Security Manager Plus - Release Notes
The feature enhancements and bug fixes in each build update are listed here.
For further information please contact
- Enhancements in patch detection checks (New data model to check availability of patches on component basis).
- Support for Windows 8.1 and Windows Server 2012 R2 Patching
- Undeployment of .msu patches is supported now. Multiple patch undeployment is also supported.
- Improvements done in scan to reduce time.
- Fixed issue in opening few links in IE 10 and above browsers.
- Removed option for "MS Office Media Location" as this is no longer required.
- Fixed an issue in Scan after upgrade.
- Fixed an issue in Change Management.
- Fixed issue in upgrading build.
- Fixed issue in upgrading build.
- Enhancements in Patch Detection logic.
- Support for Windows 8 and Windows Server 2012 Patching
- Fixed an issue in identifying correct status of few .NET Patches
- Fixed an issue in generating PCI DSS Compliance report in the previous build 5507
- Support for PostgreSQL is available in Security Manager Plus. By default PostgreSQL will be bundled.
- Change Management - Folder changes : SMP will now scan & baseline all the files and sub-folders present in a folder. Subsequent scans will compare these files and sub-folders also for changes.
- Option to scan in debug mode given ( Option given under Actions for Asset, to generate agent logs )
- Message Board feature to show important notifications from Security Manager Plus Support
- Option to refresh domain list while creating Asset Group from Domain.
- New field to provide timeout period for the Patch Deployment.
- HTTPS Agent will now connect to only one SMP server port (6767)
- Fixed an issue of false detection of few Office and .NET patches.
- Fixed path traversal vulnerability & SQL Injection vulnerability in Advanced Search.
- Fixed an issue in automatic download of Java patches.
- SMP Agent crash issue on Windows server 2008 R2 during patch installation is fixed.
- Office SP deployment was getting failed. This is fixed now.
- New feature to exclude patches from the scan results and reports has been added. Refer here for how to exclude patches.
- Added a new column on All Assets page "Reboot Pending" to show whether a system needs reboot or not.
- Connection Reset error when scanning a large number of Agent mode Systems is fixed.
- Significant enhancement in the patch scanning time.
- Enhancements in patch detection logic for Office Patches
- Fixed an issue, wherein an Agent mode Asset might get added again as a Remote mode Asset during a scan
- When generating a Differential Report in PDF format, the difference in Patches were not generated. This is fixed
- A scan hang problem for some Debian linux systems is fixed
- When a Executive Report is generated for an Asset Group, all Assets were shown in the Report. This is fixed
- Fixed a security vulnerability : After copying Linux scripts to the target system, previously chmod 777 was done. Now chmod 700 is done. Also, the scripts will be deleted after scan or package deployment
- Enhancements in patch detection logic like using WMI queries, etc.
- An issue in displaying the correct Linux package deployment remarks is fixed
- Java patches were not getting downloaded / deployed. This is fixed.
- Patch deployment schedule was not working. This is fixed.
- After Service Pack upgrade, Authentication to web console was not working in Build 5500. This is fixed.
- Support for Third Party patching (Adobe Acrobat 8 & 9, Adobe Flash Player 10, Adobe Reader 8.* & 9.*, Adobe Shockwave Player 11, Java Runtime Environment 1.6, Mozilla Firefox 3.*, and Mozilla Thunderbird 2.0 & 3.*)
- Support for scanning Linux systems in 'sudo' mode
- Hardware / Software inventory detection for MacOS and Solaris systems
- Memory Module Information gathered during Inventory
- The "scripts" directory where SMP pushes the Linux scripts onto the target Linux systems is configurable now.
- Option to generate "Differential Report" for Asset Groups
- Port Scanning for Agent mode systems (the Agent being installed in SSL over TCP mode)
- Issue in displaying the correct name of missing patches for non-English systems, is fixed
- Multiple CPU's, if any, will be detected during Inventory
- In rare cases, there was an issue in adding more assets even if the assets count had not reached the license limit. This is fixed now.
