Monthly Release Notes - July 2022

Jump to:

 

Clearswift


ARgon For Email

Version 5.4.3

July 15, 2022

New Features
  • Enhanced protection is now included by checking the reputation of entered URLs against the Sophos Real-time Malicious URL List. This list contains up-to-date information of all known and emerging malware and is regularly updated to offer maximum security.

Enhancements
  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the ARgon Server can provide better deep content inspection of some types of meeting requests and calendars.

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • Detailed logging is available from the Policy Enforcement service. Logging levels is configurable from the System > Gateway Settings > Policy Engine Settings, and provides more assistance with problem investigations when required.

  • When a message triggers multiple content rules in a policy route, the Policy Summery tab under the Messages > Held Messages only displayed a filtered list of these rules, whereas all the triggered rules were listed under the Structure tab > PrimaryRules and SecondaryRules properties. Now, all the triggered content rules are listed under the Policy Summary tab, and the rule(s) which caused the message to be held are displayed in bold.

  • The product icon has been updated.

  • For increased security, the PostgreSQL database has been upgraded from V9.6 to V13.3.

  • Extra two rows added to the Product Information table on Cockpit Clearswift page to show whether Red Hat or Clearswift online updates are enabled.

Fixes
  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • A fix has been applied to an issue where the ARgon Server’s UI rejected an input of special characters which were eligible to be used for the local part of the email address.

  • In response to the recent global security alerts on Apache Log4j, we have fixed the vulnerability on the affected versions of the ARgon for Email product.

  • It was previously not possible to sanitize active content for xlsm created in the recent version of M365. This has now been fixed.

  • A fix has been applied to an issue where the Redact Text content rule only redacted the first portion of the UK postcodes (which consist of multiple parts, e.g. AB1 0CD).

  • The SMTP Inbound Transport service can now be restarted from the Admin UI control button.

  • The 'remove potential embedded data' (anti-steganography) option in the Sanitize Document Content rule is now working on files generated using Xiao Steganography.

  • A fix has been applied to an issue where the UI rejected some valid characters in a URL, such as #, |, @, [, and ] when creating a new Custom URL List.

  • A fix has been applied to an issue where Microsoft Project (.mpp) files were failing to process with errors.

  • A fix has been applied to the Sanitize Active Content rule, whereby active content was being incorrectly detected.

  • Computer Graphics Metafile (CGM) files were not available in the Detectable Types selection list within the Detect media types content rule. This has now been resolved.

  • The install process on systems with large RAM and hard disk capacities has been streamlined.

  • A fix has been applied to an issue where the Clearswift product name was not clearly identified within Cockpit.

  • PDF files are now created correctly following steganography or text redaction changes.

  • A fix has been applied to an issue where the "Upgrade is available" alarm would never be raised if using a non-English system locale.

  • A fix has been applied to an issue where new SCOM servers could not always be added in the Monitoring Services page in Cockpit.

  • A fix has been applied to the issue where the 5.2 upgrade overwrites the keystore, reverting the custom UI certificate back to the Clearswift self-signed cert.

  • A fix has been applied to a display error where URL links to the anti-virus update servers, such as sav-update, sometimes displayed old version numbers under System > Connectivity Test.

  • A fix has been applied to an issue where multiple lines defined in the System > Gateway Branding > Front Page Text are displayed in a single line.

  • If you define a Relay Server disposal action with a long hostname and use this as the default disposal action for a policy route, the formatting of the Mail Policy Routes page becomes distorted. This has now been fixed.

  • A fix has been applied to an error where a viewed or tracked message in Microsoft Edge (build number 40.* onwards) returns a blank page and a warning message.

Secure Email Gateway

Version 5.4.3

July 15, 2022

Enhancements
  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Rspamd has been updated to version 3.2.

  • A new cloud location, https://au.analysis.sophos.com, is available for sandboxing. Also, URLs of the existing cloud locations have been updated from https://XXXX.sandbox.sophos.com (XXXX is a location of user's choice) to https://XXXX.analysis.sophos.com. Please note that using the sandboxing feature requires a license.

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • Detailed logging is available from the Policy Enforcement service. Logging levels is configurable from System > Gateway Settings > Policy Engine Settings, and provides more assistance with problem investigations when required.

  • When a message triggers multiple content rules in a policy route, the Policy Summery tab under the Messages > Held Messages only displayed a filtered list of these rules, whereas all the triggered rules were listed under the Structure tab > PrimaryRules and SecondaryRules properties. Now, all the triggered content rules are listed under the Policy Summary tab, and the rule(s) which caused the message to be held are displayed in bold.

