
What's New in DeviceLock 6.2.1 (versus 6.2)

- Added support for Microsoft Windows Vista. Now DeviceLock Service and
  management consoles can be installed and used on Windows Vista. DeviceLock
  Service natively supports both platforms: 32-bit and 64-bit. DeviceLock
  management consoles are available only as 32-bit applications and can be
  used on 64-bit platforms in the emulation mode.

- To control Windows Mobile devices on Windows Vista, DeviceLock now supports
  Windows Mobile Device Center (WMDC).

- Added integration with TrueCrypt. TrueCrypt is free open-source disk
  encryption software. DeviceLock detects encrypted TrueCrypt disks (USB Flash
  Drives and other removable media) and applies special "encrypted" permissions
  to them. Using these "encrypted" permissions you can, for example, allow
  writing only to encrypted removable devices and deny writing to unencrypted
  media.

- Added real-time monitoring of DeviceLock Services across the network.
  DeviceLock Enterprise Server can now monitor remote computers in real-time,
  checking DeviceLock Service status (running or not), policy consistency and
  integrity.  The detailed information is written to the Monitoring log. Also,
  it is possible to define a master policy that can be automatically applied
  across selected remote computers in the event that their current policies
  are suspected to be out-of-date or damaged. 

- Now in DeviceLock management consoles it is possible to create a custom MSI
  package for DeviceLock Service. This feature allows administrators to create
  their own MSI packages and deploy DeviceLock Service instances across the
  network with predefined policies.

- DeviceLock Service now adds itself to the exception list of Windows Firewall
  on Windows XP/Server 2003/Vista.

- DeviceLock Enterprise Server can now extract files from shadowed CD/DVD
  images. When the "Unpack ISO images" parameter is enabled, all files are
  extracted from CD/DVD images upon delivery to the server and stored in the
  database separately (one record per file).

- Improved the data post-processing of CD/DVD burner shadowed files.

- Now DeviceLock Service and DeviceLock Enterprise Server are set to use
  specific TCP ports. These are 9132, 9133 and thereafter. If these ports are
  unavailable on the local computer, then other ports will be allocated
  dynamically.


What's New in DeviceLock 6.2 (versus 6.1.1)

- Added granular access control, auditing and shadowing for Windows Mobile
  devices. Now you can set permissions for different objects (files, contacts,
  e-mails, etc.) transferring from/to PDAs running Windows Mobile OS. Also, you
  can enable auditing and shadowing for files and other objects (contacts,
  e-mails, etc.) copying from the PCs to PDAs. All connection interfaces (USB,
  COM, IrDA, Bluetooth, WiFi) are supported. 

- Added integration with PGP Whole Disk Encryption. DeviceLock now can detect
  encrypted PGP disks (USB Flash Drives and other removable media) and apply
  special "encrypted" permissions to them. Using these "encrypted" permissions
  you can, for example, allow writing only to the encrypted removable devices
  and deny writing to the unencrypted media.

- Added integration with Lexar SAFE PSD encrypted flash drives. DeviceLock
  detects Lexar SAFE PSD drives and applies special "encrypted" permissions
  to them.

- Now DeviceLock can prevent PS/2 keyloggers from recording keystrokes.
  DeviceLock obfuscates PS/2 keyboard's input and forces PS/2 keyloggers to
  record some garbage instead of the real keystrokes.

- Added stream compression for audit logs and shadow data sending from
  DeviceLock Services to DeviceLock Enterprise Server. By enabling stream
  compression you can decrease the size of data transfers and thus reduce
  the network load.

- Now white-listed USB devices which have access control on both interface
  (port) and type levels can be allowed to bypass control on the type level.
  For example, by disabling the "Control as Type" flag for a USB flash drive
  that has been added to the USB Devices White List, you can bypass security
  checking on the Removable level. Also, this "Control as Type" flag is always
  disabled for devices authorized via a Temporary White List. This new feature
  allows you to avoid permissions conflicts (double control) for white-listed
  devices and simplifies defining access control policies.

