We use cookies to ensure the proper functioning of our website (essential cookies) and, with your consent, for other purposes (functional and other cookies) as outlined in our Cookie Policy and Privacy Policy. You can update your cookie preferences at any time.
Note: Cloud license is NOT supported. Requires an ISL Online Server License or Enterprise Managed Private Cloud license.
The official ISL Online Remote Support Integration for ServiceNow is now available.
The ISL Light integration allows ServiceNow users to securely launch and manage remote desktop sessions directly from within ServiceNow tickets.
Sessions can be started from any task-based ticket type, such as incidents, problems, change requests, and service requests. Ticket details like the ID and client email are automatically passed into the ISL Light session for a seamless setup.
Agents can invite clients using ServiceNow’s communication tools, view session status (waiting, active, paused, ended), and end sessions from the ticket interface. Once a session ends, session information and chat transcripts are logged as work notes in the ticket.
Note: All updates have the release date set to 2025-05-07. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
🚀 New Features
Default dashboard tab now set to “Last active tab” by default
In the previous version of ISL Light, we introduced a new setting under the Default Dashboard configuration, which determines which tab is shown after logging in. The setting, called Last Active Tab, ensures that if users exit the application while on the Computers tab, the same tab will be shown upon relaunching and logging in. The same behavior applies if the Session tab was active before closing the application. This option is now the default value for the Default Dashboard setting.
Add SNI support for AutoTransport in permissive SSL mode
The AutoTransport methods wsstun-direct, wsstun-proxy, https-direct, and https-proxy were updated to include Server Name Indication (SNI) during the SSL handshake. This change improves compatibility with third-party load balancers such as Cloudflare, which rely on the hostname being sent as part of the handshake.
Update to mbedTLS 2.28.10
The internal mbedTLS library has been updated to version 2.28.10.
Upgrade to libdatachannel 0.22.6 and libjuice 1.5.9
We upgraded libdatachannel to version 0.22.6 and libjuice to version 1.5.9.
🐞 Bug Fixes
Multiple monitor button behavior
An issue was identified when using the multiple monitors feature (opening each remote monitor in a separate view). Although separate views were created, the monitor selection was incorrect—view one would select monitor 1, but view two would show the entire desktop. This functionality has been redesigned to correctly assign each view to the respective remote monitor.
Monitor shortcuts not working with multiple monitor views
In case users used multiple monitors functionality ( each remote monitor in it’s own view ), the monitors shortcuts did not work. Support for monitor shortcuts was added, so users are now able to switch between monitors also when they are using multiple monitors functionality.
Always enable TLS for AT MUX channels
Previously, some MUX channels were not protected by a TLS session. TLS is now always enabled for all MUX channels.
Change dots to underscores for filename on Linux
In previous versions, Linux filenames used dots as delimiters in the version string. This caused an issue when the build number was below 10, as Linux systems sometimes interpreted the file as a manual page and opened it in a text editor. Filenames now use underscores instead of dots, ensuring the application always starts correctly.
Incorrect copyright
When checking the file properties of the downloaded ISL Light application, users would see incorrect copyright information. This issue has been resolved. The application’s details now correctly display XLAB d.o.o. as the copyright.
One-time password prompt appearing incorrectly
If ISL AlwaysOn was configured to support both one-time password and native-only authentication (e.g., Windows, macOS, or Linux account passwords), ISL Light would incorrectly show a one-time password prompt—even when native-only authentication was active. The connection prompt has been redesigned to hide the one-time password input in such cases.
Removed “Verify your email” screen during signup
Previously, after clicking the Sign up button in the ISL Light application, a browser would open, and ISL Light would display a “Verify your email” screen. This intermediate screen has been removed. Now, clicking Sign up simply opens the signup page in the browser, while ISL Light remains on the login screen.
Fix icon copy in secure part on macOS
On macOS, resources could be injected in a way that caused copying to the destination folder to fail. This occurred because the operation was appended in the unsigned part of the package. It is now allowed in the signed part, enabling proper execution in the unsigned portion.
Other fixes and improvements
Bug fixes, security updates, missing translations, and other general improvements.
Note: All updates have the release date set to 2025-04-15. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
These are the server side updates, meaning hosted service users do not need to do anything. Server license users please check Upgrading Server License.
🚀 New Features
Computers Administration
A new Computers tab has been added to the Administration section, enabling the account owner and domain admin(s) to centrally manage all remote computers registered under their domain, including those added by other users. The page provides a complete overview and essential tools to view, organize, and control access to these computers.
Web Portal > Administration > Computers
Overview of all computers View all remote computers linked to your account, including those registered by users within your domain. The table includes columns such as: Alias, Computer Name, Status, Last Online, Computer Group, Owner, Shares, Tags, Platform, Agent Version, IP Address, MAC Address
Change computer group Move computers between groups to keep them organized.
Change computer owner Reassign ownership of a computer to another user. Note: If a computer is added to a computer group, ownership is automatically transferred to the group owner. The group owner can be changed by users with appropriate permissions (e.g., Group Admin, Computer(s) Manager, or Computer Owner).
