Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Client Proxy 4.9.0 Release Notes

This release Skyhigh Client Proxy no longer supports 32-bit Windows installer. This release supports UDP traffic based private applications on macOS and Windows, and granular network level access to TCP and UDP applications.

Release builds

  • Windows  -  4.9.0.103
  • macOS - 4.9.0.115.2

NOTES:

 

 SCP 4.9.0 does not include the Trellix ePO Extension; instead, use SCP 4.7.0.125.1.

Enhancements

Supported Windows Installer

From this release version of Skyhigh Client Proxy, there is support available only for 64-bit Windows installers.

Supports UDP Traffic for Private Applications

Client Proxy supports UDP traffic for private applications using Private Access on Windows. It supports UDP traffic-based applications such as RDP over UDP and streaming applications. 

Configure Skyhigh Client Proxy to use UDP protocol: For details, see Skyhigh Private Access for UDP Based Applications.

IMPORTANT: Skyhigh supports UDP for Private Applications on macOS from SCP 4.9.1 release onwards. 

Supports Granular Network Access for Private Applications

Skyhigh Client Proxy now supports secure and granular network access for Private Access. In addition to domain, wildcard entry in domains, IP Subnets allows you to publish multiple application(s) & network(s) as a private application, providing secure access to them. You can add multiple applications, networks, or a combination of both. 

6.6.6...png

Supported Operating Systems

NOTESome Client Proxy features require specific minimum versions of the Trellix Agent. For information about the minimum compatible versions, see Compatible Versions of Trellix Agent.

Upgrade Considerations

When upgrading Client Proxy (macOS), see Upgrade Client Proxy to 4.6.0 and later to ensure a seamless experience.

Consider the following supported upgrade versions:

Client Proxy version Supported upgrade version
4.5.x 4.6.x, 4.7.0.x
4.6.x 4.7.x, 4.8.x
4.7.x 4.8.x, 4.9.x

Resolved Issues

Reference Issue Description
MCP-5635 Client Proxy now supports Cloud Firewall policy based on the Process criteria. It will redirect the traffic based on the selected options for the Process criteria: Allow or Block or Drop or Allow With Web Policy. (macOS only)

Note: To apply Cloud Firewall policies for the Safari process, put the process name as Safari Networking.
MCP-5679

Updating DNS Cache information in macOS for every domain IP pairs by reading & monitoring /etc/hosts file.

MCP-5893 Client Proxy now uses the currently logged in user name as the SAML login user ID for the SMB process created in the system space. (Windows only)
MCP-6123 Client Proxy now supports DNS over TCP. DNS traffic primarily uses UDP for its speed and efficiency. However, TCP is used in specific scenarios where reliability, larger payload sizes, or network constraints necessitate it. (macOS only)
UFW-858 The high CPU utilization is reduced and performance is improved in 2, 4, and 8-core CPU systems.  (Windows only)

Vulnerabilities Fixed

This Skyhigh Client Proxy release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium CVEs (CVSS 3.1 >= 5.5) were involved:

Reference Description

MCP-6107

This Skyhigh Client Proxy release addresses the below-mentioned medium severity vulnerabilities related to the Client Proxy bypass and uninstall process. (Windows only)

  • CVE-2024-0311
  • CVE-2024-0312 
  • CVE-2024-0313 

For more details on the vulnerabilities addressed as part of Skyhigh Client Proxy 4.9.0, see Vulnerabilities Fixed. 

Known Issues

Reference Issue Description
MCP-6691 Hostname based RDP over UDP applications are not working. 

 

  • Was this article helpful?