(Note: This build includes fixes from 9.1.4334.0, Protect 9.1 Patch 1, Protect 9.1 Patch 2, and Protect 9.1 Patch 3.)
- Updated Shavlik Protect report views to support the change in syntax for CVE IDs.
- Resolved an issue that prevented email from being sent if you configured email options at
the individual Hosted VM level in a machine group.
- Resolved an issue that prevented agents from being refreshed during check-in if their
certificates were within six months of expiration.
- Resolved an issue that prevented the Shavlik Protect console certificate from being renewed
if the certificate was within six months of expiration.
- Resolved an issue where a long computer name would not be included in the console
certificate when the console is installed.
(Note: This build includes fixes from 9.1.4334.0, Protect 9.1 Patch 1, and Protect 9.1 Patch 2.)
- Updated content feed to allow for new format change for CVE.
- Resolved an issue where deployment email notifications were not being sent if the Hours until post deployment e-mails are sent option was set to 0 and the deployment fails on any system in the deployment.
- Resolved an issue where ST.ServiceHost.exe.config is not overwritten on upgrade from a previous version if the configuration file was manually modified, resulting in an ‘email service is currently unavailable’ error.
(Note: This build includes fixes from 9.1.4334.0 and Protect 9.1 Patch 1)
- Resolved an issue where a scan of an online hosted virtual machine would fail to scan with an error 201 if NetBIOS could not be resolved. Hosted scan flow will now fail over to IP if NetBIOS fails
- Resolved an issue where machine resolution by OU could return no machines due to an error when querying LDAP (System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server).
- Resolved an issue where scanning by OU would try to resolve by FQDN, but would not fail over to NetBIOS if FQDN failed.
- Resolved a console crash that occurred when opening Tools > Operations > Distribution Servers when the console service has been manually configured as a specific credential instead of Local System.
- Resolved a performance issue where the email service could return an unavailable error due exceeding the default timeout.
- Resolved an error in Event History for ITScript results that exceeded the max field length when displaying results.
- Resolved an issue where a scan result would not delete due to a constraint on an impartial deployment status that could not be deleted.
- Resolved an issue in Patch Status Detail report where machine counts could be incorrectly calculated.
- Resolved a performance issue where machine resolution could take significantly longer due to machines being resolved more than once instead of being identified as a duplicate and skipped.
- Resolved an issue where STSchedEx would attempt to listen on an additional legacy port that is no longer being used. Will only attempt to open 5120 (default) and not open 5120 and 5121.
- Resolved an issue where, after changing from the local console language to another language, you may not be able to switch back to the native console language.
- Resolved an issue where a null credential associated with a hypervisor causes the Protect UI to crash when refreshing the hypervisor.
- Resolved an issue where scanning a machine with the remote registry disabled would receive an error 270 instead of error 501.
- Resolved an issue where deleting scans on a system with low resources fails, resulting in the rollback transaction being called twice.
- Resolved an issue where installing PowerCLI 5.5 Release 2 causes a crash when enumerating a hypervisor or vCenter server due to a change in an interface in VIM.
- Resolved an issue where deployment would not display the proper error message when the target machine did not have enough disk space.
- Resolved an issue where the console could crash due to too many SQL transactions occurring, resulting in “SQL unavailable” or “Maximum pooled connects to SQL Server exceeded” errors.
- Resolved an issue where refresh files would not download HF7b.xml and PD5.xml due to timeout on slow connections.
Major New Features
- Localized Console Experience
- Shavlik Protect is now localized for the following languages: Chinese (Standard), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish.
- Localized SafeReboot
- The SafeReboot dialog has been localized to support the same language set as above. The language of the client machine’s operating system will determine which language is displayed. The SafeReboot dialog will default to English if the operating system language is not supported.
- Online Help
- Localized versions of the Help system are now available on the Web. The help text will be localized according to the language specified on the Display Options dialog. An Internet connection is required in order to access localized help text from the console. For environments that do not have direct Internet access, an English-only version of the Help system is still shipped with the product and is available locally on the console.
- IPv6 Support
- Shavlik Protect now supports IPv6. IPv4 is still the preferred IP scheme that will be displayed in the UI, so for environments that happen to have IPv6 turned on but are not utilizing it yet, the IPv4 address will be the default address shown for machines.
- Report Views
- In conjunction with this release, Shavlik is providing a Report Views Guide that describes how to use database views within SQL Server database queries to generate custom reports for Shavlik Protect. This also allows for third-party tools such as SQL Reporting Services, Crystal Reports, Splunk, and others to be used to create reports for Shavlik Protect.
Minor New Features and Enhancements
- Improved Machine Resolution in FQDN and IP-only Environments
- For customers who have environments that require FQDN or IP to resolve machines, Shavlik has made significant improvements to our machine resolver so that Shavlik Protect will retain multiple resolution methods for each machine. FQDN, Hostname, and IP can all be attempted to ensure the machine is resolved correctly.
- Scan by Vendor Severity
- The patch scan templates and the assessment engine have been updated to include filters that enable you to scan by vendor severity. You can now scan specifically for Critical, Important, Moderate, Low, or Unassigned security or non-security patches.
- Deployment Workflow Enhancements
- The deployment workflow has been consolidated to reduce the many branches that existed in the deployment experience. When you perform a deployment now you will see the same level of detail as a scheduled deployment. The deployment results are also available for viewing after the deployment is complete.
- Machine-Level Status in Operations Monitor and in Deployment Tracker
- A machine-level status has been added to the deployment flows. This gives you better visibility into the current state of your deployments.
