Fix-Note V4 Builds 808 EN (PX93178r808)



Fix-Note V4 Builds 808 EN (PX93178r808)
Fix Note 4.0 Builds 808
Prim'X Labs, Lyon, June 23, 2009,
Products concerned
This Fix-Note concerns all Prim’X products of the v4.0 range:
ZoneCentral, ZoneExpress, Zed, ZedMail,
In all their respective Editions.
All referenced upgrades/fixes are present in the later builds and versions.
The points concerning ‘ZedMail’ also concern ‘ZoneCentral Extended Edition’ (which contains ZedMail).
The points concerning ‘Zed’ also concern its Limited Edition, along with the products that incorporate it
(ZedMail, ZoneExpress, ZoneCentral).
Unless stated otherwise, the points cited concern both 32-bit and 64-bit versions.
Build 808 Fixes
June 23, 2009
The X12 module could retain its keys in memory despite going on standby
It could occur that the X12 keyfiles management module (activated with policy P111) would keep
the keys in memory despite entering sleep mode (standby or hibernate). This bug has been fixed.
This bug was only present in build 806 of version 4.0.
Concerns: ZoneCentral
Improved compatibility with Windows Seven Release Candidate
Prim’X products have not been certified 100%-compatible with this version of Windows Seven, but
compatibility has nonetheless been improved for the following points:
Tolerance to a bug that could trigger a system crash (BSOD): Windows Seven Release
Candidate presents a bug that prevents certain legal operations for drivers. This meant that
a blue screen (BSOD 0xBE) could be triggered at any moment. The behaviour of the
ZoneCentral driver has been modified in order to tolerate this system inconsistency.
The C:\Recovery folder is now no longer encrypted by the encryption wizard: this folder is
used by the system and does not contain any confidential information. It is therefore left
automatically unencrypted.
Seven RC
Concerns: ZoneCentral, ZoneExpress
Debugging Vista SP2
On a Vista SP2 system, it could occur with certain very specific applications that a file would be
partially corrupted following a write operation. Technically, this could occur when writing a large
volume of data at the end of the file on a highly loaded PC with an application working in
‘FileMapping’ (only known case: compilers/linkers).
Vista SP2
Concerns: ZoneCentral, ZoneExpress
A HelpDesk access may now be used even if it is not administrative
It was vital in the previous versions that a HelpDesk access also fulfilled an administrative role in
order to be able to generate temporary passes. This is no longer necessary, meaning that there is
the possibility of greater flexibility in the composition of the mandatory access lists.
Concerns: ZoneCentral, ZoneExpress
Addition of a ZedMail Options panel in Outlook
A ZedMail tab been added to the options of Outlook. This makes it possible to configure the user
preferences and display the installed version of ZedMail (or ZoneCentral Extended Edition).
Concerns: ZedMail
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Fix Note 4.0 Builds 808
The encryption of a zone on the network would take some time before being
acknowledged on the workstation
It could occur that the encryption of a folder on the network would only be acknowledged on the
workstation after a delay of several minutes. The folder would therefore continue to be displayed as
unencrypted in Explorer, which was inconvenient. This bug has been fixed.
Concerns: ZoneCentral
The use of recovery accesses could be wrongly refused for certain configurations
of policy P269
When policy P269 ("Opening using recovery keys") was configured with a domain user, the use of a
recovery access in this user's session could fail without good reason. This bug has been fixed.
Concerns: All products
ZedMail: the installation of the msi package in silent mode did not configure
ZedMail in MS Outlook™
Installation in silent mode (used by remote installation tools) did not save the ZedMail extension in
Outlook. The installation seemed to proceed correctly but ZedMail was not visible in Outlook. This
bug has been fixed.
Concerns: ZedMail
ZedMail: support for Outlook 2007 in SP2
The columns display in the messages window could be corrupted by ZedMail, and certain columns
could disappear. It would then be necessary to restore the columns manually or else restart Outlook
with the option /cleanview. ZedMail now perfectly supports Office SP2.
Concerns: ZedMail
Improved management of disk space problems during encryption
When encrypting on saturated disk spaces, ZoneCentral technical files of size 0 could continue to
remain present in folders. These files prevented encryption from being re-attempted, and they had
to be removed manually. This bug has been fixed.
