Monthly Release Notes - July 2022

Jump to:

Automate Boldon James Bytware CCSS
Clearswift Cobalt Strike Core Security Digital Defense
Digital Guardian Document Management (RJS) FileCatalyst Globalscape
GoAnywhere Halcyon HelpSystems One IBM Partnership
Insite InterMapper JAMS Powertech
Robot Safestone Sequel Showcase
Skybot Tango/04 TeamQuest Titus
Vera      

 

Clearswift

ARgon For Email

Version 5.4.3

July 15, 2022

New Features

  • Enhanced protection is now included by checking the reputation of entered URLs against the Sophos Real-time Malicious URL List. This list contains up-to-date information of all known and emerging malware and is regularly updated to offer maximum security.

Enhancements

  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the ARgon Server can provide better deep content inspection of some types of meeting requests and calendars.

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • Detailed logging is available from the Policy Enforcement service. Logging levels is configurable from the System > Gateway Settings > Policy Engine Settings, and provides more assistance with problem investigations when required.

  • When a message triggers multiple content rules in a policy route, the Policy Summary tab under the Messages > Held Messages only displayed a filtered list of these rules, whereas all the triggered rules were listed under the Structure tab > PrimaryRules and SecondaryRules properties. Now, all the triggered content rules are listed under the Policy Summary tab, and the rule(s) which caused the message to be held are displayed in bold.

  • The product icon has been updated.

  • For increased security, the PostgreSQL database has been upgraded from V9.6 to V13.3.

  • Extra two rows added to the Product Information table on Cockpit Clearswift page to show whether Red Hat or Clearswift online updates are enabled.

Fixes

  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • A fix has been applied to an issue where the ARgon Server’s UI rejected an input of special characters which were eligible to be used for the local part of the email address.

  • In response to the recent global security alerts on Apache Log4j, we have fixed the vulnerability on the affected versions of the ARgon for Email product.

  • It was previously not possible to sanitize active content for xlsm created in the recent version of M365. This has now been fixed.

  • A fix has been applied to an issue where the Redact Text content rule only redacted the first portion of the UK postcodes (which consist of multiple parts, e.g. AB1 0CD).

  • The SMTP Inbound Transport service can now be restarted from the Admin UI control button.

  • The 'remove potential embedded data' (anti-steganography) option in the Sanitize Document Content rule is now working on files generated using Xiao Steganography.

  • A fix has been applied to an issue where the UI rejected some valid characters in a URL, such as #, |, @, [, and ] when creating a new Custom URL List.

  • A fix has been applied to an issue where Microsoft Project (.mpp) files were failing to process with errors.

  • A fix has been applied to the Sanitize Active Content rule, whereby active content was being incorrectly detected.

  • Computer Graphics Metafile (CGM) files were not available in the Detectable Types selection list within the Detect media types content rule. This has now been resolved.

  • The install process on systems with large RAM and hard disk capacities has been streamlined.

  • A fix has been applied to an issue where the Clearswift product name was not clearly identified within Cockpit.

  • PDF files are now created correctly following steganography or text redaction changes.

  • A fix has been applied to an issue where the "Upgrade is available" alarm would never be raised if using a non-English system locale.

  • A fix has been applied to an issue where new SCOM servers could not always be added in the Monitoring Services page in Cockpit.

  • A fix has been applied to the issue where the 5.2 upgrade overwrites the keystore, reverting the custom UI certificate back to the Clearswift self-signed cert.

  • A fix has been applied to a display error where URL links to the anti-virus update servers, such as sav-update, sometimes displayed old version numbers under System > Connectivity Test.

  • A fix has been applied to an issue where multiple lines defined in the System > Gateway Branding > Front Page Text are displayed in a single line.

  • If you define a Relay Server disposal action with a long hostname and use this as the default disposal action for a policy route, the formatting of the Mail Policy Routes page becomes distorted. This has now been fixed.

  • A fix has been applied to an error where a viewed or tracked message in Microsoft Edge (build number 40.* onwards) returns a blank page and a warning message.

Secure Email Gateway

Version 5.4.3

July 15, 2022

Enhancements

  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Rspamd has been updated to version 3.2.

  • A new cloud location, https://au.analysis.sophos.com, is available for sandboxing. Also, URLs of the existing cloud locations have been updated from https://XXXX.sandbox.sophos.com (XXXX is a location of user's choice) to https://XXXX.analysis.sophos.com. Please note that using the sandboxing feature requires a license.

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • Detailed logging is available from the Policy Enforcement service. Logging levels is configurable from System > Gateway Settings > Policy Engine Settings, and provides more assistance with problem investigations when required.

  • When a message triggers multiple content rules in a policy route, the Policy Summary tab under the Messages > Held Messages only displayed a filtered list of these rules, whereas all the triggered rules were listed under the Structure tab > PrimaryRules and SecondaryRules properties. Now, all the triggered content rules are listed under the Policy Summary tab, and the rule(s) which caused the message to be held are displayed in bold.

Fixes

  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • In PMM the Italian translation for "The message will be delivered shortly" has been corrected.

  • A fix has been applied to an issue where purging the database could run out of memory if Secure Email Gateway had a large audit database. PostgreSQL has now been configured to use less memory when purging.

  • A fix has been applied to an issue where using proxy in Secure Email Gateway intermittently caused sandboxing to queue messages.

  • Memory leak in the DKIM function has been resolved by upgrading the Mailshell SDK to version 8.2.1.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • A fault in checking CRLs (Certificate Revocation Lists) from bafin.de has been corrected.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • A fix has been applied to an issue where certain spam parameter configuration changes were not reflected on a peered Secure Email Gateway.

  • A fix has been applied to an issue where non-delivery messages were blocked by Secure Email Gateway for DMARC failures.

  • A fix has been applied to an issue where the Gateway’s UI rejected an input of special characters which were eligible to be used for the local part of the email address.

  • Sanitization of meeting requests, especially URLs within meeting requests, has been improved through the additional support of the iCalendar document format.

Secure Exchange Gateway

Version 5.4.3

July 15, 2022

Enhancements

  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • Detailed logging is available from the Policy Enforcement service. Logging levels is configurable from System > Gateway Settings > Policy Engine Settings, and provides more assistance with problem investigations when required.

  • When a message triggers multiple content rules in a policy route, the Policy Summary tab under the Messages > Held Messages only displayed a filtered list of these rules, whereas all the triggered rules were listed under the Structure tab > PrimaryRules and SecondaryRules properties. Now, all the triggered content rules are listed under the Policy Summary tab, and the rule(s) which caused the message to be held are displayed in bold.

Fixes

  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • In PMM the Italian translation for "The message will be delivered shortly" has been corrected.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • A fix has been applied to an issue where the Gateway’s UI rejected an input of special characters which were eligible to be used for the local part of the email address.

Secure ICAP Gateway

Version 5.4.3

July 15, 2022

Enhancements

  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

Fixes

  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • There were occasional SSL errors while updating Netstar. Netstar has fixed this issue in their latest SDK, which is a part of the Secure ICAP Gateway version 5.4.3 release. It is recommended that the customers upgrade to this version and monitor their Gateway’s behavior.