Share computer Share access to a specific computer with users or user groups in your domain. Note: We recommend sharing via “Computer Groups“, as this allows you to set the permission level when sharing the group with other users. Additionally, when you add a new computer to an existing computer group it will automatically be shared with users and user groups with whom the computer group is already shared.
Add tags Use tags to categorize and filter computers based on your own criteria.
Export to CSV Export the computer list and metadata to a .csv file.
Quick view A quick view panel has been added to the computer list. It opens when you click any row in the table.
Computer details page A detailed view is available and can be accessed via quick view or by clicking the computer name in the table.
⚙️ New Setting: Edit computers (domain admin only)
Web Portal > Administration > Settings > General > Edit Computers (domain admin only)
When enabled (default): Domain admins can manage the Computers tab — rename computers, assign groups or owners, share access, and set tags.
When disabled: The user (domain admin) can only view the list of remote computers. Note: The user must be an account owner or domain admin to access the Administration section (see the Domain Admin setting).
Computer group administration
Support for managing computer groups has been added to the Administration section. You can now create and delete groups through the Computer Groups tab using Quick View. Once a group is created, computers can be added to it.
Web Portal > Administration > Computer Groups
The Quick View now includes a list of computers in the group, allowing you to easily add or remove them with confirmation prompts.
Additionally, a new Computers subtab has been introduced in the Computer Group Details page, providing a full overview of all computers assigned to the selected group.
Web Portal > Administration > Computer Groups > Computers
⚙️ New Setting: Create, edit and delete computer groups (domain admin only)
Web Portal > Administration > Settings > General > Create, edit and delete computer groups (domain admin only)
When enabled (default), domain admins can view, create, manage members, and delete computer groups.
When disabled, groups are read-only. Note: The user must be an account owner or domain admin to access the Administration section (see the Domain Admin setting).
New WebAPI methods:
domain/admin/computergroup/create/1: Creates a new computer group with the given name, owner, and members (connect-only). Returns the public code of the new computer group.
domain/admin/computergroup/delete/1: Deletes the specified computer group. The group is not deleted if it is external or still contains computers and/or members.
ISL Light for Web (beta)
The ISL Light for Web (beta) version allows users to view a remote desktop directly from their browser, eliminating the need to download or install the desktop application. While this version offers added convenience, certain features are unavailable due to browser limitations.
Web Portal > Sessions/Computers > Session in browser
✅ Advantages of the web version:
No installation required Ideal for one-time sessions or situations where installation is not feasible or permitted. Access ISL Light directly from your browser without downloading or installing the application.
🚫 Features NOT supported in the web version:
Screen sharing Operators can view the remote desktop but cannot share their own screen.
Clipboard sharing/syncing Copying and pasting between the local and remote machines is not supported.
File transfer Transferring files between the local and remote machines is not supported.
Session recording Recording a session is not available in the web client.
Multiple monitor management (explode monitors) Opening each remote monitor in a separate window is not supported.
Simulated typing for paste operations The Paste (Simulate Typing) feature is not supported.
Browser compatibility:
Google Chrome: Version 95 or newer
Mozilla Firefox: Version 90 or newer
Microsoft Edge: Version 91 or newer
Safari: Version 14 or newer
Accessing the web version:
You can start a web session from the Sessions page, Computers page.
Sessions page:
A new option to start/open/resume a session using ISL Light in browser was added to the Sessions pages.
Web Portal > Sessions > New Session Browser (beta)
“Start New Session” was renamed to “New Session” and is now a split button:
New Session (default) – standard app download flow
New Session in Browser (beta) – opens in a browser tab via ISL Light
Active sessions:
Open in App (default)
Open in Browser (beta)
Paused sessions:
Resume in App (default)
Resume in Browser (beta)
⚙️ New Setting: Browser session support
/conf > Configuration > ISL Light > Browser session support
Enabled by default
If disabled, only New Session (default flow) is available
Computers page:
A new option to connect to a remote computer using ISL Light in browser was added to the Computers pages.
Web Portal > Computers > Connect in Browser (beta)
The Connect button now offers:
Connect in App (default)
Connect in Browser (beta)
⚙️ New Setting: Browser connect support
/conf > Configuration > ISL AlwaysOn > Browser connect support
If disabled, only the default flow is available
Enabled by default
Join a session in browser:
⚠️ Limitations: The browser version currently does not support screen sharing from the client side. This means that if the client is expected to share their screen with the operator, the browser version will not be suitable.
However, it can still be useful for viewing the operator’s shared screen (e.g., presentations, guided instructions).
If Ask every time is selected: The join page shows two buttons:
Join in App (downloads app)
Join in Browser (redirects to ISL Light in browser)
If Join in app is selected: Uses the standard app-based flow.
If Join in browser is selected: The page shows only Join in Browser.
