Shavlik Protect Version History
(Note: This build includes fixes from 9.1.4334.0, Protect 9.1 Patch 1, and Protect 9.1 Patch 2.)
- Updated content feed to allow for new format change for CVE.
- Resolved an issue where deployment email notifications were not being sent if the Hours until post deployment e-mails are sent option was set to 0 and the deployment fails on any system in the deployment.
- Resolved an issue where ST.ServiceHost.exe.config is not overwritten on upgrade from a previous version if the configuration file was manually modified, resulting in an ‘email service is currently unavailable’ error.
(Note: This build includes fixes from 9.1.4334.0 and Protect 9.1 Patch 1)
- Resolved an issue where a scan of an online hosted virtual machine would fail to scan with an error 201 if NetBIOS could not be resolved. Hosted scan flow will now fail over to IP if NetBIOS fails
- Resolved an issue where machine resolution by OU could return no machines due to an error when querying LDAP (System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server).
- Resolved an issue where scanning by OU would try to resolve by FQDN, but would not fail over to NetBIOS if FQDN failed.
- Resolved a console crash that occurred when opening Tools > Operations > Distribution Servers when the console service has been manually configured as a specific credential instead of Local System.
- Resolved a performance issue where the email service could return an unavailable error due exceeding the default timeout.
- Resolved an error in Event History for ITScript results that exceeded the max field length when displaying results.
- Resolved an issue where a scan result would not delete due to a constraint on an impartial deployment status that could not be deleted.
- Resolved an issue in Patch Status Detail report where machine counts could be incorrectly calculated.
- Resolved a performance issue where machine resolution could take significantly longer due to machines being resolved more than once instead of being identified as a duplicate and skipped.
- Resolved an issue where STSchedEx would attempt to listen on an additional legacy port that is no longer being used. Will only attempt to open 5120 (default) and not open 5120 and 5121.
- Resolved an issue where, after changing from the local console language to another language, you may not be able to switch back to the native console language.
- Resolved an issue where a null credential associated with a hypervisor causes the Protect UI to crash when refreshing the hypervisor.
- Resolved an issue where scanning a machine with the remote registry disabled would receive an error 270 instead of error 501.
- Resolved an issue where deleting scans on a system with low resources fails, resulting in the rollback transaction being called twice.
- Resolved an issue where installing PowerCLI 5.5 Release 2 causes a crash when enumerating a hypervisor or vCenter server due to a change in an interface in VIM.
- Resolved an issue where deployment would not display the proper error message when the target machine did not have enough disk space.
- Resolved an issue where the console could crash due to too many SQL transactions occurring, resulting in “SQL unavailable” or “Maximum pooled connects to SQL Server exceeded” errors.
- Resolved an issue where refresh files would not download HF7b.xml and PD5.xml due to timeout on slow connections.
Major New Features
- Localized Console Experience
- Shavlik Protect is now localized for the following languages: Chinese (Standard), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish.
- Localized SafeReboot
- The SafeReboot dialog has been localized to support the same language set as above. The language of the client machine’s operating system will determine which language is displayed. The SafeReboot dialog will default to English if the operating system language is not supported.
- Online Help
- Localized versions of the Help system are now available on the Web. The help text will be localized according to the language specified on the Display Options dialog. An Internet connection is required in order to access localized help text from the console. For environments that do not have direct Internet access, an English-only version of the Help system is still shipped with the product and is available locally on the console.
- IPv6 Support
- Shavlik Protect now supports IPv6. IPv4 is still the preferred IP scheme that will be displayed in the UI, so for environments that happen to have IPv6 turned on but are not utilizing it yet, the IPv4 address will be the default address shown for machines.
- Report Views
- In conjunction with this release, Shavlik is providing a Report Views Guide that describes how to use database views within SQL Server database queries to generate custom reports for Shavlik Protect. This also allows for third-party tools such as SQL Reporting Services, Crystal Reports, Splunk, and others to be used to create reports for Shavlik Protect.
Minor New Features and Enhancements
- Improved Machine Resolution in FQDN and IP-only Environments
- For customers who have environments that require FQDN or IP to resolve machines, Shavlik has made significant improvements to our machine resolver so that Shavlik Protect will retain multiple resolution methods for each machine. FQDN, Hostname, and IP can all be attempted to ensure the machine is resolved correctly.
- Scan by Vendor Severity
- The patch scan templates and the assessment engine have been updated to include filters that enable you to scan by vendor severity. You can now scan specifically for Critical, Important, Moderate, Low, or Unassigned security or non-security patches.
- Deployment Workflow Enhancements
- The deployment workflow has been consolidated to reduce the many branches that existed in the deployment experience. When you perform a deployment now you will see the same level of detail as a scheduled deployment. The deployment results are also available for viewing after the deployment is complete.
- Machine-Level Status in Operations Monitor and in Deployment Tracker
- A machine-level status has been added to the deployment flows. This gives you better visibility into the current state of your deployments.
- Deployment Return Codes
- Deployment return codes are now available within Deployment Tracker and within the deployment reports. Making the return codes available within the Shavlik Protect UI eliminates the need to comb through target machine logs for the return codes.
- Active Directory (AD) Enhancements
- Shavlik Protect is now able to discover any Active Directory Forests and Domains that are broadcasting themselves to the console machine’s domain. In addition, you can now add additional Forests and Domains and save credentials for these items. This allows you to browse these items without having to reconnect each time.
Features That Have Been Removed in Shavlik Protect 9.1
- The following platforms are no longer supported for use as a console:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008 (prior to R2)
- Windows 8 (Windows 8.1 is supported)
- 32-bit architecture operating systems
In response to Microsoft’s strategic direction and recent end-of-life announcements, Shavlik has removed support for the above platforms as a Shavlik Protect console. Shavlik Protect 9.0 is the last version to support these platforms as a Protect console. All of these platforms are still supported as agentless and agent-based targets.
