- Password policy has been introduced for technicians.
- Administrators can now reset technician passwords.
- Technician based personalization settings have been introduced.
- Agent and Server can securely communicate via a new port (8555).
- Agent can now be installed when automatically adding member servers and workstations in ADAudit Plus.
- Agent is now supported for Workgroup auditing.
- In the Automatic Configuration page, 'Run Now' option has been provided for server addition and removal.
- Shares can now be automatically removed from ADAudit Plus when they are deleted/unshared on the server.
- The event fetch mode can be changed to RealTime for all member servers and workstations simultaneously.
- The resultant audit policy can be viewed for domain controllers, member servers, and workstations.
- Real time and incremental syncing of Active Directory objects is now supported using ADSync.
- In NetApp auditing, server's volume information can now be fetched from the conf file.
- In Azure AD auditing, a new API which uses token based authentication has been introduced while configuring Azure AD via Office 365 account.
- In Azure AD auditing, MFA details are now supported via the beta version of Microsoft graph API.
- The log4net package has been upgraded to 2.0.12 (CVE-2018-1285).
- The vulnerable log4j v1.2.15 has been removed from this build.
- A parsing issue in importing event log files has been fixed.
- An issue that caused 'Member added to Local Administrator' to be shown under Group Management instead of Local Account Management before the server is promoted to Domain Controller has been fixed.
- In Azure AD auditing, an issue related to interrupted logons has been fixed.
- In Azure AD auditing, an issue related to access token expiry has been fixed.
- In Azure AD auditing, the certificate required for querying the Azure AD audit logs is now imported automatically.
- A parsing issue while auditing Synology NAS events has been fixed.
- An issue in fetching File cluster events in real time has been fixed.
- Two-Factor Authentication (2FA) enrollment notification has been added to notify when 2FA is not configured.
- The Alert view link configuration has been moved from the Modify Alert Profile page to Alert/Report Settings.
- A custom LDAP query will automatically run whenever a user, computer, group or an OU object is updated.
- When NAT device is down, agent to server communication automatically switches to the default agent port and protocol.
- Differentiation has been made between Active Directory and Azure AD search categories while saving a report with search criteria.
- In LDAP and PowerShell auditing, an issue related to event data duplication has been fixed.
- AMS license expiry details are now displayed.
Build 7008 (December 2021)
- Due to the recent Apache Log4j vulnerability (CVE-2021-44228), we have updated the Apache’s Log4j (used in ADAudit Plus in the bundled dependency) to the latest unaffected version in this release.
Build 7007 (November 2021)
- VBScript is now supported for alert script execution.
- A fix has been added to support EMC Isilon's change of syslog format in version 9.x.
- An error in configuring audit policies for DNS zones in some cases has been fixed.
- Changes to IPv4 addresses, IPv6 addresses and CNAME records are now available in the DNS record changes report under Advanced DNS reports.
- In Azure AD reports, Country, Latitude and Longitude columns now contain the relevant data.
- An issue in exporting DataEngine reports with charts has been fixed.
Build 7006 (October 2021)
- An RCE through unauthorized arbitrary file write vulnerability (CVE-2021-42847) reported by Moon has been fixed. Click here to know more.
Build 7005 (October 2021)
- A security issue in NTLM-based Single Sign-on has been fixed.
Build 7004 (September 2021)
- Security hardening has been performed on custom alert script execution.
Build 7003 (September 2021)
- Azure Active Directory (AD) can now be configured without configuring an on-premises AD domain.
- A few logon reports that were not moved to DataEngine in build 7000 have been moved.
- Member name column has been added under Group Management reports.
- Issue in PowerShell event parsing when script contains '\t' tab character has been fixed.
- Azure throttle error has been handled.
- Azure tenants that are not named onmicrosoft.com can also be configured now.
- Issue in actor name parsing under Azure reports has been fixed.
- Agent not communicating alert will now get suspended when a machine is deleted/disabled from AD or unconfigured from ADAudit Plus.
Build 7002 (August 2021)
- An SQL query exception in the Recently Enabled Users, Recently Disabled Users, and Recently Locked Out Users reports has been fixed.
- An issue while applying the license caused due to the presence of multiple versions of a jar file has been fixed.
- An issue in fetching events from NetApp, EMC, and Hitachi NAS servers has been fixed.
- A Blind SSRF vulnerability reported by Moon has been fixed.
Build 7000 (August 2021)
- User logon reports are now stored in the DataEngine for faster search and reporting.
- The ADAudit Plus agent can now connect with the server without using VPN over the internet by providing Fully Qualified Internet Hostname.