Fixes
  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • In PMM the Italian translation for "The message will be delivered shortly" has been corrected.

  • A fix has been applied to an issue where purging the database could run out of memory if Secure Email Gateway had a large audit database. PostgreSQL has now been configured to use less memory when purging.

  • A fix has been applied to an issue where using proxy in Secure Email Gateway intermittently caused sandboxing to queue messages.

  • Memory leak in the DKIM function has been resolved by upgrading the Mailshell SDK to version 8.2.1.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • A fault in checking CRLs (Certificate Revocation Lists) from bafin.de has been corrected.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • A fix has been applied to an issue where certain spam parameter configuration changes were not reflected on a peered Secure Email Gateway.

  • A fix has been applied to an issue where non-delivery messages were blocked by Secure Email Gateway for DMARC failures.

  • A fix has been applied to an issue where the Gateway’s UI rejected an input of special characters which were eligible to be used for the local part of the email address.

  • Sanitization of meeting requests, especially URLs within meeting requests, has been improved through the additional support of the iCalendar document format.

Secure Exchange Gateway

Version 5.4.3

July 15, 2022

Enhancements
  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • Detailed logging is available from the Policy Enforcement service. Logging levels is configurable from System > Gateway Settings > Policy Engine Settings, and provides more assistance with problem investigations when required.

  • When a message triggers multiple content rules in a policy route, the Policy Summery tab under the Messages > Held Messages only displayed a filtered list of these rules, whereas all the triggered rules were listed under the Structure tab > PrimaryRules and SecondaryRules properties. Now, all the triggered content rules are listed under the Policy Summary tab, and the rule(s) which caused the message to be held are displayed in bold.

Fixes
  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • In PMM the Italian translation for "The message will be delivered shortly" has been corrected.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • A fix has been applied to an issue where the Gateway’s UI rejected an input of special characters which were eligible to be used for the local part of the email address.

Secure ICAP Gateway

Version 5.4.3

July 15, 2022

Enhancements
  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

Fixes
  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • There were occasional SSL errors while updating Netstar. Netstar has fixed this issue in their latest SDK, which is a part of the Secure ICAP Gateway version 5.4.3 release. It is recommended that the customers upgrade to this version and monitor their Gateway’s behavior.

  • The Netstar watchdog now checks if online URL categorisation can be performed. If not, the Netstar and ICAP services are restarted. To disable this online check, for example, when the Gateway is in a closed environment, then create the following file: sudo touch /var/cs-gateway/websettings/netstar/netstar_no_online_check

  • A fix has been applied to an issue where Netstar downloads prevented new downloads from taking place. Now, selecting the reset option on the UI deletes the lock file and allows a new download to commence.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

Secure Web Gateway

Version 5.4.3

July 15, 2022

New Features
  • A support extract with system status information is now automatically generated by the watchdog whenever a Proxy service failure is detected, and more importantly before the Proxy service is restarted.

Enhancements
  • In the Detectable Types selection list within the Detect Lexical Expression, Detect Media Types and Redact Text content rules, support has been added for iCalendar. This means the Gateway can provide better deep content inspection of some types of meeting requests and calendars.

  • The update URLs for Sophos Anti-Virus are now "https" rather than "http". For example, https://sav-update-1.clearswift.net/SOP64/sopupdates.txt

  • Proactive Alerts have been modified to restrict any potentially sensitive information being sent to Clearswift via unsecured email. An ability to modify the message body of the Proactive Alerts emails has been introduced, so when working with customer support, and with communication over TLS, more diagnostic information can be sent. Please note that using the Proactive Alerts feature requires a license.

  • The product icon has been updated

  • For increased security, the PostgreSQL database has been upgraded from V9.6 to V13.3.

  • Extra two rows added to the Product Information table on Cockpit Clearswift page to show whether Red Hat or Clearswift online updates are enabled.

Fixes
  • A fix has been applied to an issue where informs were not sent correctly if the Analyze Properties content rule was configured to detect multiple document properties, and to generate an inform.

  • A fix has been applied to an issue with Cockpit where Software Updates > Check for Updates could contain out-of-date information. Now, the caches are correctly cleared by clicking the Check for Updates button.

  • There were occasional SSL errors while updating Netstar. Netstar has fixed this issue in their latest SDK, which is a part of the Secure WEB Gateway version 5.4.3 release. It is recommended that the customers upgrade to this version and monitor their Gateway’s behavior.