  • The Netstar watchdog now checks if online URL categorisation can be performed. If not, the Netstar and ICAP services are restarted. To disable this online check, for example, when the Gateway is in a closed environment, then create the following file: sudo touch /var/cs-gateway/websettings/netstar/netstar_no_online_check

  • A fix has been applied to an issue where Netstar downloads prevented new downloads from taking place. Now, selecting the reset option on the UI deletes the lock file and allows a new download to commence.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

Secure Web Gateway

Version 5.4.3

July 15, 2022

New Features

  • A support extract with system status information is now automatically generated by the watchdog whenever a Proxy service failure is detected, and more importantly before the Proxy service is restarted.

Enhancements

  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • The product icon has been updated

  • For increased security, the PostgreSQL database has been upgraded from V9.6 to V13.3.

  • Extra two rows added to the Product Information table on Cockpit Clearswift page to show whether Red Hat or Clearswift online updates are enabled.

Fixes

  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • There were occasional SSL errors while updating Netstar. Netstar has fixed this issue in their latest SDK, which is a part of the Secure WEB Gateway version 5.4.3 release. It is recommended that the customers upgrade to this version and monitor their Gateway’s behavior.

  • The Netstar watchdog now checks if online URL categorisation can be performed. If not, the Netstar and Proxy services are restarted. To disable this online check, for example, when the Gateway is in a closed environment, then create the following file: sudo touch /var/cs-gateway/websettings/netstar/netstar_no_online_check

  • A fix has been applied to an issue where Netstar downloads prevented new downloads from taking place. Now, selecting the reset option on the UI deletes the lock file and allows a new download to commence.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • In response to the recent global security alerts on Apache Log4j, we have fixed the vulnerability on the affected versions of the Secure Web Gateway product.

  • Some macro-enabled Visual Basic .xlsm files were failing to process and causing the message to be held as Malformed Data. This has now been resolved.

  • It was previously not possible to sanitize active content for xlsm created in the recent version of M365. This has now been fixed.

  • A fix has been applied to an issue where the Redact Text content rule only redacted the first portion of the UK postcodes (which consist of multiple parts, e.g. AB1 0CD).

  • A fix has been applied to an issue with the Connectivity Test for Avira. The test no longer fails erroneously and servers will not be displayed as 'unavailable'.

  • A fix has been applied to an issue where the UI rejected some valid characters in a URL, such as #, |, @, [, and ] when creating a new Custom URL List.

  • Netstar SSL experienced some errors when updating. This had been resolved by Netstar in a later SDK version than the one being used at the time.

  • If an FTP backup configuration is enabled, the password was previously held in plain text in the file /var/cs-gateway/diag/diag-config.xml. This is now encrypted.

  • The Secure Web Gateway UI has been updated to display the 3 secure headers (X-XSS-Protection, X-Content-Type-Options and X-Frame-Options) on the block and error pages.

  • All Netstar categories now map to a Clearswift category.

  • The Netstar "search & portal" category now maps to both Clearswift Search and Portal categories instead of just the Portal.

  • Download CRL entries without the "issuerName" and "serialNumber" now result in a logged warning rather than causing the download to fail.

  • A fix has been applied to an issue where Microsoft Project (.mpp) files were failing to process with errors.

  • A fix has been applied to the Sanitize Active Content rule, whereby active content was being incorrectly detected.

  • HTTPS content in tokens, headers and data will be displayed in Informs only when both of the following is true. The functionality to include HTTPS headers, data and diagnostic information is configured in the UI and a support script has been run as documented in the online help.

  • The description for the Drugs URL category previously grouped all "drug" websites into one category. We have created a new Illegal Drugs category which is separate from the medical/pharmaceutical products. This default policy now blocks illegal drugs.

  • The options in the UI to view engine and proxy diagnostics, also to download and purge diagnostics were missing. These have now been restored.

  • When querying the user activity for a particular user, there was too much data per day. This has been fixed and a time range can now be configured for the user activity report. This facilitates for the amount of data to be reduced and prevents the size limit being reached.

  • Computer Graphics Metafile (CGM) files were not available in the Detectable Types selection list within the Detect media types content rule. This has now been resolved.

  • URL validation has improved as we were encountering URLs that did not conform to the RFC. Websites with a hyphen dot in the URL can now be accessed.

  • The ability to use the token %PROXY% in a block page has been restored.

  • The install process on systems with large RAM and hard disk capacities has been streamlined.

  • A fix has been applied to an issue where the Clearswift product name was not clearly identified within Cockpit.

  • PDF files are now created correctly following steganography or text redaction changes.

  • Listening on port 81 has been turned off and the port disabled.

  • A fix has been applied to an issue where the "Upgrade is available" alarm would never be raised if using a non-English system locale.

  • A fix has been applied to an issue where new SCOM servers could not always be added in the Monitoring Services page in Cockpit.

  • A fix has been applied to the issue where the 5.2 upgrade overwrites the keystore, reverting the custom UI certificate back to the Clearswift self-signed cert.

  • A fix has been applied to a display error where URL links to the anti-virus update servers, such as sav-update, sometimes displayed old version numbers under System > Connectivity Test.

  • A fix has been applied to an issue where multiple lines defined in the System > Gateway Branding > Front Page Text are displayed in a single line.

Back to Top

 

Core Security

Event Manager

Version 6.7.0

July 12, 2022

New Features

  • A new Events Manager overview graphical Dashboard has been made available from directly within Event Manager. This was previously only accessible through Insite.

  • A new Forensic Analysis overview graphical Dashboard has been made available from directly within Event Manager. This was previously only accessible through Insite,

  • A new setting "Automatically close controlled events" for Short Term Database of Security DataSources has been made available within the HelpSystems Settings Configurator.

  • An 'out-of-the-box' template has been added to integrate the events from the Beyond Security beSECURE vulnerability scanner.

  • DataSources collecting information by syslog now allow the use of a list of IPs to match with source address of events.

  • Database reader monitors can now use an "Indexed" Incremental condition with a "back" ID number, to avoid reading the whole database each time a datasource is stopped/started.

  • Event Manager now has the ability to run daily tampering and data integrity checks to verify if any asset has had information modified or deleted, with alerts sent if the check fails.

Enhancements

  • Any user or group added with correspondent roles in the product, can now also access a secondary web SmartConsole without requiring any additional configuration.

  • CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-4104 log4j2 vulnerabilities have been removed.

  • IBM i audited assets with "Exit Point Manager for IBM i" DataSource now reports a real user as an operator for collected events.

  • Improvements have been made to Product Audit to retain previous values of amended information.

  • It is now possible to change the type of installation during the installation process.

  • ODBC drivers for SAP HANA Database are now supported on a "Custom Database Reader" DataSource in Event Manager.

  • Privileged Users SYSDBA/SYSOPER (Unix) Standard Datasource for Oracle assets can now select different connection types and use the sudo command for some of them within data collections.

  • Product Audit events regarding asset changes are now more specific about what has changed in each asset.

  • SQL Server versions 2019 and 2022 are now in the list of available "Asset Types" when creating or editing an asset to Audit.

  • Scheduling reports now works even if only https access is enabled for the Reports website.