- You can now configure network address translation (NAT) device settings from ADAudit Plus' UI. NAT devices are used in agent to server communication.
- You can now receive email alerts when the disk space is low and when the product shuts down due to low disk space.
- Member severs, workstations, and domain controllers are automatically configured into the product when the agent is installed on the target machine to minimize manual configuration (non-persistent VDI, Azure Virtual Desktop).
- ADAudit Plus now supports the following remote and virtual desktop technologies through agent installation:
- Direct Access
- Persistent and non-persistent VDI
- Linked Clone and Full Clone VDI in VM
- Azure Virtual Desktop.
- In Account Logon report under Profile-based reports, the chart type has been changed from vertical bar (3D) chart to a time series graph.
- In File Audit reports, an issue in exporting the Folder Audit Setting Changes (SACL) report along with sub-reports has been fixed.
- A configuration has been added to automatically change the event fetch mode to real-time when the agent is installed manually.
- An issue related to configuration file corruption in the agent when the system drive is out of disk space has been fixed.
- High CPU utilization while excluding files or folders from File Audit/File Integrity Monitoring has been fixed.
- A query exception that occurred while viewing the All Users Activities and User Activities reports when logged in as a technician with delegated control over an OU has been fixed.
- 2k3 OS servers/Domain Controllers can now use WMI event fetch mode as legacy APIs are no longer supported with Windows' latest update.
- An issue that prevented the Computer Startup and Shutdown report from showing the Shutdown process name has been fixed.
- In reports, an issue while using underscore "_" in the search string has been fixed.
- The issue of an empty line appearing in xls while exporting a report with sub-report has been fixed.
- An issue with parent domain credentials getting rejected for printer auditing in a child domain has been fixed.
- An issue in updating the last read event time in the UI while reading the audit files from NetApp Cluster devices has been fixed.
Build 6077 (July 2021)
- Issue in refreshing the Summary View on the Dashboard has been fixed.
- Issue related to Azure event fetch getting stuck has been fixed.
- Issue in fetching Isilon event data on machines running the product in Chinese has been fixed.
- Issue in reading large number of files from Huawei OceanStor storage systems has been fixed.
- An account takeover vulnerability (CVE-2021-37927) during SAML login, reported by HaYiCle from E-CQ has been fixed.
Build 6076 (June 2021)
- A startup issue that occurs on upgrading to Build 6075 has been fixed.
- An issue that caused audited data to not be shown under Synology NAS reports has been fixed.
Build 6075 (June 2021)
- Advanced DNS Server auditing: Track DNS service status, scavenging activity, zone changes, record changes, configuration changes, and more.
- AD Replication auditing: Monitor the start and end time of replication; track replication changes, failures, and more.
- File Integrity Monitoring can now be implemented for workgroup servers added as member servers or workstations.
- Day based Logon Errors report provides a summary of all logon failures every day.
- Day based Logon Service report provides a summary of all logons daily.
- Issue in GPO Settings Changes report for Default Domain/Domain Controller Policies in case of multiple domains has been fixed.
- User Rights Assignment Changes report no longer shows unchanged values.
- Domain DNS name is now displayed for success events when two domains share the same flat name.
- Old and new value columns are no longer blank while exporting Custom Reports for User Attribute New and Old Value report.
- Issue in filter variables for Netlogon vulnerable Schannel Connection Audit report profile has been fixed in alerts.
- In Reports, issue in Advanced Search while using special character "_" has been fixed.
- In Schedule Reports, issue of wrong slash (/) in mail link has been fixed.
Build 6072 (May 2021)
- Issue with SAML authentication based single sign-on when User Principal Name is used has been fixed.
- Issues in Azure AD reports arising due to errors in parsing of Azure event data have been fixed.
Build 6071 (April 2021)
- Issue with event collection in RealTime mode has been fixed.
Build 6070 (March 2021)
- Audit file accesses and permission changes across Huawei OceanStor storage systems. Follow the steps in this guide to configure Huawei OceanStor auditing with ADAudit Plus.
- ADAudit Plus now uses digital code-signing to ensure the integrity of the software.
Build 6068 (February 2021)
- Issue in processing of Azure event data collected via Microsoft Graph API has been fixed.
Build 6067 (February 2021)
- Events in Azure AD can now be collected via the Microsoft Graph API, and users can choose to move to this mode from ADAudit Plus' UI.
- A query exception in the User Work Hours report has been fixed.
Build 6066 (January 2021)
- Work shift timings are taken into account while calculating User Work Hours, allowing for more accurate readings.
- Client machine name and client IP address are shown (when accessed via share) under File Integrity Monitoring reports.
