RSS Feed
Latest Updates
Shell Control Box 5 LTS has been released
Posted by Dávid Szécsényi on 2017 May 26 14:48

Dear Customers,


A new Long Term Supported version of the Balabit Shell Control Box, SCB 5 LTS has been released. This version is expected to be supported at least for 3 years.

Feature highlights

  • The user interface has received a facelift and now has a more modern look-and-feel
  • External credential store now supports SSH private key checkout
  • RADIUS authentication supports Challenge-Handshake Authentication Protocol method (CHAP)
  • RDP connection policy is manageable via REST
  • Desktop Player 1.0

For details, see the following documents:

Deprecation notice
We plan to deprecate the current Balabit Audit Player in SCB version 5 F1 and the following maintenance release on the LTS release line.

Upgrading to or installing an SCB version 5 LTS requires a new licence.
Customers possessing valid maintenance package at the time of the release can download the new license from the MyBalabit portal:

The firmwares and other files of Shell Control Box are available at:


Best regards,


Balabit Support Team

Read more »

Balabit SCB releases addressing the Creator's Update (Redstone 2)
Posted by Kálmán Kővári on 2017 April 11 21:18

Dear Customers,

Microsoft has published the Redstone 2 (Creator's Update) package, which introduces a change in the TSGW (RDG) protocol. Because of that change, all Shell Control Box (SCB) users who apply a TSGW setup will encounter difficulties after the installation of the patches.

To address the issue, Balabit offers the following release updates:

  • SCB 4.0.9a
  • SCB 4.3.3a
  • SCB 4.4.1a

each of these releases contain only the patch that follows up the introduced change since the respective maintenance version.

We strongly encourage all Customers using a TSGW setup with SCB to immediately upgrade to the respective update release.

Customers running on custom Engineer Releases (ERs) or hotfixes should contact Balabit Support before upgrading.

The releases are available for download from the usual location:

Official announcement of these releases is expected tomorrow.


Best Regards,
 Balabit Support

Read more »

National Holidays in 2017
Posted by Emese Bonnyai on 2017 March 30 14:39

Dear Customers,


Balabit Support Department respects the following National Holidays in 2017:


-Good Friday (14th April)

-Eastern Monday ( 17th April)

-International Labour Day (1st May)

-Whit Monday (5th June)

-All Saints' Day ( 1st Novemeber)

-Christmas time ( 24-26 December)


Depending on your support package, our Support Team provides on call duty to handle critical issues during non-working days as well. Our support will respond to such request reported in the Balabit Online Support System tool or over the phone (+36/1-398-6700).

Kind regards,

Read more »

Shell Control Box 4.3.3 has been released
Posted by Emese Bonnyai on 2017 January 31 09:43

Dear Customers,


A new maintenance version of Shell Control Box (4 F3) has been released.

This release contains security and bugfixes compared to 4.3.2.

* SCB now strictly checks if you have a High Availability license when running SCB in High Availability mode. You cannot upgrade to 4.3.3 when using a single-node license in a HA environment. After upgrading to 4.3.3, an SCB node can be converted to HA only if a valid HA license is installed. (You can check your license at, or upload the 4.3.3 firmware and select Basic Settings > System > Firmwares > Test firmware ). Please, contact support if you perform the upgrade from version 4.0.6 or earlier. If you encounter any issues, contact the Balabit Support Team at

The release contains corrections of the following issues:


SCB-11382 Anomalies in concurrent-session counting
SCB-11380 SCB rejects RDP connections with usermapping policy having group restrictions
SCB-11294 Upgrading SCB fails if the PostrgreSQL database is corrupt
SCB-11176 RDP TSGW connections cannot be used with 4-eyes authorization
SCB-11141 ICA sessions are terminated
SCB-11087 Disk space fill up prevention does not work
SCB-10971 On T10 hardware sometimes generating a debug bundle fails because of a timeout
SCB-10933 SSH connections using ticketing integration could still pass even if the plugin could not be executed
SCB-10883 Unnecessarily long error message in the logs when an LDAP server is not available
SCB-10834 Uploaded AA plugins are not visible for non-admin users
SCB-10772 Inadequate log messages about SSH key exchange failures
SCB-10758 SCB restricts the characters in LDAP/AD group names
SCB-10755 "Invalid firmware slot" error message on the web interface after upgrade
SCB-10754 Upgrade from 4.2 result in a tainted boot firmware on the slave node
SCB-10594 Search in content results in SQL error when multiple archiving policies are used
SCB-10486 DRBD sync speed cannot be set before the first reboot after 'Convert to cluster'
SCB-10479 REST server responds with Internal Server Error (HTTP 500) when multiple users use it actively
SCB-10424 Unindexable trails included in the list of trails waiting for indexing
SCB-10262 Certain RDP connections terminate in licensing phase
SCB-10183 IndexerService terminates the Worker with the error message "Could not process audit trail chunk in time!"
SCB-10132 Certain CA certificates could cause various errors in the web GUI's operation
SCB-10026 Log message about firmware upload lacks version number
SCB-9989 Turkey dropped DST and switched to a permanent GMT+3 timezone
SCB-9817 Transferring files with non UTF-8 names by SCP or SFTP causes database failure
SCB-9814 Long SSH banners cause the connection to terminate when using keyboard-interactive authentication
SCB-9806 The PostgreSQL and SSH server services of SCB accept connections on every IPv6 address
SCB-9805 SQL error on the Search page if incorrect connectionId is specified
SCB-9776 PostgreSQL logrotate script does not work properly
SCB-9751 DRBD sync speed can be changed when it has no effect
SCB-9690 "Error decrypting data" message shown on the web interface
SCB-9676 RDP memory leak
SCB-9631 Lowering the indexer worker count lead to error messages in log
SCB-9547 Indexing ICA audit trails with high resolution used big amount of memory
SCB-9478 SCB sends a cron job failure e-mail every day
SCB-9401 Decoding the multi-monitor H264 video streams fails
SCB-9354 Non-ascii characters in window titles and commands caused an indexing failure in some cases
SCB-9222 The output of window title detection contains falsely recognized characters
SCB-8979 JobGenerator crashes if a record for an audit trail disappears from MetaDB during indexing
SCB-8874 SFTP protocol version 0-2 causes high memory usage, or crashes indexer services
SCB-8696 Unhandled exception error appears in the logs after completing the Welcome Wizard
SCB-7937 Misleading tooltip on the Connections > Access control > Subject field
SCB-6012 "invalid date" issues when replaying audit trails in the browser

For the current CVE fixes, see

The firmwares and other files of Shell Control Box are available at:


Best regards,


Balabit Support Team

Read more »

Shell Control Box 4.3.1 has been released
Posted by Gergely Csordás on 2016 June 20 10:36

Dear Customer,

A new maintenance version of Shell Control Box (4 F3) has been released.

Version 4 F3 has extended support time and will be supported for 6 months after SCB 5LTS is released.


SCB 4.3.1 contains improvements and new features, including:

  • A new plugin type (AA) to customize authentication in RDP, SSH and Telnet protocols
  • Resolving hostnames to IP addresses on the UI
  • New Azure Marketplace image with Azure File Storage (Samba share) support


The Audit Player (AP) indexing functionality is deprecated and will be removed from the next feature release (4F4). The Audit Player will still be available and supported for offline playback of audit trails.

Feature highlights

  • With the AA plugin you can enhance the authentication possibilities during inband gateway authentication in the RDP, SSH and Telnet protocols. Such plugins can be useful in various scenarios, for example, two-factor authentication, one-time password authentication, and in cases when extra user input is needed.
  • Hostnames can be used in IP address fields on the UI. In this case, hostnames are automatically resolved to IP addresses.
  • In Azure Marketplace, SCB comes with a 100Gb disk image, and Azure File Storage (Samba share) is supported for backup and archive purposes.

This release contains many security and bugfixes compared to 4.3.0.

The release contains corrections of the following issues:

For the current CVE fixes, see


For all other details, see the following documents:

What is new in Shell Control Box 4.3,
available at

How to upgrade to BalaBit Shell Control Box 4.3,
available at

Balabit Shell Control Box 4.3 Administrator Guide,
available at 



The firmwares and other files of Shell Control Box are available at: 


Best Regards,

BalaBit Support Team

Read more »