Fixes

  • "Send Event Assigned to Syslog (CEF)" or "Send Security Alert Event to Syslog (CEF)" alarms when integrating Event Manager notified events with 3rd party tools could fail if log files reached their maximum size. This issue has been fixed.

  • A Handle leak in process T04ORCSRV.exe, "HelpSystems - Orchestrator" windows service has been fixed.

  • A timeout parameter called "Request Timeout Seconds" has been added to Microsoft365 Datasources to prevent communication blocks when Microsoft365 did not respond.

  • Alerts for Assets with no event in the last 3 days are now generated.

  • An invalid "Not Categorized" Action has been removed from the SAP ASE default datasource.

  • Assets created from Orchestrator interface of type Exchange Online, Azure Active Directory or Microsoft Teams are now created as expected.

  • Audited SQL Server 2000 assets of type SQL Server 2000 no longer generate errors following a product upgrade.

  • Breadcrumb controls on some pages were displayed on separated lines due to a lack of space. This issue has been fixed.

  • Changing or migrating to a newer configuration database could previously cause the software to become unstable. This issue has been fixed.

  • Colors for health status, highlighted/threat/incident events and other displays have been changed to adopt the HelpSystems standard.

  • Controls have been added to ensure sure that specific users do not have permissions to modify or write windows service executables or have Full Control permission to any directories that contain service executables.

  • Daily maintenance now checks if indexes are disabled and re-enables them.

  • DataSources with the "TimeZone" attribute as "Inherited from Asset" now correctly use the "TimeZone" configured at the asset level.

  • Event Manager and Forensic Analysis scheduled reports no longer fail with "Internal Orchestrator error - bad lexical cast: source type value could not be interpreted as target." in the Reports log.

  • Events from the Historical Database within Forensic Analysis may show incorrect data. This issue has been fixed.

  • Events from the Windows User Inactivity DataSource now report the logon name the same as other Windows DataSources.

  • Events from the Windows User Inactivity DataSource no longer report an incorrect user domain name.

  • Excluding values from columns drop down filters within Event Manager and Forensic Analysis now works as expected.

  • Following a product upgrade, some pages could have different types of javascript errors. This issue has been fixed.

  • For Windows Server audited assets DataSource "Windows User Inactivity" failed if settings "Ignored Disabled User Accounts" or "Ignored Disabled Computer Accounts" were false. This issue has been fixed.

  • Forensic Analysis and Events Manager sections could show incorrect values for counters and list of events if more than one user is logged into the Event Manager application and some of the users have specific permissions configured. This issue has been fixed.

  • Grant and Revoke Object events have been added to the Oracle Databases audit.

  • HelpSystems - Orchestrator service frequently crashed due to a memory leak when automatically discovered actions for a Custom Syslog CEF DataSource were active. This issue has been fixed.

  • IBM i audited assets within the "Exit Point Manager for IBMi" DataSource did not audit some of the "Network Access Rejected" events. This issue has been fixed.

  • If a database from SmartConsole module (usually HS_APPSEC_SmartConsole) was cleaned or was empty for any reason, SmartConsoles froze during start. This issue has been fixed.

  • If an asset with character "." was selected at Assets list the footer message was not displayed correctly. This issue has been fixed.

  • If the IDX.jar file had been manually modified or replaced, subsequent product upgrades did not install the latest version. This issue has been fixed.

  • In rare circumstances due to internal configuration, the SmartConsole service could crash due to a memory leak after running for several hours . This issue has been fixed.

  • In some instances, scheduled reports from Forensic Analysis would not show charts if groups were selected. This issue has been fixed.

  • In very rare cases, some events were automatically closed after upgrading the product. This issue has been fixed.

  • Inspector\bin\config\Inspector.cfg file has an attribute ColumnCacheCapacity, which shipped with a default value of 250000. But if this attribute was not explicitly declared in Inspector.cfg, the default value was far greater. Now, the default value if the attribute is not explicitly declared is also set to 250000.

  • It is no longer possible to add the same value twice to column filtering within the "Add XX to list" option.

  • It was not possible to login to the application because HelpSystems AccessServer module could get locked if the database was not made available during part of the initialization phase. This issue has been fixed.

  • Product web services did not work after installation, if IIS (Microsoft Internet Information Server) did not have "IIS-ServerSideIncludes" and "IIS-StaticContent" enabled. This issue has been fixed.

  • Removing a mapping variable while editing a DataSource, and confirming the change resulted in the confirmation window being constantly displayed. This issue has been fixed.

  • Self-monitoring reported some issues with errors: ".. WMI: Invalid class..." . This issue has been fixed.

  • Service "HelpSystems - Orchestrator" could fail with an unrecoverable error when calling SOAP function in Index Service, meaning the application was unavailable. This issue has been fixed.

  • Sometimes "flag icon" links within issue details were not shown, despite the source IP address being resolved. This issue has been fixed.

  • Syslog CEF DataSources now displays the list of available CEF variables.

  • The "Controls" filter within the Event Manager list of events now works as expected.

  • The Attribute Instance Name is now correctly displayed within Assets filter help.

  • The DataSources "Privileged Users SYSDBA/SYSOPR for Unix" and "Privileged Users SYSDBA/SYSOPR for windows" for Oracle Database Server assets have been amended so they are now visually distinguishable in the "Actions to Audit" tab.

  • The ExecutionMode parameter in Event Manager Custom Database Reader Datasources has been removed because it is not used anymore.

  • The IDXServiceWrapperConfig.xml file is now updated correctly after a product upgrade.

  • The PMDB service that purges old data for Forensic Analysis and Events Manager Overview charts has been improved for performance.

  • The Product Security Administrator user is now allowed to use passwords with blank spaces.

  • The Regulations filter drop-down is now correctly displayed in a typical laptop resolution (1366x768).

  • The pipe character is now valid within the the user name credential.

  • The unused file; sqljdbc.jar, has been removed from product.

  • Trying to filter with a text value containing the "=" character in Event Manager or Forensic Analysis columns drop-down filters resulted in a blue screen and an exception error. This issue has been fixed.

  • Update patches for out of the box auditing for some asset types within Event Manager were not being applied immediately. This issue has been fixed.

  • Users for credentials could not contain the # character. This issue has been fixed.

  • When auditing an IBM i asset with DataSource "SIEM Agent for IBMi" some events could have been lost. This issue has been fixed.

  • When auditing an IBM i asset with DataSource "SIEM Agent for IBMi" the events for Actions "Password Modification" and "Password Reset" were collected as "User Modification". This issue has been fixed.

  • When editing an Event Manager view and selecting a "User column" within "User Variables Mapping", the window was automatically scrolled up without any user intervention.

  • When logging in with a user not explicitly authorized in "Users and Groups management", but included in a group which is authorized resulted in an internal lock with the login causing a "timeout error". This issue has been fixed.

  • When using column filtering in Forensic Analysis or Event Manager pages and clicking on "Select All" , sometimes left value "(Blanks)" unselected. This issue has been fixed.

  • Windows File Monitoring DataSource for a Windows asset did not have the correct text for parameter label "Lookup Account SID". This issue has been fixed.

  • Within Event Manager and Forensic Analysis, column headers disappeared when horizontal scroll at the bottom of the page was used. This issue has been fixed.