To help ease the migration to newer platforms, Shavlik has developed a migration tool that will help administrators to transition a console from one machine to another. Microsoft has announced an end-of-life for Windows XP in April 2014 and for Windows Server 2003 in April 2016. We are recommending that customers on these platforms migrate to newer operating systems as soon as possible. Shavlik will not be supporting Windows 8 as a console due to an incompatibility issue with Powershell 4.0, which is a new prerequisite in Protect 9.1. Windows 8.1 support is being added with Protect 9.1.
- The following VMware ESX Hypervisors are no longer supported:
- ESX 4.0
- ESX 4.1 (ESXi 4.1 Hypervisors are still supported)
Shavlik is removing support for hypervisor patching and offline VM, template, and snapshot features for these versions, as VMware is ending support for these platforms in 2014. Shavlik Protect 9.0 is the last version to support these versions.
- Export to TIF, TXT, and RTF formats
Shavlik has removed support for these formats as they are little used and provide little value to the majority of customers. Future versions of Shavlik Protect will still support export to PDF, XLS, TSV, CSV, and XML formats.
Features That are Targeted for Removal After Shavlik Protect 9.1
- Windows Server 2000 support for agentless scan and remediation will be removed after 9.1
Shavlik is announcing that Protect 9.1 will be the last version to support Windows Server 2000 as an agentless target. Protect 9.1 will support this version of Windows until it reaches its end-of-life, which has not yet been announced.
- SQL Server 2005 support will be removed after Protect 9.1
Shavlik is announcing that Protect 9.1 will be the last version to support SQL Server 2005 (all editions). Customers should work towards moving to newer editions of SQL Server as soon as possible.
- User Criticality Filter will be removed after Protect 9.1
With the introduction of the Vendor Severity filter, the User Criticality Filter’s primary function is now obsolete and will be removed in a later release. The feature has a high maintenance cost and low value for most customers.
- Resolved an issue where duplicate agent results could conflict, causing import to fail.
- Resolved an issue where duplicate agent results cause a loop on import, blocking up the import queue.
- Resolved an issue where custom patch could allow a .bat file to be used which would cause agents to fail deployment. The .bat extension has been pulled from the custom patch file options.
- Resolved an issue where LDAP over SSL connections would attempt to use the Shavlik Certificate. The Shavlik Certificate on upgrade will be moved into a custom store.
- Resolved an issue where the 'Is Policy Current' value for Threat Protection Agents could incorrectly show as No when they really are up to date.
- Updated the Help System to include descriptions for agent icons that were not documented.
- Updated the Help System with an outbound port 443 requirement for the Protect Cloud Sync feature.
- Resolved an issue where a result could not be imported if the service pack of the product could not be determined.
- Resolved an issue where attempts to delete a partial scan result could result in a console crash.
- Resolved an issue where an agent result missing the EndTime attribute would fail to import.
- Resolved an issue where the Patch Status Detail Report could end up with PatchBulletinTitle on multiple lines due to a carriage return.
- Updated the community link for data conversion errors on upgrade to point to the proper community article.
- Resolved an issue where the Executive Summary Report could reflect the Effectively Installed Patches count incorrectly.
- Resolved an issue where scan results could fail to import do to a 'Arithmetic overflow error' on the primary key in the ScanItems table.
- Updated the Administration Guide to place the 'What's New?' section in the correct location in the document.
- Resolved an issue where using the Microsoft Scheduler could cause scans to add five minutes to the specified scheduled time.
- Resolved an upgrade issue where an unassociated event subscription could cause the database upgrade to fail from 8.0.2 to 9.0.1182.
- Resolved an import issue where Agent Deployment Results could cause the importer to loop backing up the import queue.
- Resolved an issue where the console could crash when you start many scans simultaneously on a resource constrained machine.
- Changed from using MD5 hash to SHA1 in asset value normalization to be compliant on a FIPS enabled machine.
- Resolved an issue where HFCLI.exe was not using the Protect License Key, causing certain licensed features of HFCLI to not work.
- Resolved an issue where using the Browse Active Directory feature would not allow you to select a forest.
- Resolved an issue where the console service could crash on foreign key exceptions.
- Resolved an issue where the console service could crash when encountering an unknown service pack item type.
- Resolved an issue where 2003 R2 SP2 systems could reboot unexpectedly when upgrading the agent from 8.0.2 to 9.0.1106.
- Resolved an issue where an unnecessary horizontal scroll bar would appear in the Machine View.
- Resolved an issue where the console service could crash when it is unable to decrypt credentials.
(Note: This build includes fixes from 9.0.1106.0, Protect 9.0 Patch 1, and Protect 9.0 Patch 2)
- Updated the database schema and the content importer to support upcoming changes in the CVE-ID syntax. Prior to this patch, CVE-ID numbers using the new syntax would have prevented content from being updated and may have resulted in a console crash.
(Note: This build includes fixes from 9.0.1106.0 and Protect 9.0 Patch 1)
- Manual activation of Shavlik Protect is now available through a self-help portal. When you choose manual activation mode, instructions are provided to walk you through the process.
- Resolved an issue where bad agent results were continuously imported rather than being discarded, resulting in the ST.ConsoleService.managed.log showing multiple “Stream header magic number is invalid” errors.
- Resolved an issue where multiple IP ranges that use the same distribution servers cause full cloud policy updates to fail with 400 (bad request).
- Resolved an issue where the advanced filter options for the Deployment Status By Machine report could cause Protect to crash.
- Resolved an issue where reports emailed from Tools > Create Report are a tmp file instead of PDF.
