Secure GxP - Release Notes

Overview

Secure GxP 4.0.0 strengthens audit compliance, CRN-based governance, and policy management while improving system stability and performance.

This release introduces Machine Group audit logs, configurable CRN Tracking with mandatory enforcement, and CRN-based controlled Excel export. Policy handling has been refined with clear System-wide vs User-specific scope identification.

Key improvements include enhanced license enforcement, timezone accuracy fixes, standardized backup configuration, UI refinements, and performance optimizations.

⚠️ This version also includes audit logging optimization (Breaking Change), improving how policy activities are recorded for Machines and Machine Groups while maintaining full compliance traceability.

New Features

• ✅ SGXP-339: Policy Scope Refinement & System-Wide Identification
  Previously, all policies were System-wide. This has been refined so only four policies remain System-wide, while all other policies are now User-specific.
  A “System-Wide” badge is displayed on the Apply Policies (Machine/Group) page to clearly indicate system-wide policies.

• ✅ SGXP-272: Machine Group Audit Logs Implemented
  Introduced automatic, value-based audit logging for Machine Groups to ensure a complete and accurate change history.

  • Audit logs are created only when actual values change (no redundant or no-change entries).
  • Tracks key events including Machine Group creation and modification, associated machine changes, and policy add / remove / change operations.
  • Multiple related changes within a single operation generate one consolidated audit entry.
  • Audit history is displayed on the Machine Group Details page in a dedicated card with a server-side paginated table, sorted by latest activity.
  • Each audit entry records Event, Performed By, Timestamp, and Details (when available) to support full traceability and compliance.

• ✅ SGXP-98: Enable CRN Tracking Configuration & Audit Enforcement
  Introduced a configurable Enable CRN Tracking option in Application Configuration to control CRN-based audit logging.
  When enabled, CRN and Comment are mandatory for defined Machine, Machine Group, and Policy actions and are enforced via a blocking popup.
  Audit Logs now conditionally support CRN filtering and CRN column visibility, with no regression in existing activity logging.

• ✅ SGXP-334: Bulk Machine Import UI Standardization & CRN Enforcement
  Updated the Bulk Machine Import modal to align with the standardized import design used across other modules, including progress bar and structured status messaging.

  When CRN Tracking is enabled, CRN and Comment fields are mandatory before saving. Frontend and backend validations are enforced, and CRN details are logged for audit traceability.

• ✅ SGXP-335: Enable Excel Export for Audit Logs Based on CRN
  Added a controlled Excel export capability to the Audit Logs page, available only when CRN Tracking is enabled in Application Configuration.

  • The Export option is conditionally enabled based on the EnableCRNTracking configuration setting.
  • The Export button is hidden by default and becomes visible only after a valid CRN is entered and the Apply filter action is performed.
  • Clicking Export displays a SweetAlert confirmation dialog clearly indicating the CRN for which audit logs will be exported, ensuring transparency and traceability.
  • The exported Excel file includes only audit log records associated with the specified CRN.
  • Any additional applied filters (Date Range, Event Type, Machine/Group, User) are fully respected during export.
  • The Excel export contains only the following columns, in the specified order:
    • Event Type
    • Machine / Group
    • User
    • Timestamp
    • CRN

Improvements

• ⚙️ SGXP-280: Add "SendDeviationEmailTo" Multi-Select Dropdown in Application Configuration & Send Policy Deviation Emails
  Enhanced the Configuration page, specifically the Application Configuration section, to allow selecting multiple users to receive policy deviation emails.

  • Added a multi-select dropdown SendDeviationEmailTo.
  • Validation ensures emails are not null, properly formatted, and unique.
  • Selected emails are saved on add/update of application configuration.
  • Policy deviations now trigger email notifications to all configured recipients.
  • Emails include deviation details, rectification guide, and portal links.
  • A reusable HTML email template highlights Critical and Important deviations for clear visibility.

• ⚙️ SGXP-192: SweetAlert Icons Removed
  Default icons (success, warning, error, info) were removed from all SweetAlert popups to reduce UI clutter and improve clarity. All alerts now display text-only layouts with no visual or functional regressions.

• ⚙️ SGXP-314: Backup Frequency Helper Message Clarification
  Improved the Backup Frequency helper message on the Configuration page to clearly explain backup behavior.
  The UI now indicates that Daily backups perform a Full database backup on the first run followed by Incremental backups, while Weekly and Monthly schedules always perform Full database backups, helping administrators better understand backup execution without any backend changes.

• ⚙️ SGXP-337: Add User Filter on Audit Logs Page
  Enhanced the Audit Logs page by adding a User filter to improve audit traceability and investigation efficiency.
  Users can now filter audit logs by specific users.

• ⚙️ SGXP-336: Reset Filter Added to Audit Logs Page
  Added a Reset button on the Audit Logs page to clear all applied filters (Date Range, Event Type, Machine/Group, User, CRN) and reload all audit log records without page refresh.

