Network Security Scanner & Patch Management Software

Release Notes

The feature enhancements and bug fixes in each build update are listed here.

• Build 5512 (Release 5.5)
• Build 5511 (Release 5.5)
• Build 5510 (Release 5.5)
• Build 5509 (Release 5.5)
• Build 5508 (Release 5.5)
• Build 5507 (Release 5.5)
• Build 5506 (Release 5.5)
• Build 5505 (Release 5.5)
• Build 5504 (Release 5.5)
• Build 5503 (Release 5.5)
• Build 5502 (Release 5.5)
• Build 5501 (Release 5.5)
• Build 5500 (Release 5.5)
• Build 5401 (Release 5.4)
• Build 5400 (Release 5.4)
• Build 5300 (Release 5.3)
• Build 5200 (Release 5.2)
• Build 5100 (Release 5.1)
• Build 5011 (Hot Fix 1 over SP 1)
• Build 5010 (SP1 over Release 5.0)

For further information please contact securitymanagerplus-support@manageengine.com .

Build 5512

Bug Fixes

• Fixed an issue in Scan after upgrade.
• Fixed an issue in Change Management.

Build 5511

Bug Fixes

• Fixed issue in upgrading build.

Build 5510

Bug Fixes

• Fixed issue in upgrading build.
• Enhancements in Patch Detection logic.

Build 5509

New Features

• Support for Windows 8 and Windows Server 2012 Patching

Bug Fixes

• Fixed an issue in identifying correct status of few .NET Patches

Build 5508

Bug Fixes

• Fixed an issue in generating PCI DSS Compliance report in the previous build 5507

Build 5507

New Features

• Support for PostgreSQL is available in Security Manager Plus. By default PostgreSQL will be bundled.

Build 5506

New Features

• Change Management - Folder changes : SMP will now scan & baseline all the files and sub-folders present in a folder. Subsequent scans will compare these files and sub-folders also for changes.
• Option to scan in debug mode given ( Option given under Actions for Asset, to generate agent logs )
• Message Board feature to show important notifications from Security Manager Plus Support
• Option to refresh domain list while creating Asset Group from Domain.
• New field to provide timeout period for the Patch Deployment.

Bug Fixes

• HTTPS Agent will now connect to only one SMP server port (6767)
• Fixed an issue of false detection of few Office and .NET patches.
• Fixed path traversal vulnerability & SQL Injection vulnerability in Advanced Search.
• Fixed an issue in automatic download of Java patches.

Build 5505

Bug Fixes

• SMP Agent crash issue on Windows server 2008 R2 during patch installation is fixed.
• Office SP deployment was getting failed. This is fixed now.

Build 5504

New Features

• New feature to exclude patches from the scan results and reports has been added. Refer here for how to exclude patches.
• Added a new column on All Assets page "Reboot Pending" to show whether a system needs reboot or not.

Bug Fixes

• Connection Reset error when scanning a large number of Agent mode Systems is fixed.
• Significant enhancement in the patch scanning time.
• Enhancements in patch detection logic for Office Patches

Build 5503

Bug Fixes

• Fixed an issue, wherein an Agent mode Asset might get added again as a Remote mode Asset during a scan
• When generating a Differential Report in PDF format, the difference in Patches were not generated. This is fixed
• A scan hang problem for some Debian linux systems is fixed
• When a Executive Report is generated for an Asset Group, all Assets were shown in the Report. This is fixed
• Fixed a security vulnerability : After copying Linux scripts to the target system, previously chmod 777 was done. Now chmod 700 is done. Also, the scripts will be deleted after scan or package deployment
• Enhancements in patch detection logic like using WMI queries, etc.
• An issue in displaying the correct Linux package deployment remarks is fixed

Build 5502

Bug Fixes

• Java patches were not getting downloaded / deployed. This is fixed.
• Patch deployment schedule was not working. This is fixed.

Build 5501

Bug Fixes

• After Service Pack upgrade, Authentication to web console was not working in Build 5500. This is fixed.