- Updated the Administration Guide to correct an issue where the default console service port was shown as 3131 instead of 3121.
- Resolved an issue where the machine inventory email does not get sent when applied to a machine group.
- Resolved an issue where agent registration and checkin uses FQDN not NetBIOS, causing the install to fail if FQDN could not be resolved.
- Resolved an issue where agent checkin without a policy uses FQDN not NetBIOS, causing the install to fail if FQDN could not be resolved.
- Resolved an issue where emailing a report from Scan View could cause Protect to crash.
- Resolved an issue where the Scan and Report Only and the Deploy and Report Only roles do not allow the user to create and assign their own credentials.
- Resolved an issue where the Scheduled Tasks Manager abnormally exits when right-clicking in the jobs window.
- Resolved an issue where scheduled jobs might not appear in the Scheduled Tasks Manager.
- Resolved an upgrade issue from 8.0.2 to 9.0.1106 where, after upgrade, some machine groups could not be opened.
- Resolved an issue on ProtectCloud login where using dangerous HTML characters in the Protect Cloud password causes an exception.
- Resolved an issue where scheduled deployments to a hosted VM shows a scheduled time discrepancy between Deployment Tracker and the Scheduled Tasks Manager.
- Added support for the vCenter Protect installer to detect PowerShell 3 as a prerequisite for PowerShell.
- Resolved an issue where Java Runtime would uninstall the current version and then fail to install due to file(s) in use.
- Removed a dependency on two Microsoft components (oHotFix and Qchain) as they are reaching end of availability from Microsoft Corporation.
- Resolved an issue where an offline virtual machine on an ESXi Hypervisor would fail to scan with an Error 4000.
- Resolved an issue where deployments using Install at next reboot could execute immediately.
- Added installation support for Windows 8 and Windows Server 2012.
- Added support for installations using SQL Server 2012 databases.
- Integration with VMware Licensing
- Support for multiple license keys, allowing for valid VMware vSphere and Accelerator Kit bundle licenses to activate along with VMware vCenter Protect licenses.
- Retain support for the legacy (Shavlik) license keys and make key combinations additive.
- Update to license services within VMware vCenter Protect, allowing active licenses to refresh without user intervention. Customers no longer have to manually refresh their active licenses when Support or data renewals occur, etc.
- Updated Product Activation
- VMware vCenter Protect now has the ability to activate a trial within the product.
- VMware vCenter Protect Free version is now activated through the same activation dialog as Trial or Product\Bundle keys.
- Renaming of the Product
- VMware vCenter Protect Essentials is renamed to VMware vCenter Protect Standard
- VMware vCenter Protect Essentials Plus is renamed to VMware vCenter Protect Advanced
- Resolved a rendering issue in the Patch View where you could select one of the affected patches and the Patch Details would not display correctly resulting in an application crash.
(NOTE: This build includes fixes from 8.0.3756.0 and Protect 8.0 Patch 1)
- Enhanced ITScripts engine to provide more user-friendly error messages.
- Resolved an issue where scheduled value in Tracker and deployment status was showing date and time the job was scheduled on, and not the date and time the job would execute.
- Resolved an issue in the STAgent.exe where a race condition could cause a crash.
- Resolved an issue in the IAVA reporter where Patch Status Detail would crash if viewed by specific product and service pack combinations.
- Resolved an issue in the Help file where a link for ITScripts would redirect to custom patch instead.
- Resolved an issue where refreshing a license after viewing a power status scan result could result in a crash.
- Resolved an issue where Browse Active Directory feature in Machine Groups did not list child OUs.
- Updated Help file to correct steps for creating a manual install script for agent installation.
- Resolved an issue where upgrade from 7.x to 8.x results in agents running threat protection needing to be re-installed.
- Resolved an issue where STAgentUpdater could crash when creating SSL registration.
- Resolved an issue where the service could crash when retrieving system credentials due to size of credential store.
- Resolved a regression where the patch pane in Machine View defaulted to expanded instead of collapsed.
- Resolved an issue in Custom Patch where a string registry value always returned missing.
- Resolved an issue where database upgrade fails with uniqueness constraint violation. This only affects 7.x upgrade to 8.0.
- Resolved an issue where agents would be unable to deploy a custom patch.
(NOTE: This build includes fixes from SKB17119)
- Resolved an issue with the custom patch editor. After saving news xml, the user had been unable to access the custom patch editor.
- If the administrator does not check the Disable Active Protection box on the General tab, the end-user will not be able to permanently or temporarily disable Active Protection. Prior to this patch the user was still able to temporarily disable Active Protection.
- Resolved an issue with the custom action functionality that occurred following a post reboot.
- Resolved an issue with deploying service packs from an agent that was upgraded from 7.6 (the service pack would not deploy).
- Resolved an issue with agent deployment where failed downloads of service packs or patches from a distribution server could indefinitely block the agent's deployment of those service packs or patches. Also related to this issue, the Clear Retry Counts command, in addition to resetting retry counts, will now delete an agent's local copies of downloaded patches and service packs. This will not affect the state of installed patches or service packs.
- Resolved an issue with mounting VMs, where the user was not able to mount VMs with datacenters under a folder.
- Resolved an issue when deleting a patch task from a copy of an agent policy. • Resolved an issue where agents failed to download patches/service packs when
- BITS Service is configured to have a startup type of 'Disabled.'
- Resolved an issue where the managed machine resolver did not correctly exclude IP addresses.
- Resolved an issue where, if the user exceeds the number of deployment seats permitted by their license, they could not use the Get more deployment seats button.
- Resolved an issue with the deployment of Office patches when an Administrative Installation Point (AIP) is used.
