RSS Feed
Latest Updates
Shell Control Box 4.3.3 has been released
Posted by Emese Bonnyai on 2017 January 31 09:43

Dear Customers,


A new maintenance version of Shell Control Box (4 F3) has been released.

This release contains security and bugfixes compared to 4.3.2.

* SCB now strictly checks if you have a High Availability license when running SCB in High Availability mode. You cannot upgrade to 4.3.3 when using a single-node license in a HA environment. After upgrading to 4.3.3, an SCB node can be converted to HA only if a valid HA license is installed. (You can check your license at, or upload the 4.3.3 firmware and select Basic Settings > System > Firmwares > Test firmware ). Please, contact support if you perform the upgrade from version 4.0.6 or earlier. If you encounter any issues, contact the Balabit Support Team at

The release contains corrections of the following issues:


SCB-11382 Anomalies in concurrent-session counting
SCB-11380 SCB rejects RDP connections with usermapping policy having group restrictions
SCB-11294 Upgrading SCB fails if the PostrgreSQL database is corrupt
SCB-11176 RDP TSGW connections cannot be used with 4-eyes authorization
SCB-11141 ICA sessions are terminated
SCB-11087 Disk space fill up prevention does not work
SCB-10971 On T10 hardware sometimes generating a debug bundle fails because of a timeout
SCB-10933 SSH connections using ticketing integration could still pass even if the plugin could not be executed
SCB-10883 Unnecessarily long error message in the logs when an LDAP server is not available
SCB-10834 Uploaded AA plugins are not visible for non-admin users
SCB-10772 Inadequate log messages about SSH key exchange failures
SCB-10758 SCB restricts the characters in LDAP/AD group names
SCB-10755 "Invalid firmware slot" error message on the web interface after upgrade
SCB-10754 Upgrade from 4.2 result in a tainted boot firmware on the slave node
SCB-10594 Search in content results in SQL error when multiple archiving policies are used
SCB-10486 DRBD sync speed cannot be set before the first reboot after 'Convert to cluster'
SCB-10479 REST server responds with Internal Server Error (HTTP 500) when multiple users use it actively
SCB-10424 Unindexable trails included in the list of trails waiting for indexing
SCB-10262 Certain RDP connections terminate in licensing phase
SCB-10183 IndexerService terminates the Worker with the error message "Could not process audit trail chunk in time!"
SCB-10132 Certain CA certificates could cause various errors in the web GUI's operation
SCB-10026 Log message about firmware upload lacks version number
SCB-9989 Turkey dropped DST and switched to a permanent GMT+3 timezone
SCB-9817 Transferring files with non UTF-8 names by SCP or SFTP causes database failure
SCB-9814 Long SSH banners cause the connection to terminate when using keyboard-interactive authentication
SCB-9806 The PostgreSQL and SSH server services of SCB accept connections on every IPv6 address
SCB-9805 SQL error on the Search page if incorrect connectionId is specified
SCB-9776 PostgreSQL logrotate script does not work properly
SCB-9751 DRBD sync speed can be changed when it has no effect
SCB-9690 "Error decrypting data" message shown on the web interface
SCB-9676 RDP memory leak
SCB-9631 Lowering the indexer worker count lead to error messages in log
SCB-9547 Indexing ICA audit trails with high resolution used big amount of memory
SCB-9478 SCB sends a cron job failure e-mail every day
SCB-9401 Decoding the multi-monitor H264 video streams fails
SCB-9354 Non-ascii characters in window titles and commands caused an indexing failure in some cases
SCB-9222 The output of window title detection contains falsely recognized characters
SCB-8979 JobGenerator crashes if a record for an audit trail disappears from MetaDB during indexing
SCB-8874 SFTP protocol version 0-2 causes high memory usage, or crashes indexer services
SCB-8696 Unhandled exception error appears in the logs after completing the Welcome Wizard
SCB-7937 Misleading tooltip on the Connections > Access control > Subject field
SCB-6012 "invalid date" issues when replaying audit trails in the browser

For the current CVE fixes, see

The firmwares and other files of Shell Control Box are available at:


Best regards,


Balabit Support Team

Read more »

Shell Control Box 4.3.1 has been released
Posted by Gergely Csordás on 2016 June 20 10:36

Dear Customer,

A new maintenance version of Shell Control Box (4 F3) has been released.

Version 4 F3 has extended support time and will be supported for 6 months after SCB 5LTS is released.


SCB 4.3.1 contains improvements and new features, including:

  • A new plugin type (AA) to customize authentication in RDP, SSH and Telnet protocols
  • Resolving hostnames to IP addresses on the UI
  • New Azure Marketplace image with Azure File Storage (Samba share) support


The Audit Player (AP) indexing functionality is deprecated and will be removed from the next feature release (4F4). The Audit Player will still be available and supported for offline playback of audit trails.

Feature highlights

  • With the AA plugin you can enhance the authentication possibilities during inband gateway authentication in the RDP, SSH and Telnet protocols. Such plugins can be useful in various scenarios, for example, two-factor authentication, one-time password authentication, and in cases when extra user input is needed.
  • Hostnames can be used in IP address fields on the UI. In this case, hostnames are automatically resolved to IP addresses.
  • In Azure Marketplace, SCB comes with a 100Gb disk image, and Azure File Storage (Samba share) is supported for backup and archive purposes.