  • The Netstar watchdog now checks if online URL categorisation can be performed. If not, the Netstar and Proxy services are restarted. To disable this online check, for example, when the Gateway is in a closed environment, then create the following file: sudo touch /var/cs-gateway/websettings/netstar/netstar_no_online_check

  • A fix has been applied to an issue where Netstar downloads prevented new downloads from taking place. Now, selecting the reset option on the UI deletes the lock file and allows a new download to commence.

  • A fix has been applied to an issue where SCOM server configuration in Cockpit could be lost after a product upgrade.

  • In response to the recent global security alerts on Apache Log4j, we have fixed the vulnerability on the affected versions of the Secure Web Gateway product.

  • Some macro-enabled Visual Basic .xlsm files were failing to process and causing the message to be held as Malformed Data. This has now been resolved.

  • It was previously not possible to sanitize active content for xlsm created in the recent version of M365. This has now been fixed.

  • A fix has been applied to an issue where the Redact Text content rule only redacted the first portion of the UK postcodes (which consist of multiple parts, e.g. AB1 0CD).

  • A fix has been applied to an issue with the Connectivity Test for Avira. The test no longer fails erroneously and servers will not be displayed as 'unavailable'.

  • A fix has been applied to an issue where the UI rejected some valid characters in a URL, such as #, |, @, [, and ] when creating a new Custom URL List.

  • Netstar SSL experienced some errors when updating. This had been resolved by Netstar in a later SDK version than the one being used at the time.

  • If an FTP backup configuration is enabled, the password was previously held in plain text in the file /var/cs-gateway/diag/diag-config.xml. This is now encrypted.

  • The Secure Web Gateway UI has been updated to display the 3 secure headers (X-XSS-Protection, X-Content-Type-Options and X-Frame-Options) on the block and error pages.

  • All Netstar categories now map to a Clearswift category.

  • The Netstar "search & portal" category now maps to both Clearswift Search and Portal categories instead of just the Portal.

  • Download CRL entries without the "issuerName" and "serialNumber" now result in a logged warning rather than causing the download to fail.

  • A fix has been applied to an issue where Microsoft Project (.mpp) files were failing to process with errors.

  • A fix has been applied to the Sanitize Active Content rule, whereby active content was being incorrectly detected.

  • HTTPS content in tokens, headers and data will be displayed in Informs only when both of the following is true. The functionality to include HTTPS headers, data and diagnostic information is configured in the UI and a support script has been run as documented in the online help.

  • The description for the Drugs URL category previously grouped all "drug" websites into one category. We have created a new Illegal Drugs category which is separate from the medical/pharmaceutical products. This default policy now blocks illegal drugs.

  • The options in the UI to view engine and proxy diagnostics, also to download and purge diagnostics were missing. These have now been restored.

  • When querying the user activity for a particular user, there was too much data per day. This has been fixed and a time range can now be configured for the user activity report. This facilitates for the amount of data to be reduced and prevents the size limit being reached.

  • Computer Graphics Metafile (CGM) files were not available in the Detectable Types selection list within the Detect media types content rule. This has now been resolved.

  • URL validation has improved as we were encountering URLs that did not conform to the RFC. Websites with a hyphen dot in the URL can now be accessed.

  • The ability to use the token %PROXY% in a block page has been restored.

  • The install process on systems with large RAM and hard disk capacities has been streamlined.

  • A fix has been applied to an issue where the Clearswift product name was not clearly identified within Cockpit.

  • PDF files are now created correctly following steganography or text redaction changes.

  • Listening on port 81 has been turned off and the port disabled.

  • A fix has been applied to an issue where the "Upgrade is available" alarm would never be raised if using a non-English system locale.

  • A fix has been applied to an issue where new SCOM servers could not always be added in the Monitoring Services page in Cockpit.

  • A fix has been applied to the issue where the 5.2 upgrade overwrites the keystore, reverting the custom UI certificate back to the Clearswift self-signed cert.

  • A fix has been applied to a display error where URL links to the anti-virus update servers, such as sav-update, sometimes displayed old version numbers under System > Connectivity Test.

  • A fix has been applied to an issue where multiple lines defined in the System > Gateway Branding > Front Page Text are displayed in a single line.

Back to Top

 

Core Security


Event Manager

Version 6.7.0

July 12, 2022

New Features
  • A new Events Manager overview graphical Dashboard has been made available from directly within Event Manager. This was previously only accessible through Insite.

  • A new Forensic Analysis overview graphical Dashboard has been made available from directly within Event Manager. This was previously only accessible through Insite,

  • A new setting "Automatically close controlled events" for Short Term Database of Security DataSources has been made available within the HelpSystems Settings Configurator.