- In DeviceLock Enterprise Manager, a new Set Service Settings plug-in is
  added, replacing the former Set Permissions/Auditing plug-in. Using this
  Set Service Settings plug-in you can apply DeviceLock Service parameters
  (including permissions, audit and shadowing rules, settings, etc.) to
  remote computers.

- Added a DeviceLock Service Settings Editor which allows you to create
  and modify all DeviceLock Service parameters (including permissions, audit
  and shadowing rules, settings, etc.) in an external file. Later this file
  can be loaded into DeviceLock Management Console and DeviceLock Group
  Policy Manager, used in the Set Service Settings plug-in of DeviceLock
  Enterprise Manager or signed using the DeviceLock Signing Tool.
  The DeviceLock Service Settings Editor is a snap-in for MMC and has the
  same interface as DeviceLock Management Console and DeviceLock Group Policy
  Manager.

- Changed the interface of Permissions and Audit & Shadowing dialogs. Now these
  dialogs support new permissions and audit and shadowing rules for Windows
  Mobile devices, encrypted PGP and Lexar SAFE PSD disks.

- In DeviceLock Management Console's audit and shadowing logs viewers,
  parameters in the filter dialogs can now be saved/loaded to/from the external
  files.

- Changed parameters for the silent setup. Now all DeviceLock Service settings,
  permissions, audit and shadowing rules can be defined in the external XML
  file and applied during the silent setup. To load an external XML file during
  the silent setup, specify the "SettingsFile" parameter.


What's New in DeviceLock 6.1.1 (versus 6.1)

- Build 9011: Fixed incompatibility issues with Guardant USB tokens,
  MS SoftGrid and Blackberry Desktop.

- DeviceLock Service now works on 64-bit platforms (Windows XP/2003).

- Changes in the remote installation routine. Management consoles can now
  install DeviceLock Service to 64-bit platforms.

- Added the new MSI package with 64-bit DeviceLock Service.

- Renamed parameters in Security Settings. "Enable access control for..."
  renamed to "Access control for...".


What's New in DeviceLock 6.1 (versus 6.0)

- Audit records can now be automatically collected from remote computers and
  centrally stored on DeviceLock Enterprise Server. This provides a level of
  security beyond using the standard Windows Event Log on every computer. Even
  users with local admin privileges can't edit, delete or otherwise tamper with
  audit logs set to transfer to DeviceLock Enterprise Server. 

- Now you can define what log should be used to store audit records. DeviceLock
  Service can write audit records to the standard Windows Event Log that stores
  locally and/or to its own protected log that sends to DeviceLock Enterprise
  Server for centralized storage. 

- DeviceLock can now detect hardware keyloggers. Hardware keyloggers are
  devices that record keystrokes. DeviceLock detects USB keyloggers and blocks
  keyboards connected to them.

- DeviceLock now supports Resultant Set of Policy (RSoP). Now you can use the
  standard Windows RSoP snap-in to view the DeviceLock policy currently being
  applied, as well as to predict what policy would be applied in a given
  situation.

- DeviceLock now supports traffic shaping, allowing you to define bandwidth
  limits for sending audit and shadow logs from DeviceLock Service to
  DeviceLock Enterprise Server. When the Quality of Service component is
  installed on a computer running DeviceLock Service, you can set three types
  of traffic priority: high, medium and low. Medium and low priorities reduce
  the network load.

- Now DeviceLock Service can choose the fastest available DeviceLock Enterprise
  Server from the list of servers. When the "Fast Servers First" parameter is
  enabled, all servers are divided into three groups depending on their network
  speed and preference is given to the fastest. If all of the fastest servers
  are unavailable, DeviceLock Service attempts to select a server from the
  group of next fastest servers and so on. If the "Fast Servers First"
  parameter is disabled, DeviceLock Service randomly selects a server from the
  list.

- A new access right for DeviceLock Administrators, "Change", has been added in
  DeviceLock Service and DeviceLock Enterprise Server. Users with this access
  right can change settings, install, and uninstall DeviceLock Service or
  DeviceLock Enterprise Server, but they can't add new users to the list of
  DeviceLock Administrators or change access rights for existing users in this
  list.