Back to Top

 

Digital Defense

Frontline NIRV Scanner

Version 4.2.4

July 25, 2022

Enhancements

Updated authenticated scanning checks and network explicit checks listed:

  • 149224 ManageEngine ADAudit Plus Detected (Info)

  • 149225 ManageEngine ADAudit Plus Path Traversal and Blind XXE (High)

Fixes
  • Updated Vulnerability Descriptions:
    • 148998 Amazon Linux Security Advisory: ALAS-2022-1601 (High)

    • 149081 APSB22-30: Security Updates Available for Adobe InDesign (High)

    • 149073 Foxit PhantomPDF: Multiple Vulnerabilities in Version 10.1.7.37777 and Earlier (Medium)

    • 149200 Google Chrome: Multiple Vulnerabilities in Versions Less Than 103.0.5060.114 (High)

    • 149067 Google Chrome: Multiple Vulnerabilities in Versions Less Than 103.0.5060.53 (High)

    • 149085 jQuery Framework End of Life (Low)

    • 149068 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.37 (High)

    • 149202 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.44 (High)

    • 149201 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.49 (High)

    • 149070 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 102 (High)

    • 149071 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 91.11 (High)

    • 149083 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102 (High)

    • 149084 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 91.11 (High)

    • 149223 MS22-JUL: Microsoft Office Security Update (High)

    • 149222 MS22-JUL: Microsoft Windows Security Update (High)

    • 148994 MS22-JUN: Microsoft Windows Security Update (High)

    • 149086 SMB Version Detection (Info)

    • 148284 SMTP Authentication Methods (Info)

    • 149077 TeamViewer Command Execution Failure (Low)

    • 149078 TeamViewer Remote Code Execution Vulnerability (Low)

    • 149079 TeamViewer Remote Code Execution Vulnerability (High)

    • 149217 Visual Studio Code Elevation of Privilege Vulnerability (Medium)

    • 149220 Visual Studio Code Elevation of Privilege Vulnerability (Medium)

    • 149215 Visual Studio Code Remote Code Execution and Spoofing Vulnerability (Medium)

    • 149218 Visual Studio Code Remote Code Execution and Spoofing Vulnerability (Medium)

    • 149210 Visual Studio Code Remote Code Execution Vulnerability (Medium)

    • 149211 Visual Studio Code Remote Code Execution Vulnerability (Medium)

    • 149212 Visual Studio Code Remote Code Execution Vulnerability (Medium)

    • 149213 Visual Studio Code Remote Code Execution Vulnerability (High)

    • 149214 Visual Studio Code Remote Code Execution Vulnerability (Medium)

    • 149221 Visual Studio Code Remote Code Execution Vulnerability (Medium)

    • 149216 Visual Studio Code Spoofing Vulnerability (Medium)

    • 149219 Visual Studio Code Spoofing Vulnerability (Medium)

    • 149080 Zoom Client Proper Version Check Failure (Medium)

Version 4.2.2

July 18, 2022

Enhancements

Updated authenticated scanning checks and network explicit checks listed:

  • 149205 Amazon Linux Security Advisory: ALAS-2022-1602 (Medium)

  • 149204 Amazon Linux Security Advisory: ALAS-2022-1603 (High)

  • 149206 Amazon Linux Security Advisory: ALAS-2022-1604 (High)

  • 149203 Amazon Linux Security Advisory: ALAS-2022-1605 (High)

  • 149207 Amazon Linux Security Advisory: ALAS-2022-1606 (Low)

  • 149209 Amazon Linux Security Advisory: ALAS-2022-1607 (High)

  • 149208 Amazon Linux Security Advisory: ALAS-2022-1608 (High)

  • 149099 ELSA-2022-1728: java-11-openjdk security update (Medium)

  • 149090 ELSA-2022-1729: java-17-openjdk security update (Medium)

  • 149123 ELSA-2022-2137: java-1.8.0-openjdk security update (Medium)

  • 149103 ELSA-2022-4582: gzip security update (Medium)

  • 149106 ELSA-2022-4584: zlib security update (Medium)

  • 149102 ELSA-2022-4588: .NET 6.0 security, bug fix, and enhancement update (Medium)

  • 149094 ELSA-2022-4589: thunderbird security update (Medium)

  • 149146 ELSA-2022-4590: firefox security update (Medium)

  • 149145 ELSA-2022-4591: subversion security update (Medium)

  • 149120 ELSA-2022-4592: rsync security update (Medium)

  • 149133 ELSA-2022-4765: firefox security update (High)

  • 149136 ELSA-2022-4771: postgresql security update (Medium)

  • 149110 ELSA-2022-4772: thunderbird security update (High)

  • 149113 ELSA-2022-4795: rsyslog security update (Medium)

  • 149112 ELSA-2022-4873: firefox security update (Medium)

  • 149087 ELSA-2022-4892: thunderbird security update (Medium)

  • 149097 ELSA-2022-4899: compat-openssl11 security and bug fix update (Medium)

  • 149129 ELSA-2022-4940: xz security update (Medium)

  • 149101 ELSA-2022-4990: cups security update (High)

  • 149124 ELSA-2022-5050: .NET 6.0 security and bugfix update (Medium)

  • 149125 ELSA-2022-5095: grub2, mokutil, shim, and shim-unsigned-x64 security update (Medium)

  • 149092 ELSA-2022-5099: grub2 security update (Medium)

  • 149116 ELSA-2022-5232: kernel security and bug fix update (Medium)

  • 149091 ELSA-2022-5234: python-virtualenv security update (Medium)

  • 149143 ELSA-2022-5235: python security update (High)

  • 149107 ELSA-2022-5239: 389-ds-base security, bug fix, and enhancement update (Medium)

  • 149135 ELSA-2022-5242: vim security update (High)

  • 149134 ELSA-2022-5244: expat security update (Medium)

  • 149119 ELSA-2022-5245: curl security update (Medium)

  • 149144 ELSA-2022-5249: kernel security and bug fix update (Medium)

  • 149140 ELSA-2022-5250: libxml2 security update (Medium)

  • 149141 ELSA-2022-5251: pcre2 security update (Medium)

  • 149104 ELSA-2022-5252: libarchive security update (Medium)

  • 149105 ELSA-2022-5257: libinput security update (High)

  • 149118 ELSA-2022-5263: qemu-kvm security and bug fix update (Medium)

  • 149122 ELSA-2022-5311: libgcrypt security update (Low)

  • 149100 ELSA-2022-5313: curl security update (Medium)

  • 149130 ELSA-2022-5314: expat security update (Medium)

  • 149108 ELSA-2022-5316: kernel security and bug fix update (Medium)

  • 149147 ELSA-2022-5317: libxml2 security update (Medium)

  • 149137 ELSA-2022-5319: vim security update (Medium)

  • 149115 ELSA-2022-5326: compat-openssl10 security update (Medium)

  • 149096 ELSA-2022-5331: libinput security update (High)

  • 149128 ELSA-2022-5337: go-toolset:ol8 security and bug fix update (Medium)

  • 149127 ELSA-2022-5338: ruby:2.6 security, bug fix, and enhancement update (Medium)

  • 149088 ELSA-2022-5467: php:7.4 security update (Medium)