Released 12/15/2010 (NOTE: This build includes fixes from 7.6.1482 and SKB16779)
- Resolved an issue where the ‘Item History’ report and the ‘Seat License Status’ report were not available in the report gallery
- Scan fails to import properly due to file locking issue on the scan information importer
- Resolved an issue where deployments would fail when deploying patches that could not be downloaded
- Resolved an issue where scans would hang on importing new definitions: Error – ‘Object synchronization method was called from an unsynchronized block of code.’
- Resolved an issue where deployments fail when installing or upgrading to 7.6 on a disconnected network
Features and Enhancements
Shavlik NetChk Protect 7.6 includes the following enhancements:
- Patch Scan caching abilities that will improve the performance especially over WANs
- Ability to execute agent policy actions by sending ad hoc commands from the console to your agents (e.g. executing a patch\power\asset task, update definitions or binaries, clearing retry counts, etc.)
- Original Scan State column added to Scan and Machine views (Option to display the original scan state as an additional grouping\filtering option)
- Agent AV ad-hoc tasks from the console - simplified management for the administrator
- Quarantine management (both policy driven & ad-hoc tasks) – better control for the administrator over quarantined threats
- “Threat Events View” – new more granular view of threat and Active Protection events for the administrator·
- Perform AV threat scan on a specific file/folder – allows an individual user (agent) to perform a scan of a specific file\folder or an entire USB drive that they just placed on their computer
- New AV/Threat Reports – better reporting for the administrator and their management
- AV Alerting from console – automatic alerting for the administrator when Active Protection thresholds are reached
- Exclude files/folders from being scanned (policy-driven w/ wildcards, environmental variables) – ability for the administrator to exclude files/folders that you don’t want to scan for performance or other reasons
- Resolved a UI issue when deploying patches using Distribution server where the distribution server IP range does NOT have a primary distribution server specified
- Resolved Data Rollup to include machines that fail to scan in the scan results as shown on the Central Console
- Resolved an issue to save IP Address in Data Rollup configuration screen
- Resolved RPC timing issue that cause error 1726
- Resolved an Importer failure to move file to bad files folder if exception occurs during import
- Resolved an issue when selecting "deploy all missing" From a scan of a windows 2000 box shows informational patches in the "deployment configuration" screen
- Resolved an issue of not being able to deploy .NET Framework 2.0 SP2 from Scan View
- Resolved an issue where Agent installs allows for non-administrators leaving system in bad state
- Resolved an issue to handle duplicate Patch names in PD5.xml
- Resolved an issue where application shuts down when you press TEST button when adding credentials with NO password
- Resolved an issue to save command Timeout setting in during upgrades
- Resolved OU structure display duplicates and machine on the main node
- Resolved an Importer failure where the process cannot access the file 'arrival file path' because it is being used by another process
- Resolved an issue where Deployment Templates created by Admin A do not show in drop down when choosing default Deployment Template for other admin
- Resolved skippatchmail and scanemail command options missing from ShavlikConsoleTask
- Resolved reports issue where - No data in Machine HW Detail report from Agent running Asset Scan task - Data shows in MV
- Resolved an issue where Left navigation panel cannot be expanded past default
- Resolved an issue with SafeReboot - Restart on User log off causes Program still needs to close dialog box to appear on Windows 7
- Resolved an issue where No warning logged when disconnected console attempts to import results created from newer XML
- Resolved an issue where Refresh Files causes unhandled SQL Transaction Timeout exception when attempting to import patch data
- Resolved an issue with Scheduled jobs with '&' in name do not appear in the GUI queue
- Resolved an issue with Executive Scan Summary (with view current status option) is showing more than the latest scan results
- Resolved an issue with Data Base upgrade timeout
- Resolved an issue with Reports: Patches by Machine Detail shows multiple entries for the same missing patch on the same machine (across multiple scans)
- Resolved an issue with Machine Group: Scan only settings are being ignored in patch scans
- Resolved Unhandled exception from BuildNewsfeedInternal()
- Resolved a tracker issue after rescan where tracker reports Unable to Verify
- Resolved an issue of not being able to use UNC shares as patch repository
- Resolved an issue where copied patches were not included in Missing Patch Count column
- Resolved an issue where threat data were not downloading to console when roles are enabled
- Resolved an issue with Tracker drop down list does not refresh
- Resolved an issue where User Criticality in Patch View was not current with actual value even when refreshed
- Resolved an issue when you remove an agent machine from MCV, it can no longer check in
- Resolved issue with Threat data scan smart filters
- Resolved a race condition with StartFileSet()
- Resolved an issue when deploying to Office 2003 build 1183138221
- Resolved an issue with "View Current Status" should not be available inside Advanced Report Settings
- Resolved an issue when Entering in a long Distribution Server name
- Resolved an issue with Deployment Seat Enforcement Algorithm doesn't work with multiple consoles
- Resolved an issue of not being able to change the DB timeout for Protect upgrades
- Resolved an issue when attempting to scan offline machine on FREE ESXi
- Resolved an issue with Tools --> Options --> Save with Subquery returned more than 1 value
- Resolved an issue of not all results are being imported into the database, all agent scan results are going into BAD FILES folder. DB Error DisplayVersion exceeds database field length '55'
- Resolved an issue of not being able to upgrade 7.2 database to 7.5 due to existence of Spyware patch groups
- Resolved an issue when updating policy for 4000 agents
- Resolved an issue where remote dialogue with special characters will corrupt display
- Resolved an issue with MCV: Missing patches NOT shown after refresh of machine where user deleted the last scan. Other scans exist
- Resolved an issue with Protect fails to open after deleting User's Profile
- Resolved SQL-DATABASE-MAINTANENCE Script fails on databases that have old scans due to constraint issues
- Resolved Agent UI crashes that resulted from a race condition in event subscribtion
- Corrected the Patch Assessment Service so it no longer stops running and does not send a message back to the GUI
- Fixed Threat definitions that failed to sync if a single Distribution Server is offline
- Resolved an issue where deployments fail because of a Detection Only patch
- Fixed a problem that resulted in a scheduled scan on a Win 2K8R2 system creating an interactive console task
- Fixed an issue where patch scanning is returning incorrect scan results due to probably network errors. Patches are detected as missing when they are installed.