- DeviceLock Enterprise Server can now automatically cleanup logs (Audit,
  Shadow, Server) according to defined rules and in a way that avoids database
  overflow. 

- A read-only access right for tape devices has been added.

- Now you can enable audit for tape devices. 

- You can now export/import all DeviceLock Service parameters (including
  permissions, audit and shadowing rules, settings, etc.) to/from an external
  file from DeviceLock Management Console or DeviceLock Group Policy Manager.
  To avoid unauthorized modification this file can be signed with DeviceLock
  Certificate using the DeviceLock Signing Tool. Upon receiving this signed
  file, the user can import new settings using the DeviceLock applet from the
  Control Panel. This setup method is ideal when a user computer is not online
  and thus out-of-reach via management consoles. Moreover, using this
  export/import feature, DeviceLock Administrators can create and save a
  standard template and use it for applying settings to new computers.
                                          
- The DeviceLock Temporary White List Administration Tool is now a part of the
  DeviceLock Signing Tool. 

- The DeviceLock Temporary White List Authorization Tool is now a part of the
  DeviceLock applet. To use the Temporary White List feature, users should run
  the DeviceLock applet from Control Panel.


What's New in DeviceLock 6.0 (versus 5.73)

- DeviceLock now supports data shadowing - the ability to mirror all data
  copied to external storage devices (removable, floppy, DVD/CD-ROM) and
  transferred via COM and LPT ports. A full copy of the files and data is
  saved. Shadowing is an extended function of DeviceLock Audit and like
  auditing can be defined on a per-user basis.

- A new Media White List feature allows you to uniquely identify a specific
  DVD/CD-ROM disk by the data signature and authorize access to it, even when
  DeviceLock has otherwise blocked the DVD/CD-ROM drive. Any change to the
  content of the media will change the data signature, thus invalidating
  authorization. In this way, a white-listed disk cannot be used to introduce
  unwanted data to the network. A DeviceLock Media White List can be configured
  to grant access to a collection of approved DVD/CD-ROM disks by certain users
  and groups, so that only authorized users are able to use the approved
  information.

- DeviceLock Enterprise Server is added for centralized collecting and storing
  of shadow files. DeviceLock Enterprise Server uses MS SQL Server to store
  received data.

- DeviceLock Management Console (MMC snap-in) now includes a module for remote
  administration of DeviceLock Enterprise Server. Using this console, you can
  manage DeviceLock Service and administer DeviceLock Enterprise Server at the
  same time.

- For each DeviceLock Service you can now define the name of the DeviceLock
  Enterprise Server to which the service reports shadow files as soon as they
  arrive.

- In the Service Options dialog you can now set a disk quota for shadowed data,
  ensuring that the user's free disk space is not overburdened.

- Now you can view logged files using a built-in viewer on the Shadow Log
  Viewer dialog.

- Even deleted shadow data is now logged. When records are removed from the
  shadow data log, the binary data is deleting from the database but the
  information about these records is written to a Deleted Shadow Data Log and
  can be conveniently viewed from the DeviceLock Management Console.

- A special log for DeviceLock Enterprise Server writes its internal
  information, warnings and errors for convenient viewing from DeviceLock
  Management Console.

- A custom message can now be displayed when temporary access permission
  expires for devices that were authorized via Temporary White List.

- Now all DeviceLock components install via a single installation package -
  setup.exe. Using this package you can install DeviceLock Service, DeviceLock
  Enterprise Server, all management consoles, as well as documentation and
  help files. The setup_gp.exe packaged was removed.

- The user manual and help-files have been significantly updated to include
  information about all new features and for easier reference overall.


What's New in DeviceLock 5.73 (versus 5.72)

- Devices in the USB White List can now be assigned to users and groups. This
  allows you to have more granular control over which users have access to what
  USB devices on their computers. One user can be allowed to use a certain
  device, while another user can't use it on the same computer.