  • 149089 ELSA-2022-5468: php:8.0 security update (Medium)

  • 149098 ELSA-2022-5469: firefox security update (Medium)

  • 149142 ELSA-2022-5470: thunderbird security update (Medium)

  • 149114 ELSA-2022-5479: firefox security update (Medium)

  • 149093 ELSA-2022-5480: thunderbird security update (Medium)

  • 149095 ELSA-2022-5481: firefox security update (Medium)

  • 149126 ELSA-2022-5482: thunderbird security update (Medium)

  • 149138 ELSA-2022-5526: squid:4 security update (Medium)

  • 149117 ELSA-2022-5527: squid security update (Medium)

  • 149109 ELSA-2022-9513: pcs security update (Medium)

  • 149139 ELSA-2022-9557: Unbreakable Enterprise kernel security update (High)

  • 149111 ELSA-2022-9564: libgcrypt security update (Low)

  • 149131 ELSA-2022-9565: zlib security update (Medium)

  • 149132 ELSA-2022-9582: Unbreakable Enterprise kernel-container security update (High)

  • 149121 ELSA-2022-9583: Unbreakable Enterprise kernel security update (High)

  • 149200 Google Chrome: Multiple Vulnerabilities in Versions Less Than 103.0.5060.114 (High)

  • 149085 jQuery Framework End of Life (Low)

  • 149202 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.44 (High)

  • 149201 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.49 (High)

  • 149223 MS22-JUL: Microsoft Office Security Update (High)

  • 149222 MS22-JUL: Microsoft Windows Security Update (High)

  • 149160 RHSA-2022:5214: kpatch-patch security update (Medium)

  • 149162 RHSA-2022:5216: kpatch-patch security update (Medium)

  • 149184 RHSA-2022:5219: kpatch-patch security update (Medium)

  • 149150 RHSA-2022:5232: kernel security and bug fix update (Medium)

  • 149149 RHSA-2022:5234: python-virtualenv security update (Low)

  • 149170 RHSA-2022:5235: python security update (Low)

  • 149154 RHSA-2022:5236: kernel-rt security and bug fix update (Medium)

  • 149185 RHSA-2022:5239: 389-ds-base security, bug fix, and enhancement update (Low)

  • 149165 RHSA-2022:5242: vim security update (Low)

  • 149167 RHSA-2022:5244: expat security update (Low)

  • 149187 RHSA-2022:5245: curl security update (Low)

  • 149175 RHSA-2022:5249: kernel security and bug fix update (Medium)

  • 149183 RHSA-2022:5250: libxml2 security update (Low)

  • 149172 RHSA-2022:5251: pcre2 security update (Low)

  • 149148 RHSA-2022:5252: libarchive security update (Low)

  • 149166 RHSA-2022:5257: libinput security update (Low)

  • 149161 RHSA-2022:5263: qemu-kvm security and bug fix update (Low)

  • 149156 RHSA-2022:5267: kernel-rt security and bug fix update (Medium)

  • 149168 RHSA-2022:5311: libgcrypt security update (Low)

  • 149157 RHSA-2022:5313: curl security update (Low)

  • 149158 RHSA-2022:5314: expat security update (Low)

  • 149159 RHSA-2022:5316: kernel security and bug fix update (Medium)

  • 149179 RHSA-2022:5317: libxml2 security update (Low)

  • 149153 RHSA-2022:5319: vim security update (Low)

  • 149178 RHSA-2022:5326: compat-openssl10 security update (Low)

  • 149181 RHSA-2022:5331: libinput security update (Low)

  • 149169 RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Low)

  • 149176 RHSA-2022:5338: ruby:2.6 security, bug fix, and enhancement update (Low)

  • 149164 RHSA-2022:5344: kernel-rt security and bug fix update (Medium)

  • 149180 RHSA-2022:5467: php:7.4 security update (Medium)

  • 149174 RHSA-2022:5468: php:8.0 security update (Medium)

  • 149155 RHSA-2022:5469: firefox security update (Medium)

  • 149151 RHSA-2022:5470: thunderbird security update (Medium)

  • 149182 RHSA-2022:5479: firefox security update (Medium)

  • 149186 RHSA-2022:5480: thunderbird security update (Medium)

  • 149173 RHSA-2022:5481: firefox security update (Medium)

  • 149171 RHSA-2022:5482: thunderbird security update (Medium)

  • 149163 RHSA-2022:5526: squid:4 security update (Medium)

  • 149177 RHSA-2022:5527: squid security update (Medium)

  • 149152 RHSA-2022:5542: squid security update (Medium)

  • 149086 SMB Version Detection (Info)

  • 148284 SMTP Authentication Methods (Info)

  • 149217 Visual Studio Code Elevation of Privilege Vulnerability (Medium)

  • 149220 Visual Studio Code Elevation of Privilege Vulnerability (Medium)

  • 149215 Visual Studio Code Remote Code Execution and Spoofing Vulnerability (Medium)

  • 149218 Visual Studio Code Remote Code Execution and Spoofing Vulnerability (Medium)

  • 149210 Visual Studio Code Remote Code Execution Vulnerability (Medium)

  • 149211 Visual Studio Code Remote Code Execution Vulnerability (Medium)

  • 149212 Visual Studio Code Remote Code Execution Vulnerability (Medium)

  • 149213 Visual Studio Code Remote Code Execution Vulnerability (High)

  • 149214 Visual Studio Code Remote Code Execution Vulnerability (Medium)

  • 149221 Visual Studio Code Remote Code Execution Vulnerability (Medium)

  • 149216 Visual Studio Code Spoofing Vulnerability (Medium)

  • 149219 Visual Studio Code Spoofing Vulnerability (Medium)

  • 149190 [USN-5485-2] Linux kernel (OEM) vulnerabilities (Medium)

  • 149191 [USN-5493-2] Linux kernel (HWE) vulnerability (Medium)

  • 149188 [USN-5496-1] cloud-init vulnerability (Medium)

  • 149189 [USN-5499-1] curl vulnerabilities (Medium)

  • 149192 [USN-5500-1] Linux kernel vulnerabilities (Medium)

  • 149193 [USN-5501-1] Django vulnerability (Medium)

  • 149194 [USN-5502-1] OpenSSL vulnerability (Medium)

  • 149195 [USN-5503-1] GnuPG vulnerability (Medium)

  • 149196 [USN-5505-1] Linux kernel vulnerabilities (Medium)

  • 149197 [USN-5506-1] NSS vulnerabilities (Medium)

  • 149199 [USN-5508-1] Python LDAP vulnerability (Medium)

  • 149198 [USN-5509-1] Dovecot vulnerability (Medium)

Fixes
  • Updated Vulnerability Descriptions:
    • 148998 Amazon Linux Security Advisory: ALAS-2022-1601 (High)

    • 149081 APSB22-30: Security Updates Available for Adobe InDesign (High)

    • 149073 Foxit PhantomPDF: Multiple Vulnerabilities in Version 10.1.7.37777 and Earlier (Medium)

    • 149067 Google Chrome: Multiple Vulnerabilities in Versions Less Than 103.0.5060.53 (High)

    • 149068 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.37 (High)