- Resolved a problem with NetChk Agent log file activity that causes NetChk Agent UI to crash
- Corrected an issue with NetChk Agent policies where creating a copy of a policy causes an Always Allow entry to go to the Never Allow entry
- Fixed a problem with asset scans that resulted in Boolean variables always show as false
- Resolved an issue where wrong service packs being displayed and deployed
- Fixed SafeReboot so it no longer fails if executed on system where 1 or more users are connected via RDP
- Corrected a problem where Software Deployments stays checked after unchecking under certain conditions, resulting in software being deployed unintentionally when clicking cancel
Major New Features
- Added Power Management Module
- Create a licensable module to manage the power state of computers. By turning off computer at night and on weekends, businesses can save up to $60 per computer per year
- Integrated Wake-on-LAN to the Power Management Module. Conflicts exist between a company’s desire for Greener IT and the need to deploy critical security updates. Shavlik’s Power Management Module is a seamless integration of powering computers off when not in use and waking them up for scheduled maintenance windows.
- Added Hardware and Software Asset Inventory capability to the NetChk Agent. Asset information about Agent-managed machines are rolled up to the central console for management and reporting.
- Added Software Asset Inventory collection on virtual machines that are powered off (offline). This allows NetChk Protect to create and maintain a current and accurate inventory of software assets on physical and virtual machines regardless of power state.
- Fixed issue related to download patches from Patch View (Firefox 1.0 and selecting all languages)
- Added MS XML Hotfix in boot strapper to resolve Large scan crash
- Corrected an issue with NetChk Agent download Patch or Threat Data using Ironport or Blue Coat proxies when set to download from Vendor over internet
- Fixed issue of asset scanning of machine found in multiple nested machine groups
- Fixed issue with saving existing custom XML file by clicking save icon (floppy disk)
- Fixed database upgrade failure when you have duplicate Machine definition in machinelist table (one included and one excluded)
- Fixed issue with Auto-email and reports being sent before deployment happens
- Fixed Agents failure to install on domain controllers
- Fixed failure in installation if http reservations exist for port 3121 and port 3122
- Fixed issues with incorrect number of missing patches showing in machine view
- Allow more than 32767 managed machines while viewing scan resultsFixed database upgrade issue once you manually set the Database (e.g. ShavlikScansTest) properties->Options->Numeric Round-Abort = true
- Fixed timing issue to ensure patch scan results are available after scans complete
- Added capability to deploy greater than 40 agents at one time with a 40+ character user name and password
- Corrected a problem with deployments being removed when scans were being deleted
- Fixed issue with deleting a Scan from Manage->Items
- Fixed the Agent Check in fallback address
- Fixed problem with logging and tracing once setting “all logging levels”
- Fixed capability to scan nested groups where one group was deleted
- Fixing error when logging off from computer using machine level credentials on Schedule scan
- Fixed Asset scans when machine group includes machines via the "Link to file" external source option
- Fixed ability to connect to Remote SQL DB using Windows Authentication
- Corrected an issue that prevent automatic emails to be sent after scheduled scan completes
- Enabled scheduled scans across domain without trusts
- Solved thread issue when multiple scan threads access the same target at the same time
- Fixed Machine type filtering under the advanced filtering for reports
- Enhanced ability to download large number of patches
- Fixed error when scheduling recursive scans
- Enabled Shavlik Task Manager to handle bad XML from target
- Updated .Net 3.5 download for pre-req installer for Machines not connected to the internet
- Removed Spyware Signatures from Patch View
- Fixed problem where rebooting a list of computers stopping after the first failure
- Fixed resetting highlighted machines in scan results when grouping by specific column
- Fixed incorrect scanning console name being reported when migrating existing database to a new console
- Fixed foreign local issues where simple string comparisons would cause the application to fail
- Fixed issue with entering a Shavlik Scheduler port number higher than 49000 Fixed errors in Patch Status summary report
- Prevent installation of Agents on a FAT partition
- Fixed issue of not being able to check the asset scan template under Tools
- Fixed inconsistency reporting number of patches in the scan results
- Ability for Manual Licensing to handle x64 bit machine
- Fixed error when using advanced filters for Patches by Machines report
- Fixed Unhandled exception when attempting to Remove E-Mail Address from Machine Group
- Fixed problem with ability to perform scan with auto deployment from a non-English OS
- Improved Importer Performance when 'Updating the database with the latest descriptions'
- Fixed issue with deleting distribution server
- Fixed issue with XML not updating for re-occurring scans
- Fixing problem with setting up data rollup, when user tries to import 6.5 data rollup .drs file
- Fixed close of Scheduled Tasks GUI when refreshing machines
- Showing Custom Deployment Template in drop-down if it was created by another user when My Items only is disabled
- Fixed problem with ability to schedule reoccurring scan
- Fixed ability to delete filter from Patch Centric view
- Enabled Organizational Units to be sorted alphabetically by name
- Resolved E-mail address validation to ensure valid addresses are not blocked
- Fixed parsing issue when settings stored in the sysInfo table using the bit data type
- Fixed Scan Results importer to handle the apostrophe character correctly when inserting domain Rule's
- Fixed setting default credentials in tools --> options
- Fixed a regional settings issue that resulted in an unexpected error and need to close to recover when Customer clicks on scan results in Today’s Items
- Reduced the time it takes to verify seat licenses
- Fixed Machine Status Summary report graphic header
- Fixed an issue with the agent UI failing to terminate when the user logs off
- Fixed an issue with Agent not deploying on machines with IPv6
- Resolved an issue of time out when running the SchemaInstaller.UI.exe on a large remote database
