Enterprise Recon 2.0.31

ER 2.0.31 Release Notes


For a complete list of all the changes in this release, see the Changelog below.

New Distributed Scanning Support

Distributed Scanning is now officially supported in this release of ER2. This revolutionary method steps away from the one-Target-one-Agent approach, allowing you to dispatch multiple Proxy Agents to scan a single Target or Target location. Distributed Scans are especially advantageous when scanning Targets with an immense number of locations. This could be an on-premise SharePoint Server with hundreds of content databases and thousands of site collections, a remote file share server with Petabytes of data, or your organization's Office 365 domain with thousands of mailboxes.

With the Distributed Scan feature, you will see a significant improvement in scanning time as multiple agents work together on a single endpoint. Besides that, resources which otherwise may not have been utilized are optimized as the scanning load is distributed across all Proxy Agents assigned to the scan schedule.

Distributed Scanning is currently supported for certain Targets. To find out more, see Distributed Scan.

New and Improved Data Types

Specific industries such as government and education have a low tolerance to the use of profanity, and it is therefore appropriate to monitor for the existence of profanity in written communications and across all business data stores. With the new Profanity (English) data type, organizations can search employee communications for profanity, racial and gender slurs as well as other generally inappropriate workplace language to maintain workplace safety and mitigate the organization’s exposure to legal liabilities.

Also introduced in this release is the New Zealand Passport Number data type to bolster existing personal identifiable information (PII) data types to help your organization comply with the New Zealand Privacy Act principles.

Healthcare data coverage for the United States has been improved with the addition of the new Medicare Beneficiary Identifier (MBI) data type. Under United States laws, this is a confidential data type and must be protected as PII in the same manner as a Social Security Number.

From ER 2.0.31, you can now search for user names and passwords separately across your organization to ensure unprotected credentials are not being stored in the clear. For improved performance and lower false positive rates, we now recommend the use of the new Credentials username and Credentials password data types instead of the existing Login credentials in future scan schedules.

The Hong Kong Identity Number check digit algorithm has been updated for improved coverage. Both United States Mailing Address and French Driving License Number data types have been enhanced for better accuracy, with additional updates made to enable French Driving License Numbers to be detected on the passport MRZ line.

The United States Telephone Number and Canadian Telephone Number data types have been upgraded to recognize new telephone number formats and additional telephone area codes used in the North American Numbering Plan (NANP). The Email addresses data type has been updated to identify valid email addresses from additional top-level domains.

ER2 Master Server Upgrade to CentOS 7

From ER 2.0.28, new installations of ER2 utilize CentOS 7, which features an updated kernel, improved security features and support for operating system patches and updates until June 2024.

If your existing Master Server installation is based on CentOS 6, Ground Labs strongly recommends that you upgrade to CentOS 7 promptly as CentOS 6 will reach end of life on November 30, 2020. The Ground Labs Support Team (support@groundlabs.com) is available to assist customers who wish to migrate their existing installations to CentOS 7.

Ground Labs will continue to support existing ER2 installations based on CentOS 6 until its end of life date on November 30, 2020.


What’s New?

  • New Data Types
    • Profanity (English).
    • New Zealand Passport Number.
    • Medicare Beneficiary Identifier.
    • Credentials username.
    • Credentials password.
  • Added:

    • Distributed Scanning is now officially supported in this release of ER2. This revolutionary method steps away from the one-Target-one-Agent approach, allowing you to dispatch multiple Proxy Agents to scan a single Target or Target location.


  • Improved Data Types:
    • Hong Kong Identity Number
    • United States Mailing Address
    • United States Telephone Number
    • Canadian Telephone Number
    • French Driving License Number
    • Email addresses
  • Improved Features:
    • The ER2 navigation menu is now collapsible, giving you a wider view to work with when performing tasks in the Web Console. The navigation menu is easily accessible from the top-left corner of the Web Console, and can be expanded or collapsed with just a click.
    • Remediation permissions have been fine-tuned in ER 2.0.31, enabling you to assign users with permissions to perform remedial actions that only mark locations for compliance reports (e.g. confirmed match, test data), only act directly on selected locations (e.g. masking, delete permanently), or both. This allows for more effective delegation of sensitive data remediation responsibilities across your organization.
    • You can now upload a Private Key in the "New Search" flow to use the SSH key-pair authentication method when scanning remote Targets via SSH. See Remote Access via SSH for more information.
    • Clearer messaging for errors related to probing Targets with unverified Agents.
    • Minor UI enhancements.

Bug Fixes

  • Incorrect number of "Unremediated Matches" was indicated in scan notification emails.
  • Scanning database tables with table names that contained the underscore "_" or percentage "%" character would result in the "SQL0206N <column name> is not valid in the context where it is used" error for certain database systems.
  • The list of inaccessible locations displayed in Target reports were incomplete when there were more than 10,000 inaccessible locations.

  • Column values in the Target details page would become misaligned if columns were resized in the Google Chrome browser when the zoom setting was below 100%.
  • The web UI would generate a failure and restart when adding a custom data type if a "Predefined" search rule was combined with the "Character" rule with the "Any" option selected.
  • In the Target details page, resized columns did not retain the new widths if any location was clicked to open the Match Inspector window.
  • Changes made to a user's login name does not get updated correctly on the Master Server.
  • Scanning a Windows DFS Target would result in the "ERROR_NETNAME_DELETED" error for all subsequent folders and files if the network share became unavailable during the scan.
  • Restarting the database service while scanning certain databases would result in the "SQL30081N A communication error has been detected" error and cause the scan to fail.
  • Scans did not resume but completed in error for Oracle database Targets if the Oracle database server was restarted during the scan pause window.
  • The Global Summary Report did not indicate the correct Bytes Scanned value.
  • Office 365 mailboxes for users with identical display names but different email addresses could not be correctly scanned.
  • The proxy Agent and credential set that was assigned to a Target would be removed if an associated recurring scan was modified, causing the scan to fail.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in ER 2.0.31:

  • Distributed Scanning is now officially supported in this release of ER2. This revolutionary method steps away from the one-Target-one-Agent approach, allowing you to dispatch multiple Proxy Agents to scan a single Target or Target location.

For a table of all features that require an Agent upgrade, see Agent Upgrade.