- AlertMe notifications can now be sent as unzipped files.
- Issue in exporting aggregate reports for a custom period has been fixed.
- Issue in saving scheduled reports as zip files when mail is configured has been fixed.
- Issue in updating e-mail for alert profiles in bulk has been fixed.
Build 6062 (November 2020)
- All user activities can now be found in a single report, under Account Management.
- Audit and report on the use of Netlogon vulnerable Schannel connection by Windows devices.
Build 6061 (October 2020)
Build 6060 (October 2020)
- Single sign-on (SSO) to ADAudit Plus through NTLM or SAML authentication: Configure SSO to access ADAudit Plus using Okta, OneLogin, Ping Identity, Federation Servers, and other custom identity providers.
- Hitachi NAS devices auditing: Audit file accesses and permission changes across Hitachi NAS devices.
- Get more granular visibility into Azure Active Directory logon activity with newly added reports.
- ADAudit Plus audit data can be forwarded to multiple Syslog/SIEM, Splunk, and ArcSight servers simultaneously.
- The ADAudit Plus agent can be deployed on file servers which have the Domain Controller role enabled.
- Changes made to Custom Reports (matrix view) will get reflected when they are scheduled for delivery over email in the ZIP format.
- Alert Me notifications will no longer be generated for file shares which have been unconfigured (i.e., configured and later removed) in the product.
Build 6058 (September 2020)
- Issue in agent based event collection has been fixed.
Build 6057 (August 2020)
- Issue in GPO Setting Changes report has been fixed.
- Permission to access schedule reports and GPO setting values can now be granted to technicians.
Build 6056 (August 2020)
- Issue in User work Hours report has been fixed.
Build 6055 (July 2020)
- Server to agent communication has been updated to happen over HTTP. This ensures that agent service, property, and configuration sync details can be viewed under the Manage Agent tab without any hassles.
- Agent can now be managed from the Agent Settings tab located in the Admin page.
- Cloud directory can now be configured using Multi-Factor Authentication (MFA) enabled accounts.
- Replication issue in High Availability set-up.
- Stored XSS vulnerability in Business Hours and Technicians features.
- Duplication issue in Analytics reports.
- Issue in File Integrity Monitoring not working in systems running Japanese OS.
- Issue with scheduled reports (saved in one-level folders) not getting deleted.
- Issue with tabular columns in Time Series graph under Custom Reports not getting sorted.
- Issue with Display Name column in Custom Reports for User Management.
- Issue with privilege escalation alert getting triggered when a user exercises privileges over his own account (it will continue to get triggered when a user exercises privilege for the first time over any other account).
Build 6053 (May 2020)
- Vulnerability caused due to Apache Struts has been fixed (Apache Struts dependency has been removed from ADAudit Plus).
Build 6052 (May 2020)
- This release includes fixes for the unauthenticated change to integration system configuration vulnerability (CVE-2020-24786) reported by Florian Hauser.
Build 6050 (April 2020)
- Azure AD password protection auditing — Track successful and failed password set and password change activities.
- LDAP auditing now provides information on secure binds, unsecure binds, and binds which have been rejected because of errors.
- Performance improvements have been made on the Analytics module to consume less system resources.
- Shares configured for auditing will continue to get audited, even if their location is changed.
- Search option has been added to help select reports, under Schedule Reports.
- Multiple SMS recipients can be included in alert profiles.
- Alert link URL for an alert profile can be customized.
- The entire alert profile list as well as individual alert profiles can be exported.
- Refresh and filter options have been added to Restore Archive Events.
- Advanced GPO reports can be forwarded to any SIEM solution
- Old and new values of OU-level and domain-level permission changes can be forwarded to ArcSight.
- Analytics alerts will no longer get duplicated and will display the correct domain name.
- Program, Program(x86), and SystemRoot files will get configured by default, in File Integrity Monitoring.
- Special characters will get parsed in Synology NAS auditing.
- Under Alert Profile and Custom Reports filters, users and groups can be selected without any issues.
- Special characters can be used in passwords when migrating database to MSSQL server.
- Agent will collect data from a server even when only one among Server name, Server IP, or Server DNS is correct.
- Under Alert me, failure events can be configured for cloud directory events.
- Under User Created and Computer Created reports, changes to all User-Account-Control attribute values will get displayed.
- Add To Dashboard option will not be visible to technicians who do not have the privilege to view the Dashboard (Home).
- Under Archive Events, there will be no discrepancy between archive category size and audit data size.
- Changes to firewall GPO settings will be audited.
- Changes to security options settings (local security policies), newly added in 2012 R2, will be audited.
