We’re excited to give you a look at what we’re bringing to you in our SSE v6.3.0 release! Please scroll down, below the upgrade schedule, to read about each feature. 

Upgrade Schedule 

The SSEv6.3.0 upgrade schedule is as follows: 

1. EU Prod: 23rd of March 2023 (scheduled upgrade hours 2:30am UTC - 12:30pm UTC) 
2. US GovCloud: 24th of March 2023 (scheduled upgrade hours 5:30pm UTC - 1:30am UTC on the 25th of March 2023) 
3. US Prod: 28th of March 2023 (scheduled upgrade hours 2:30am UTC – 12:30pm UTC) 

* SSE 6.3.0 Core & Cloud (SWG, PA, FWaaS, Reporting, RBI & UI) : 30th March 2023

Coming Soon in 6.3.0 

If you’d like to browse our early Release Notes, please bookmark this page.  

Skyhigh Data Protection  

Add Multiple Classifications to a DLP Policy 
Instead of needing to create a policy for each Classification you would like to use, you can now add multiple Classifications to a new DLP Policy. For details, see Create a Rule with Multiple Classifications. 
Improved Match Highlighting with Data Identifiers 
Skyhigh Security now provides the ability to match and highlight keywords in policies when paired with Data Identifiers.  
Clone Skyhigh Dictionaries and Advanced Patterns 
In 6.3.0, you will now be able to clone preconfigured Skyhigh Dictionaries and Advanced Pattern definitions. 
Classification Names Included in Incident API   
Classification names are now included as part of the information field in the external query Incident API. For details, see Incidents API Definitions.   

Skyhigh Secure Web Gateway (Cloud)    

Introducing SWG Web Policy Builder  

The SWG Web Policy Builder is a new user interface available to new customers that allows you to create and maintain your web policy. With the Web Policy Builder you can: 

• Configure rules and rule sets using Criteria, Operators, and Values.
• Create and manage custom rules with the Rule Builder. 
• Review current Web Policies and create new rules in Web Policy Code. 
• Migrate SWG On-Prem appliance Web Policies to SWG Cloud.  

At a later date, the Web Policy Builder will be available to existing customers with an upgrade that requires you to back up your current Web Policy configuration. Once you have upgraded to the new Web Policy Builder, you cannot revert to the old Web Policy view. 

Skyhigh Private Access  

RBI Policy Support for Clientless Access  

Enforce RBI policy on the applications configured for clientless access, so users can securely navigate to potential high-risk or sensitive websites in a remote browser. For information, see Configure Private Access Policy Rules. 

Automatic Policy Deployment on Android Devices using MDM 

You can now push the .OPG file  to the /Android/data/com.skyhigh.clientproxy/files/scppolicy.opg folder on the managed device and the policy file will be deployed automatically on the device. 

Device Posture Enhancements  

• Active Directory domain name —  Specify the domain or workgroup associated with the device. This field is applicable for both Windows and macOS. The device must be part of the Active Directory domain to pass the validation. 
• Process Validation   
  • Application Path —  Specify the process that runs on the device. Enter the process name and absolute path of the process. For example, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
• Additional checks — You can provide additional information such as certificate Distinguished name (DN) or signer Thumbprint, or  SHA-256 checksum values. For example, you can specify:  
  • Cert DN  — CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US 
  • Thumbprint — A4BAABD12432AB9C7C297385260E95C3DAE83BF2 
  • SHA 256 — CC8C41F1676864328DF5600B9895221983890FF1C3A44A951D29B7BEC3AA0AAE  

Skyhigh Cloud Firewall 

RBI Policy Support for Clientless Access   

Cloud Firewall is a cloud-based firewall solution intended to secure data and applications hosted on the Cloud. Skyhigh Security Service Edge SSE utilizes Cloud Firewall to aggregate traffic from various sources that employ differing security postures. Provides granular policy control to monitor all outbound network traffic and prevents unauthorized access. 

Unified Policy Implementation 

• Unified platform to enforce the Cloud Firewall policy across all traffic (including TCP, UDP, TLS, HTTPS, and ICMP), locations, and devices. 
• Apply policies in the Cloud, eliminating the need to route traffic back through network or datacenter. 
• Enforce several rules in a firewall policy at multiple layers - applications, location destination/ source IP addresses, source/ destination ports, users, IP addresses, and detected protocols. 
• Creating policies for processes adds the advantage of detecting and controlling process-based traffic such as Zoom or Teams traffic. 

Secure Web Traffic on Non-standard Ports 

• Detect and control evasive web traffic on non-web or non-standard ports 
• Gain visibility and control through protocol detection. 
• Prevents disguising traffic using standard ports for other protocols such as HTTPS or DNS. 

Traffic Segregation 

• Split and steer traffic by intelligently forwarding certain traffic through the Cloud Firewall and other traffic to the on-prem proxy. 
• Cloud Firewall operates with an existing SWG On-premise to relay outbound traffic in a corporate network when there is no direct internet access (no default route to redirect traffic and no external DNS). 

Visibility and Aggregated Data 

• Provides insights into the entire network with analytics and reports, which predicts trends, exposes potential bad behavior, and facilitates troubleshooting. 
• Manage and control aggregated data from Layer 7 to Layer 4 in the Cloud Firewall Dashboard. For example, you can monitor traffic from specific protocols, source to a destination host, and application-level traffic. 

Skyhigh Client Proxy 4.6.0 

Supports Skyhigh Cloud Firewall  

You can configure Client Proxy to support Cloud Firewall key capabilities, such as: 

• Performs a deeper level inspection of network traffic and protects against malicious traffic.  
• Enforces Cloud Firewall policy based on IP addresses, processes, ports, and domains to filter your network traffic. 