• ⚙️ SGXP-359: License Expired Alert Banner Added
  Enhanced user awareness by displaying a prominent red license-expired alert banner on the Machine Manager and Registry Policies → Enforce Policies pages.
  The alert clearly shows the license expiry date and informs users about disabled machine operations and policy enforcement actions, ensuring better clarity when features are restricted.

• ⚙️ SGXP-364: OS Support Updated for Shutdown Control Policy
  Updated the supported operating systems for “Remove Shut Down, Restart, Sleep, and Hibernate” registry policy from ALL OS to Windows 10 and Windows 11, ensuring accurate OS enforcement.

• ⚙️ SGXP-386: Subscription Page Download Section Redesign & License Copy Enhancement
  Redesigned the Subscription → Download section to simplify installer distribution and improve usability.

  • Replaced OS-specific agent downloads with a single unified Agent Installer supporting Windows 7, 8, 10, and 11.
  • Added a dedicated Auto Updater ZIP with installation guidance for server updates.
  • Introduced a Windows 7 Prerequisites ZIP with a “Windows 7 Only” badge, including:
    • Platform Update (KB2670838)
    • Security Update (KB2813430)
    • Microsoft .NET Framework 4.6.2
  • Implemented modal-based patch and software detail views with accordion support for affected product information.
  • Added a License Copy button in the Subscription Information card with instant clipboard copy and confirmation message.
  • Improved UI consistency, spacing, and responsiveness while removing legacy OS-specific download tiles.

• ⚙️ SGXP-394: Notifications Page Enhancement
  Improved the Notifications page by adding a “Show Agent Notifications” toggle, keeping Agent Notifications hidden by default while allowing users to view them when enabled.
  Added a new HostName column to clearly display the associated machine for Policy Deviations, Machine Suspended events, machine-specific Report Generated notifications, and Agent Notifications.
  System-level notifications (e.g., Backup Completed) display blank when no machine is associated. Search, sorting, and pagination remain fully supported.

• ⚙️ SGXP-405: Refactor – Remove Unused Components & Optimize Performance
  Refactored the system by removing unused components and eliminating unnecessary database calls, resulting in improved performance and a cleaner overall architecture.

• ⚙️ SGXP-412: Default Backup Path Standardized & Editing Disabled
  Set the Backup Path in Configuration → Backup Configuration to the default value C:\inetpub\wwwroot\backup and made the field read-only. This prevents misconfiguration due to manual changes.

Removed

• 🗑️ SGXP-364: “Disable Power Button” Registry Policy Removed
  Removed the obsolete “Disable Power Button” registry policy from the system. The policy is no longer visible, assignable, or enforced.

Bug Fixes

• 🐞 SGXP-308: UserManager Page Access Restriction Fixed
  Resolved an issue where the UserManager page was accessible before completing the Configuration Setup, leading to runtime exceptions.
  Access control has been corrected so that the UserManager page is now only accessible to SuperAdmin and VendorAdmin users, and only after Configuration Setup is completed. Unauthorized users are now properly restricted or redirected.

• 🐞 SGXP-315: Suspend Action Visibility Fixed in Machine Manager
  Fixed an issue where the Suspend action was visible for all machines regardless of state.
  The Suspend option is now displayed only when a machine is in Active state (policies applied), preventing invalid actions for Ready, Pending Agent, state machines.

• 🐞 SGXP-316: Export Policies for Suspended Out-Network Machines Fixed
  Fixed an issue where policies could not be exported for suspended Out-Network machines.

  • Previously, when individual machine policies were applied to an Out-Network machine and the machine was suspended, it was no longer visible under Enforce Policies → Individual Machine.
  • Since only Ready or Active machines were listed, the policies.enc export option was unavailable, blocking offline enforcement and policy rollback workflows.

  Resolution:

  • The system now automatically generates and downloads the policies.enc file when an Out-Network machine is suspended from the Machine Manager.
  • This behavior works independently of machine state visibility on the Enforce Policies page.
  • No impact to existing workflows for In-Network or Active machines.

• 🐞 SGXP-317: Import Compliance Details Action Visibility Fixed for Out-Network Machines
  Fixed an inconsistency where the Import Compliance Details option was not visible for Out-Network machines in the Ready state after all policies were removed.

  • Previously, the option was available only when the machine was in Active state.
  • After policy removal, the machine transitioned to Ready, causing the action to disappear incorrectly.

  Resolution:

  • The Import Compliance Details option is now consistently available for Out-Network machines in both Ready and Active states.
  • Ensures uninterrupted compliance import workflows and a consistent user experience.
  • No regression for In-Network machines.

• 🐞 SGXP-269: Safe Machine–Group Association for Individually Policy-Applied Machines
  Refined the Machine Group association workflow to safely handle machines with existing individual policies.

  • Removed premature individual policy removal during machine–group association.
  • Individual policies are now removed only after the group is saved and the machine is successfully associated.
  • Prevents unintended policy loss when users exit or cancel without saving.
  • Logic simplified and aligned with database table refactoring, with no backend action triggered at confirmation time.

• 🐞 SGXP-340: Logout Exception Before Initial Configuration Fixed
  Fixed an issue where an exception occurred when users attempted to log out before completing the initial configuration. The logout flow now works correctly, allowing users to log out safely without any errors.