- Deployment Return Codes
- Deployment return codes are now available within Deployment Tracker and within the deployment reports. Making the return codes available within the Shavlik Protect UI eliminates the need to comb through target machine logs for the return codes.
- Active Directory (AD) Enhancements
- Shavlik Protect is now able to discover any Active Directory Forests and Domains that are broadcasting themselves to the console machine’s domain. In addition, you can now add additional Forests and Domains and save credentials for these items. This allows you to browse these items without having to reconnect each time.
Features That Have Been Removed in Shavlik Protect 9.1
- The following platforms are no longer supported for use as a console:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008 (prior to R2)
- Windows 8 (Windows 8.1 is supported)
- 32-bit architecture operating systems
In response to Microsoft’s strategic direction and recent end-of-life announcements, Shavlik has removed support for the above platforms as a Shavlik Protect console. Shavlik Protect 9.0 is the last version to support these platforms as a Protect console. All of these platforms are still supported as agentless and agent-based targets.
To help ease the migration to newer platforms, Shavlik has developed a migration tool that will help administrators to transition a console from one machine to another. Microsoft has announced an end-of-life for Windows XP in April 2014 and for Windows Server 2003 in April 2016. We are recommending that customers on these platforms migrate to newer operating systems as soon as possible. Shavlik will not be supporting Windows 8 as a console due to an incompatibility issue with Powershell 4.0, which is a new prerequisite in Protect 9.1. Windows 8.1 support is being added with Protect 9.1.
- The following VMware ESX Hypervisors are no longer supported:
- ESX 4.0
- ESX 4.1 (ESXi 4.1 Hypervisors are still supported)
Shavlik is removing support for hypervisor patching and offline VM, template, and snapshot features for these versions, as VMware is ending support for these platforms in 2014. Shavlik Protect 9.0 is the last version to support these versions.
- Export to TIF, TXT, and RTF formats
Shavlik has removed support for these formats as they are little used and provide little value to the majority of customers. Future versions of Shavlik Protect will still support export to PDF, XLS, TSV, CSV, and XML formats.
Features That are Targeted for Removal After Shavlik Protect 9.1
- Windows Server 2000 support for agentless scan and remediation will be removed after 9.1
Shavlik is announcing that Protect 9.1 will be the last version to support Windows Server 2000 as an agentless target. Protect 9.1 will support this version of Windows until it reaches its end-of-life, which has not yet been announced.
- SQL Server 2005 support will be removed after Protect 9.1
Shavlik is announcing that Protect 9.1 will be the last version to support SQL Server 2005 (all editions). Customers should work towards moving to newer editions of SQL Server as soon as possible.
- User Criticality Filter will be removed after Protect 9.1
With the introduction of the Vendor Severity filter, the User Criticality Filter’s primary function is now obsolete and will be removed in a later release. The feature has a high maintenance cost and low value for most customers.
- Resolved an issue where duplicate agent results could conflict, causing import to fail.
- Resolved an issue where duplicate agent results cause a loop on import, blocking up the import queue.
- Resolved an issue where custom patch could allow a .bat file to be used which would cause agents to fail deployment. The .bat extension has been pulled from the custom patch file options.
- Resolved an issue where LDAP over SSL connections would attempt to use the Shavlik Certificate. The Shavlik Certificate on upgrade will be moved into a custom store.
- Resolved an issue where the 'Is Policy Current' value for Threat Protection Agents could incorrectly show as No when they really are up to date.
- Updated the Help System to include descriptions for agent icons that were not documented.
- Updated the Help System with an outbound port 443 requirement for the Protect Cloud Sync feature.
- Resolved an issue where a result could not be imported if the service pack of the product could not be determined.
- Resolved an issue where attempts to delete a partial scan result could result in a console crash.
- Resolved an issue where an agent result missing the EndTime attribute would fail to import.
- Resolved an issue where the Patch Status Detail Report could end up with PatchBulletinTitle on multiple lines due to a carriage return.
- Updated the community link for data conversion errors on upgrade to point to the proper community article.
- Resolved an issue where the Executive Summary Report could reflect the Effectively Installed Patches count incorrectly.
- Resolved an issue where scan results could fail to import do to a 'Arithmetic overflow error' on the primary key in the ScanItems table.
- Updated the Administration Guide to place the 'What's New?' section in the correct location in the document.
- Resolved an issue where using the Microsoft Scheduler could cause scans to add five minutes to the specified scheduled time.
- Resolved an upgrade issue where an unassociated event subscription could cause the database upgrade to fail from 8.0.2 to 9.0.1182.
- Resolved an import issue where Agent Deployment Results could cause the importer to loop backing up the import queue.
- Resolved an issue where the console could crash when you start many scans simultaneously on a resource constrained machine.
- Changed from using MD5 hash to SHA1 in asset value normalization to be compliant on a FIPS enabled machine.
- Resolved an issue where HFCLI.exe was not using the Protect License Key, causing certain licensed features of HFCLI to not work.
- Resolved an issue where using the Browse Active Directory feature would not allow you to select a forest.
- Resolved an issue where the console service could crash on foreign key exceptions.
- Resolved an issue where the console service could crash when encountering an unknown service pack item type.
- Resolved an issue where 2003 R2 SP2 systems could reboot unexpectedly when upgrading the agent from 8.0.2 to 9.0.1106.
- Resolved an issue where an unnecessary horizontal scroll bar would appear in the Machine View.
- Resolved an issue where the console service could crash when it is unable to decrypt credentials.