    • 149070 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 102 (High)

    • 149071 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 91.11 (High)

    • 149083 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102 (High)

    • 149084 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 91.11 (High)

    • 148994 MS22-JUN: Microsoft Windows Security Update (High)

    • 149077 TeamViewer Command Execution Failure (Low)

    • 149078 TeamViewer Remote Code Execution Vulnerability (Low)

    • 149079 TeamViewer Remote Code Execution Vulnerability (High)

    • 149080 Zoom Client Proper Version Check Failure (Medium)

Frontline Agent

Version 1.44.0

July 20, 2022

Enhancements

  • Implemented the following new vulnerability checks:

    • 149200 Google Chrome: Multiple Vulnerabilities in Versions Less Than 103.0.5060.114 (High) - Windows, Mac
    • 149202 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.44 (High) - Windows
    • 149201 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 103.0.1264.49 (High) - Windows
    • 149223 MS22-JUL: Microsoft Office Security Update (High) - Windows, Mac
    • 149222 MS22-JUL: Microsoft Windows Security Update (High) - Windows
    • 149217 Visual Studio Code Elevation of Privilege Vulnerability (Medium) - Windows
    • 149220 Visual Studio Code Elevation of Privilege Vulnerability (Medium) - Windows
    • 149215 Visual Studio Code Remote Code Execution and Spoofing Vulnerability (Medium) - Windows
    • 149218 Visual Studio Code Remote Code Execution and Spoofing Vulnerability (Medium) - Windows
    • 149210 Visual Studio Code Remote Code Execution Vulnerability (Medium) - Windows
    • 149211 Visual Studio Code Remote Code Execution Vulnerability (Medium) - Windows
    • 149212 Visual Studio Code Remote Code Execution Vulnerability (Medium) - Windows
    • 149213 Visual Studio Code Remote Code Execution Vulnerability (High) - Windows
    • 149214 Visual Studio Code Remote Code Execution Vulnerability (Medium) - Windows
    • 149221 Visual Studio Code Remote Code Execution Vulnerability (Medium) - Windows
    • 149216 Visual Studio Code Spoofing Vulnerability (Medium) - Windows
    • 149219 Visual Studio Code Spoofing Vulnerability (Medium) - Windows

Back to Top

Digital Guardian

Agent for Windows

Version: 7.8.1

July, 2022

New Features

  • Label Prompt Type:

    The Label prompt type has been added to the list of basic prompts in the DGMC. When a rule is configured with the Prompt action and a Label prompt is selected, the user is shown an informational message while the applicable file is being labeled. The Label prompt type is optional for labeling actions.

    When configured, the Label prompt is presented whether or not labeling eventually succeeds. When creating the prompt message, you can include the optional <ruleLabel/> prompt variable, which resolves to the text of the MIP label.

    The Label prompt is useful in cases where a file extension is changed by MIP labeling. For example, with AutoCAD .dwg files, the act of labeling with protection changes the file extension to .dwg.pfile. To prevent confusion, you may want to prompt users so they do not assume their file has disappeared or been deleted. File extensions that are not changed by MIP labeling, such as Microsoft Word .docx files, are less likely to cause confusion, so in those cases you may decide prompting is not necessary.

    For more information, refer to "User Prompt Messages" in Digital Guardian Management Console User's Guide.

  • DG Agent Crash Dump Reporting Automation:

    DG Agent for Windows now supports crash dump reporting automation, whereby the Agent collects information about crashes of DG processes when they occur. The Agent safely uploads the information to a secure cloud repository for analysis by DG personnel. Uploaded crash dump data is purged from the cloud repository after 90 days, but selected data can be moved to Atlassian Jira and remain there longer.

    NOTE: DG Agent for Windows 7.8.1 collects crash dump data for the DGAgent.exe process only.

    Crash dump reporting automation replaces parts of the previous manual process, thereby reducing customer effort, decreasing the need to involve other personnel at the customer site, and allowing debugging information that is often critical to resolving an issue to be accessed instantaneously. In many cases, automating crash dump reporting notably reduces the time required to resolve an incident. The Agent crash dump reporting automation feature uses an established open-source component to provide crash dump collection, and uses the SDK of a popular commercial application-monitoring and error-tracking vendor to upload the data to the secure cloud repository. For more details on the crash dump automation feature, refer to Digital Guardian Management Console User's Guide.

  • Bolden James Classifier Updates: The following Boldon James Classifiers have been certified with Agent for Windows 7.8.1:

    • Email & Office Classifier 3.17.0

    • Classifier Administration Server (CAS) 3.19.0

Fixes

  • DG resolved a sharing violation on a locked folder that was causing Microsoft Office applications to stop responding.

  • When proxying TLS connections between a browser and a server, DG WIP did not inform the server of the minimum TLS version that the browser supported, which could result in the server negotiating a TLS version that the browser did not support (ERR_SSL_VERSION_OR_CIPHER_MISMATCH). Now DG WIP uses the browser’s minimum version as the WIP minimum version when negotiating with the server.

  • A change was made to DG Agent code to make sure there is no performance impact when customers use the Boldon James User Classification feature and/or the Document Properties feature through the Microsoft Remote Desktop Protocol (RDP).

  • When using Microsoft Outlook to send or reply to an email that contains multiple recipients, a crash occurred. This has been resolved.

  • A third-party library file has been altered to treat xml files as regular text. This change allows file types: document/xml to be classified.

  • An additional check has been added to prevent memory from being accessed beyond the end of a buffer.

  • In some cases DG WIP was not using the customer’s corporate web proxy to send Online Certificate Status Protocol (OCSP) requests that DG WIP requires but that do not originate from the browser. This was resolved so that all outgoing requests now go through the corporate proxy.

  • When you edited a file’s document property values in a Microsoft Office application and then saved the file, control rules were not seeing the expected values for thE evtSrcDocPropertyString and evtDestDocPropertyString rule variables. The DG Agent now reports the expected values after the Save operation.

  • You can now configure DG Agent rules that will act on the evtSrcFileType value in Print events.

nDLP Appliance

Version: 11.7

July, 2022

New Features

  • DG Appliance now allows the importing of Azure mail servers into the trusted sites list.

  • DG Appliance can authenticate with Google Drive and Microsoft Sharepoint to facilitate the scanning and remediation of files.

  • The current installed version of DG Appliance is now displayed in the Appliance banner. In addition, the Appliance deployment mode can be found under Manage System > Settings.

Fixes

  • Fixed an issue that resulted in a UI certificate authentication failure.

Back to Top

 

GoAnywhere

Open PGP

Version 1.2.1

July 12, 2022

Updates

  • Updated Bouncy Castle libraries from version 1.0.4 to 1.0.5.

  • Updated Open PGP Studio to Java 17.

  • Updated Apache Log4j from version 2.16.0 to 2.17.1.

  • Updated PGP Studio branding.

Fixes

  • Fixed an issue with incorrect modified dates showing on folders and drives.

  • Fixed a sorting issue with the 'Last Modified' and 'Type' columns.

  • Fixed an issue that caused null pointer errors when preference file was set to read only.

Back to Top

 

Powertech

Powertech Encryption

Version 3.65

July 19, 2022

Enhancements

  • Added additional compatibility checks for the Decryption Accelerator option.

