Changelog
Follow up on the latest improvements and updates.
RSS
DefensX PSA ticket integrations (ConnectWise, HaloPSA, and Autotask) now support two-way closure sync, keeping request status in DefensX and ticket status in your PSA aligned without closing the same work in both places. Each direction can be turned on independently, so you decide exactly how the two systems track each other.

When a request is resolved in DefensX, the corresponding ticket can be automatically closed in your PSA. And in the other direction, when a ticket is closed in your PSA, the corresponding request can be automatically resolved in DefensX.
ConnectWise:

HaloPSA:

Autotask:

Both behaviors are managed per integration under the Ticket settings tabs, allowing each PSA connection to follow its own closure rules.
Starting from
v2.4.x
, DefensX can enforce DNS policies on macOS through a DNS Proxy network extension, without modifying the system's interface DNS settings.On MDM-managed devices, the DNS Proxy extension permission can be pushed via a configuration profile, and the required permissions are granted silently.

On non-MDM devices, the extension can be enabled manually by the end user. If it is not enabled, the agent continues to operate in the previous mode where interface DNS settings are modified directly. Once permissions are granted, the agent status displays
Network Extension: Enabled
, indicating that the DNS Proxy network extension is active.The DNS Proxy Network Extension can be disabled at the deployment level or per individual agent, similar to the Kernel Driver setting on Windows. If needed, it can be disabled regardless of whether permissions were granted via MDM or by the end user.

Step-by-step instructions are available for both Manual Deployment and MDM Deployments.
Additionally, the macOS installer is no longer marked as requiring Rosetta, the DefensX Agent now installs natively without the Rosetta compatibility layer.
DefensX now helps protect users from sponsored search ads that may lead to malvertising, impersonation, or malware delivery campaigns. Since paid search results often appear at the top of search pages, attackers may abuse sponsored placements to mimic trusted brands and redirect users to malicious or deceptive websites.
When a user clicks a sponsored result on Google Search or Bing Search, DefensX detects the ad-based navigation and blocks access before the page loads. A clear warning informs the user about the potential risk and encourages them to continue with organic search results instead.

This protection can be managed at the policy level under Adware Blocker / Malvertising Protection, with dedicated controls for Google Search and Bing Search. This allows organizations to apply sponsored search ad protection according to their security requirements and reduce user exposure to threats commonly delivered through paid search advertising.

Support access is now guided by the DefensX Customer Success Agent, powered by Nexi AI, our new in-product assistant built to help users reach the right information faster.

With this update, the previous Create Ticket button in the lower-right corner has been replaced by the Support button in the upper-right corner of the console. When users open the agent and enter a question, it provides AI-assisted guidance based on DefensX Knowledge Base articles and frequently asked questions.

If additional help is needed, users can continue from the same conversation by selecting Submit as a ticket. This keeps the support flow simple and efficient by combining quick self-service answers with a clear path to the DefensX Support team.
Audit logs now capture the remote IP address associated with each action, enriched with location data to provide greater visibility into where activity is originating.
When reviewing audit log entries, each record will display the resolved City and State alongside the remote IP, powered by GeoIP Database. This makes it easier to spot unusual or unexpected activity at a glance during security reviews and investigations.

Customers can now be created in a trial state via the API, automatically transitioning to a billable account once the trial period ends.
When using the POST /customers endpoint, setting "trial": true in the request body will create the customer in trial mode, enabling automated onboarding flows to be fully managed through the API from trial creation to active billing.

For environments using both SAML integration and the Teams feature, it is now possible to automatically assign admin users to DefensX Teams by mapping a SAML attribute.
This functionality is currently documented for Okta and Duo SAML integrations in the knowledge base: https://kb.defensx.com/docs/categories/62-Identity-Providers/topics/3ab53de4-fceb-4052-b273-7f02ac9d6794#_enabling_the_teams_mapping
When Teams Mapping is enabled, admin users’ team assignments are automatically updated on each login based on the teams defined in the configured SAML Identity Provider.
Category-based actions are now supported in both
Credential Filtering
and File Filtering.
Previously available in Web Filtering, this capability is now extended to provide unified category-driven enforcement across additional inspection layers.
With this enhancement, administrators can:
• Define actions based on URL/Domain categories
• Improve policy precision and consistency
• Apply structured enforcement across credentials and files
This update enhances overall policy flexibility while keeping configuration straightforward.
Customer admins can restrict log access for all other stakeholders, including DefensX and MSP teams. Alternatively, they can limit access only for DefensX admins while still allowing MSP admins to view logs for troubleshooting purposes.

User group synchronization between your Identity Provider (IdP) and DefensX is now supported during SAML SSO login, for both new and existing users.
To enable this feature in the DefensX Backend, go to Settings → SAML SSO Integration and update the configuration:
- Enable Synchronize Groups
- Select the customer and partner admin groups (when the customer is a partner’s self-customer)
Additionally, ensure that group claims are configured in your IdP so that user group information is included in the SAML SSO assertion.

Load More
→