- Corrected an issue of download failure when Patch downloads sources through DS or Custom Share in Tools/Options are looking for the wrong patch format
- Eliminated duplicates in Top 10 Missing Patches Report on a Roll-up console
- Fixed importer problem with the result importer does not download newer data files when it receives results of scans that used a newer XML
- Fixed an Agent Import issue
- Added the Sending Console ID to Threat Results Export
- Resolved an issue with Machine View when refresh machine doesn't update middle pane
- Fixed a problem when providing bad user name in Set Credentials dialog
- Warn users that SQL 2000 is not supported when Protect database upgrade on SQL 2000
- Corrected an issue when Windows Xp 64 bit is incorrectly reported as Windows Server 2003 on agent check-in
- Fixed failure to import of software asset scan results with invalid product cultures
- Corrected install failure if VMware VDDK 1.1 Installed
- Fixed failure to import Scan Results if xml version is out of date
- Fixed a problem of results files being marked as "Orphaned" by the importer even though they were successfully processed
- Corrected failure to import scan results with a scan name
- Fixed Office Deployment prompts for the wrong product, Excel 2000 instead of MS Office 2003
- Fixed a problem with threat data always downloads from vendor, regardless of Tools > Options setting
- Fixed a problem with download of Large Service Pack which hangs at 100% complete indefinitely and closes the app when clicking cancel
- Corrected an issue where scheduling a scan more than 32 days in the future resulted in the scans running immediately
- Fixed an issue with application operations and Ironport or Blue Coat proxies
- Resolved a problem with stSched that prevented scheduled deployments of patches to NT4 systems
- Modified how results are imported into the NetChk console to significantly speed up importing results
- Fixed the results importer so asset scan results are successfully imported into the NetChk console
- Corrected recurring jobs to work properly with Microsoft scheduler 2.0
- Prohibit Vista and later operating systems from using the Microsoft AT scheduler; use of the AT scheduler on these operating systems results in hundreds of scheduled jobs being generated as a result of pingback failures
- Resolved an issue with the Microsoft scheduler 1.0 that resulted in an application crash when scheduling recurring scans
- Fixed an issue where deployments using reboot dates more than a month out in the deployment template were not scheduled correctly
- Deployments scheduled in the past will now run immediately rather than a month in the future
- Corrected issues with silient.exe that prevented successful deployments without user intervention
- Corrected an issue with the NetChk Protect 7.2 update 1 patch that deletes install location resulting in the application not remembering the previous installed location
- Resolved an issue that prevented scheduled deployment jobs from being deleted
- Enhanced Data File Download and Distribution Server Sync functionality. Specify never download data files (run disconnected), download newer files when the application launches, specify an interval for data file downloads and anchor that interval to a specific hour, or specify newer data files are downloaded on a specific day of the week and hour of the day.
- Extended NetChk Agent policy version control to components modified outside of the Agent policy. If you modify a scan or deployment template, or patch group used by a template, it will be updated in the Agent policy on the next Agent check in.
- Resolved an issue that prevents NetChk Agents from checking in when the listener fails to initialize.
- Corrected an issue where adding the same contact name to the address book caused the console to crash.
- Fixed problems with regional settings that prevented results from being imported and reports from being generated properly.
- Changed the installer to allow control of where the product is installed. Upgrades will be installed in the previously-defined location.
- Resolved deployment seat count issue with the NetChk Agent.
- Enabled the Agent to use recognize the Patch Group Text file.
- Fixed the Agent so it would not crash when attempting to install more than 8,000 patches.
- Corrected a problem so the scheduler could be successfully uninstalled.
- Modified the Agent to initiate a reboot after deployment in all cases when the deployment template specifies a reboot.
- Resolved an issue where deploying patches to a specific IP range when multiple IP ranges were scanned resulted in all missing patches in all IP ranges being deployed.
- Added a variable to the STEnvironment configuration file to control how long to wait for scan results to be imported before automatically generating reports to be emailed. Default is 30 minutes (increased from 2 minutes).
- Fixed an issue where creating a very large patch group (200+ patches) by doing a right-click select, crashed the application.
- Eliminated a console crash when the system errors out with multiple failed patch downloads.
- Corrected an issue that prevents removal of a specific patch from a patch group.
- Changed the database query to support changing the Office path/credentials when multiple consoles are connected to the same database.
- Resolved a Scan View issue that prevented deleting multiple selected patches.
- Implemented a change support console installation on a Windows Server 2003 SP2 terminal server.
- Fixed a timing issue that resulted in an error when selecting a large number of patches in the Scan Results view.
- Corrected a problem that prevents the console UI from correctly updating during Agent installs.
- Added use of a shared drive as the patch download center path.
- Fixed an issue where the console was started minimized.
- Resolved a problem that prevents patch deployments from Machine View.
- Added ‘Friday’ as a selection in the scheduler. Removed duplicate ‘Saturday’.
- Corrected issues when scheduling scans, deployments, or scans with auto deployments across month boundaries.
- Eliminated a timing issue that resulted in inconsistent scan results numbers in Executive Summary.
- Verified the pre-req installer handles detection and installation of MSXML 6.0 hot fix for all supported operating systems.
- Changed the license scheme to eliminate need for console activation after moving the console with VMotion.
- Modified database queries to prevent ‘Out of Memory’ exception when opening Machine View that includes Asset Scan information.