Build 5500

New Features

• Support for Third Party patching (Adobe Acrobat 8 & 9, Adobe Flash Player 10, Adobe Reader 8.* & 9.*, Adobe Shockwave Player 11, Java Runtime Environment 1.6, Mozilla Firefox 3.*, and Mozilla Thunderbird 2.0 & 3.*)
• Support for scanning Linux systems in 'sudo' mode
• Hardware / Software inventory detection for MacOS and Solaris systems
• Memory Module Information gathered during Inventory
• The "scripts" directory where SMP pushes the Linux scripts onto the target Linux systems is configurable now.
• Option to generate "Differential Report" for Asset Groups
• Port Scanning for Agent mode systems (the Agent being installed in SSL over TCP mode)

Bug Fixes

• Issue in displaying the correct name of missing patches for non-English systems, is fixed
• Multiple CPU's, if any, will be detected during Inventory
• In rare cases, there was an issue in adding more assets even if the assets count had not reached the license limit. This is fixed now.
• Fixed an issue where the target system was not rebooting if the list of patches to be deployed included SMP Agent upgrade
• Issue in changing password from Admin ---> Change Password page is fixed
• Deploying Windows XP SP3 will not require user intervention any more
• Company's logo in the Rebranded Reports will be aligned properly
• Issue in exporting the Vulnerabilities table view to CSV / PDF for an Asset Group, is fixed
• Issue in editing an Asset Group with two assets having same host name, is fixed
• Issue in patching a target system on which two different MS Office editions are installed, is fixed
• Time out issue in Patch Deployment is fixed
• Service Pack dependencies are handled
• Issue in Diagnose for localhost is fixed
• Issue in gathering inventory details for a Linux system after editing the host name, is fixed
• Issue in scheduling scans for an Asset from Actions ---> Schedule Scan page is fixed
• In Linux (super user) credentials, supplying any user name having super user privileges will work now
• Issue in initiating scan for multiple Remote mode Assets at a time, with one or more assets being unresolvable, is fixed
• Email addresses with leading / trailing blank spaces are allowed
  
• Unsupported service packs, for example few MSXML, will not be shown
• Issue in enabling Public Key Authentication (for Linux) in Library Credentials is fixed
• Issue in using Public Key Authentication for testing Linux Package Management scripts (via Admin ---> Linux Package Management Scripts page), is fixed.

Build 5401

Bug Fixes

• AD Authentication to login to web console was not working in Build 5400. This is fixed

Build 5400

New Features

• Support for Windows 7, Windows Server 2008 R2 patching
• Support for SuSE linux patching
• Reboot Asset / Asset Groups from the SMP web console itself. (Reboot option is given in Actions menu in the Asset / Asset Group's page) : Reboot Status (Initiated / Completed) of Assets running SMP Agents will be properly updated and shown in the Assets table view. Reboot Status column is available in the Assets table view's column chooser.
• Dependency patch handling for patch / sp installation : Dependent patches will be automatically deployed
• Custom port for SSH can be set in Credentials page of Asset or Asset Group
• Periodically Cleanup old scan & deployment history data. By default, scan data older than 30 days & deployment data older than 90 days will be deleted on a daily basis. To configure the number of days data to retain, go to Admin ----> Database cleanup settings
• Patch or SP deployment scheduled date/time can be edited in Admin ---> Task Status ---> Task details view and rescheduled
• During Patch Group creation, all products' patches can be searched
• During discovering a range, option has been given to discover only Windows / Linux / Others
• User who initiated the task will be shown in the Task Status page table view

Bug Fixes

• Patch deployment notification mail will contain the correct user name who initiated the task
• Diff to other scan : Recent scan was shown in first column instead of 2nd column
• SP deployment notification mail issue - fixed. When SP is deployed on 2 Assets, only 1 Asset's result is sent in the mail
• Fixed a memory leak in SMP Agent (pqagentctrl.exe)
• Fixed a memory leak and crash in SMP Server's native code (wdcnative.dll)
• Fixed an issue in bulk Agent upgrade wherein all Agents were not upgraded to the recent version.
• Fixed an issue during patch or service pack deployment wherein a 0 KB file will be deployed on the target system and will fail
• Browser was freezing when selecting or unselecting a patch while deploying patches for Asset Group. This is fixed
• There was an issue in sending notification mails when the mail server requires Authentication. This is fixed.
• Deployment status commentary - Latest message will be shown at top
• Asset or Asset Group name is added to the Subject of the scan notification email
• Link given to download a Service Pack from local store, if it is available

Build 5300

New Features

• Pre-notifications for patch deployment - provision to send e-mail notifications before the patch deployment schedule
• Task History now made available for Asset / Asset Group (like Patch Deployment History, SP Deployment History)
• Ability to show "Scan Failed" Assets in the Assets view
• Provision to deploy a Patch Group on a single asset
• The associated Asset Group's name for each Asset made visible in the view (Column provided in Column-chooser )
• Product name is made 'searchable' in the Patches knowledgebase
• Simplified Missing Patches Report with just Bulletin ID, KB, Severity for each Asset in pdf/csv format - now made available
• Professional Edition of Security Manager Plus will have a "Switch to" Standard Edition option from the web interface (Switch Edition button) - This will facilitate users to switch to Standard Edition and perform just patch scanning & deployment (without port scanning, vulnerability & inventory scanning).
• Credentials can be specified in standard user name and password format (without using the 'SystemName\UserName' format )
• Provision to sort assets by DNS Name/IP Address/Scan time in All Assets view
• Separate HTTPS Proxy can now be specified in wrapper.conf configuration file
• When deploying patches from the Asset Group view, severity & the patch release date will now be shown