  • An 'out-of-the-box' template has been added to integrate the events from the Beyond Security beSECURE vulnerability scanner.

  • DataSources collecting information by syslog now allow the use of a list of IPs to match with source address of events.

  • Database reader monitors can now use an "Indexed" Incremental condition with a "back" ID number, to avoid reading the whole database each time a datasource is stopped/started.

  • Event Manager now has the ability to run daily tampering and data integrity checks to verify if any asset has had information modified or deleted, with alerts sent if the check fails.

Enhancements
  • Any user or group added with correspondent roles in the product, can now also access a secondary web SmartConsole without requiring any additional configuration.

  • CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-4104 log4j2 vulnerabilities have been removed.

  • IBM i audited assets with "Exit Point Manager for IBM i" DataSource now reports a real user as an operator for collected events.

  • Improvements have been made to Product Audit to retain previous values of amended information.

  • It is now possible to change the type of installation during the installation process.

  • ODBC drivers for SAP HANA Database are now supported on a "Custom Database Reader" DataSource in Event Manager.

  • Privileged Users SYSDBA/SYSOPER (Unix) Standard Datasource for Oracle assets can now select different connection types and use the sudo command for some of them within data collections.

  • Product Audit events regarding asset changes are now more specific about what has changed in each asset.

  • SQL Server versions 2019 and 2022 are now in the list of available "Asset Types" when creating or editing an asset to Audit.

  • Scheduling reports now works even if only https access is enabled for the Reports website.

Fixes
  • "Send Event Assigned to Syslog (CEF)" or "Send Security Alert Event to Syslog (CEF)" alarms when integrating Event Manager notified events with 3rd party tools could fail if log files reached their maximum size. This issue has been fixed.

  • A Handle leak in process T04ORCSRV.exe, "HelpSystems - Orchestrator" windows service has been fixed.

  • A timeout parameter called "Request Timeout Seconds" has been added to Microsoft365 Datasources to prevent communication blocks when Microsoft365 did not respond.

  • Alerts for Assets with no event in the last 3 days are now generated.

  • An invalid "Not Categorized" Action has been removed from the SAP ASE default datasource.

  • Assets created from Orchestrator interface of type Exchange Online, Azure Active Directory or Microsoft Teams are now created as expected.

  • Audited SQL Server 2000 assets of type SQL Server 2000 no longer generate errors following a product upgrade.

  • Breadcrumb controls on some pages were displayed on separated lines due to a lack of space. This issue has been fixed.

  • Changing or migrating to a newer configuration database could previously cause the software to become unstable. This issue has been fixed.

  • Colors for health status, highlighted/threat/incident events and other displays have been changed to adopt the HelpSystems standard.

  • Controls have been added to ensure sure that specific users do not have permissions to modify or write windows service executables or have Full Control permission to any directories that contain service executables.

  • Daily maintenance now checks if indexes are disabled and re-enables them.

  • DataSources with the "TimeZone" attribute as "Inherited from Asset" now correctly use the "TimeZone" configured at the asset level.

  • Event Manager and Forensic Analysis scheduled reports no longer fail with "Internal Orchestrator error - bad lexical cast: source type value could not be interpreted as target." in the Reports log.

  • Events from the Historical Database within Forensic Analysis may show incorrect data. This issue has been fixed.

  • Events from the Windows User Inactivity DataSource now report the logon name the same as other Windows DataSources.

  • Events from the Windows User Inactivity DataSource no longer report an incorrect user domain name.

  • Excluding values from columns drop down filters within Event Manager and Forensic Analysis now works as expected.

  • Following a product upgrade, some pages could have different types of javascript errors. This issue has been fixed.

  • For Windows Server audited assets DataSource "Windows User Inactivity" failed if settings "Ignored Disabled User Accounts" or "Ignored Disabled Computer Accounts" were false. This issue has been fixed.

  • Forensic Analysis and Events Manager sections could show incorrect values for counters and list of events if more than one user is logged into the Event Manager application and some of the users have specific permissions configured. This issue has been fixed.

  • Grant and Revoke Object events have been added to the Oracle Databases audit.

  • HelpSystems - Orchestrator service frequently crashed due to a memory leak when automatically discovered actions for a Custom Syslog CEF DataSource were active. This issue has been fixed.

  • IBM i audited assets within the "Exit Point Manager for IBMi" DataSource did not audit some of the "Network Access Rejected" events. This issue has been fixed.

  • If a database from SmartConsole module (usually HS_APPSEC_SmartConsole) was cleaned or was empty for any reason, SmartConsoles froze during start. This issue has been fixed.