Concerns: ZoneCentral, ZoneExpress
Modification of the user rights policy (P244) necessitated a reboot of the session
in certain cases
Passage from ‘Non-configured’ to ‘Activated’ status for policy P244 was not taken into account
dynamically by ZoneCentral. The user session had to be closed and reopened. This bug has been
Concerns: ZoneCentral, ZoneExpress
Incompatibility between policies P284 and P128: the old keys could no longer be
In personal access key mode (policy P128), the activation of policy P284 ("Do not propose zone
opening when my key is not an access") caused on-the-fly updating of zones to fail in the event of
user key renewal. On-the-fly updating consists in renewing user access to zones (in particular, on
the network) as and when they are discovered. This bug has been fixed.
Concerns: ZoneCentral, ZoneExpress
On 64-bit systems, the encryption wizard could fail when the P343 location was
On Windows 64 bits, when policy P343 ("Export ZoneMap") designated a write-protected location
(ACLs), the encryption wizard could suddenly fail at the end of the operation. This bug has been
Concerns: ZoneCentral, ZoneExpress
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Fix Note 4.0 Builds 808
Crashing of Explorer following a manual mandatory access list check operation
In an access list considered to be mandatory on the workstation, the "check mandatory accesses"
operation triggered the crashing of Windows Explorer. This bug has been fixed.
Concerns: ZoneCentral
Explorer crashes during zone access operations
Under rare circumstances (race condition), operations carried out in the ‘Access’ tab of the zone
properties in Windows Explorer could trigger the sudden crashing of Explorer. This bug has been
Concerns: ZoneCentral
Outlook displayed an error message when the code entry request was cancelled
in the X 12 module
When the X12 module was used in Outlook (for encryption or signature), the cancellation of the X12
code request window would trigger display in Outlook of a quite incomprehensible message. This is
no longer the case.
Concerns: ZoneCentral
ZedMail: many improvements and patches
The ZedMail product has undergone a large number of ergonomic improvements and minor bug
Concerns: ZedMail
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Fix Note 4.0 Builds 808
Build 806 Fixes
May 19, 2009
The user rights policy (P244) was sensitive to upper/lower case
When ZoneCentral determined if an operation was authorised or not, it was - incorrectly - sensitive
to the upper or lower case of characters in the configured file paths. This bug could therefore
generate unjustified prohibition of certain operations (although it could not, conversely, authorise
operations which would normally have been prohibited). The character-case in P244 is now ignored.
Concerns: ZoneCentral
New Zed v4 user guide
The user guide for the Zed product has been updated for version 4.0.
Concerns: Zed
Optimisation of ZoneBoard startup
The initialisation and display of the ZoneBoard application now runs more quickly.
Concerns: ZoneCentral
Modifying policy P244 no longer requires a session restart
Integration of changes to policy P244 (User rights) for operations accessible via Windows Explorer
now takes place instantaneously. Previously it was necessary to restart the session for them to be
taken into account.
Concerns: ZoneCentral
Improved management of DFS paths in the management of user rights (P244)
When a DFS symbolic path was configured in policy P244 (User rights), the operations on this same
folder via its physical path could be wrongly refused since no correlation was made between the
physical path and the DFS path. In this case it would be necessary to configure the physical path of
the folder.
DFS path rights are now correctly applied on the physical paths.
Concerns: ZoneCentral
Failure when importing policies in a blank GPO
In the GPOSign tool, importing a policies file in a GPO that had never had policies configured for a
Prim’X product threw up a ‘file not found’ error.
Concerns: all products
Refusal to format a portable device following an encryption proposal
With policy P150 enabled (proposal to encrypt a portable disk drive), an inserted portable disk
containing an encrypted zone could no longer be formatted or ejected via the Windows interface.