- Login failures will no longer occur in the domain where ADAudit Plus is installed, when user name is used in the UPN format under Domain settings.
- Technicians will no longer face login issues, when the domain flat name of configured AD and Azure AD domains is the same.
Build 6033 (March 2020)
- RCE (CVE-2020-11531) and authentication bypass ( CVE 2020-11532) vulnerability in ADAudit Plus DataEngine reported by Sahil Dhar (xen1thlabs) have been resolved.
Build 6032 (January 2020)
- Issue with viewing Windows file cluster audit reports has been fixed.
- Interrupted logons are now reported as Logon Failures in Azure AD auditing.
- In PowerShell auditing, issue with the parsing of certain scripts has been fixed.
- Events from the adfs/services/trust endpoint will no longer be excluded from ADFS audit reports.
- The Feedback icon has been made less intrusive.
Build 6031 (December 2019)
- DataEngine startup issue has been fixed.
Build 6030 (November 2019)
- Audit file access across Synology storage devices.
- Audit PowerShell script blocks and module loads.
- Enable two-factor authentication (2FA) for login to ADAudit Plus.
- Add/remove servers and workstations automatically in ADAudit Plus, as and when they are created/deleted in your domain.
- Configure servers, workstations, and shares in bulk; in ADAudit Plus.
- NetApp and EMC Permission Changes report to provide information on before and after values of permissions.
- Locked out users report to provide information on caller's IP address.
- User work hours report to take into consideration screensaver invoke and dismiss.
- Track denied access to Remote Desktop.
- The following alert profile templates have been added, enable them to notify when:
- A disabled user is enabled
- A login attempt is made by a disabled user
- The 'Password never expires' attribute is enabled for a user
- A user's account is locked out (the notification is sent directly to the end user in this case)
- Automatic upgrade of client-side agent.
- Security vulnerabilities such as path information getting disclosed, help doc click-jacking, and others have been fixed.
- Export issue with DataEngine and a host of other issues have been fixed.
Build 6010 (August 2019)
- Technicians in ADAudit Plus can now be granted OU-level delegation.
- Besides users of the groups which have access to ADAudit Plus, users who are in a nested group can also log in to the product now.
- MySQL/MS SQL to PostgreSQL product database migration is now supported.
- Option to view audit data of all domains in a single report has been added.
- Command line arguments used by a process can now be tracked.
- Option to configure an email alert when there is no communication from agent has been added.
- Alert and Custom Report filters have been enhanced for improved user experience (regex support has also been provided for alert filters).
- Column-wise summary has been added to each table under Archive Events.
- The following default alert profiles have been added:
- Group Membership Changes
- Folder Permission Changes on Sensitive Shares
- Logon Access On Executive Servers
- PII user attributes changed and
- User, Group, Computer Modifications under an OU
- Option to manually configure High Availability of ADAudit Plus has been added.
- Tomcat has been upgraded from version 8.5.27 to 8.5.32, to overcome security vulnerabilities.
- Time series graph bug under Custom Reports has been fixed.
Build 6003 (June 2019)
- TLS 1.2 support has been included.
- The option to restrict multiple login sessions from the same user to ADAudit Plus' web client.
- The issue with loading events to MySQL due to a delimiter error has been fixed.
- The issue with forwarding events containing Hebrew characters to ArcSight SIEM via TCP has been fixed.
- The OutOfMemory error due to truncation of agent-forwarded data has been fixed.
- The issue in parsing event log data containing non-English characters has been fixed.
Build 6002 (June 2019)
- File summary reports having duplicate columns issue has been fixed.
- Reports export failure with MS SQL installed on a Spanish OS has been fixed.
- The file server junction point/mount point auditing (via the agent) issue has been fixed.
- The agent service status can now be updated without domain admin privileges.
Build 6001 (May 2019)
- The issue with configuring variable-based email addresses in Alert Profiles has been fixed.
- The startup issue on machines running operating systems in Spanish has been fixed.
- The issue with the redundant increase in the number of utilized TCP ports has been fixed.
- Fixes made to the client-side agent:
- Installation and uninstallation confirmation dialog boxes have been added.
- Changes have been made to include the right date format while fetching event data.
- The buffer limit has been increased to allow parsing of large event messages.
Build 6000 (April 2019)
- Faster search and retrieval of file audit data with ADAudit Plus's all new DataEngine.
- Smoothen out log collection over WAN connections with the ability to deploy a client-side software agent.
- Get status reports and instant alerts on the current working state of ADAudit Plus to ensure round-the-clock availability.
- Copy alert profiles and scheduled report templates to quicken creating customized reports and alerts.