• 🐞 SGXP-346: Topbar License Expiry Day Count Fixed
  Fixed an off-by-one issue in the topbar license expiry badge that caused the license to be marked as expired one day early.

  • License day calculation is now accurate.
  • Displays “License expires today” when 1 day remains.
  • Shows “License expired” only after validity ends.

• 🐞 SGXP-353: Bulk Import UI Issue Fixed
  Fixed an issue where the Bulk Import popup did not close when existing or duplicate machine records were detected, causing background tables to overlap and UI inconsistency. The popup now closes correctly and duplicate/existing machine details are displayed clearly.

• 🐞 SGXP-352: Server Applied Time Double Conversion Fixed
  Fixed an issue where Server Applied Time was converted twice during group policy application and machine reactivation when the Application Configuration timezone differed from the Server/Local timezone.
  The Audit Machine Policies Report now consistently displays the correct Server Applied time without any additional timezone conversion.

• 🐞 SGXP-358: License Expiry Enforcement Fixed
  Fixed an issue where users could apply/export policies and suspend/activate machines even after license expiry.
  Restricted actions are now blocked, and a SweetAlert warning is displayed showing the license expiry date and renewal requirement.

• 🐞 SGXP-373: Server Applied Time Incorrectly Updated When Adding Machine to Existing Group
  Fixed an issue where the Server Applied Time was recalculated and updated when a machine was added to an existing Machine Group that already had policies applied.
  Previously, the timestamp was refreshed based on the selected Application Timezone, even though no new policy enforcement action occurred.
  The system now preserves the original policy application timestamp from the Machine Group, ensuring accurate audit history and compliance reporting.

• 🐞 SGXP-374: Server Applied Time Missing After Machine Removal from Group
  Fixed an issue where Server Applied Time was not displayed correctly after removing a machine from a Machine Group. The timestamp now accurately reflects the machine removal time in the Audit Machine Policies Report.

• 🐞 SGXP-279: App Restriction Entries Persist After Agent Reinstallation Fixed
  Fixed an issue on the Enforce Policies Page → Machine → App Restriction section where previously added App Restriction entries reappeared in an unselected state after agent reinstallation. App Restriction entries are now permanently deleted on agent uninstall and no longer appear unless explicitly re-added.

• 🐞 SGXP-380: Time Zone Configuration Synced with Server
  Fixed an issue where users could manually change the Time Zone on the Configuration page, causing inconsistencies with server time.
  The Time Zone field is now read-only and always syncs with the server time zone, ensuring accurate audit logs and reports.

• 🐞 SGXP-385: SMTP SSL Configuration & Email Delivery Stabilized
  Fixed an issue where email sending failed due to incorrect SSL configuration handling, resulting in SMTP handshake errors under secure configurations.

  • Corrected SSL mode handling using MailKit SecureSocketOptions.
  • Improved TLS negotiation and authentication handling.
  • Added structured logging for SMTP connection and delivery status.
  • Ensured proper resource disposal for stable and reliable email delivery.

• 🐞 SGXP-404: PowerShell Agent Install Temporarily Disabled
  The “Install Agent via PowerShell” button in Machine Manager → Generate Installation Key modal has been disabled as the feature is currently not working correctly in this release.
  The button remains visible but inactive and does not trigger any action.

  ⚠️ This functionality will be re-enabled in the next release.

• 🐞 SGXP-407: Alternate Policy File Path Invalid Format Validation Removed (Configuration Page)
  Removed the strict drive-letter format validation for Alternate Policy File Path in the Configuration Page → Agent Configuration section.
  The field remains mandatory, but no longer enforces Windows-specific path format validation. Any non-empty value is now accepted without triggering an invalid path error.

• 🐞 SGXP-408: Alternate Policy File Path Standardized & Installation Mismatch Fixed
  Fixed an issue where agent installation was using the Alternate Policy File Path value that was set just before the machine was added, instead of reflecting any later updates. This caused inconsistencies between the expected configuration and the registry entries on client machines.
  The field has now been made read-only, and a standardized default path is enforced across the system to ensure consistent agent installation behavior and uniform registry values on all machines.

Performance Enhancements

• ⚡ SGXP-361: Bulk Timezone Fetch Optimization
  Optimized bulk Create and Update operations by retrieving the Application Timezone once per operation, reducing redundant database calls and improving performance for large datasets. No functional impact.

Breaking Changes

• ⚙️ SGXP-313: Policy Audit Logging Optimized

  Improved how policy application and removal activities are recorded for Machines and Machine Groups.

  • Policy changes are now captured in a more compact and efficient audit format.
  • Reduces unnecessary system overhead when applying or updating multiple policies at once.
  • Audit history retrieval is faster and more reliable, especially for large environments.
  • Ensures a clear, consolidated audit trail for policy add, remove, and change operations.
  • No functional impact to existing workflows or user experience.

  This enhancement improves overall system performance and simplifies long-term maintenance while maintaining full audit accuracy and compliance.

© 2026 Origami IT Lab. All rights reserved.