HaloSHARE GenNXT
HaloSHARE GenNXT
Breadcrumbs

Release Notes

Introduction 

This release notes offer brief, high-level descriptions of the new features of HaloSHARE. We recommend reviewing these release notes before installing HaloSHARE to understand any current limitations or bugs affecting this version of the software. 

Product Description

HaloSHARE secures internal and external business workflows by providing centralized bulk file protection, including classification, sensitivity labeling, encryption, password-based access control, digital signing, Controlled Unclassified Information (CUI) marking, and watermarking.

HaloSHARE extends Microsoft Purview Information Protection (MPIP) to CAD, Microsoft Office, and non-Office file formats, including text and PDF files stored in shared folders. It protects sensitive data by applying customizable sensitivity labels that support tracking, revocation, and expiration.

System Requirements

The following system requirements table specifies the minimum and recommended technical specifications, including software and network resources, required to run the product.

Components

Details

Operating System

  1. Supported in Microsoft Windows Server 2022 and above.

  2. Requires .NET Framework 4.6.2 and above.

  3. Latest Windows system updates installed.

MPIP task label protection-specific requirements

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.  

  3. Microsoft Purview Information Protection must be fully configured.

  4. HaloSHARE creates an outbound network communication with Microsoft Azure Services.

  5. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols.

  6. Register an application to get the Application (client) ID and Tenant ID in the Azure portal.

  7. Refer to the table below, “Recommended URLs, Addresses, and Ports for MPIP to know about the service endpoints.

Supported file types

  1. .dwg, .dxf, .ipt, .iam, .idw, .ipn, .rvt, .rfa, .prt, .asm, .drw, .frm, .mfg, .sec, .lay, .par, .dft, .eps, .emn, .emp, .psm, .jt, .sldprt, .sldasm, .slddrw, .slddrt, .dgn, .step, .ige, .iges, .neu, .log, .3dm, .3ds, .acis, .amf, .catpart, .catproduct, .cgr, .dae, .dwf, .easm, .fcstd, .g, .gcode, .gltf, .glb, .icd, .igs, .iv, .model, .obj, .pic, .plmxml, .sat, .smt, .stl, .stp, .ste, .stpz, .tcw, .u3d, .unv, .usdz, .vda, .pvz, .qif, .wrl, .x_b, .x_t, .xaml, .z3, and .zip.

  2. Creo file formats with iteration: .prt, .asm, .sec, .frm, .drw, .lay, .cem, .mfg, .neu, .log, and .pvz.

  3. Microsoft Office and non-Office file formats.

Autodesk Forma specific requirements

Autodesk Platform Services

Register an application in Autodesk Platform Services to obtain the Client ID and Client Secret.

Watermark task specific requirements

Supported file types

.pdf, .docx, .xlsx, .pptx, .dwg, .rvt, and .ifc.

Supported CAD application for watermark

  1. AutoCAD 2023, 2024, 2025, 2026

  2. Revit 2023, 2024, 2025, 2026

Application for viewing protected and watermarked files

  1. HaloCAD Add-on for CAD application.

  2. To view metadata in a Revit application, you need to install the RevitLookup tool.

File Signing task specific requirements

Supported file types

Microsoft Office and PDF file types

Metadata task specific requirements

Supported file types

Microsoft Office and PDF file types

Password Protection task specific requirements

Supported file types

Microsoft Office file types

Compliance Mark(Controlled Unclassified Information) task specific requirements

Supported file types

  1. Supported: .pdf, .docx, and .pptx

  2. Unsupported: .xlsx

Requirements

Recommended URLs, Addresses, and Ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 service endpoints to bypass the proxy. View a list of endpoints at Microsoft Online Documentation. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net,*.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com.

TCP 443, 80

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

https://login.microsoftonline.com

Recommended endpoints

Secude License Manager

To communicate with Secude License Manager, the following URL and port must be whitelisted in the customer's proxy:

Address

Port

License API - api.licensespring.com

TCP 443

Recommended license manager endpoint

Code Quality and Security

Secude focuses on software quality and security. This is accomplished by adhering to and exceeding best practices in development, testing, and quality control. Secude has chosen SonarQube as the first building block for building and implementing a robust continuous code quality assurance (QA). SonarQube is a platform for static code analysis for continuous inspection of code quality. It performs automatic reviews of code to detect bugs, code smells, unit test coverage, and security issues in 29 programming languages.

SonarQube is utilized throughout the development process at Secude, and only the highest marks are accepted for a product to be released. It helps to regulate code quality from the beginning of development, find and repair issues promptly, and improve overall software stability.

Each build report can be found under its relevant version heading in this release notes.

Reliability Rating 

  1. A = 0 Bugs

  2. B = at least 1 Minor Bug

  3. C = at least 1 Major Bug

  4. D = at least 1 Critical Bug

  5. E = at least 1 Blocker Bug

Security Rating

  1. A = 0 Vulnerabilities

  2. B = at least 1 Minor Vulnerability

  3. C = at least 1 Major Vulnerability

  4. D = at least 1 Critical Vulnerability

  5. E = at least 1 Blocker Vulnerability

Security Review Rating 

The Security Review Rating is a letter grade based on the percentage of Reviewed (Fixed or Safe) Security Hotspots.