Concerns: ZoneCentral
On-the-fly updating of the user key in the zones could be refused by P244
In personal access key mode (policy P128), the updating of an obsolete key in an encrypted zone
was subject to the rights configured in policy P244. However, these rights should not be invoked for
updating a personal key. This meant that the update could be unjustly refused. This bug has been
Concerns: ZoneCentral
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Fix Note 4.0 Builds 808
Under Vista, the watermark of an encrypted container was not immediately
Under Vista, when a new encrypted container was initialised the watermark (standard or
customised) was not immediately displayed. The same applied when the image of an existing
container was changed. It was necessary to close and reopen the container for the new image to
Concerns: Zed
No updating of the personal access list on a portable device containing no zones
The automatic update function for the personal access list on a protected portable device was
inoperative when the device only contained an encrypted container and not a zone. The container
would then continue to use the old user access.
Concerns: ZoneCentral
Failure of on-the-fly updating of the user key for fileshares with very restrictive
In personal access key mode (policy P128), the on-the-fly updating of an obsolete key in an
encrypted zone would fail when the root network share had highly restrictive ACLs. This bug has
been fixed.
Concerns: ZoneCentral
Crashing of the zone management tool in certain cases of access list redundancy
An access list itself having an access with the option "administrative sub-accesses ignored" set
would trigger the crashing of the zones management tool. This crash could also occur with the other
access lists management tools.
Concerns: ZoneCentral
Incorrect encryption proposal in the case of a conflict with logical drives
In certain situations, a naming conflict in Windows between a network drive and a portable drive
could occur (preventing the portable drive from being correctly recognised by Windows and
displayed in Windows Explorer). In this case, the encryption window for portable disk drives could
propose to encrypt a network drive. This bug has been fixed.
Concerns: ZoneCentral
Failure to propose the encryption of a portable drive
In very rare situations (race condition), the insertion of a portable disk drive would not trigger an
encryption proposal.
Concerns: ZoneCentral
Restart of the zcu.exe component upon quitting extended standby
In very rare cases (race condition), quitting extended standby would cause a ZoneCentral
component to crash and reboot. An error message was then displayed. This bug has been fixed.
Concerns: ZoneCentral, ZoneExpress
Zed API: Zed opening failure with a .pfx keyfile under ZoneCentral RunTime
With ZoneCentral installed on the workstation, the opening by the API of an encrypted container
with a .pfx file would fail. This would only work with the Zed RunTime alone.
Concerns: Zed
ZoneCentral API: failure changing the attributes of a password access
When password type access attributes were changed via the API, this could fail when certain
attributes were indicated.
Concerns: ZoneCentral
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Fix Note 4.0 Builds 808
Fix Builds 804
6 Avril 2009
Compatibilité avec SharePoint sur Vista
L’ouverture pour modification de fichiers présents sur un site SharePoint échouait sur des postes
Vista. Les fichiers étaient alors ouverts en lecture seule. Tous les modes d’accès aux fichiers
SharePoint sont maintenant supportés.
Concerns: ZoneCentral
L’outil de signature de politiques autorise tous les supports de clés de signature,
quelles que soient les politiques
L’outil de signature GPOSign appliquait à tort les politiques de restriction des supports de clés (P103
à P105). Ces politiques, liées aux opérations de chiffrement, n’avaient pas lieu d’être appliquées
dans l’assistant de signature. Tous les supports sont maintenant toujours autorisés.
Concerns: All products
L’ouverture de fichiers d’un conteneur chiffré en lecture seule s’effectue
maintenant toujours en mode ‘Lecture’
Lorsqu’un zed était en lecture seule, l’ouverture d’un fichier pour modification était autorisée, alors
que le fichier ne pouvait pas être réintégré au conteneur. Désormais l’ouverture de fichier d’un zed
en lecture seule s’effectuera toujours en mode lecture, sans réintégration du fichier.
Concerns: Zed
API Zed : impossible de créer un conteneur chiffré sans accès obligatoires
La création d’un conteneur chiffré depuis l’API Zed échouait à tort si aucun accès obligatoire n’était
configuré dans la politique P131. Cette anomalie, qui était spécifique à la version 4.0 de Zed, a été
Concerns : Zed
Suppression de messages d’erreur inutiles lors de l’utilisation de conteneurs
Des messages d’erreur inutiles et perturbants pour l’utilisateur étaient affichés lors de certaines
opérations dans les conteneurs chiffrés, comme lors de la création d’un dossier déjà existant ou
lorsque ZoneCentral était en mode désactivé (politiques P6x). Ces messages ont été supprimés.