- Active Directory risk assessment reports have been added to Analytics.
- Track rename activity of user/computer/groups.
- Regex support has been provided for file exclude patterns.
- While creating email and SMS alert profiles, the mailing list can be set based on multiple variables (eg. caller username, SID, etc).
- New CSRF tokens are implemented for every user session.
- A custom LDAP query can now be added to filter data in custom reports.
- The issue with downloading XLSX files from the scheduled reports' directory listing has been fixed.
- All requests (including images, JS & CSS files) now pass through a security filter.
- The 'Add Objects' pop up in 'Alert Profiles' failed to list workstations, which has now been fixed.
- Ipv6 addresses can now be resolved to get machine names.
- Occurrences of missing printer audit data fields have been fixed.
Build 5120 (October 2018)
- Now forward Azure AD audit data to your SIEM solution.
- Define alert thresholds based on multiple event fields.
- Suppress emailing of redundant alerts.
- You can now save a custom LDAP query while choosing users/computer/OU/group in the alert filter, eg., Alert logon attempts for disabled users.
- Event fields can now be included in SMS alerts.
- Support for any AD object changes in custom reports.
- Support for multiple business hour configurations.
- The unauthenticated proxy server for Azure AD issue is fixed.
- While scheduling reports, 'Don't send empty report' checkbox is now included so that empty zip files are not sent.
- While configuring email address for an alert, 'Add more recipient' can be configured directly without providing an email.
- In custom reports, the exception while adding GPO and group management reports is fixed.
- Auditing changes to Azure AD has been updated to the new event format.
- Stack overflow DOS vulnerability in the 'Domain name' field while adding a new domain has been fixed. (Courtesy: Lucas Carmo, Real Labs)
Build 5110 (June 2018)
This build has implemented the following enhancements to comply with the General Data Protection Regulation (GDPR).
- Users will be prompted for consent while integrating with third party applications.
- Password protection for exported reports, database backup, and archived audit data ZIP files.
- Database access via command prompt or client tool is secured with a password.
- Report export actions are audited.
- Sensitive information such as email server and email addresses are masked in the User Interface.
- New GDPR compliance reports and alert templates are included.
- Permission to export reports can now be defined for technician roles.
Build 5100 (April 2018)
- Active Directory User behaviour analytics.
- ADFS 4.0 support.
- Forward logs to ArcSight - CEF format support.
- Alert and custom reports filter enhanced.
- SQL injection vulnerability in 'Aggregate Search' has been fixed (CVE-2018-10466).
- Protection against Clickjacking.
- Brute force login attempts are handled.
Build 5051 (December 2017) VIDEO
- Improved data collection performance for print servers.
- Alert e-mails now contain a link to the alert profile.
- Default setting for server audit is set to "all computer objects" for a simplified view.
- Support for Arabic characters while exporting to a PDF.
- Configure ADAudit Plus to collect data from Azure Active Directory via proxy credentials.
- Export issue pertaining to data fields containing "," in PostgreSQL is fixed
Build 5050 (October 2017)
- Azure AD Auditing
- User attendance - new report.
- LDAP authentication auditing.
- Workgroup servers can be audited now.
- A comprehensive search feature encompassing reports, help, configuration pages etc., (Video)
- LAPS - New report when passwords are viewed through the "attribute editor tab"
- ADFS auditing(OAuth support).
- User names now reported on AD activities using Exchange Admin Center(EAC)
- Advanced GPO alerts configured for "All GPOs" will not work for newly created GPO.
- Scripts does not gets triggered for GPO alerts.
Build 5040 (July 2017)
- Audit EMC Isilon.
- Execute scripts to customize alert response.
- Get reports on computer startup & shutdown.
- Analyze logon failures similar to analyzing account lockouts.
- Chart issue under 'Profile Based Reports' fixed.
- 'Profile Based Reports' visible for technicians also.
Build 5030 (Mar 2017)
- Forward logs to syslog or SIEM servers.
- Support for LDAP over SSL.
- Reports from archives can be exported to PDF/CSV.
- Audit Active Directory Lightweight Directory Services(ADLDS).
- Audit Local Administrator Password Solution(LAPS).
- Create custom alert profiles directly from reports with a single click.
- Export to PDF/CSV formats 10 times faster.
- In custom reports, time series chart supports monthly/yearly time periods.
Build 5020 (Dec 2016)
- Active Directory Federation Services [ADFS] Auditing.
- Elaborate disk information provided in "Admin" pages.
- "Jump To" delegate option for technicians handled.
Highlights of Previous Releases
Build 5010 (Nov 2016)
- Account Lockout Analyzer now analyzes OWA/ActiveSync for lockout reason.