Executable signing to prevent false virus detections
Build of Go modules was fixed to sign all .exe files. Executables now contain digital signature which should reduce the probability of being incorrectly detected as virus by antivirus programs.
Add option to upgrade PostgreSQL version on demand
Manual PostgreSQL upgrade support was added (required for major version changes, e.g., 9.3 → 16). Minor version upgrades remain automatic. Manual upgrade is required when upgrading to a major version (e.g., 9.3 → 16). Minor version updates are still performed automatically.
When a new version is available, /conf displays: A new PostgreSQL version (16) is available for installation.
This includes estimated time and disk usage (based on DB row count). The upgrade process mimics PostgreSQL installation:
Step 1: Click Upgrade to PostgreSQL version 16...
Step 2: Click Execute
Bundled PostgreSQL version upgraded from 9.3.25 to 16.8.
Use CPSESSID Cookie in WebAPI2 Handler
Web session cookie support was added to WebAPI2. Clients can now call /users/webapi2 and use the session cookie.
New request format (JSON2):
jsonCopyEdit{ "hs": "<session web token>", // optional "pt": "<post token for current web session>", "hedata": { ... }, // request body (old JSON1 format) "ignore_cookie": true // optional }
Use of plain hs token in requests was removed.
All WebAPI2 requests now rely on the new JSON2 format and cookie-based session control (v2400 pages).
Password history settings
Password history controls are now exposed under: Administration > Security > Password
These settings help enforce password reuse policies and aging rules.
⚙️ New Settings:
Password history size: Number of recent passwords stored (default: 24)
Maximum password history size: Upper limit for history entries (default: 100)
Minimum password age (1w 2d 3h 4m 5s): Minimum time between password changes
Maximum password age: Formerly Password expiration interval; users must change passwords after this time
Notes:
Password history only updates when a user changes their own password.
Administrative password resets do not affect history.
Older entries are removed when the limit is exceeded.
Remove timeout from moduleapp startup
The 120s timeout exception when starting or restarting a Go moduleapp process was removed. It is now replaced with a critical log line: module app process has not started yet, logged every 10 seconds.
Support for reCAPTCHA Enterprise and automated browser detection/blocking
Support for reCAPTCHA provided by Google Cloud Services was added. Previously, only standalone reCAPTCHA v2 and v3 were supported.
⚙️ New Settings:
Project ID: Google Cloud project ID with reCAPTCHA enabled.
API key: Google Cloud API key associated with the project.
reCAPTCHA required: Controls if reCAPTCHA is required on protected WebAPIs.
reCAPTCHA site key: The key associated with the website or application.
Fail 2 ban reason codes: A list of interpreted reason codes to be flagged for fail2ban (must be prefixed with rc_).
When Google Cloud reCAPTCHA is enabled, v2 and v3 are ignored even if set up. Settings were reorganized and grouped accordingly.
To enable better monitoring and abuse detection, a specific user action can now be passed via the new URL parameter: captcha_action.
Add support to send email notification when creating user account
A new email notification is sent when a user account is created. Controlled via two new settings in /conf > Configuration > General > Mail > Templates:
Account created notification
Mail template for account created notification
Triggers for sending the notification:
Server administration
Domain administration
Integrator
SAML login
External authenticator
Update confirmation and verification code emails
The appearance of confirmation and verification code emails was updated. These emails are sent when logging in with email set as the preferred 2FA method.
SSO username mapping
SSO username mapping allows mapping a username from an identity provider to a domain-specific username (case-insensitive).
Example: If your domain user is \example\joesmith and SSO username is joe.smith@example.com, you can map the two. When logging in via SSO, the system will authenticate the user as \example\joesmith.
⚙️ New Setting: SSO username mapping
Administration > Security > Authentication > Single Sign-On (SSO)
Add Option to Send Chat Content in HTTP Events
⚙️ New Setting: Send live chat transcripts in HTTP events
/conf > Configuration > ISL Light > Send live chat transcripts in HTTP events
Requires Send live chat transcripts to be set to Yes
Disabled by default
New HTTP event type:CHAT_CONTENT
Transcript content is included in the text field.
Chat transfer system messages
System messages for chat transfer and takeover were added. Examples include:
"Y has taken over the chat"
"X wants to transfer the chat to Y"
Upgrade OpenSSL to 3.0.16
OpenSSL was upgraded to version 3.0.16.
Upgrade to libxml2 2.12.10 and libxslt 1.1.42
libxml2 upgraded to 2.12.10
libxslt upgraded to 1.1.42
Upgrade jemalloc to 5.3.0
jemalloc upgraded from 4.0.4 to 5.3.0 (Linux only)
Upgrade jQuery-UI to 1.14.1 (v2400 Pages)
jQuery-UI was upgraded to 1.14.1 for v2400 pages.
Remove v1 template and web pages v1, v2, v3, v4
Support for the v1 web template and legacy web pages (v1–v4) has been removed. The /join endpoint now redirects to join.html. Deprecated handlers and XPP expressions used exclusively in the removed pages were also removed.