Logging Events in Human Readable Format 

The Client Proxy events like connectivity check failures, redirection errors, auto-policy-download failures, policy change, network change, captive portal check are now logged in a scp.loglog file in a human readable text. The log files are located in the C:\ProgramData\Skyhigh\SCP\Logs\Scp.log folder. This is supported only for Windows. 

User Group Header Validation 

Client Proxy running on Windows and macOS can now validate and log a failure message if the group header exceeds the maximum limit. The maximum header limit for the traffic redirection is 7186 bytes.  

Enforce Time-based Policy 

You can enforce a policy for a specific time range on both Windows and macOS systems. This means you can restrict web access during a particular period of the day to efficiently monitor and manage network resources. For example, you can block all social media sites for all users across the world during work hours (9 a.m. to 4 p.m.). 

Skyhigh Rebranding Changes 

• Uninstall SCP Command (macOS) - The usr/local/McAfee/uninstall MCP command is now rebranded to usr/local/McAfee/uninstall SCP. 
• Install SCP on macOS 11.0.1 and later - The McAfeeSystemExtensions dialog displayed while installing Client Proxy 4.6.0 and later is now rebranded to TrellixSystemExtensions. 
• User consent is required to install Client Proxy on macOS 11.0.1 and later. To allow extension to load: 
  • macOS below 13.0 - Go to System Settings > Security & Privacy > Allow 
  • macOS 13.0 and later - Go to System Settings > Privacy & Security > Allow 

macOS Silicon M1 Support 

Client Proxy now supports macOS system with a native M1 chip.  

View Key Information about Client Proxy on macOS 

You can now run the sudo /usr/local/McAfee/Scp/bin/scpcontrol.sh status command to view the following information about the Client Proxy software installed on the macOS systems: 
•    Policy Name 
•    Policy revision 
•    Policy Modified date 
•    Proxy Server 
•    Connectivity Status 
•    Alternate Proxy 
•    PA status 

VSCore for DNS Interception 

Replaced NTK drivers with VSCore for DNS interception to avoid network disruption while installing or uninstalling Client Proxy. 

Skyhigh CASB  

DLP Policy Wizard Rollout  

As of Skyhigh Security Cloud 6.3.0, the phased rollout will be complete and all customer tenants will be switched to use the new DLP Policy Wizard.  

Skyhigh CASB for Zoom Supports Secret Token for Webhook Validation 

Skyhigh CASB now supports Zoom’s additional security validation check to secure its API integration. Skyhigh CASB for Zoom uses a secret token, which allows users to validate Skyhigh CASB’s webhook URL to receive Zoom event notifications. You can copy this secret token while creating a custom OAuth application for Zoom or generate it from an existing custom OAuth application for Zoom. Use this token to enable API access for your Zoom instances in Skyhigh CASB. 

Secure Collaboration for SharePoint (Limited Availability) 

Skyhigh CASB for SharePoint secures user collaboration and allows security administrators to define DLP policies for detecting and removing external users from SharePoint sites. Skyhigh CASB identifies and removes external users, and their O365 groups from SharePoint sites. You can define the DLP policy for SharePoint in Skyhigh CASB. 

Custom Anomaly (Limited Availability) 

Custom Anomaly is a new anomaly type or category on the Anomaly Setting page (found under Incidents > Anomalies > Anomaly Settings) that enables users to create their own anomaly structure based on the risk parameters identified in the Sanctioned IT cloud service activities. You can define Custom Anomalies by configuring the rule with risk parameters such as activity type/category, activity count, location, source, source IP, user agent, device ID, and device. Constructing anomalies allows you to align with your organization's risk posture and raise an incident when anomalies are detected so that users can investigate and take necessary remediation action. Custom anomalies can be removed, activated, or deactivated. 

Unmatched Upload Page Redesign (Limited Availability) 

The redesigned Unmatched Upload page (found under Analytics > Unmatched Uploads) provides powerful search and filtering capabilities, along with detailed information on users responsible for unmatched uploads that can be exported to a CSV file. The Saved View can be created for your search query and dashboard cards can be added. In addition, the status of multiple unmatched uploads can be modified simultaneously, and the requested service URLs or IP addresses can be added to the Skyhigh Security Cloud Registry. Unmatched Uploads data is set at 100 days unless the Skyhigh SSE Data Retention option is purchased which extends the data retention for a full year.  

Logging Client 2.0.1 

The log pull request date was shifting to a random date unexpectedly in 2.0.0 and earlier versions of Logging Client. This behavior resulted in redundant requests, which increased the load on the database and duplicated the data entries on the customer side.  
This issue is fixed in Logging Client 2.0.1 version by validating the requested date before sending any request to forensic API from the Logging Client. 

Skyhigh CNAPP  

New Azure CIS v1.5 Policy Templates 

In this release, 8 new Azure Policy templates are added for the CIS v1.5 benchmark. CIS Benchmarks are based on technical configuration settings used to maintain and increase the security of the enterprise, especially when used in conjunction with other essential cyber hygiene tasks. For details, see Policy Templates for Azure.  

Improved Activities Page Performance 

Previously, all Activities page filter data was loaded immediately. This caused the page to load slowly. Now, only the Service Name filter is expanded by default. All other filters are expanded on demand to improve page performance. For details, see About Activities.  

Upcoming Reverse Proxy Releases 

• Skyhigh Security v6.3.0 Reverse Proxy PoC POP Release on US Prod : 4th April 2023 (04:30am UTC to 12:30pm UTC)
• Skyhigh Security v6.2.2 Reverse Proxy Prod PoP Release on US Prod: 11th April 2023 (04:30am UTC to 12:30pm UTC)