This release contains many security and bugfixes compared to 4.3.0.

The release contains corrections of the following issues:

For the current CVE fixes, see


For all other details, see the following documents:

What is new in Shell Control Box 4.3,
available at

How to upgrade to BalaBit Shell Control Box 4.3,
available at

Balabit Shell Control Box 4.3 Administrator Guide,
available at 



The firmwares and other files of Shell Control Box are available at: 


Best Regards,

BalaBit Support Team

Read more »

Support packages and Service Level Objective
Posted by Bonnyai Emese on 2016 March 03 15:17

Dear Customers,


I would like to inform you that Service Level Objectives (SLOs) belonging to the different support packages were modified in our General Terms and Conditions as well.

SLOs are counted when the status of a technical case is active namely Balabit Support Team works on it.


Please, find more description about SLOs on our website:


Kind regards,


Emese Bonnyai

Balabit Support

Read more »

Balabit Support General Terms and Conditions
Posted by Bonnyai Emese on 2016 February 25 10:57

Dear Customers!


Our General Terms and Conditions document has taken effect since 15th Feb, 2016.


Let me draw your attention to some of the changes you will meet while submitting a support case:

  • severity level Minor Impact has changed to Normal Impact
  • business hours changed to 8:00 - 17:00 (CET/CEST) on the Business Days
  • new item: Extended Business Hours (from 08:00 to 20:00 (CET/CEST) on Business Days)
  • Maximum number of contact people from partner removed

The GTC is available at:


Kind regards,


Emese Bonnyai

Balabit Support


Read more »

BalaBit Support General Terms and Conditions update
Posted by Kálmán Kővári on 2016 January 15 17:23

Dear Customers!


Our General Terms and Conditions document update has been released.

The new GTC is in effect from 15th Feb, 2016.


The changes since the previous release are listed below.

The new GTC is available at:


Kind regards,

BalaBit Support


Changes of BalaBit Support General Terms and Conditions between the version on 23/04/14 and the current one:


Date: Thu Jan 7 20:59:15 2016 +0100

Legal review results merged into GTC:

  • minor rephrasings of definitions
  • general phrasing update
  • removed section 'Miscellaneous provisions'

Date: Tue Nov 24 17:54:11 2015 +0100

added holidays in 2016

Date: Wed Sep 16 10:24:42 2015 +0200

added Blindspotter support package.

Date: Mon Feb 16 15:58:58 2015 +0100

Hungarian holidays in 2014 table has been removed.

Date: Mon Feb 16 14:13:18 2015 +0100

  • Every appearence of 'Support Agreement' has been changed to
    'Support Service Agreement'
  • The definition of customer have been referred to electronic licence key
    rather then balabit licence key.
  • The definition of EULA has been moved to its alphabetical place.
  • The definition of Maximum engineer hours has been refactored
  • The definition of Partner has been extended with distributor and reseller.
  • The patch expression has been changed in the definition of Workaround
  • The by-pass expression has been changed in the definition of Workaround
  • Every Engineering Release and Workaround have been capitalized,
    because these are definitions
  • In the other service limitations table Maximum Engineer Hours
    has been changed to Maximum Engineer Hours of non-charged engineer hours.
  • A typo has been fixed in Escalation process
  • In hardware replacement session the 'non defective' clause was missing,
    this has been fixed. In the same sentence some semantical modifications
    has been made.
  • In the section of limitation of liability the second session which
    referred to the '314. of Act IV of 1959 on the civil code of hungary'
    has been removed.
  • The notices section has been expanded with email
  • In the governing law section the reference for Act IV of 1959
    has been changed to Act V of 2013
  • In modifications of GTC section the withdrawal part has been removed.
  • In modifications of GTC section from the clause 'immediately upon 30 days'
    the immediately has been deleted.
  • In version policy appendix the word: customer has been changed to partner.

Date: Wed Nov 19 10:51:22 2014 +0100

rephrasing of the chapter 7. 'Request handling process'

Date: Thu Nov 13 11:26:18 2014 +0100

1. Definitions:

  • firm changed to Balabit Europe Ltd. further reffered to as BalaBit
  • business hours changed to 8:00 - 17:00
  • new item: Extended Business Hours
  • L1, L2, L3 Support removed
  • severity levels: Minor Impact changed to Normal Impact

2. Technical Support definitions and prerequisites

  • minor changes in paragraph 5.
  • Hardware replacement paragraph 8 only refers to Section 9.

4. Service Level Objectives

  • removed Work Effort column
  • Communication frequancy changed to Status Update Frequency with footer
  • Changed SLO for ExtSU S1 and S3
  • Maximum number of contact people from partner removed

7. Incident handling process

  • clarified "work in progress"

8. Escalation procedure

  • minor changes in escalation handling (paragraph 3)
  • deleted para 6.

9. Hardware replacement

  • minor changes in para 2.

Appendix A:

  • added Hungarian work days and vacations for year 2015.

Appendix C:

  • Headline changed.

Date: Wed Oct 1 09:59:46 2014 +0200

fixed hardware replacement structure

Date: Wed Oct 1 09:10:04 2014 +0200

Added advanced replacement

Date: Wed Apr 23 16:18:55 2014 +0200

changed the company name in accordance with the ongoing legal changes

Read more »