🐞 Bug Fixes
Pass ciphers global map by reference on SSL accept
Previously, the ciphers global map was passed by copy, affecting performance. This was redesigned to pass the map by reference.
The defect was fixed.
Wait for user account to be replicated in loginsso handler
SSO logins could fail if the user was created on one server but not yet replicated to the Web page server. This was redesigned to wait until the user is replicated before proceeding.
The defect was fixed.
Support WebSocket upgrade of existing HTTP connection
WebSocket support was improved to allow upgrades to WebSocket even after preceding HTTP requests on the same TCP connection, and not just at the start of a TCP connection. This should also fix connection issues when ISL Conference Proxy is placed behind a load balancer.
Bulk share did not allow sharing of non-owned computers
In previous versions, bulk sharing of computers in a group failed with the message: "Some computers have been omitted – shared computers cannot be edited."
Redesigned behavior:
Bulk Share modal now lists all computers, not just owned ones.
Sharing/unsharing works even for entries with user groups in shares.
Results are split between success and failure messages.
A scroller is added when many computers are listed.
The defect was fixed.
Support certificate authorities without a Terms of Service link
Previously, SSL module raised an error: "Could not retrieve terms of service." This occurred when a certificate authority (CA) did not provide a terms link, which is optional under ACME.
Fixes:
The checkbox to accept terms is hidden if no link is provided.
A new message was added: "Please install the SSL certificate to enable secure connections."
The defect was fixed.
tlsext_ticket_refresh_task should not use a static watchdog
This task was incorrectly protected by a watchdog, which triggered false alerts when the TLS ticket refresh interval setting changed. Now the task is rescheduled dynamically and no longer monitored by the static watchdog.
The defect was fixed.
Maximum password age lower than minimum caused lockout
Previously, it was possible to set the maximum password age to a lower value than the minimum password age, which could cause user lockouts. The validation logic was updated to prevent this misconfiguration.
The defect was fixed.
Other fixes and improvements
Bug fixes, security updates, missing translations, and other general improvements.
Note: All updates have the release date set to 2025-03-27. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
New Features
Updated Black Screen driver for Windows 10 and 11
The implementation of the black screen driver on Windows 10 build 2004 or newer has been redesigned. In previous versions, the black screen functionality used the Magnification API on Windows 8 or newer. The new version now uses a transparent (alpha) window, similar to the implementation on Windows 7. It also leverages the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the use of the desktop duplication driver alongside the black screen (previously, only polling/hooks were used when the black screen was enabled). Additionally, the polling driver has been optimized for better performance.
Option to disable black screen mode
Support for disabling black screen functionality has been added to ISL Light. Two new command-line arguments were introduced:
On the client side, the following argument prevents enabling black screen mode if initiated: --on-connect "desktop?allow_black_screen=false"
On the operator side, the following argument hides the button that enables admin mode: --on-load "customization?hide_black_screen=true"
Reordered and renamed black screen settings
Black screen settings have been reordered and renamed. All related options are now listed together.
Updated signup flow with web redirection and verification step
The signup process within ISL Light has been changed. Users are now redirected to the web signup page, and an additional email verification step has been added.
Custom clipboard retry count and improved clipboard-lock handling
When the ISL_ISSC_DEBUG environment variable is set, ISL Light logs clipboard ownership conflicts. This feature has been extended to allow configuration of how many retry attempts should be made before logging the issue. You can now define the number of retries by setting the ISL_ISSC_clipboard_retry_count environment variable.
Add feedback when creating computer shortcut on desktop
A new confirmation window is now displayed after adding a computer shortcut to the desktop.
ISL Light > Computers > Create Desktop Shortcut
Remove LoginView1fa
The login view was redesigned to immediately show a connection error message if the server is unreachable, without prompting the user to log in.
Upgraded libdatachannel and libjuice libraries
The libdatachannel and libjuice libraries have been updated to the latest versions:
Bug Fixes
Increase setup timeout and update check installed
Users experienced an issue where they were unable to enable the restart&resume during a session. The issue was that setup of ISSC Daemon reached an internal timeout thus failed to get correctly installed.
This timeout was increase and should no longer be causing inability to activate restart&resume.
Update libjpeg turbo to 3.1.0
Desktop streaming sometimes failed due to incorrect JPEG encoding during screen updates. Updating to libjpeg-turbo 3.1.0 resolved this issue.
Forced screen refresh on headless Windows machines
When no display was attached to a remote Windows machine, the screen failed to refresh. The functionality was redesigned, and the issue is no longer reproducible.
Join window now opens on top of other windows
The “Join a Session” window was sometimes placed behind other windows. It now opens in the foreground by default.
“Sign up now” button shown without internet on server license
The “Sign Up Now” button appeared even when no internet connection was available on a Server License installation. The issue was addressed and is no longer reproducible.
Translate ALTGr + C, H, I keys
Users experienced an issue where certain key combinations were not translated correctly in the session when different keyboard layouts were used on operator and client side. The functionality was redesigned and the issue is no longer reproducible.