- Increased the SQL command timeout to prevent an application crash when Deleting Scans from Managed Items in a large database.
- Re-enabled support for console operations that do not require access to admin shares.
- Corrected an issue that prevents threat data files from being downloaded in a proxy server environment.
- Added the machine group used for scanning to asset scan results of virtual servers.
- Fixed an issue that prevented obtaining a console certificate if the application was not installed in the default location.
- Resolved a problem that resulted in an application crash when removing address box contacts from Managed Groups.
- Eliminated a limitation of performing asset scans on no more than 64 machines.
- Corrected an application crash when deploying patches when IE 5.5 SP2, IE 6 SP1 or IE 6 SP2 is contained in the deployment.
- Fixed an issue where Agent deployments would fail if the machine had been previously scanned by IP address.
- Modified the product so data roll up ignores deleted machines.
- Resolved multiple Agent updater executable issues that prevent successful updates during data drops.
- Corrected an issue that resulted in a console crash when attempting to download language-specific patches and the patch does not exist in that language.
- Fixed an issue where a distribution server with null credentials failed to upgrade.
- Added support for automatic email of reports upon completion of a scheduled asset scan.
- Fixed an unhandled exception when testing proxy credentials in a disconnected environment.
- Resolved an issue where run disconnected mode was not being remembered.
- Added support for assets scans of a machine group defined by a linked text file.
- Corrected an issue parsing asset scan results from non-English languages.
- Fixed scan results reporting of Windows Server 2008 R2 as an ‘unknown OS’.
- Added Last Threat Scan Date and Last Threat Definition File information to machine view.
Major New Features
- Asset Management: Shavlik’s Asset Management leverages the company’s innovative Agentless approach to thoroughly and dynamically discover and catalog IT assets.
- Software Assets
- Hardware Assets
- Virtual Machine Assets
- Enhanced Integration with Virtual Infrastructure: Significant enhancement over previous handling of virtual machines within NetChk Protect. Now there is a tight coupling of NetChk Protect with virtual infrastructure including vSphere, VI, ESX, or ESXi.
- Resolved an error that prevented scheduling recurring scans on Fridays
- Corrected issue where threat results repeatedly sent to the rollup console at every rollup interval
- Added MSXML hotfix (KB960064) to the boot strapper to address a memory consumption issue that resulted in hangs while scanning large numbers of machines
- Fixed Importer failure to import agent patch deployment result files that contain no patches
- Database Installer Fails when an existing SQL Login is specified for Services Connectivity that is not already mapped to a Database User
- Fixed Prereq installer to NOT install c++ runtime
- NetChk Patch Service Fails to start before the maximum OS service start timeout
- Fixed access denied error on Console if doing a scan while the service is importing newer XML
- Resolved Scan view crash during a large service pack download
- Corrected issue where earlier versions of HFCLI cannot scan target after a 7.0 deployment
- Added charts missing after performing first scan
- Corrected issue in DB Updater that caused Distribution screen to error on upgrade
- Addressed the incorrect default value of the data rollup port
- Fixed an issue where remote database installs and upgrades fail on Windows Server 2003 when connected via Terminal Service
- Resolved problem with the right-click context menu in scan view to filter by the selection (it was defaulting to selecting all machines in the scan as in context)
- Corrected an application crash when opening the Distribution Server manager
- Added input validation for content entered in the Tools->options->Proxy user dialog box as invalid content resulted in an application crash
- Fixed an issue that prevent deploying patches from machine view to machines found during dynamic ESX server scan
- Resolved a console crash when deleting a contact from the address book
- Corrected an application crash from a null string when downloading less common non-English language patches
- Fixed an issue where editing Distribution Servers failed repeatedly
- Removed limit of 64 as the maximum number of asset scans
- Fixed a bug where entering a duplicate email address in the address book would cause the console to crash
- Fixed a bug where viewing scan results or selecting machines in the scan view might cause the application to crash
- Fixed a bug where downloading large files (such as Service Packs) would fail on XP and WS03 consoles due to an issue with checking digital signatures on large files
- Fixed a bug where agent scan results and/or child console rollup results would not appear in the main console if the agents or downlevel consoles were running with a newer version of hfnetchk6b.xml
- Fixed a bug where agents failed to check-in with the console if the agent policy was configured to use 'Distribution Server - by Agent IP range' and that policy did not include a reference to a backup Distribution Server
- Fixed a bug where version 7 claimed that all license seats were in use and could prevent installation of patches and/or functionality of agents.
- Fixed a bug where agents were not able to be deployed on some Domain Controllers
- Removed the need for WMI to be running on systems where the agent was being deployed
- Fixed a bug where the agent UI would not function if the agent policy was configured to use 'Distribution Server - by Agent IP range'
- Fixed a bug where the Shavlik services may fail to start
- Fixed a bug where version 7 may fail to install if the console was not connected to the Internet or was running behind an authenticating proxy server (installer issue - fixed in the new installation bundle only)
- Fixed several bugs where the database migration process failed when upgrading from version 6.x to version 7 (installer issue - fixed in the new installation bundle only)
- Fixed a bug that prevented installing version 7 if a prior installation of version 7 had failed (installer issue - fixed in the new installation bundle only)
Major New Features:
- Added antivirus / threat management engine to the NetChk Agent
- Added on-access and on-execution Active Protection capabilities to the NetChk Agent
- Shavlik NetChk Console
- Refreshed and redesigned the main page with new charts and new items. New charts provide immediate view into the latest status of machines on the network. New items include 'How do I...' links to the Help File making it easier to get the most value out of NetChk Protect.
- Multi-tasking GUI. Launch multiple scans, review results, initiate deployments - all at the same time.