  • If an asset with character "." was selected at Assets list the footer message was not displayed correctly. This issue has been fixed.

  • If the IDX.jar file had been manually modified or replaced, subsequent product upgrades did not install the latest version. This issue has been fixed.

  • In rare circumstances due to internal configuration, the SmartConsole service could crash due to a memory leak after running for several hours . This issue has been fixed.

  • In some instances, scheduled reports from Forensic Analysis would not show charts if groups were selected. This issue has been fixed.

  • In very rare cases, some events were automatically closed after upgrading the product. This issue has been fixed.

  • Inspector\bin\config\Inspector.cfg file has an attribute ColumnCacheCapacity, which shipped with a default value of 250000. But if this attribute was not explicitly declared in Inspector.cfg, the default value was far greater. Now, the default value if the attribute is not explicitly declared is also set to 250000.

  • It is no longer possible to add the same value twice to column filtering within the "Add XX to list" option.

  • It was not possible to login to the application because HelpSystems AccessServer module could get locked if the database was not made available during part of the initialization phase. This issue has been fixed.

  • Product web services did not work after installation, if IIS (Microsoft Internet Information Server) did not have "IIS-ServerSideIncludes" and "IIS-StaticContent" enabled. This issue has been fixed.

  • Removing a mapping variable while editing a DataSource, and confirming the change resulted in the confirmation window being constantly displayed. This issue has been fixed.

  • Self-monitoring reported some issues with errors: ".. WMI: Invalid class..." . This issue has been fixed.

  • Service "HelpSystems - Orchestrator" could fail with an unrecoverable error when calling SOAP function in Index Service, meaning the application was unavailable. This issue has been fixed.

  • Sometimes "flag icon" links within issue details were not shown, despite the source IP address being resolved. This issue has been fixed.

  • Syslog CEF DataSources now displays the list of available CEF variables.

  • The "Controls" filter within the Event Manager list of events now works as expected.

  • The Attribute Instance Name is now correctly displayed within Assets filter help.

  • The DataSources "Privileged Users SYSDBA/SYSOPR for Unix" and "Privileged Users SYSDBA/SYSOPR for windows" for Oracle Database Server assets have been amended so they are now visually distinguishable in the "Actions to Audit" tab.

  • The ExecutionMode parameter in Event Manager Custom Database Reader Datasources has been removed because it is not used anymore.

  • The IDXServiceWrapperConfig.xml file is now updated correctly after a product upgrade.

  • The PMDB service that purges old data for Forensic Analysis and Events Manager Overview charts has been improved for performance.

  • The Product Security Administrator user is now allowed to use passwords with blank spaces.

  • The Regulations filter drop-down is now correctly displayed in a typical laptop resolution (1366x768).

  • The pipe character is now valid within the the user name credential.

  • The unused file; sqljdbc.jar, has been removed from product.

  • Trying to filter with a text value containing the "=" character in Event Manager or Forensic Analysis columns drop-down filters resulted in a blue screen and an exception error. This issue has been fixed.

  • Update patches for out of the box auditing for some asset types within Event Manager were not being applied immediately. This issue has been fixed.

  • Users for credentials could not contain the # character. This issue has been fixed.

  • When auditing an IBM i asset with DataSource "SIEM Agent for IBMi" some events could have been lost. This issue has been fixed.

  • When auditing an IBM i asset with DataSource "SIEM Agent for IBMi" the events for Actions "Password Modification" and "Password Reset" were collected as "User Modification". This issue has been fixed.

  • When editing an Event Manager view and selecting a "User column" within "User Variables Mapping", the window was automatically scrolled up without any user intervention.

  • When logging in with a user not explicitly authorized in "Users and Groups management", but included in a group which is authorized resulted in an internal lock with the login causing a "timeout error". This issue has been fixed.

  • When using column filtering in Forensic Analysis or Event Manager pages and clicking on "Select All" , sometimes left value "(Blanks)" unselected. This issue has been fixed.

  • Windows File Monitoring DataSource for a Windows asset did not have the correct text for parameter label "Lookup Account SID". This issue has been fixed.

  • Within Event Manager and Forensic Analysis, column headers disappeared when horizontal scroll at the bottom of the page was used. This issue has been fixed.

Back to Top

 

Powertech


Powertech Encryption

Version 3.65

Jul 19, 2022

Enhancements
  • Removed the requirement for the product library (CRYPTO) to be included in the system library list.

  • Added additional compatibility checks for the Decryption Accelerator option.

  • Updated the Field Encryption Configuration report (Option 22 on a Field Registry Entry) to include information about triggers and sorting for file fields.