Fixed incorrect connection time display
In some cases, the connection time was displayed incorrectly. The underlying logic was redesigned to fix the issue.
File transfer window name corrected
The File Transfer window was incorrectly labeled as “ISL Light.” It has been renamed to “File Transfer.”
Fixed crash when querying CPU features on Linux
In rare cases, the application crashed while checking for CPU features on Linux. The defect was fixed.
Chat now shows license usage in all sessions
The license usage message was missing in chats after the first session because it was sent before chat initialization. The handling was redesigned to store the message and inject it into chat after initialization.
Fix cursor size on macos 10.12
Local mouse movements were not visible on operator side when connected to macOS 10.12 or newer. Cursor capture was redesigned to resolve this.
Share group dialog has no name
The share group dialog name was not read by accessibility tools. The defect was fixed.
Fixed keyboard navigation in share computer dialog
Keyboard navigation incorrectly focused on a disabled owner line. The issue was fixed so the line is now skipped.
Added accessibility features to chat content
Chat messages and content were missing accessibility support. Accessibility features have now been added.
Esc key now closes the share group dialog
The ESC key did not previously close the “Share Group” dialog. The issue is now resolved.
Other fixes and improvements
Bug fixes, security updates, missing translations, and other general improvements.
ISL Light Add-On: Universal 4.4.2447.50 for Android link
Note: All updates have the release date set to 2025-03-27. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
New Features
Introducing the ISL Light Add-On: Universal
The Universal Add-On is used in conjunction with the ISL Light application to enable full remote desktop control of Android devices during sessions. It allows the remote user to control the device using a keyboard and mouse, and to view the screen in real time.
The add-on uses Android’s Accessibility service to inject input events and the MediaProjection API to stream the device’s screen. To enable remote control, users must grant Accessibility permission to the Universal Add-On. The minimum supported Android version is 8.0 (Oreo). On Samsung devices, if the Knox license is cancelled and the Universal Add-On is installed, users will be prompted to enable the Universal Add-On.
Important:
This is not a standalone application (requires the ISL Light app for Android)
A signature verification check has been added to the Universal Add-On. This ensures that only the ISL Light application can use the Universal Add-On by verifying the calling application’s signature.
Add keyboard control to Universal Add-On
The Universal Add-On now supports Unicode character injection and the Delete key. Additional support has been added for global key inputs, including:
Note: All updates have the release date set to 2025-03-20. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
New Features
ISL AlwaysOn service auto-start after device boot
Added a feature to start the ISL AlwaysOn service (unattended access service) on device boot. In previous versions, if users rebooted the device, the service did not start until the ISL Light application was launched. The service will now start once the Android device is unlocked for the first time.
Added support for the Universal add-on
Added support for universal addon which will allow remote view and control of Android device.
Local user consent for remote access
Added additional notification options when users connect to an Android device. Users on Android can now specify one of the following options in the remote access interface:
Show notification of incoming connection
Notification timeout (available if Show notification of incoming connection is enabled) – Defines how long the notification is displayed before accepting the connection.
Show consent to start connection (available if Show notification of incoming connection is enabled) – Allows users to either accept or deny the connection.
Start connection on timeout (available if Show notification of incoming connection and Show consent to start connection are enabled) – Defines the default behavior when the timeout is reached (either accept or deny the connection).
If the session is rejected by the user on an Android device, the operator will receive a message stating that the remote user denied the connection.
ISL Light Android > Menu > Remote Access
Similar settings can be applied to computers through ISL AlwaysOn. To find out more, please check the ISL AlwaysOn Notification / Local Consent manual.
Added option to disable display scaling using AppConfig
Users can now deploy a setting via AppConfig that controls whether the Android device screen is scaled. The restriction key is called restrictionDisplayScaling.
Swipe navigation replaces old tab system
The old tab system (PagerSlidingTabStrip) has been replaced with ViewPager2, improving navigation between sections.
Bug Fixes
Computer groups were not sorted alphabetically
Users experienced an issue in ISL Light on Android devices where Computer Groups were not sorted alphabetically. The functionality was redesigned, and the issue is no longer reproducible.
The defect was fixed.
Unattended access chat history was not cleared
When reconnecting to an Android device via unattended access, old chat messages were sometimes still visible. The chat history now resets correctly when a new session starts.
Toolbar disappeared when using floating keyboard
The toolbar in a session disappeared when users used a floating keyboard. The issue occurred because Android does not provide information about whether the keyboard is open or closed, preventing the toolbar from appearing.
Detection of keyboard status has been redesigned to recognize changes in view size. The toolbar will now always appear correctly.
Microphone and camera permission issues in ISL Light Desk
When connecting from ISL Light Desk to an Android device and starting a video or audio call, the call did not correctly initialize after approving microphone and camera permissions.
Permission handling has been redesigned to ensure video and audio start correctly upon returning to the application.
The defect was fixed.