  • Updated the Field Encryption Configuration report (Option 22 on a Field Registry Entry) to include information about triggers and sorting for file fields.

  • Newly created Field Registry entries will now default to not use the Decryption Accelerator value.

  • Enhanced Field Encryption activation to detect file sorting options, such as ALTSEQ (alternative sequencing), that are incompatible with encryption.

Fixes

  • Option 16 "Change Field Mask" in the Field Registry no longer displays an error.

  • Suppressed attempt to display an on-screen warning during activation, unless activation is performed interactively.

  • For actions performed on files with encrypted fields, including duplicating the files, the "Field Length Change" error no longer occurs when the CRVL002 validation list does not reside in the product library and is not contained in the library list.

Powertech Policy Minder

Version 2.3

July 19, 2022

Enhancements

  • For system value policy QSSLCSL, all new values introduced in IBM i 7.4 are now supported.

  • For system value policy QSSLPCL, the *TLSV1.3 value is now supported.

Fixes

  • Updated to Log4j 2.17 to resolve vulnerabilities.

  • *DIRAUT policy now correctly allows new directory.

  • Fixed an issue where the license screen could not be displayed if the SKYPM menu was displayed, without first explicitly adding the product library to the library list.

  • Fixed an issue where failed upgrades were being reported as successful.

  • Fixed an issue where CHECK command fails to run DB reorganization step.

  • Fixed USROBJ category in Policy Minder WEB UI showing value *ANY as out of compliance.

  • Fixed an issue when configuring the JOBD category, where changes to the job descriptions on the policy list were not saved.

  • Fixed an issue where compliance displayed for DIRAUT was incorrect.

  • ANZSQLINF report now displays all programs with a Dynamic SQL statement.

  • Fixed an issue with value prompting that occurred when the user defined an object template under Directory Authorities.

  • Fixed an issue where not all system values were being displayed on IBM i 7.4 systems.

  • Fixed "Date too short for specified format" error.

  • Fixed an issue where authorization list values in Compliance check become hidden.

  • Fixed an issue with *ALLCRTCHG missing from system value policy QPWDRULES.

  • Fixed an issue where email addresses that contained a numeric value as a leading character generated an error.

  • Fixed an issue where library templates that used "?" in position 10 caused a check to fail.

  • Fixed an issue where email sending could fail if multiple instances of the command SNDEMLMSG existed on a system.

Powertech Risk Assessor

Version 3.3

July 19, 2022

Enhancements

  • New password strength report feature identifies user profile passwords that are contained in available lists of cracked passwords.

Fixes

  • Updated to Log4j 2.17 to resolve vulnerabilities.

  • Product Information menu now shows correct product version.

  • SKYASSESS report now accurately indicates when QPWDEXPWRN deviates from the recommended value.

  • Fixed MCH1210 error that occurs when there are over 9999 User Profiles without *PUBLIC EXCLUDE authority.

  • Fixed issue with print files that were missing.

  • Fixed issue that caused the Security Assessment job log to wrap.

  • Fixed issue reporting on user and supplemental groups.

  • Fixed issue when setting the Certificate Store Password.

Back to Top

 

Tango/04

Vityl IT & Business Monitoring

Version 6.7.0

July 12, 2022

New Features

  • Database reader monitors can now use an "Indexed" Incremental condition with a "back" ID number, to avoid reading the whole database each time a datasource is stopped/started.

  • Vityl IT & Business Monitoring now has the ability to run daily tampering and data integrity checks to verify if any asset has had information modified or deleted, with alerts sent if the check fails.

  • By default, metrics of the same type elements and same asset are displayed in the same chart. For some generic element types there is now a new attributes "Metric tag" which allows to split them in different charts.

  • For IBMi/iSeries systems, the percentage of disk used by temporary storage is now monitored.

Enhancements

  • Any user or group added with correspondent roles in the product, can now also access a secondary web SmartConsole without requiring any additional configuration.

  • CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-4104 log4j2 vulnerabilities have been removed.

  • It is now possible to change the type of installation during the installation process.

  • SQL Server versions 2019 and 2022 are now in the list of available "Asset Types" when creating or editing an asset to Audit.

  • Scheduling reports now works even if only https access is enabled for the Reports website.

  • Availability controls, for example; pings or process existence checks, now are checked every two minutes instead of three minutes. And Performance controls, as such as CPU or memory usage, now are checked every two and a half minutes instead of five minutes.

  • A new attribute "DisablePing" has been made available for any device.

  • Active MQ Queue Queue Success event messages have been modified to provide more clarity.

  • Vityl Events regarding IBM i Jobs have been enriched with Job Name, Subsystem, User and Current User Profile as variables.

  • When RemoteCommandExecution.ps1 script is used to execute a remote command from an alert, and there's an error, it's now reported in the log.

  • A new "TLS / STARTTLS" Authentication method for POP3/IMAP credentials has been made available.

Fixes

  • A Handle leak in process T04ORCSRV.exe, "HelpSystems - Orchestrator" windows service has been fixed.

  • Breadcrumb controls on some pages were displayed on separated lines due to a lack of space. This issue has been fixed.

  • Changing or migrating to a newer configuration database could previously cause the software to become unstable. This issue has been fixed.

  • Colors for health status, highlighted/threat/incident events and other displays have been changed to adopt the HelpSystems standard.

  • Controls have been added to ensure sure that specific users do not have permissions to modify or write windows service executables or have Full Control permission to any directories that contain service executables.

  • Following a product upgrade, some pages could have different types of javascript errors. This issue has been fixed.

  • If a database from SmartConsole module (usually HS_APPSEC_SmartConsole) was cleaned or was empty for any reason, SmartConsoles froze during start. This issue has been fixed.

  • If the IDX.jar file had been manually modified or replaced, subsequent product upgrades did not install the latest version. This issue has been fixed.

  • In rare circumstances due to internal configuration, the SmartConsole service could crash due to a memory leak after running for several hours . This issue has been fixed.

  • It was not possible to login to the application because HelpSystems AccessServer module could get locked if the database was not made available during part of the initialization phase. This issue has been fixed.

  • Product web services did not work after installation, if IIS (Microsoft Internet Information Server) did not have "IIS-ServerSideIncludes" and "IIS-StaticContent" enabled. This issue has been fixed.

  • Self-monitoring reported some issues with errors: "...WMI: Invalid class..." . This issue has been fixed.

  • Service "HelpSystems - Orchestrator" could fail with an unrecoverable error when calling SOAP function in Index Service, meaning the application was unavailable. This issue has been fixed.

  • The Attribute Instance Name is now correctly displayed within Assets filter help.

  • The IDXServiceWrapperConfig.xml file is now updated correctly after a product upgrade.

  • The Product Security Administrator user is now allowed to use passwords with blank spaces.

  • The pipe character is now valid within the the user name credential.

  • Users for credentials could not contain the # character. This issue has been fixed.

  • When logging in with a user not explicitly authorized in "Users and Groups management", but included in a group which is authorized resulted in an internal lock with the login causing a "timeout error". This issue has been fixed.

  • During a Vityl Monitoring Node upgrade, a product security administrator was required even though it was not necessary. It is no longer requested.