- User idle time calculation [Beta]
- Support for home page charts on-demand refresh.
- Schedule Reports - "View Reports" link gets hidden on a particular date format.
Build 5000 (Aug 2016)
- Powerful Search, Reports on Archives.
- Advanced filters for Alerts (Courtesy: Darragh O'Shaughnessy, VHI Group Ltd.,).
- Terminal Gateway Server Audit added to Custom Reports.
- Advanced Search in reports.
- Copy Custom Report feature (Courtesy: Darragh O'Shaughnessy, VHI Group Ltd.,).
- Spanning multiple IE instances in the background during service start.
- Schedule reports - business hours issue.
Build 4693 (May 2016)
- Support for Remote Desktop Gateway Server audit
- Set default time period for every report
- License corruption - product converts itself to free edition
- Vulnerability fixes
Build 4691 (March 2016)
- Configure cross-domain technicians in ADAudit Plus.
- Create custom reports for File Integrity, Printer Auditing, Server audit categories etc.
- Bulk email configuration for alert profiles.
- Configuring username/password with special characters.
- Restore archive events page navigation issues.
Build 4690 (February 2016)
ADAudit Plus adds an improved Look and Feel with a new Flat user interface.
- Complete alert email customization.
- List archive files that contain data for date range while generating report.
- Custom reports - Share based filter issue - fixed.
- Roles associated with technicians can be deleted - fixed.
- Special character support - username/password in mail server settings.
Build 4685 (November 2015)
ADAudit Plus adds support for NetApp Cluster file auditing; securely monitor and report the authorized / unauthorized document access, file / folder structure changes, shares and access permissions.
- NetApp Cluster support - File Auditing
- Track NTLM events
- Last 'N' Period support for reports
- Customize Charts in reports
- Security fixes and enhancements
- Report on deleted files using "Shift+Del" in FIM
- Performance improvements
- Adding objects with special characters to Report Profiles
Build 4681 (August 2015)
ADAudit Plus introduces ´Technician delegation & auditing´ feature, which allows administrators to delegate roles and monitor their activities in the product. Also, ADAudit Plus enhances it's ´Consolidated Audit Trail´ feature, a search based real-time reporting for Active Directory objects [user, group (new) and computer (new)]. Type object name to instantly view the change summary and in a click drill-down for an in-depth analysis.
- Technician delegation and auditing
- Search object activities has been extended to groups and computers in addition to the existing user object
- Export option for aggregate reports now available for the whole dashboard and the object search window
- GPO & Advanced GPO zip creation fixed
- Excluding objects issue fixed in Configuration audit
- CSV & PDF export issue fixed in non-English versions
- SQL injection vulnerability in Alerts tab
- Quick Search fixed in few reports
- Search option above the Reports listing
- Popup issue through AD360
- Network share modified report issue
- In configure technicians via OU / Group, user removal from group / OU handled
- Handled domain names with special characters
- Fixed export report chart name alignment issue
Build 4671 (June 2015)
ADAudit Plus empowers Windows Server administrators with aggregated reports for Compliance & security; View the change summary of every activity in Active Directory and in a click drill-down for an in-depth analysis.
- Aggregate reports.
- Search activities based on username.
- 'Reset to Default Columns' option is now available for profile based reports too.
- Performance enhancements for faster report loading.
- Issues related to fetching user/computer/group moved report (MS SQL db) have been fixed.
- Issues related to GPO Link Changes report (MS SQL & MySQL) have been fixed.
Build 4662 (March 2015)
- File Auditing
- View IP or computer name from where the file was accessed.
- View the changed file / folder properties (SACL / DACL / General) from the reports.
- User names will now be displayed for events done across domains (SID info from Global Catalog).
- User names now reported on AD activities using Exchange Management Console (EMC).
- Separate reports for file move and file rename.
- Report File Creation via event logs (Optional, Default: Snapshot comparison).
- MS Office documents modification reported properly.
- Select all in add users / computers.
- User Object History report - All group activities involving users are now reported.
- "Domain Settings" page empty and "Domain Already exists" fixed.
- Enable disabled Servers for event collection after applying a valid license based on last event time.
Build 4661 (January 2015)
Announcing custom reports in ADAudit Plus, now create reports you desire in a few clicks. Choose from the pre-configured report categories and choose the sub-categories. Further, choose the columns and add filters if you further want to drill down information for precise data. Last but not the least, you could schedule the same to be periodically e-mailed.
- Create and manage custom reports.
- Track share activity in configured Member Servers / Domain Controllers.