UI inconsistencies between Android and iOS for calls during screen sharing
When starting an audio/video call while an Android user was already viewing a remote screen, the interface switched to the call view.
This behavior has been unified with the iOS application. Now, if a call starts while viewing the remote desktop, it will open in minimized mode instead of switching the interface.
The defect was fixed.
Recording did not start when connected to ISL Light Desk
When users started recording while connected from ISL Light Desk to an Android device, the recording did not start.
The issue was caused by the recording plugin not being correctly registered when connecting from ISL Light Desk. The recording feature now works as expected.
The defect was fixed.
Mini player did not start after granting overlay permission
When an operator initiated a call, the system prompted the Android user to approve the overlay permission in settings. However, upon returning to the ISL Light app, the mini player was missing.
Permission change handling has been redesigned. The mini player will now appear correctly after users grant overlay permission.
The defect was fixed.
Back button returned to viewer from chat instead of terminating session
Previously, pressing the Back button while viewing the chat during a session would prompt users to terminate the session.
The defect was fixed.
Default camera on mobile devices changed to front camera
The default camera on Android devices was previously set to the back camera. It has now been changed to default to the front camera.
The defect was fixed.
Multiple unattended connections to Android were not limited
Users could start multiple ISL AlwaysOn connections to a remote Android device, which is not supported.
A fix was implemented to now limit the number of ISL AlwaysOn connections to one per remote Android device.
The defect was fixed.
No message was displayed when trying to use disabled features
Previously, no message or feedback was shown when users attempted to access a feature disabled via GUI settings.
The functionality has been redesigned, and users now receive a message explaining that the feature is disabled.
The defect was fixed.
App crashed when trying to share screen with disabled GUI features
Users experienced a crash when attempting to share their screen while GUI features were disabled on the server.
The issue has been resolved, and the app no longer crashes.
The defect was fixed.
Session join was blocked after generating a session code
Users were unable to join a session on their Android device after generating a session code.
The session code generation functionality was redesigned, and users can now successfully join a session after generating a code.
Note: All updates have the release date set to 2025-02-11. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
Bug Fixes
Skip region optimization on low-quality images
If users had a custom skin using 1-bit BMP files, the ISL Light Desk application failed to start (crashed while loading skin files). This issue occurred due to an optimization in skin file loading, which inadvertently removed support for 1-bit skins. The support for 1-bit skins has been restored, ensuring the application starts correctly.
The defect has been fixed.
Ignore show_desktop request during stream restart
Users might have experienced desktop sharing stopping when resuming a session. The issue was that, in certain cases, two desktop streamers started simultaneously, causing both streams to stop. The desktop sharing startup process has been redesigned—if two streaming requests are received, the second request is now ignored, ensuring desktop streaming starts correctly.
Note: All updates have the release date set to 2025-02-08. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
Bug Fixes
Update libjpeg turbo to 3.1.0
In certain cases, desktop streaming stopped working. The operator log showed an issue with JPEG decoding due to incorrect JPEG encoding on the streaming side of the sent screen update, which caused the streaming to stop. libjpeg-turbo was updated to version 3.1.0, and the issue with JPEG decoding was resolved.
The defect was fixed.
Simplify log output on admin logs in desktop plugin
Users sometimes experienced an issue where writing admin mode logs was slowing down the start of the admin mode. The logging functionality was redesigned, and the speed of starting the admin mode should be improved.
The defect was fixed.
Prevent WaitForMultipleObjects starvation
Users sometimes experienced an issue where network events were possibly delayed, which caused an inability to control when a lot of screen updates were sent from the client side. The issue was only present when hooks/polling was chosen as the desktop driver. The functionality was redesigned, and now the scheduler switches between control events and screen updates correctly, improving the control functionality.
The defect was fixed.
Optimize GUI drawing
Users sometimes experienced an issue where the drawing of the GUI was taking a longer time. Optimizations to the GUI were made, skinning was improved, escaping of HTML in chat was improved, and region creation (for the top bar) was improved.
The defect was fixed.
Optimize language load
We have added a new feature that changes the implementation of an internal function that merges translations. The speed of this function is now measured in the metric .language.load_time. We have also moved the loading of the language file to a thread that is preparing a plugin. Before, the language file was loaded just before loading plugin.dll into a process on the main thread. This reduced the UI delay when loading a plugin.
Add field isl_light_v3 to program header
A new field, isl_light_v3, was added to the ISL Light Desk and ISL Light Client header parts of the program, which enables ISL Conference Proxy to distinguish between the ISL Light Client version for Windows and the ISL Light Client version for macOS and Linux.
Note: All updates have the release date set to 2025-02-05. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
New Features
Redesigned black screen for Windows 10 2004 and newer
The black screen driver implementation for Windows 10 build 2004 and newer has been redesigned. In previous versions, the black screen functionality used the Magnification API on Windows 8 and newer. The updated version now uses a transparent (alpha) window, similar to the implementation on Windows 7. Additionally, it utilizes the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the desktop duplication driver to work alongside the black screen feature (previously, only polling/hooks were used when the black screen was enabled).