- Minor interface's changes.


What's New in DeviceLock 5.72 (versus 5.71)

- A new function, Temporary White List, has been added. Useful in exceptional
  situations, this function grants users temporary access to USB devices when
  there is no network connection. In use, DeviceLock administrators provide
  users with special access codes over the phone. These codes will unlock
  DeviceLock and enable temporary access to requested devices. Two new
  administration tools have also been added to support this function:
  "Temporary White List Administration Tool" and "Certificate Generation Tool".
  Also, the Control Panel applet "Temporary White List Authorization Tool"
  installs on computers running DeviceLock Service.

- Now you can define a discrete list of accounts that are able to administer
  (install, uninstall, modify permissions and other settings, etc.) DeviceLock.
  Even users with local administrator privileges can't disable DeviceLock
  Service or remove it from their computers, if they are not in this list of
  DeviceLock administrators.

- The USB White List now supports devices with unique serial numbers, so you
  can now allow access to a unique device and lock out all others, as long as
  the device vendor assigns serial numbers to its products individually.

- You can now define a custom message to be displayed to users when a denied
  attempt is made to plug in a USB or FireWire device.

- In DeviceLock Enterprise Manager you can now browse the LDAP tree and select
  computers for processing directly from directory services (such as MS Active
  Directory, Novell eDirectory, Open LDAP, etc.).

- The new interface for DeviceLock Group Policy Manager. Now it allows you to
  set parameters to the "not configured" state.

- Added the "Set Default" button on the "Audit" dialog. It allows you to add
  predefined accounts (Everyone and Users) to the auditing list.

- There is now the option to "Enable access control for FireWire storage
  devices" for situations when you want to lock all non-storage FireWire
  devices on the port level and control access to storage devices on the
  Removable type level.

- Using the context menu, you can add devices to the USB White List from the
  plug-in window "Report PnP Devices".


What's New in DeviceLock 5.71 (versus 5.7)

 - Build 85: In DeviceLock Enterprise Manager you can now select computers
   from Active Directory organizational units (OUs).

 - Build 85: Now permissions are working correctly for global groups.

 - Build 85: Fixed bug in the DeviceLock driver. This bug caused BSOD with
   some USB devices.

 - Build 85: Eliminated the memory leak in DeviceLock Service on
   Windows 2000 Professional computers.

 - Build 85: The minor bug in the "Report Permissions" function is fixed.

 - A new checkbox "Enable Individual Settings" is available in the
   "Set Permissions/Auditing" plug-in of DeviceLock Enterprise Manager for
   when you want to set different permissions and/or audit rules for different
   types of devices. 
  
 - Improvements in access control features for CD burners and non-storage USB
   devices. 

 - There is now the option to "Enable access control for virtual CD-ROMs" for
   situations when you want to lock CD-ROM drives, but allow user access to
   software-emulated CDs.

 - The new audit plug-in, "Report PnP Devices" creates a report showing all
   USB, FireWire and PCMCIA devices that are or were connected to computers
   in the network.  

 - The selection of audit types has been extended to include "Full Audit",
   "Audit Read" and "Audit Write" to provide greater flexibility and resource
   conservation.

 - Two new installation parameters have been added for unattended ("silent")
   setup: you can now define audit rules for devices and accounts with
   read-only access to devices in the devicelock.ini file; and you can disable
   the adding of administrators and SYSTEM accounts to a device's permissions
   list.

 - Support has been added for the recent Windows 2003 Server Service Pack 1

 - Other internal improvements.


What's New in DeviceLock 5.7 (versus 5.62)

 - Added the new function - Auditing. DeviceLock can audit user's activity for
   a particular device type. This capability allows you to audit activities
   that belong to a certain user or user group. DeviceLock employs the standard
   event logging subsystem and writes audit records to the Windows event log so
   they can be read using any event viewer software (such as EventViewer) as
   well as with DeviceLock's built-in Audit Log Viewer.