  1. A = >= 80%

  2. B = >= 70% and <80%

  3. C = >= 50% and <70%

  4. D = >= 30% and <50%

  5. E = < 30%

Maintainability Rating 

A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1

The Maintainability Rating scale can be alternatively stated by saying that if the outstanding remediation cost is:

  1. <=5% of the time that has already gone into the application, the rating is A

  2. Between 6 to 10%, the rating is a B

  3. Between 11 to 20%, the rating is a C

  4. Between 21 to 50%, the rating is a D

  5. Anything over 50% is an E

Build 1.0

This chapter provides an overview of the updates and quality insights included in this release. It covers the fixed issues, improvements, limitations, new features, and known issues, along with a summary of SonarQube’s key parameters to highlight code quality metrics and analysis results.

New and Updated Features

This section highlights the new features in the current release.

  1. Streamlined workflows through configurable tasks.

  2. The following features are newly introduced, and some have been renamed in this version:

    • Compliance Mark Task – Applies compliance markings to files. Previously named CUI.

    • File Signing Task – Applies password-based protection or digitally signs files to ensure authenticity and integrity. (New)

    • Metadata Task – Embeds metadata into files. (New)

    • MPIP Task – Applies Microsoft Purview Information Protection labels for file classification and protection.

    • Watermark Task – Adds watermarks to files.

  3. Enabled integration with Forma Data Management (formerly ACC Docs) for seamless data flow, supported by HaloSHARE’s built-in security capabilities, including MPIP protection, watermarking, CUI marking, digital signing, password protection, and metadata tagging.

Improvements

This section lists improvements added to the current release.

  1. The License UI now displays the license expiry date.

  2. Enhanced the logging mechanism to provide clearer visibility by maintaining a single log file per day and logging each workflow task with detailed information about its configuration and execution status. The log_rollover registry key has been removed. Log files are now generated in the <YEAR_MM_DD>.hs.log format (for example, 2026_Feb_25.hs.log). HSHAREGNXT-36

  3. The documentation has been significantly updated to reflect the redesigned UI and new workflows introduced in HaloSHARE.

Limitations

This section lists the limitations of the current release.

  1. A digitally signed PDF cannot be encrypted. This is due to a limitation: the MIP SDK does not support signed PDF encryption. Thus, HaloSHARE applies watermark visuals to a file when it is no longer eligible for encryption via the MIP SDK.

  2. HaloSHARE does not support watermarking for password-protected or MPIP-protected file types. For example, an XLSX workbook with a protected sheet, or a PDF, is password-protected.

  3. If already protected files are placed in the source folder for watermark-only tasks, processing fails. The failed files (.docx,.xlsx, .pdf, .pptx) are cached and are not moved to the destination folder.

  4. By default, HaloSHARE-watermarked text appears diagonally on a file; however, the Revit application does not support diagonal watermarking, so the watermark is displayed horizontally.

  5. HaloSHARE supports watermarking in CAD applications; however, because CAD applications do not have a built-in watermark feature, the watermark text is visible only when a CAD add-on like HaloCAD is used. In this case, we recommend installing the HaloCAD Add-on on a separate system that is not running HaloSHARE.

  6. Many enterprises enforce a Group Policy Objects (GPO) that requires all outbound internet traffic routed through a proxy server. These proxy settings must be used by both the MIP SDK and the MSAL library for MPIP authentication and functionality. To use proxy settings for the MSAL library, we need to set the msal_proxy_address in HKEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloSHARE.
    If the above does not work for service-running users, in such cases, set the registry keys ProxyServer and ProxyEnable in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. For more information, refer to the Proxy Configuration section of the Installation and Configuration Manual.

  7. CUI marking behavior: Currently, CUI marking is updated in the file only when the CUI marking feature is enabled in the license. However, CUI marking values may still appear in the file’s custom properties even if the feature is not enabled. This is the current behavior and will be addressed in the next release.

  8. Silent installation is not supported in this release.

Fixed Issues

This section lists the fixed issues in the current release.

  1. Fixed an issue where a success message was displayed when an invalid license key was entered in the HaloSHARE configuration window. HSHAREGNXT-73

  2. Fixed an issue where encrypted ZIP files could not be opened and displayed the error “Compressed folder is invalid”. HSHAREGNXT-89

  3. Fixed an issue where MPIP-related error logs were updated in the log file when labeled files were used for the watermarking task. HSHAREGNXT-98

Known Issues

There are no known issues to list.

Quality Gate Report

Please see the table below for a list of SonarQube's key parameters for this version. Refer to the "Code Quality and Security" section for more information on rating definitions.

Metric

Value

Coverage

80.8%

Maintainability Rating

A

Reliability Rating

A

Security Hotspots Reviewed

A

Security Rating

A

Quality Gate report