  • The 'assigning attributes error' that occurred after editing the Facility Name, Facility Region, Facility SubRegion and Facility Type attributes has been fixed.

  • IBM Storwize monitors were showing Monitoring Errors in some instances. This issue has been fixed.

  • Firewall devices of subtype CheckPointNextGeneration, Juniper and PaloAltoNetworks could not be properly created or monitored. This issue has been fixed.

  • When selecting an specific chart to view, Vityl IT & Business Monitoring single metric data was incorrect. This issue has been fixed.

  • In some cases, Generic WebService - WSDL (Availability Check) monitors were not being updated to Success if response time was low. This issue has been fixed.

  • The "Log out" button within SmartConsole web now works as expected.

  • Free Linux Physical Memory monitors can now parse values with GiB as units.

  • Alert log within the Vityl Configuration main page had an incorrect color and font. This issue has been fixed.

  • The "Save" button within the Create Business View dialog from SmartConsole web now works as expected.

  • IBMi/iSeries messages on SmartConsole module are no longer duplicated.

  • The textbox for writing a comment needed to reset an issue within issue details windows has been resized.

  • When the dark theme was selected, the "Complete Message" text within issue details windows were not visible. This issue has been fixed.

  • The "Cancel" option within "Set Planned Maintenance Period For Multiple Assets" dialog was incorrectly displayed if dark theme was selected. This issue has been fixed.

  • Previous upgrades could break monitors using JMX technology (for example JBoss, Tomcat). This issue has been fixed when upgrading to this version.

  • If a session was closed after having been edited an Online Service and then an attempt was made to re-edit in a new session caused a "service being edited" error. This issue has been fixed.

  • When an existing Online Service is imported it must be overwritten, but sometimes when editing it showed the previous version from an internal cache. This issue has been fixed.

  • Manually created monitors of type "SLA Analytics" and report "Service Control Point Analytics" (and any derived from this) failed in version 6.6. This issue has been fixed.

  • iSeries/IBMi data maintenance configured within HelpSystems settings configurator did not work in release 6.6. This issue has been fixed,

  • If an application had dependencies with two elements of an specific device with the same alias, it was not properly monitored and an error "Synchronization failed" was logged. This issue has been fixed.

  • For devices created manually by the user and derived from the certain types, metric "Network Response Time(ms)" was not shown in the Device Analysis tab. This issue has been fixed.

  • Vityl Windows service "HelpSystems - SmartConsole Publisher" could crash generating a *.dmp file. This issue has been fixed.

  • IBMi Job elements were not correctly reporting the health for 'Job duration' if Vityl and the IBMi where the job to control is are in different timezones. This issue has been fixed.

  • Assets of type "Generic Endpoint" were not correctly created. Newly created assets of this type will now be shown as End-point device class assets and they will each consume 0.25 license credits.

  • A new attribute "Working directory" for remote commands in device elements of type CommandExecution* has been made available.

  • In very rare cases. invalid alerts could be generated for an specific asset where a "Business View" in SmartConsole was partially created without proper filters. This issue has been fixed.

  • Chart "Process Virtual Size (32 bits Processes) (MB)" for Windows systems within the asset Analysis tab could produce a browser crash if a 64-bit process was displayed. This issue has been fixed.

  • For "SCP Details" reports or other reports based on this option, the "Show States Summary Chart" did not work properly if more than one SCP folder was selected for the same report. This issue has been fixed.

  • The product was previously installed with three default fixed VIP Users for the "Web Portal Users" License. As this is now a legacy license it will no longer affect typical installations.

Back to Top

 

Titus

Titus Mail for iOS

Version 2022.0.1

July 8, 2022

Fixes

  • Resolved issue where users were forced to resend messages through the Outbox folder. This bug impacted users with on-premises Exchange servers.

Illuminate

Version 2022.0

July 7, 2022

New Features

  • The UI for scanning file and folders has been updated with some changes to fields and selections. See the Titus Illuminate Scanning Guide for more information.

  • The following performance counters were added:

    • Total files scanned

    • Total files actioned

    • Total failed actions

    • Files scanned per second

    • Files actioned per second

    See the Titus Illuminate Deployment Best Practices Guide for more information.

  • Titus Accelerator for Privacy from Illuminate has been replaced by Data Detection Engine. See the Titus Data Detection Engine for Illuminate User Guide and Titus Data Detection Engine for Illuminate Server Deployment Guide for more information.

  • You can now scan files and folders located in your Google Drive (Preview only). See the Titus Illuminate Scanning Guide for more information.

    NOTE: Currently, you cannot scan your organization's Google Drives. This will be available in a later release.
Enhancements

  • You can now choose to install Illuminate on another drive. See the Titus Illuminate Deployment Guide for more information.

  • A new column has been added to the report, so when you download the report on the Scans page, you can now see what keyword was used to classify a document.

Fixes

  • Files were not encrypting in Vera and uploading to OneDrive successfully

  • Incorrect "FileContentCreatedDate" and "FileContentModifiedDate" dates were recorded into the Inventory table. FileContentCreatedDate and FileCreatedDate have the same values. FileContentModifiedDate and FileModifiedDate also have the same values.

  • Credential Manager token not generating due to issue with redirect URLs

  • Custom properties not working in Illuminate. TI.DocumentProperty in SQL was not populating properly with custom properties on the available file.

  • Illuminate scanning finishes with the following errors:

    • Microsoft.SharePoint.Client.ServerObjectNullReference

      Exception:

    • Object reference not set to an instance of an object on server. The object is associated with property Author.

  • Add SharePoint (OnPrem) Metadata not working due to issue with configuration file

  • Unable to download SharePoint scans report from Scans page

  • Illuminate cannot capture metadata for Fileshare scan when UNC path set to \\Serveraddress\

Policy Manager

Version 2022.07

July 15, 2022

Enhancements

  • Titus Console has been rebranded with a new look and feel. If you see an old Titus logo, clear your browser's cache.

  • You can select from a drop-down for list s and boolean values for Conditions.

  • Action parameters drop-down has been reordered to be more intuitive.

  • How you configure Action parameters depends on how you access them - the available Action parameters from the Rule are different from the ones from the Library.

Resolved Issues

  • Using Message.Attachment.* and Message.Recipient.* conditions in the same rule results in an error. Use both conditions in separate sub-rules in the same rule.

  • Delete Custom Condition from library causes blank screen when Custom Condition drawer and Action drawers are open the same time.

  • Condition builder collection filter should switch back to default "All".

  • Policy Manager can be slow to load.

  • Group operator is shown disabled for Message.Recipient.IsNew in Condition Editor.

Back to Top

Vera

Version 3.20.1

July 2022

New Features

  • The native Linux executable is packaged with the Vera SDK. All required executable and libraries are under samples/c++/linux/bin. For more information, see readme.

Fixes

  • Fixed an issue by improving the VIB workflows to support opening of secure files in a browser if a Vera-supported application is not present on the desktop.

  • Fixed an issue that allows Vera to message when some records are not copied due to co-owner restrictions while cloning access to or from another user.

  • Fixed an issue that impacts the performance where slowness occurred in opening unsecured Excel files in SharePoint.

Back to Top