 - The new management tool is added. DeviceLock Enterprise Manager is a new
   generation of the "Batch Permissions" function available in DeviceLock
   Manager. Based on the multithreaded engine, it speeds up all activity -
   including installation/uninstallation of DeviceLock Service, setting
   permissions and reporting permissions - making it one of the most powerful
   management systems for large networks.

 - Now you can control DeviceLock via Group Policy in an Active Directory
   domain. DeviceLock Group Policy Manager allows you to manage DeviceLock
   settings and permissions via Group Policy as an alternative to installing
   DeviceLock Manager on the server.  You can deploy DeviceLock Service and its
   settings to the entire network using standard policy management tools
   because Group Policy is a built-in mechanism of Active Directory. DeviceLock
   Group Policy Manager ships as a separate tool so you need to obtain it from
   our website.

 - The read-only access type can be set directly for USB and FireWire ports.
   However, it affects storage devices only.

 - Now you can instruct DeviceLock to use a fixed TCP port for the RPC
   communication between DeviceLock Service and DeviceLock Manager, making it
   easier to configure a firewall. 


What's New in DeviceLock 5.62 (versus 5.61)

 - Added the MSI installation package for DeviceLock Service. Using Group Policy
   you can install DeviceLock Service on target computers in a AD domain.

 - Now external USB and FireWire hard drives are recognizing as removable
   devices instead of hard disks.

 - Added support for the USB 2.0 on Windows 2000 systems with Service Pack 4.

 - Fixed problems with the "USB\Unknown" device in the USB White List.

 - Fixed several problems with the network tree in DeviceLock Manager.


What's New in DeviceLock 5.61 (versus 5.6)

 - Improved support for USB Tokens.

 - Fixed several problems in the DeviceLock driver.


What's New in DeviceLock 5.6 (versus 5.53)

 - Added support for the USB "white list". The white list allows you to
   authorize only specific devices that will not be locked regardless of any
   other settings. 

 - Added the "Report Permissions" function that allows you to generate a report
   concerning the permissions that have been set. You can see which users are
   assigned for what device, which parameters in Security Settings are
   disabled, and what devices are on the USB White List on all the computers
   across your network.

 - Now DeviceLock is able to block CD/DVD burning programs (such as Roxio Easy
   Media Creator) which are using non-standard drivers.

 - Fixed problem with USB scanners.

 - Major internal and interface improvements.


What's New in DeviceLock 5.53 (versus 5.52)

 - Now DeviceLock is able to control CDs with the UDF file system.
 
 - Improved support of Windows XP Service Pack 2.

 - Now you can disable access control for serial modems and for USB storage
   devices.

 - Fixed several problems with the Bluetooth access control on Windows XP.


What's New in DeviceLock 5.52 (versus 5.51)

 - Now you can define the read-only access type for devices (floppy, removable,
   CD-ROM, hard disk) to allow the reading of files and directories.

 - Changes in the user manual and in the help-file.

 - Major internal improvements.


What's New in DeviceLock 5.51 (versus 5.5)

 - Now you can set permissions for WiFi (802.11) and Bluetooth adapters.

 - Added the Security Settings dialog, where you can define additional
   security parameters for USB and FireWire ports.

 - Now Setup protects DeviceLock Service by allowing only members of the
   Administrators group or the SYSTEM account to stop or delete the service.

 - Changes in the user manual and in the help-file.

 - An Italian version of the user manual is available for download.


What's New in DeviceLock 5.5 (versus 5.02)

 - DeviceLock now allows you to set permissions for USB, FireWire and infrared
   ports.

 - DeviceLock Manager does not try to enumerate all your network at once.
   Instead it enumerates only requested domains.

 - Solved conflicts with applications that extensively use COM and LPT ports.

 - During the Silent setup, you can specify the user or group that should be
   added to the permissions list for a device.

 - Better scalability for networks with thousands of computers.

 - Major internal improvements.

 - Changes in the interface.

 - Changes in the user manual and in the help-file.


                                         Copyright(c) 1997-2007 SmartLine Inc.
                                                          All rights reserved.
                        DeviceLock is a registered trademark of SmartLine Inc.