Additionally, the polling driver has been optimized for improved performance.
Confirmation for “Revoke control”
A confirmation dialog is now displayed when clicking “Revoke Control” in the top toolbar, reducing the risk of accidental actions.
ISL Light Client > Revoke Control Dialog
Hide “Grant control” button in the topbar
Users can now hide the grant/revoke button in the topbar, along with the dropdown menu item for granting and revoking control. The following command-line option must be specified to hide the item: --on-load "desktop?topbar_control_visible=false".
Support for .extra files
Support for .extra files has been added to reduce the size of unauthenticated blobs. When an .extra file is used, the UA blob contains only a command to jump to the .extra file (which has the same name as the main file but ends with .extra).
When starting the restart and resume feature, the desktop plugin will copy isllight.exe and isllight.extra to a secure location. Previously, this location was in C:\Program Files (x86)\ISL Online\ISL Restart\s_INSTANCE_NUMBER\b; it now uses a new folder at C:\Program Files (x86)\ISL Online\ISL Restart\s_INSTANCE_NUMBER\bb.
C:\Program Files (x86)\ISL Online\ISL Restart
Filter old desktop plugins when .extra file is present
ISL Light Client program was updated with following when .extra file is used for starting the program:
The .extra file is locked.
we add environment variable ISL_HAVE_EXTRA with sha of .extra file
when enabling restart and resume, the program checks that .extra file exists
When ISL Light Client program starts which has support for .extra file and than loads old desktop plugin (plugin does not support .extra file) following fixes were made:
enable of restart and resume is prevented and chat line about the issue is added
Command lines for the desktop plugin are sanitized to exclude restart=begin|check and admin=restart instructions.
All this changes fix, situation with new program and old plugin when enabling restart and resume during on demand session or in ISL AlwaysOn session. Note: enable “Download client” option when starting ISL AlwaysOn session.
Allowed file names and CRC32 checks
Support for CRC32 checksums for .extra files has been added on Windows and is now mandatory. If the checksum is incorrect, an error will occur, preventing the program from running. Additionally, only the following extracted files are allowed in the unsigned portion of the executable:
ISLConfiguration.ini
cmdline.txt
branch.txt
log_on_desktop
WinINet proxy options
Two options have been added to AutoTransport that affect wininet-http and wininet-https transports:
http_proxy_force_auth: Immediately starts with the configured username and password when connecting, resolving issues where the Windows system account cannot connect through the proxy, but http_proxy_user is allowed.
http_proxy_bypass: Configures which hostnames should (or should not) use a direct connection without a proxy. Use <-loopback> to allow localhost connections through a proxy.
Updated libdatachannel and libjuice
The libdatachannel and libjuice libraries have been updated.
Bug Fixes
Session time display for direct connections
Fixed an issue where session time was missing in certain languages (e.g., Slovenian) when using direct connections.
Improved topbar text resizing
Topbar text resizing has been redesigned to prevent line breaks in certain languages.
Desktop driver name display
Resolved an issue where, in certain cases, the selected desktop driver was not displayed after connecting to a remote machine when polling/hooks were selected. Desktop driver selection was redesigned, the selected driver should now be correctly displayed.
ISL Light > In Session > Settings > Desktop Driver
Check detected monitors against desktop duplication
In cases where a remote user has two graphics cards and multiple monitors connected, the operator sometimes could not see all monitors. The issue occurred because the desktop duplication driver was unsupported on some graphics cards, leading to an incorrect monitor count. The system now falls back to polling/hooks drivers when the desktop duplication driver is unsupported, ensuring all monitors are detected and visible to the operator.
SSL protocol and cipher configuration
AutoTransport configuration has been improved for SSL protocols and ciphers, now supporting numeric hex codes.
Note: All updates have the release date set to 2024-12-11. Your ESS should be be the same or higher to be able to update your server. This release is available to all countries except for Japan.
New Features
Chat integration in ISL AlwaysOn sessions
We received feedback that many users utilize ISL AlwaysOn (a remote access agent installed on the remote computer) not only for unattended access but also for attended access sessions initiated via the Computers Dashboard in ISL Light.
To enhance these attended sessions, the ISL AlwaysOn session window now includes a chat dialog, enabling direct communication between end-users and operators during remote access sessions.
ISL AlwaysOn window > Chat
The drag-and-drop feature for file transfer remains fully operational. A hover effect has been introduced to enhance drag-and-drop actions when the chat window is active, and the chat window height can now be adjusted, offering improved flexibility in managing the ISL AlwaysOn interface.
ISL AlwaysOn window > Drag & Drop hover effect for transfering files
Master image provisioning enhancements for VDI environments
To enhance installations in VDI environments, new features have been introduced to improve the behavior of ISL AlwaysOn during master image provisioning.