- Fixed an issue where the target system was not rebooting if the list of patches to be deployed included SMP Agent upgrade
- Issue in changing password from Admin ---> Change Password page is fixed
- Deploying Windows XP SP3 will not require user intervention any more
- Company's logo in the Rebranded Reports will be aligned properly
- Issue in exporting the Vulnerabilities table view to CSV / PDF for an Asset Group, is fixed
- Issue in editing an Asset Group with two assets having same host name, is fixed
- Issue in patching a target system on which two different MS Office editions are installed, is fixed
- Time out issue in Patch Deployment is fixed
- Service Pack dependencies are handled
- Issue in Diagnose for localhost is fixed
- Issue in gathering inventory details for a Linux system after editing the host name, is fixed
- Issue in scheduling scans for an Asset from Actions ---> Schedule Scan page is fixed
- In Linux (super user) credentials, supplying any user name having super user privileges will work now
- Issue in initiating scan for multiple Remote mode Assets at a time, with one or more assets being unresolvable, is fixed
- Email addresses with leading / trailing blank spaces are allowed
- Unsupported service packs, for example few MSXML, will not be shown
- Issue in enabling Public Key Authentication (for Linux) in Library Credentials is fixed
- Issue in using Public Key Authentication for testing Linux Package Management scripts (via Admin ---> Linux Package Management Scripts page), is fixed.
- AD Authentication to login to web console was not working in Build 5400. This is fixed
- Support for Windows 7, Windows Server 2008 R2 patching
- Support for SuSE linux patching
- Reboot Asset / Asset Groups from the SMP web console itself. (Reboot option is given in Actions menu in the Asset / Asset Group's page) : Reboot Status (Initiated / Completed) of Assets running SMP Agents will be properly updated and shown in the Assets table view. Reboot Status column is available in the Assets table view's column chooser.
- Dependency patch handling for patch / sp installation : Dependent patches will be automatically deployed
- Custom port for SSH can be set in Credentials page of Asset or Asset Group
- Periodically Cleanup old scan & deployment history data. By default, scan data older than 30 days & deployment data older than 90 days will be deleted on a daily basis. To configure the number of days data to retain, go to Admin ----> Database cleanup settings
- Patch or SP deployment scheduled date/time can be edited in Admin ---> Task Status ---> Task details view and rescheduled
- During Patch Group creation, all products' patches can be searched
- During discovering a range, option has been given to discover only Windows / Linux / Others
- User who initiated the task will be shown in the Task Status page table view
- Patch deployment notification mail will contain the correct user name who initiated the task
- Diff to other scan : Recent scan was shown in first column instead of 2nd column
- SP deployment notification mail issue - fixed. When SP is deployed on 2 Assets, only 1 Asset's result is sent in the mail
- Fixed a memory leak in SMP Agent (pqagentctrl.exe)
- Fixed a memory leak and crash in SMP Server's native code (wdcnative.dll)
- Fixed an issue in bulk Agent upgrade wherein all Agents were not upgraded to the recent version.
- Fixed an issue during patch or service pack deployment wherein a 0 KB file will be deployed on the target system and will fail
- Browser was freezing when selecting or unselecting a patch while deploying patches for Asset Group. This is fixed
- There was an issue in sending notification mails when the mail server requires Authentication. This is fixed.
- Deployment status commentary - Latest message will be shown at top
- Asset or Asset Group name is added to the Subject of the scan notification email
- Link given to download a Service Pack from local store, if it is available
- Pre-notifications for patch deployment - provision to send e-mail notifications before the patch deployment schedule
- Task History now made available for Asset / Asset Group (like Patch Deployment History, SP Deployment History)
- Ability to show "Scan Failed" Assets in the Assets view
- Provision to deploy a Patch Group on a single asset
- The associated Asset Group's name for each Asset made visible in the view (Column provided in Column-chooser )
- Product name is made 'searchable' in the Patches knowledgebase
- Simplified Missing Patches Report with just Bulletin ID, KB, Severity for each Asset in pdf/csv format - now made available
- Professional Edition of Security Manager Plus will have a "Switch to" Standard Edition option from the web interface (Switch Edition button) - This will facilitate users to switch to Standard Edition and perform just patch scanning & deployment (without port scanning, vulnerability & inventory scanning).
