The latest deviceTRUST 21.1.210 for Microsoft Windows is now available to Download.

deviceTRUST 20.2.400

This release contains bug fixes and minor changes to the deviceTRUST Host, Client and Console. See deviceTRUST 20.2.300 release notes for full details of the new features introduced in 20.2.300. If upgrading, please refer to Compatibility for changes in this release.


  • Added a new option to encrypt the contents of the policy file when exporting a deviceTRUST policy file to disk. Files exported with encryption require a 20.2.400 or later deviceTRUST Host.
  • Added a new feature to the Citrix Policy task to control the allowed clipboard formats permitted by the client or session.
  • Added a Duration field measured in milliseconds to all Printer Mapping and Drive Mapping audit events ensuring clarity of the time taken to map remote resources.

Bug Fixes

  • Fixed an issue when reconnecting to a virtual session, where the time that we prevented access could increase depending upon the behavior of applications already running within the session.
  • Fixed an issue where no remote device properties were available when using the immediate blocking method to prevent blocking logon or reconnect whilst properties are read from the remote device.
  • Fixed an issue where during a reconnect to a virtual session, a Save As prompt could appear within focused Microsoft Office apps, or other application specific behavior consistent with pressing the F12 key.
  • Fixed an issue where multiple ‘351 - Registry Updated’ audit events could be raised when using the Printer setting to let windows manage my default printer.
  • Fixed various issues connecting to Amazon WorkSpaces that could result in the deviceTRUST Host failing to establish a connection to the deviceTRUST Client.

Citrix Virtual Apps and Desktops 7 2109 Support

Citrix’s latest release includes a change to enable the virtual channel allow list by default. The result is that a Citrix configuration change is now required for the deviceTRUST Host to be able to open a virtual channel to the deviceTRUST Client.

The required Citrix configuration change is to add DEVTRST,C:\Program Files\deviceTRUST\Host\Bin\dthost.exe to the Citrix Virtual channel allow list policy setting. Once deployed, this can be verified on the virtual session by checking the content of the VirtualChannelWhiteList registry value within the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\VCPolicies.

More information can be found in Citrix’s virtual channel security documentation.


If upgrading from deviceTRUST 20.1.200 or earlier, be sure to refer to the deviceTRUST 20.1.200 Compatibility notes.

If upgrading from an earlier deviceTRUST 20.2 release, ensure all deviceTRUST Hosts are upgraded before applying policy that has been written by the deviceTRUST Console 20.2.400 or later.

There have been no changes to the ADMX policy definitions.