- Shavlik NetChk console can be installed on Vista systems
- Enhanced the machine group interface. Machines can be sorted and grouped by a variety of attributes.
- Enhanced the patch group interface. Patches can be sorted and grouped by a variety of attributes.
- Enhanced the left navigator to use Outlook-style display
- Enhanced patch download window. Patch download status is displayed for each patch being downloaded.
- Enhanced the patch deployment test function. The test function follows the same code path as real deployments.
- Added bulletin release date, bulletin title, and patch type columns to the patch group window
- Added group name to patch scan results in the left navigator
- Added ability to perform automated data file downloads every X hours
- Distribution Servers can be synced every X hours
- Enhanced the console functions to operate more efficiently\quicker when reading from large databases
- Added ability to add machines to existing machine groups via right click menu option
- Added ability to add patches to existing patch groups via right click menu option
- Enhanced the Machine View - added smart filters, search capabilities, and sorting\filtering\grouping functions.
- Added a column to the Machine View to display the last agent checkin date
- Added Microsoft Exploitability Index values to patch data in the Patch View
- Consolidated ports - the data rollup function uses same port number as NetChk Agents
- Enhanced E-Mail selection window
- Added ability to delete old machines from the machine view (as long as they're not currently occupying a deployment or agent license)
- Improved speed and responsiveness -- the patch scan engine is 3x to 5x faster
- Shavlik Agent Infrastructure
- NetChk Agents do not require distribution servers. Data and engine files can be downloaded directly from the Internet.
- NetChk Agent installations use an MSI file
- NetChk Agent can be installed on Vista systems
- NetChk Agent can be installed on the NetChk console
- Enhanced the NetChk Agent scheduling capabilities. NetChk Agents now have the same flexible scheduling available in Agentless operations.
- Multiple patch and threat tasks can be assigned to one policy
- Enhanced the agent policy manager (multi-select)
- NetChk Agent can be configured with a 'listening' port to receive agent policy updates and instructions instantly
- Agent patch policies can leverage existing agentless scan templates
- Agent patch policies can leverage existing patch groups. The 'approved patches' list has been replaced by selection of one of three options: deploy all missing, deploy from patch group, deploy all vendor Critical patches (or deploy patch group PLUS all vendor critical patches)
- Agent patch policies can be configured to always scan for (and deploy) vendor Critical patches, eliminating the need to define and maintain patch groups
- Agents checkin with the console for updated policies, rather than the distribution server
- Enhanced the NetChk Agent client user interface
- Added option to perform agent tasks X minutes after system start if previously scheduled start time was missed
- Added ability for non-administrator users to launch patch and threat scans and perform remediations from the agent GUI (if configured to allow users to do this)
Other New Features, Enhancements, and Bug Fixes:
- Fixed a bug where the patch scan engine might fail when doing aqentless scans of thousands of systems
- Fixed a bug where canceling scans or deployments against offline VM images might not work properly
- Fixed errors encountered when scanning offline VM images that are part of nested machine groups
- Fixed a patch deployment bug where SystemRoot could not be identified on some systems
- Fixed a bug where the Deployment Status Report would include data on all patches even though the report is set to filter on specific criticalities
- Fixed a bug where Report Only users were able to delete scan and deployment results
- Fixed a bug where the console display would not refresh properly after canceling a patch download
- Updated NetChk Agent (patch) to correctly deploy certain SQL Server patches
- Fixed a bug where deleting machine group credentials removed Domain credentials after the scan completed
- Fixed a bug where custom patch features failed to execute on agent-managed machines
- Fixed a bug where custom patch features failed to work as expected with R2 systems
- Enhanced the console to provide better results for agents when agents perform multiple scans per day
- Fixed a bug where Office media path credentials may not have been saved in the deployment template
- Fixed a bug where deployments from a Windows Server 2008 console failed to execute on NT4 systems
- Fixed a bug that prevented the use of a Distribution Server on a remote system where that location was the specified console download location
- Fixed a bug where automated e-mails failed to operate for offline virtual machine images
- Fixed a bug with NetChk Tracker where patch rescans were initiated before the target system was read to be rescanned
- Enhanced NetChk Tracker with additional status messages to indicate that machine was restarted and was awaiting rescan
- Enhanced the patch download status window to display download status for each patch
- Enhanced the NetChk Agent so it can checkin with the console by using its IP address rather than hostname (Agent must be installed manually and console's IP address should be specified during installation)
- Fixed a bug where canceling an agentless patch scan wouldn't cancel immediately
- Modified the NetChk Console to only allow one running instance of the application
- Fixed a bug where the 'Machines not Scanned' report would not allow filtering on individual scans
- Fixed a bug in the NetChk Agent deployment process where the Agent icon wouldn't appear in the system tray when first installed
- Fixed a bug where scheduling a deployment across a month boundary would fail if using the Microsoft scheduler
- Fixed a bug where patches that had been uninstalled were not able to be installed again using the NetChk Agent
- Fixed a bug where SafeReboot was not always executing on Windows 2000 systems
- Fixed a bug where the Machine Inventory and Top Ten Missing Patches reports were not automatically sent out (as configured) at the end of a patch scan
- Fixed a bug where patches with .msp extension were not not always being installed on Agent-managed systems
- Fixed a bug where scheduled scans were using incorrect time and date when console was set to Danish regional settings
- Fixed a bug where custom patches marked as 64 bit were looking into the 32 bit registry
- Fixed a bug where SQL Server Service Packs could not be installed from the Summary by Patch screen
- Fixed a bug where offline VM image scans did not return the target system's workgroup name
- Fixed a bug where filtering by comment did not work in the advanced filtering report options
- Fixed a bug where canceling a scan of offline VM images may leave some images mounted