- Reports filtered with a search query can be saved for a quick view.
- Improved product security.
- Configurable event collection mode - Real-time / Scheduled collection.
- Audit OU based user / computer / group creation.
- Issue while sending alerts when time zone is configured.
- Printer name with non-english characters can be configured.
- Issue while selecting all objects in report generation.
Build 4651 (October 2014)
Announcing real-time change auditing for Windows Active Directory, the new feature provides administrators with real-time email alerts and a live feed of alerts in the ADAudit Plus console, when critical and unauthorized changes are made to AD.
- Real time auditing for Active Directory.
- Audit reports for (users, groups, computers, OUs) which are moved.
- Report - User services (Know the configured services across computers with user names).
- Automatic audit policy configuration for trusted domain.
- Delete history of scheduled reports periodically.
Build 4650 (July 2014)
- Real time auditing for Domain Controllers [Optional].
- Windows Server 2012 R2 support added.
- Product crash error during event collection.
- Alert for Configuration Permission Changes - 2008 Servers.
- Move Containers/Contacts reporting.
- GPO User/Computer Configuration count mismatch.
- Share based reports - Files created report fix.
Build 4640 (May 2014)
Announcing EMC (VNX / VNXe / Celerra) file share auditing; now document changes to files and folders; Audit the access, shares and permissions. Export reports for security analysis and meet compliance audits.
- File auditing support for EMC Storage Servers.
- Improved UI for 'Import Evt/Evtx Logs'.
- Out of memory fix for file creation audit.
- Event collection error fixes :
- 7A - The data area passed to a system call is too small.
- 1734 - The array bounds are invalid.
- Cyrillic characters in events handled.
- Fixed automatic Server restart issue.
Build 4630 (March 2014)
- Import backup event logs (evt / evtx logs).
- User's first and last logon report.
- Who started process in computers report.
- Add Helpdesk Technicians via Group / OU.
- Ablility to export millions of data.
- Reports can be viewed in user chosen timezone (default - installed computer timezone).
- More date and time formats supported.
- Add cluster file server shares in custom report profile - file audit.
- Add printers in bulk - Printer Configuration.
- Duplicate monitor creation issue fixed.
Build 4623 (December 2013)
- A new methodology to fetch events.
- NetApp auditing will work even when the product is installed on non-English OS.
- New filter to show the exact 'file read' for NetApp auditing.
- Scrollbar on top of reports.
- Option in Schedule reports to send mail only 'when data is available'.
- Schedule reports show basic report information when empty reports are exported.
- Select Domains for 'Log on to' option in Login page.
- Custom period deletion.
- Added 'Time Stamp of Last Event' for Member Servers, File Servers, NetApp Filers & Workstations.
- Memory leak & bulk printer adding issue for Printer auditing.
- Reports view issue for IE7 compatibility view.
- Exclude users page load issue.
- Following abilities have been removed for Operator role: Add / remove Report graph to dashboard and remove custom reports.
- Threshold alerts issue.
Build 4621 (October 2013)
ADAudit Plus latest build 4621 with the addition of Removable Storage Auditing now also for Workstations. Next addition is the page navigation below the reports, alerts and configuration and a few other fixes to enhance your Windows network environment auditing!
- Include / exclude the sub-folders in File Audit.
- Removable storage auditing now available in Workstations also.
- Page navigation at the bottom of reports, alerts and configuration.
- 'Configure Policy' alert if Advanced Audit Policy is not configured.
- Product crash due to special characters in the printer name.
- Error while configuring printers in IE8 browser.
Build 4620 (September 2013)
- Advanced Audit Policy Configuration through Product Web User Interface.
- Issue with resolving Host name in ISATAP enabled Environment.
- Issues with Scheduled Report.
- Issue in sending emails in TLS enabled Environment.
- Account Lockout Analyzer:
- Local Logon failures from all Workstations will also be notified (No need to add workstations for monitoring).
Build 4611 (August 2013)
- Service Pack issue while upgrading to 4610.
- Issue while adding a new Alert Profile while associating with a newly created Report Profile.
- A harmless exception while adding the discovered DNS servers.
Build 4610 (August 2013)
- Postgres data folder pre-bundled - faster startup.
- Cumulative Reports.
- Quick Links for reports under Reports, File Audit & Server Audit Tab.
- Move-Rename NetApp.
- License expiry mail notification.
- OU Based User Selection.
- OU Mgmt & GPO Mgmt Under Administrative User Action Report.
- Interactive Logon Failures under Local Logon-Logoff Category.
- Report Tree UI Changes.
- Crash Issue in 32 bit installation fixed.