- Credentials can be specified in standard user name and password format (without using the 'SystemName\UserName' format )
- Provision to sort assets by DNS Name/IP Address/Scan time in All Assets view
- Separate HTTPS Proxy can now be specified in wrapper.conf configuration file
- When deploying patches from the Asset Group view, severity & the patch release date will now be shown
- Earlier the deployed patches were cached by Windows OS which resulted in high disk usage. In this release, Windows caching is disabled.
- Earlier if the Alert Message option was unchecked in the Patch deployment configuration screen, the target system did not reboot after patch deployment. This is now fixed.
- When scanning a Windows 2000 system, there were frequent scan failures with error message - 'Failed to connect to Remote Registry'. This has been resolved.
- In MS Office patch deployment, "Office media path" configuration form, the connection test to the path worked only after the configuration was saved. This has been fixed.
- In the Security Manager Plus installation, the backup, restore scripts & mysqldump.exe file packaged were corrupt and failing to function. Now they have been fixed and repackaged.
- When a Scheduled Scan notification e-mail is sent, the attached report name did not have the Asset or Asset Group's name that was scanned. This has been fixed.
- PCI Report (in section 12.2) for an Asset Group, listed all the assets instead of just the ones from the group. This has been fixed.
- In Asset Group's "Edit Group" screen, the host names that were renamed were failing to be displayed. This problem is addressed now.
- By default, SSH protocol will be used for logging in to Linux target systems. Optionally, Telnet will be used.
- There was an issue in creating a new Asset Group as it was traversing to the edit mode of an 'existing' group view. This has been resolved.
Note: In this release, we are using the script boxover.js obtained from http://boxover.swazz.org/ for tool-tip function in the web interface.
- Support for scanning and patching Windows Server 2008 (32 & 64-bit). Initial Support for 15 Patches.
- Support for Undeployment of patches (patches that can be Microsoft supports )
- Systems with same host name but in different networks can now be scanned in https Agent mode. Previously, when you install agent in a system, and if the host name in that system matches an already added system, then the already added system will be updated. Now it will appear as a different system. One side effect is, when you move from Remote mode to Agent mode, you need to delete the system in Remote mode. Otherwise you will see 2 systems with the same name.
- Search for Assets in new Asset Group creation page.
- Patch deployment failed when Patch Store location was changed. On restarting the SMP Server, the functionality was working. This issue has been fixed.
- Agent upgrade was failing if the Agent patch was already in patch store location. This has been fixed.
- Vulnerability database update through ISA proxy server (Integrated Authentication mode) was failing. This has been fixed.
- Reports attached with the mail sent at the end of scan was corrupt. This has been fixed.
- Fixed a corrupt PDF issue when PCI Report is exported.
- In Agent mode, Patch deployment message pop-up was not getting displayed. This has been fixed. ( Messenger Service must anyway be running for the pop-up to display in both agent and agentless modes )
- Unable to search the Installed Patches table view. This has been addressed.
- Linux patching support - Provision to deploy updates for Linux distributions, with out-of-the-box support for Red Hat, CentOS and Debian. Support for other Linux distributions can be added by editing patch management scripts from the web console.
- Windows Change Management - Provision to track changes in Windows files, folders and registry settings & to compare against a set baseline.
- Patching support for Windows x-64 bit systems. Patches released from year 2008 are supported.
- When an asset being managed by an SMP Agent was deleted from the web console, the SMP Agent shutdown automatically. This has been fixed.
- In Hardware inventory, there was an error displaying the keyboards, when 2 keyboards were detected on an asset. This has been resolved to identify and display only one primary keyboard device.
- While configuring MS Office media path for MS Office patches deployment, there was no provision to supply a hidden share ($ at the end of Windows path). This has been fixed and $ paths can now be specified.
- Issue in Patch Deployment for systems running Security Manager Plus agents fixed.
- PCI DSS Compliance Reports - Security Manager Plus can help corporate networks adhere to PCI DSS, by assessing many key requirements of the PCI DSS and furnishing compliance reports.
- Latest NMap (version: 4.22SOC7) integrated in this build
- There were some junk characters being sent in the SMP Agent's response for a task, to the SMP server, which caused the task execution to fail. This has been fixed.
- A gradual overflow in the PageFaults parameter for the SMP Agent process was noticed. This has been addressed.
- The trouble ticket e-mail address field in the SMP web interface did not support certain e-mail address formats. Validation checks for this have been handled properly now.