  • Newly created Field Registry entries will now default to not use the Decryption Accelerator value.

  • Enhanced Field Encryption activation to detect file sorting options, such as ALTSEQ (alternative sequencing), that are incompatible with encryption.

Fixes
  • Option 16 "Change Field Mask" in the Field Registry no longer displays an error.

  • Suppressed attempt to display an on-screen warning during activation, unless activation is performed interactively.

  • For actions performed on files with encrypted fields, including duplicating the files, the "Field Length Change" error no longer occurs when the CRVL002 validation list does not reside in the product library and is not contained in the library list.

Powertech Policy Minder

Version 2.3

Jul 19, 2022

Enhancements
  • For system value policy QSSLCSL, all new values introduced in IBM i 7.4 are now supported.

  • For system value policy QSSLPCL, the *TLSV1.3 value is now supported.

Fixes
  • Updated to Log4j 2.17 to resolve vulnerabilities.

  • *DIRAUT policy now correctly allows new directory.

  • Fixed an issue where the license screen could not be displayed if the SKYPM menu was displayed, without first explicitly adding the product library to the library list.

  • Fixed an issue where failed upgrades were being reported as successful.

  • Fixed an issue where CHECK command fails to run DB reorganization step.

  • Fixed USROBJ category in Policy Minder WEB UI showing value *ANY as out of compliance.

  • Fixed an issue when configuring the JOBD category, where changes to the job descriptions on the policy list were not saved.

  • Fixed an issue where compliance displayed for DIRAUT was incorrect.

  • ANZSQLINF report now displays all programs with a Dynamic SQL statement.

  • Fixed an issue with value prompting that occurred when the user defined an object template under Directory Authorities.

  • Fixed an issue where not all system values were being displayed on IBM i 7.4 systems.

  • Fixed "Date too short for specified format" error.

  • Fixed an issue where authorization list values in Compliance check become hidden.

  • Fixed an issue with *ALLCRTCHG missing from system value policy QPWDRULES.

  • Fixed an issue where email addresses that contained a numeric value as a leading character generated an error.

  • Fixed an issue where library templates that used "?" in position 10 caused a check to fail.

  • Fixed an issue where email sending could fail if multiple instances of the command SNDEMLMSG existed on a system.

Powertech Risk Assessor

Version 3.3

Jul 19, 2022

Enhancements
  • New password strength report feature identifies user profile passwords that are contained in available lists of cracked passwords.

Fixes
  • Updated to Log4j 2.17 to resolve vulnerabilities.

  • Product Information menu now shows correct product version.

  • SKYASSESS report now accurately indicates when QPWDEXPWRN deviates from the recommended value.

  • Fixed MCH1210 error that occurs when there are over 9999 User Profiles without *PUBLIC EXCLUDE authority.

  • Fixed issue with print files that were missing.

  • Fixed issue that caused the Security Assessment job log to wrap.

  • Fixed issue reporting on user and supplemental groups.

  • Fixed issue when setting the Certificate Store Password.

Back to Top

 

Tango/04


Vityl IT & Business Monitoring

Version 6.7.0

July 12, 2022

New Features
  • Database reader monitors can now use an "Indexed" Incremental condition with a "back" ID number, to avoid reading the whole database each time a datasource is stopped/started.

  • Vityl IT & Business Monitoring now has the ability to run daily tampering and data integrity checks to verify if any asset has had information modified or deleted, with alerts sent if the check fails.

  • By default, metrics of the same type elements and same asset are displayed in the same chart. For some generic element types there is now a new attributes "Metric tag" which allows to split them in different charts.

  • For IBMi/iSeries systems, the percentage of disk used by temporary storage is now monitored.

Enhancements
  • Any user or group added with correspondent roles in the product, can now also access a secondary web SmartConsole without requiring any additional configuration.

  • CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-4104 log4j2 vulnerabilities have been removed.

  • It is now possible to change the type of installation during the installation process.

  • SQL Server versions 2019 and 2022 are now in the list of available "Asset Types" when creating or editing an asset to Audit.

  • Scheduling reports now works even if only https access is enabled for the Reports website.

  • Availability controls, for example; pings or process existence checks, now are checked every two minutes instead of three minutes. And Performance controls, as such as CPU or memory usage, now are checked every two and a half minutes instead of five minutes.

  • A new attribute "DisablePing" has been made available for any device.

  • Active MQ Queue Queue Success event messages have been modified to provide more clarity.

  • Vityl Events regarding IBM i Jobs have been enriched with Job Name, Subsystem, User and Current User Profile as variables.