Bug Fixes

• Earlier the deployed patches were cached by Windows OS which resulted in high disk usage. In this release, Windows caching is disabled.
• Earlier if the Alert Message option was unchecked in the Patch deployment configuration screen, the target system did not reboot after patch deployment. This is now fixed.
• When scanning a Windows 2000 system, there were frequent scan failures with error message - 'Failed to connect to Remote Registry'. This has been resolved.
• In MS Office patch deployment, "Office media path" configuration form, the connection test to the path worked only after the configuration was saved. This has been fixed.
• In the Security Manager Plus installation, the backup, restore scripts & mysqldump.exe file packaged were corrupt and failing to function. Now they have been fixed and repackaged.
• When a Scheduled Scan notification e-mail is sent, the attached report name did not have the Asset or Asset Group's name that was scanned. This has been fixed.
• PCI Report (in section 12.2) for an Asset Group, listed all the assets instead of just the ones from the group. This has been fixed.
• In Asset Group's "Edit Group" screen, the host names that were renamed were failing to be displayed. This problem is addressed now.
• By default, SSH protocol will be used for logging in to Linux target systems. Optionally, Telnet will be used.
• There was an issue in creating a new Asset Group as it was traversing to the edit mode of an 'existing' group view. This has been resolved.

Note: In this release, we are using the script boxover.js obtained from http://boxover.swazz.org/ for tool-tip function in the web interface.

Build 5200

New Features

• Support for scanning and patching Windows Server 2008 (32 & 64-bit). Initial Support for 15 Patches.
• Support for Undeployment of patches (patches that can be Microsoft supports )
• Systems with same host name but in different networks can now be scanned in https Agent mode. Previously, when you install agent in a system, and if the host name in that system matches an already added system, then the already added system will be updated. Now it will appear as a different system. One side effect is, when you move from Remote mode to Agent mode, you need to delete the system in Remote mode. Otherwise you will see 2 systems with the same name.
• Search for Assets in new Asset Group creation page.

Bug Fixes

• Patch deployment failed when Patch Store location was changed. On restarting the SMP Server, the functionality was working. This issue has been fixed.
• Agent upgrade was failing if the Agent patch was already in patch store location. This has been fixed.
• Vulnerability database update through ISA proxy server (Integrated Authentication mode) was failing. This has been fixed.
• Reports attached with the mail sent at the end of scan was corrupt. This has been fixed.
• Fixed a corrupt PDF issue when PCI Report is exported.
• In Agent mode, Patch deployment message pop-up was not getting displayed. This has been fixed. ( Messenger Service must anyway be running for the pop-up to display in both agent and agentless modes )
• Unable to search the Installed Patches table view. This has been addressed.

Build 5100

New Features

• Linux patching support - Provision to deploy updates for Linux distributions, with out-of-the-box support for Red Hat, CentOS and Debian. Support for other Linux distributions can be added by editing patch management scripts from the web console.
• Windows Change Management - Provision to track changes in Windows files, folders and registry settings & to compare against a set baseline.
• Patching support for Windows x-64 bit systems. Patches released from year 2008 are supported.

Bug Fixes

• When an asset being managed by an SMP Agent was deleted from the web console, the SMP Agent shutdown automatically. This has been fixed.
• In Hardware inventory, there was an error displaying the keyboards, when 2 keyboards were detected on an asset. This has been resolved to identify and display only one primary keyboard device.
• While configuring MS Office media path for MS Office patches deployment, there was no provision to supply a hidden share ($ at the end of Windows path). This has been fixed and $ paths can now be specified.

Build 5011

Bug Fix

• Issue in Patch Deployment for systems running Security Manager Plus agents fixed.

Build 5010

New Features

• PCI DSS Compliance Reports - Security Manager Plus can help corporate networks adhere to PCI DSS, by assessing many key requirements of the PCI DSS and furnishing compliance reports.
• Latest NMap (version: 4.22SOC7) integrated in this build

Bug Fixes

• There were some junk characters being sent in the SMP Agent's response for a task, to the SMP server, which caused the task execution to fail. This has been fixed.
• A gradual overflow in the PageFaults parameter for the SMP Agent process was noticed. This has been addressed.
• The trouble ticket e-mail address field in the SMP web interface did not support certain e-mail address formats. Validation checks for this have been handled properly now.