- Account Locked out Analyzer:
- Schedule Task: Issue fixed 2k3 server and Windows XP.
- Network map drive: Issue fixed.
Build 4600 (August 2013)
With 'Account Lockout Analyzer', ADAudit Plus now helps you get to the root of user account lockout scenarios. Also, user, time and volume based threshold alerts help identify the problem precisely.
- Account Lockout Analyzer.
- DNS Server Auditing.
- AD Schema & Configuration Auditing.
- Contacts & Container Auditing.
- Windows Server 2008 Password settings Auditing.
- Threshold based Alerts.
- Caller User based Alerts.
- Business / Non Business hours in Alerts / Reports.
- Permission Reports.
- User Terminal Services attributes audit.
- Option to select 'Group' in user reports.
- Alert if product not installed as service / Alert Me Not Configured.
- Search option for reports.
- Improved performance on all report queries.
- 'Default Report' feature when clicking 'Reports' tab.
- Linked GPO Objects in Advanced GPO Objects.
- Child Domain support with parent domain credentials.
- Option to choose chart while exporting report.
- Data migration: Multiple slash in shares to MS SQL Server.
- Unable to reset 'ADAudit Plus Authentication' User's Password under Technicians.
- Key issue due to table AUDStackedGraphQueryMapping while upgrading - MS SQL.
- Primary Key Issue in Builds 4540+ while upgrading - MS SQL.
Version 4.5.0 Build 4544
- File Audit Home page not loading properly in Build Nos: 4542 and 4543.
- Unable to Change ADAudit Plus 'admin' user password in Build No:4542.
- Unnecessary commas in CSV export.
Build 4541 (February 2013)
- Postgre SQL related fixes:
- Non-English OS product start issues.
- File creation report issue fixed.
- NetApp report issue fixed.
- Chart issue in export reports fixed.
Build 4540 (December 2012)
- File Integrity Monitoring.
- Postgre SQL support.
- Event log collection fixes:
- The event log file is corrupt.
- Invalid handle.
- A required privilege is not held by the client.
- Alert Profile update fix.
Build 4530 (November 2012)
- Audit Workstation Logon & Logoff Activity.
- Share & Folder based File Audit reports.
- Folder permission change reports carry old and new values.
- Charts are now exported in PDF and HTML report formats.
- Fixes have been completed for File Audit Reports.
Build 4520 (August 2012)
- Report and Email summary of daily changes.
- Advanced GPO Audit Alerts.
- 'Run Now' for Schedule Reports.
- Dashboard View Customization.
- Bulk Modification of Alert Profiles.
- Fixes have been completed for File Audit Reports.
Build 4510 (June 2012)
- File Rename, Move & Copy are also Audited Now.
- 'Run Now' for File Creation Scheduler.
- Email notifications even after disabling alert profile.
- View Report on the 'Comments Modifications' on ADs Settings of GPO.
Build 4500 (May 2012)
- Detailed Group Policy Settings Auditing.
- Audit Reports on All Group Policy Permission Changes.
- Scrutinize the complete attribute changes of users, groups, computers.
- Distinguish the New / Old value of Attribute changes for users, groups & computers+.
- Thorough OU Permission Changes with new and old permissions*.
- Exhaustive listing of User / Group / Computer Permission Changes with new and old permissions+.
- Support for MS SQLServer as backend database (Works with MS SQLServer 2005, 2008, 2008R2).
- GPO Link Changes Reports - Enhanced Reports encompassing the New / Old value of GPLinks.
- Export the Folder Permission Changes Report with changed permissions.
- Numerous Performance Improvements.
- MS Office File modification Issue.
- Occasional delay due to unresolved IP has been solved in logon events.
- Faster processing of event log data.
- 'Handle is Invalid' error in 2008 Server w.r.t Event Collection is fixed.
- Objects stored in cache for quicker processing.
+ Supported for Windows Server 2008 and above.
Version 4.1.0 Build 4141 (February 2012)
- NetApp Filer Support.
- Performance enhancements with respect to event log collection.
- Reduce size of database - option through web client.
- 'Period' selection in 'My Reports'.
Build 4140 (January 2012)
- Support for Non-English DCs, File Servers and Member Servers.
- Pre-defined reports with user inputs can be bookmarked.
- Reports are now categorized to help meet compliance under SOX, HIPAA, GLBA, PCI and FISMA.
- Product is now compatible with User Account Control (UAC).
- 'Archiving' and 'Event Cleanup' are now merged as 'Archive Events'.
- WMI Quota Violation error in Windows Server 2008 and R2.
View further back in ADAudit Plus 'Fixes & Enhancements' History >>