  • When RemoteCommandExecution.ps1 script is used to execute a remote command from an alert, and there's an error, it's now reported in the log.

  • A new "TLS / STARTTLS" Authentication method for POP3/IMAP credentials has been made available.

Fixes
  • A Handle leak in process T04ORCSRV.exe, "HelpSystems - Orchestrator" windows service has been fixed.

  • Breadcrumb controls on some pages were displayed on separated lines due to a lack of space. This issue has been fixed.

  • Changing or migrating to a newer configuration database could previously cause the software to become unstable. This issue has been fixed.

  • Colors for health status, highlighted/threat/incident events and other displays have been changed to adopt the HelpSystems standard.

  • Controls have been added to ensure sure that specific users do not have permissions to modify or write windows service executables or have Full Control permission to any directories that contain service executables.

  • Following a product upgrade, some pages could have different types of javascript errors. This issue has been fixed.

  • If a database from SmartConsole module (usually HS_APPSEC_SmartConsole) was cleaned or was empty for any reason, SmartConsoles froze during start. This issue has been fixed.

  • If the IDX.jar file had been manually modified or replaced, subsequent product upgrades did not install the latest version. This issue has been fixed.

  • In rare circumstances due to internal configuration, the SmartConsole service could crash due to a memory leak after running for several hours . This issue has been fixed.

  • It was not possible to login to the application because HelpSystems AccessServer module could get locked if the database was not made available during part of the initialization phase. This issue has been fixed.

  • Product web services did not work after installation, if IIS (Microsoft Internet Information Server) did not have "IIS-ServerSideIncludes" and "IIS-StaticContent" enabled. This issue has been fixed.

  • Self-monitoring reported some issues with errors: "...WMI: Invalid class..." . This issue has been fixed.

  • Service "HelpSystems - Orchestrator" could fail with an unrecoverable error when calling SOAP function in Index Service, meaning the application was unavailable. This issue has been fixed.

  • The Attribute Instance Name is now correctly displayed within Assets filter help.

  • The IDXServiceWrapperConfig.xml file is now updated correctly after a product upgrade.

  • The Product Security Administrator user is now allowed to use passwords with blank spaces.

  • The pipe character is now valid within the the user name credential.

  • Users for credentials could not contain the # character. This issue has been fixed.

  • When logging in with a user not explicitly authorized in "Users and Groups management", but included in a group which is authorized resulted in an internal lock with the login causing a "timeout error". This issue has been fixed.

  • During a Vityl Monitoring Node upgrade, a product security administrator was required even though it was not necessary. It is no longer requested.

  • The 'assigning attributes error' that occurred after editing the Facility Name, Facility Region, Facility SubRegion and Facility Type attributes has been fixed.

  • IBM Storwize monitors were showing Monitoring Errors in some instances. This issue has been fixed.

  • Firewall devices of subtype CheckPointNextGeneration, Juniper and PaloAltoNetworks could not be properly created or monitored. This issue has been fixed.

  • When selecting an specific chart to view, Vityl IT & Business Monitoring single metric data was incorrect. This issue has been fixed.

  • In some cases, Generic WebService - WSDL (Availability Check) monitors were not being updated to Success if response time was low. This issue has been fixed.

  • The "Log out" button within SmartConsole web now works as expected.

  • Free Linux Physical Memory monitors can now parse values with GiB as units.

  • Alert log within the Vityl Configuration main page had an incorrect color and font. This issue has been fixed.

  • The "Save" button within the Create Business View dialog from SmartConsole web now works as expected.

  • IBMi/iSeries messages on SmartConsole module are no longer duplicated.

  • The textbox for writing a comment needed to reset an issue within issue details windows has been resized.

  • When the dark theme was selected, the "Complete Message" text within issue details windows were not visible. This issue has been fixed.

  • The "Cancel" option within "Set Planned Maintenance Period For Multiple Assets" dialog was incorrectly displayed if dark theme was selected. This issue has been fixed.

  • Previous upgrades could break monitors using JMX technology (for example JBoss, Tomcat). This issue has been fixed when upgrading to this version.

  • If a session was closed after having been edited an Online Service and then an attempt was made to re-edit in a new session caused a "service being edited" error. This issue has been fixed.

  • When an existing Online Service is imported it must be overwritten, but sometimes when editing it showed the previous version from an internal cache. This issue has been fixed.

  • Manually created monitors of type "SLA Analytics" and report "Service Control Point Analytics" (and any derived from this) failed in version 6.6. This issue has been fixed.

