Client Proxy 4.9.0 Release Notes
This release Skyhigh Client Proxy no longer supports 32-bit Windows installer. This release supports UDP traffic based private applications on macOS and Windows, and granular network level access to TCP and UDP applications.
Release builds
- Windows - 4.9.0.103
- macOS - 4.9.0.115.2
NOTES:
SCP 4.9.0 does not include the Trellix ePO Extension; instead, use SCP 4.7.0.125.1.
Enhancements
Supported Windows Installer
From this release version of Skyhigh Client Proxy, there is support available only for 64-bit Windows installers.
Supports UDP Traffic for Private Applications
Client Proxy supports UDP traffic for private applications using Private Access on Windows. It supports UDP traffic-based applications such as RDP over UDP and streaming applications.
Configure Skyhigh Client Proxy to use UDP protocol: For details, see Skyhigh Private Access for UDP Based Applications.
IMPORTANT: Skyhigh supports UDP for Private Applications on macOS from SCP 4.9.1 release onwards.
Supports Granular Network Access for Private Applications
Skyhigh Client Proxy now supports secure and granular network access for Private Access. In addition to domain, wildcard entry in domains, IP Subnets allows you to publish multiple application(s) & network(s) as a private application, providing secure access to them. You can add multiple applications, networks, or a combination of both.
Supported Operating Systems
NOTE: Some Client Proxy features require specific minimum versions of the Trellix Agent. For information about the minimum compatible versions, see Compatible Versions of Trellix Agent.
Upgrade Considerations
When upgrading Client Proxy (macOS), see Upgrade Client Proxy to 4.6.0 and later to ensure a seamless experience.
Consider the following supported upgrade versions:
| Client Proxy version | Supported upgrade version |
|---|---|
| 4.5.x | 4.6.x, 4.7.0.x |
| 4.6.x | 4.7.x, 4.8.x |
| 4.7.x | 4.8.x, 4.9.x |
Resolved Issues
| Reference | Issue Description |
|---|---|
| MCP-5635 | Client Proxy now supports Cloud Firewall policy based on the Process criteria. It will redirect the traffic based on the selected options for the Process criteria: Allow or Block or Drop or Allow With Web Policy. (macOS only) Note: To apply Cloud Firewall policies for the Safari process, put the process name as Safari Networking. |
| MCP-5679 |
Updating DNS Cache information in macOS for every domain IP pairs by reading & monitoring /etc/hosts file. |
| MCP-5893 | Client Proxy now uses the currently logged in user name as the SAML login user ID for the SMB process created in the system space. (Windows only) |
| MCP-6123 | Client Proxy now supports DNS over TCP. DNS traffic primarily uses UDP for its speed and efficiency. However, TCP is used in specific scenarios where reliability, larger payload sizes, or network constraints necessitate it. (macOS only) |
| UFW-858 | The high CPU utilization is reduced and performance is improved in 2, 4, and 8-core CPU systems. (Windows only) |
Vulnerabilities Fixed
This Skyhigh Client Proxy release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.
The following medium CVEs (CVSS 3.1 >= 5.5) were involved:
| Reference | Description |
|---|---|
|
MCP-6107 |
This Skyhigh Client Proxy release addresses the below-mentioned medium severity vulnerabilities related to the Client Proxy bypass and uninstall process. (Windows only)
|
For more details on the vulnerabilities addressed as part of Skyhigh Client Proxy 4.9.0, see Vulnerabilities Fixed.
Known Issues
| Reference | Issue Description |
|---|---|
| MCP-6691 | Hostname based RDP over UDP applications are not working. |