New Options for VDI environments:
ISL AlwaysOn\master_hostname
ISL AlwaysOn\master_constant_uid
These options prevent ISL AlwaysOn from writing its UID during the master image provisioning process. When installed on a master image and the process begins:
The service performs no actions other than waiting for a quit signal.
Administrative commands and settings exit with a return code of 0.
Only the overview functionality remains active.
When using master_hostname, a hostname is required. If unavailable (domain\hostname), installation is delayed by up to 15 seconds.
Example Steps for VDI Master Image Setup:
Install ISL AlwaysOn to populate the registry.
Set ISL AlwaysOn\constant_uid=true.
Delete the current UID.
Restart ISL AlwaysOn to calculate a constant UID.
Stop ISL AlwaysOn.
Rename uid to master_constant_uid.
Configure ISL AlwaysOn\master_hostname using the hostname detected in the log file.
Set ISL AlwaysOn\delay_start=true.
Apply additional registry configurations such as ISL AlwaysOn\grant\1=[grant blob].
Additional improvement:
A new option allows ISL AlwaysOn to start as a delayed service, with a startup delay of approximately 2 minutes. This can be configured using the registry key:
ISL AlwaysOn\delay_start
These updates ensure smoother and more predictable provisioning processes in VDI environments, addressing issues such as multiple starts of the master image process.
Updated Black Screen driver for Windows 10 and 11
The implementation of the black screen driver on Windows 10 build 2004 or newer has been redesigned. In previous versions, black screen functionality used the Magnification API on Windows 8 or newer. The new version now uses a transparent (alpha) window, similar to the implementation on the Windows 7 operating system. The new implementation also uses the Windows flag WDA_EXCLUDEFROMCAPTURE, which allows the use of the desktop duplication driver along with the black screen (previously, only polling/hooks were used when the black screen was enabled). Additionally, the polling driver has been sped up.
Configuration options for AutoTransport
Two new options have been added to AutoTransport to improve proxy handling for wininet-http and wininet-https:
http_proxy_bypass: Configures which hostnames should bypass the proxy and use a direct connection. Use <-loopback> to allow localhost connections through the proxy.
http_proxy_force_auth: Forces the use of a configured username and password immediately when connecting. This resolves issues where the Windows system account cannot use the proxy, but a specific http_proxy_user is allowed, especially in environments using Windows integrated authentication.
These options address specific use cases and enhance proxy configuration flexibility.
Reconnection delay
A delay has been introduced for reconnection attempts in cases where a network error occurs and the connection fails to establish fully. Previously, reconnection attempts were immediate, which could result in unnecessary retries.
The delay now ranges from 1 second to 30 seconds, increasing incrementally based on the number of retries.
Monitor detection and desktop duplication adjustment
When streaming begins and not all monitor outputs can be duplicated, the system automatically disables desktop duplication and switches to polling. This adjustment ensures proper functionality when multiple monitors are in use, addressing issues where some monitors may not appear as selectable.
Desktop lock verification
A system has been implemented across all desktop operating systems to verify the success of screen lock procedures authentication.
Previously, the issc_lock_desktop function could report a successful lock (notably on Win32 systems using LockWorkStation()), even if the screen was not actually locked. This discrepancy could lead to security vulnerabilities.
The updated system now verifies whether the lock procedure was successfully executed. If the screen lock fails, the session is terminated to ensure security compliance.
Upgrade to libdatachannel-0.22.2 and libjuice-1.5.7
We have updated libdatachannel and libjuice to their latest versions.
Bug Fixes
CPU Throttling Adjustments
After users reported performance issues during remote access sessions, our investigation identified areas for optimization in CPU throttling. As part of the improvements:
Resolved a bug that caused desktop streaming crashes due to uninitialized values at startup.
Adjusted CPU usage handling by forcing an update after 2 seconds during high usage scenarios.
Introduced the option to disable CPU throttling by setting ISL_ISSC_CPU_THROTTLING=true.
These adjustments have resulted in improved performance and positive feedback from affected users.
Fixed closed sockets in AutoTransport (Windows, HTTP tunnels)
The HTTP tunnel (httpt-direct) has been updated to prevent the accumulation of TCP connections in the CLOSE_WAIT state. This issue, caused by the client not closing connections properly after the server terminates them, has been resolved to eliminate resource leaks and improve stability.
Fixed selected ISSC desktop driver name
In certain cases, once connected to a remote machine, the selected desktop driver was not displayed when polling/hooks were selected. The desktop driver selection process has been redesigned, and the selected driver should now display correctly.
This defect has been resolved.
Fixed cursor on macOS
An issue where the mouse cursor movement was not visible to the operator when the remote user (local side) moved the mouse has been resolved. This fix applies to macOS 10.12 and newer versions, ensuring that cursor movement is consistently displayed during remote sessions.
ISL Light Integration 1.0 for ServiceNow 
ISL Light 4.4.2447.77 
ISL Conference Proxy 4.4.2424.180 
ISL Light Client 4.4.2447.34 
ISL AlwaysOn 4.4.2447.10 