  • iSeries/IBMi data maintenance configured within HelpSystems settings configurator did not work in release 6.6. This issue has been fixed,

  • If an application had dependencies with two elements of an specific device with the same alias, it was not properly monitored and an error "Synchronization failed" was logged. This issue has been fixed.

  • For devices created manually by the user and derived from the certain types, metric "Network Response Time(ms)" was not shown in the Device Analysis tab. This issue has been fixed.

  • Vityl Windows service "HelpSystems - SmartConsole Publisher" could crash generating a *.dmp file. This issue has been fixed.

  • IBMi Job elements were not correctly reporting the health for 'Job duration' if Vityl and the IBMi where the job to control is are in different timezones. This issue has been fixed.

  • Assets of type "Generic Endpoint" were not correctly created. Newly created assets of this type will now be shown as End-point device class assets and they will each consume 0.25 license credits.

  • A new attribute "Working directory" for remote commands in device elements of type CommandExecution* has been made available.

  • In very rare cases. invalid alerts could be generated for an specific asset where a "Business View" in SmartConsole was partially created without proper filters. This issue has been fixed.

  • Chart "Process Virtual Size (32 bits Processes) (MB)" for Windows systems within the asset Analysis tab could produce a browser crash if a 64-bit process was displayed. This issue has been fixed.

  • For "SCP Details" reports or other reports based on this option, the "Show States Summary Chart" did not work properly if more than one SCP folder was selected for the same report. This issue has been fixed.

  • The product was previously installed with three default fixed VIP Users for the "Web Portal Users" License. As this is now a legacy license it will no longer affect typical installations.

Back to Top

 

Titus


Titus Mail for iOS

Version 2022.0.1

July 8, 2022

Fixes
  • Resolved issue where users were forced to resend messages through the Outbox folder. This bug impacted users with on-premises Exchange servers.

Illuminate

Version 2022.0

July 7, 2022

New Features
  • The UI for scanning file and folders has been updated with some changes to fields and selections. See the Titus Illuminate Scanning Guide for more information.

  • The following performance counters were added:

    • Total files scanned

    • Total files actioned

    • Total failed actions

    • Files scanned per second

    • Files actioned per second

    See the Titus Illuminate Deployment Best Practices Guide for more information.

  • Titus Accelerator for Privacy from Illuminate has been replaced by Data Detection Engine. See the Titus Data Detection Engine for Illuminate User Guide and Titus Data Detection Engine for Illuminate Server Deployment Guide for more information.

  • You can now scan files and folders located in your Google Drive (Preview only). See the Titus Illuminate Scanning Guide for more information.

Enhancements
  • You can now choose to install Illuminate on another drive. See the Titus Illuminate Deployment Guide for more information.

  • A new column has been added to the report, so when you download the report on the Scans page, you can now see what keyword was used to classify a document.

Fixes
  • Files were not encrypting in Vera and uploading to OneDrive successfully

  • Incorrect "FileContentCreatedDate" and "FileContentModifiedDate" dates were recorded into the Inventory table. FileContentCreatedDate and FileCreatedDate have the same values. FileContentModifiedDate and FileModifiedDate also have the same values.

  • Credential Manager token not generating due to issue with redirect URLs

  • Custom properties not working in Illuminate. TI.DocumentProperty in SQL was not populating properly with custom properties on the available file.

  • Illuminate scanning finishes with the following errors:

    • Microsoft.SharePoint.Client.ServerObjectNullReference

      Exception:

    • Object reference not set to an instance of an object on server. The object is associated with property Author.

  • Add SharePoint (OnPrem) Metadata not working due to issue with configuration file

  • Unable to download SharePoint scans report from Scans page

  • Illuminate cannot capture metadata for Fileshare scan when UNC path set to \\Serveraddress\

Policy Manager

Version 2022.07

July 15, 2022

Enhancements
  • Titus Console has been rebranded with a new look and feel. If you see an old Titus logo, clear your browser's cache.

  • You can select from a drop-down for list s and boolean values for Conditions.

  • Action parameters drop-down has been reordered to be more intuitive.

  • How you configure Action parameters depends on how you access them - the available Action parameters from the Rule are different from the ones from the Library.

Resolved Issues
  • Using Message.Attachment.* and Message.Recipient.* conditions in the same rule results in an error. Use both conditions in separate sub-rules in the same rule.

  • Delete Custom Condition from library causes blank screen when Custom Condition drawer and Action drawers are open the same time.

  • Condition builder collection filter should switch back to default "All".

  • Policy Manager can be slow to load.

  • Group operator is shown disabled for Message.Recipient.IsNew in Condition Editor.

Back to Top