New Features in Accops Workspace Windows Client version 7.1.0.1039
Vajra Secure Browser - Beta Feature
Accops Secure Browser Vajra is a new Data Leak Prevention (DLP) feature of the Accops Workspace client designed to protect sensitive business data found on hosted company web portals.
In a typical commercial browser, users can easily copy and paste data from web portals, run custom JavaScript, inspect and modify HTML, print web pages, and capture screen content. While these features can be convenient, they also create numerous security vulnerabilities, such as the potential for Denial of Service (DoS) attacks and SQL injection.
To safeguard a company's web resources from these vulnerabilities, the Workspace client offers the Secure Browser Vajra, which restricts or eliminates various DLP risk factors.
Vajra can be configured to disable screenshots, screen sharing, clipboard, printing, restrict access to developer tools, block right-click functionality, block URL modification, block download, and enforce a custom download directory.
Use Cases
-
Secure Remote Work for Employees: Employees working from home or other remote locations require secure access to enterprise web applications without jeopardizing sensitive corporate data.
-
Preventing Data Leakage and Mitigating Cybersecurity Risks: Enterprises aim to reduce cybersecurity risks by managing how employees interact with the web, especially when using applications that handle sensitive information.
-
Controlled Browsing to Enhance Employee Productivity: Enterprises want to restrict access to non-work-related websites and social media during work hours while ensuring that all work-related web browsing remains secure.
Supported Client platforms & Gateway compatibility
This feature is supported on the following client modes and types with HySecure Gateway 5.4 SP6 and HySecure Gateway versions 7.0 & above:
| Supported Client modes and OS | 5.4-SP2/5.4 SP5/ | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-demand client | No | No | No |
Gateway Configuration
Kindly reach out to the Accops support team for assistance with the Gateway Configuration.
Client Login
-
Install the Accops Workspace client that supports Vajra Browser on the user’s system.
-
Log in to the Workspace client.
-
Launch the web applications that are assigned to the users from the Workspace client’s launchpad.
-
The web applications will be launched on the Vajra browser.
-
Log out from the client and launch the web application via Vajra. It will get closed.
Known Behavior
The Vajra browser will apply only to web applications that are assigned to the users from the HySecure Gateway.
Known Limitations
| Bug ID | Description | Workaround/Solution |
|---|---|---|
| 49175 | The downloading symbol should be shown on the UI when downloading a file from the Vajra browser. | N/A |
| 50895 | Vajra is not launching in Kiosk mode. | Add vajra.exe to the exclusion list of Kiosk mode. |
| 50854 | CPU consumption is above 50% when 5GB of data is downloaded. | N/A |
| 50853 | A web application is not launching using Vajra when "App launch from HySecure only" is enabled from the gateway client profile. | N/A |
| 50660 | No support for Pre-login functionality (e.g., mobile token registration, self-service portal, etc.) on the Vajra browser. | N/A |
| 50066 | Japanese language support is not added to the Vajra browser. | N/A |
| 49730 | Web applications assigned to SO users are not supported through the Vajra browser. | N/A |
| 49713 | The Vajra browser is not launching on Windows 8 machines. | N/A |
| 48925 | Incognito mode is not supported in the Vajra browser. | N/A |
Troubleshooting
Collect the available logs from the following location:
- C:\Users\admin\AppData\Local\Temp\ACCOPS
Logs to collect are:
-
Uaclogs
-
securebrowser.log
Accops File Encryption (AFE) - Beta Feature
Accops File Encryption (AFE) is a Data Leak Prevention (DLP) feature for Accops Workspace clients, designed to protect sensitive files by encrypting them and ensuring that only authorized applications can access them during an active Workspace client session. Unauthorized applications will only see an encrypted version of the file, preventing data leakage or tampering. Once the session ends, even authorized apps can no longer access the file’s contents, enhancing security by safeguarding critical business data from unauthorized access or malicious software.
Use Cases
-
Corporate Data Protection: AFE is especially beneficial in environments where sensitive data, such as intellectual property, financial records, or employee information, is frequently accessed.
-
Remote Work Security: For companies allowing remote access, AFE ensures that critical files remain protected even on devices that may not be fully secure.
-
Compliance Needs: For industries with strict compliance requirements (e.g., healthcare, finance), AFE helps ensure that sensitive data remains safe from unauthorized access or leaks.
Supported Client platforms & Gateway compatibility
This feature is supported by client modes and types with HySecure Gateway version 5.4 sp6 and HySecure Gateway versions 7.0 and above.
| Supported Client modes and OS | 5.4-SP2/5.4 SP5/ | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| HyBrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-demand client | No | No | No |
Gateway Configuration
Kindly reach out to the Accops support team for assistance with the Gateway Configuration.
Client Login
-
Install the Accops Workspace client that supports AFE on the user’s system.
-
After installing the client, enable the AFE by modifying the registry entry located at HKCU\Software\Fortress\SecureVaultDesktop_enabled. Set the value to 1.
-
Log in to the Workspace client.
-
Create a file from the whitelisted application and extension; that file will become encrypted.
-
Now, try to decrypt/access the file with the whitelisted application and extension only; it will decrypt the file.
-
When a user tries to decrypt the file with a non-whitelisted application or extension, it will remain protected.
Known Behavior
-
AFE will not be applicable for already existing files.
-
AFE will not be applied if a file is created/downloaded when a user is logged out from the Secure Gateway.
-
The AFE feature will not be enabled if the registry key is not set on the user machine, even if the Gateway configuration is set.
-
It is not recommended to specify the * symbol in the process path and URL path in the afe.json file.
-
If the encryption key in the afe.json file is updated, older protected files will not be decryptable with the new key. It is advisable to avoid changing the encryption key.
Known Limitations
| Bug ID | Description | Workaround/Solution |
|---|---|---|
| 50402 | VSI Driver initialization fails at runtime due to missing DLL dependency on win11, win8, and server machines. | The user will need to download the DLL of Visual Studio VC++ 2013 manually. Link for downloading VC++ 2013 - https://www.microsoft.com/en-us/download/details.aspx?id=40784 |
| 50222 | If a protected file is being uploaded to a WL app through a WL URL, the file should be uploaded in a decrypted format. | N/A |
| 49023 | The Path mentioned in the folder path in the afe.json file should have the username in environment variable format. | N/A |
| 50856 | URL doesn't support a "*" symbol in an AFE rule file. | N/A |
| 50849 | When a hostname is entered along with a port number in the URL path, AFE is applied to the hostname only. It is not getting applied to server IP addresses | Add the server IP address with the port number in the URL path. |
| 50847 | Images with a .bmp extension are not supported for encryption via AFE. | N/A |
| 50706 | When an encrypted file that is more than 83 MB in size is accessed by the WordPad app (non-whitelisted app), then the WordPad app goes into the not-responding state. | N/A |
| 49240 | AFE is not supported for the Firefox browser. | N/A |
| 49239 | AFE is not supported for incognito mode. | N/A |
| 51900 | Files downloaded through WL URLs via Brave Browser or Incognito Mode of any browser are NOT supported. | N/A |
| 51899 | Protected file deletion fails during the Client session when AFE is configured. | File deletion works post-user session logout. |
Troubleshooting
Collect the following Driver and HySecure manager logs from the location:
-
C:\Windows\Temp\Accops
-
SeqEncItf_Logs
-
SeqreDesktopInterfaceLogs,
-
HySecure_ManagerSvc.log
-
Check UAC logs from the location:
- C:\Users\admin\AppData\Local\Temp\ACCOPS
AFE driver status can be checked by running the following command in the command prompt:
- sc query vfencdrv