What’s New

Staffcop Enterprise 5.5 not only enhances system stability and performance but also introduces key new features and improvements to existing functionality.

New Features

Staffcop Server

Policies and Users Risk Management

You can now assign risk levels to policies associated to the Incident category. Based on triggered policy events, the system automatically calculates and displays the user’s risk level.

This feature allows you to:

  • Filter and search events by both policy and event risk levels.

  • Analyze data visually, categorized by risk levels.

  • View a user’s risk level in the summary card and employee profile.

  • Configure settings for calculating user risk levels.

  • Receive notifications when a user’s risk level increases due to policy violations.

Centralized Scanning and Tagging

In this release, we’ve introduced a new dashboard specifically designed for centralized file scanning.

  • Manage file scanning, analyze results, and apply file tags via a dashboard.

  • Filter and search data within computers and files.

  • Scan files on selected workstations.

  • Tag selected files for easy identification.

  • Available for Windows: manage file metadata to control file access.

Note

Centralized Scanning is a prototype of the upcoming Crawler component, which will require a separate license and won’t be included in the standard version of Staffcop Enterprise. In version 5.5, the prototype is available to all users.

Windows Agent: File Metadata

The new update passes files metadata to the server with the option to block access to specific files.

  • Scan office documents and receive file metadata on your server.

  • Filter and search documents based on metadata, with notifications.

  • Block access to files based on the Value category in the file metadata.

Windows Agent: Video Conference Call Time Tracking

The new update includes functionality to track user participation in video conference calls.

  • Record the time users spend in meetings.

  • Filter, search, and report user participation time in a video conference.

Windows Agent: Remote Desktop (RDP) and Shadow File Copies

All files transferred during a remote desktop session are now captured as Transferred File events.

Windows Agent: Command Line Control

The latest update enhances control over the command line by enabling you to:

  • Intercept commands and their output.

  • Capture scripts executed in the command line.

  • Intercept username and computer details when commands are run from a different account.

Other Features and Improvements

Staffcop Server

Screenshot Batch Player Improvements

We’ve added new features to improve navigation between events and screenshot packages, making it easier to analyze user activity and related events.

  • Navigate from events to the nearest image in the screenshot package directly from the Lens.

  • View detailed information about the user’s activity within the player.

  • Access a list of events related to the screenshot package directly in the player.

  • Use navigation and search features for events and activities.

Screenshot Packages Offline Player

A new feature allows you to install an offline player on your computer, enabling you to view downloaded screenshot packages without an internet connection.

Monitoring Exceptions

Added monitoring exceptions for files across all interception channels and screenshot packages, ensuring that only the most relevant files and events are being tracked, while others are safely ignored.

Agent Unique Identifier (HWID)

We’ve added two methods for assigning the HWID type to an agent:

  • Through the MSI file and Active Directory.

  • Via the command line during installation using the Remote Installation Utility.

Protecting Incidents from Deletion

Added automatic protection to keep incident files and events from being deleted, ensuring they stay intact for investigation.

Separate Events for Videos and Webcam Snapshots

Webcam videos are now captured under the Webcam Video event, separate from webcam snapshots.

Note

In earlier versions of Staffcop, webcam videos were recorded under the Webcam Snapshot event. If you’re using a new agent with an older server, video recordings will not be saved.

New Server Settings

New settings have been added to prevent server congestion during large data flows:

  • Channel width for recording online videos.

  • Channel width for receiving data from the agent.

We’ve also implemented parameters for calculating user risk levels:

  • Number of days for calculating the user’s risk level.

  • Maximum risk level allowed per day.

Switching Operating Systems in Configuration

Select your operating system, when configuring the module. The system will then display only the options that are compatible with the selected OS.

Administrator Rights

From now, you can set up event access rights for admin groups.

Expanded CSV Export for Computers

You can now include the last user’s data in the exported PC list.

Added Parameters to Syslog Connector Messages

The content of the Form Data event can now be sent through the Syslog connector.

Note

For example, when uploading files to the cloud, the agent registers a Form Data event. The Syslog connector then processes the event and sends the file data and other parameters as a message to SIEM for further analysis.

USB Manager Improvements

Available for for Windows and Linux agents. Shadow copies of files are now created automatically when files are moved from external storage devices.

Active Directory Synchronization

Available for Linux Agent. You can now update the profile of an Active Directory user by using the Additionally synchronize by user login button.

Agents

Windows: Expanded File Interception

You can now intercept files being uploaded to the cloud on Mail.ru.

Linux: Screenshots

We’ve improved screenshot functionality with these updates:

  • Added Special Control, which allows you to take screenshots at set intervals, even if the app window isn’t active.

  • Optimized screenshot sizes to use less memory.

Linux: Screenshot Packages

The functionality allows you to view screenshots in video mode instead of recording the screen, significantly reducing disk space usage.

macOS: Interception Channels

Added intercepts for:

  • Document printing

  • Data transmitted over the network

  • USB devices serial number