Concerns : Zed
Mauvais affichage de certains boutons dans ZoneBoard
Sur certains systèmes XP, les boutons de l’assistant d’ajout d’accès dans ZoneBoard avaient un
affichage altéré (au lieu de flèches). Cette anomalie a été corrigée.
Concerns : ZoneCentral
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Fix Note 4.0 Builds 808
Fix Builds 802
17 Mars 2009
Signature des drivers refusée sur Vista 64 bits
La clé de signature Authenticode utilisée dans le build 800 n’était pas approuvée pour la signature
de drivers sur Vista x64. En conséquence, le build 800 64 bits pouvait ne pas fonctionner sous Vista.
Concerns : Tous les produits
Il est maintenant possible en mode désactivé (politique P069) d’ouvrir les
conteneurs chiffrés
Pour rappel, les nouvelles politiques de désactivation (P061, P062 et P069) permettent de rendre
ZoneCentral partiellement inactif sur un poste de travail (il se contente juste d’interdire les
opérations dans les zones chiffrées). En mode désactivé, les conteneurs chiffrés sont maintenant
automatiquement utilisables de la même manière que l’édition limitée du produit Zed.
Concerns : ZoneCentral
Commandes liées aux politiques autorisées en mode désactivé
Pour des raisons pratiques, les outils en ligne de commande de modification et d’import de politiques
sont maintenant autorisés lorsque ZoneCentral est en mode désactivé, suite à la configuration des
politiques P061, P062 et P069.
Concerns : ZoneCentral
Affinage de la gestion des priorités pour la politique de droits utilisateurs (P244)
Le traitement des droits exprimés dans la politique P244 a été amélioré pour mieux gérer les
priorités lors de l’utilisation de wildchars * ou ?. Lorsque deux emplacements indiqués dans cette
politique correspondaient à l’emplacement vérifié, celui choisi n’était pas forcément celui désiré par
l’administrateur. La règle la plus précise est maintenant toujours choisie.
Concerns : ZoneCentral
Erreur ‘commande non autorisée’ lors du lancement de ‘ZCACmd Activate’
Lorsque la politique P244 (« Droits utilisateur ») était non configurée, la commande ZCACmd
Activate échouait systématiquement avec un message d’erreur du type « Commande non
autorisée ». Cette anomalie a été corrigée.
Concerns : ZoneCentral
Après la création d’une zone chiffrée depuis l’outil ZoneBoard, l’interface présentant les zones
auxquelles un utilisateur a accès pouvait être incomplète. Cette anomalie a été corrigée.
Concerns : ZoneCentral
En mode désactivé (politique P069), l’ouverture de session pouvait être lente
Sur un poste de travail désactivé par les politiques dédiées, la phase de login pouvait être allongée,
parfois de quelques minutes. Cette anomalie a été corrigée.
Concerns : ZoneCentral
Arrêt brutal du système après un retour de mise en veille sur un poste Vista
Il pouvait arriver que le système s’arrête brutalement sur des systèmes Vista après un retour de
mise en veille simple ou prolongée. Cette anomalie a été corrigée.
Concerns : ZoneCentral
Arrêt de l’assistant de chiffrement en présence de dossiers aux noms trop longs
Dans certains cas, l’assistant de chiffrement pouvait interrompre son travail de chiffrement en
présence de dossiers trop longs, au lieu d’avertir l’utilisateur et de continuer le traitement des autres
fichiers. Cette anomalie, rencontrée une seule fois, a été corrigée.
Concerns : ZoneCentral
Fix-Note V4 Builds 808 EN (PX93178r808).doc
Head Office: 10 place Charles Béraudier 69428 Lyon Cedex 03 - Tel.: +33 (0) - Fax: +33 (0)
Sales: 117 avenue Victor Hugo 92514 Boulogne Billancourt Cedex - Tel.: +33 (0) - [email protected]
© Prim'X Technologies 2009. Prim'X Technologies, ZoneCentral and Zed! are registered trademarks of Prim'X Technologies SA.
All the other cited brands are the registered trademarks of their respective owners - No reproduction allowed
La liste des appartenances d’un utilisateur dans ZoneBoard pouvait être erronée

Documents pareils