Shavlik Protect Version History
Previously VMware vCenter™ Protect Standard/Advanced, VMware vCenter™ Protect Essentials Plus, Shavlik NetChk Protect and Shavlik HFNetChkPro
(Note: This build includes fixes from 9.0.1106.0 and Protect 9.0 Patch 1)
- Manual activation of Shavlik Protect is now available through a self-help portal. When you choose manual activation mode, instructions are provided to walk you through the process.
- Resolved an issue where bad agent results were continuously imported rather than being discarded, resulting in the ST.ConsoleService.managed.log showing multiple “Stream header magic number is invalid” errors.
- Resolved an issue where multiple IP ranges that use the same distribution servers cause full cloud policy updates to fail with 400 (bad request).
- Resolved an issue where the advanced filter options for the Deployment Status By Machine report could cause Protect to crash.
- Resolved an issue where reports emailed from Tools > Create Report are a tmp file instead of PDF.
- Updated the Administration Guide to correct an issue where the default console service port was shown as 3131 instead of 3121.
- Resolved an issue where the machine inventory email does not get sent when applied to a machine group.
- Resolved an issue where agent registration and checkin uses FQDN not NetBIOS, causing the install to fail if FQDN could not be resolved.
- Resolved an issue where agent checkin without a policy uses FQDN not NetBIOS, causing the install to fail if FQDN could not be resolved.
- Resolved an issue where emailing a report from Scan View could cause Protect to crash.
- Resolved an issue where the Scan and Report Only and the Deploy and Report Only roles do not allow the user to create and assign their own credentials.
- Resolved an issue where the Scheduled Tasks Manager abnormally exits when right-clicking in the jobs window.
- Resolved an issue where scheduled jobs might not appear in the Scheduled Tasks Manager.
- Resolved an upgrade issue from 8.0.2 to 9.0.1106 where, after upgrade, some machine groups could not be opened.
- Resolved an issue on ProtectCloud login where using dangerous HTML characters in the Protect Cloud password causes an exception.
- Resolved an issue where scheduled deployments to a hosted VM shows a scheduled time discrepancy between Deployment Tracker and the Scheduled Tasks Manager.
- Added support for the vCenter Protect installer to detect PowerShell 3 as a prerequisite for PowerShell.
- Resolved an issue where Java Runtime would uninstall the current version and then fail to install due to file(s) in use.
- Removed a dependency on two Microsoft components (oHotFix and Qchain) as they are reaching end of availability from Microsoft Corporation.
- Resolved an issue where an offline virtual machine on an ESXi Hypervisor would fail to scan with an Error 4000.
- Resolved an issue where deployments using Install at next reboot could execute immediately.
- Added installation support for Windows 8 and Windows Server 2012.
- Added support for installations using SQL Server 2012 databases.
- Integration with VMware Licensing
- Support for multiple license keys, allowing for valid VMware vSphere and Accelerator Kit bundle licenses to activate along with VMware vCenter Protect licenses.
- Retain support for the legacy (Shavlik) license keys and make key combinations additive.
- Update to license services within VMware vCenter Protect, allowing active licenses to refresh without user intervention. Customers no longer have to manually refresh their active licenses when Support or data renewals occur, etc.
- Updated Product Activation
- VMware vCenter Protect now has the ability to activate a trial within the product.
- VMware vCenter Protect Free version is now activated through the same activation dialog as Trial or Product\Bundle keys.
- Renaming of the Product
- VMware vCenter Protect Essentials is renamed to VMware vCenter Protect Standard
- VMware vCenter Protect Essentials Plus is renamed to VMware vCenter Protect Advanced
- Resolved a rendering issue in the Patch View where you could select one of the affected patches and the Patch Details would not display correctly resulting in an application crash.
(NOTE: This build includes fixes from 8.0.3756.0 and Protect 8.0 Patch 1)
- Enhanced ITScripts engine to provide more user-friendly error messages.
- Resolved an issue where scheduled value in Tracker and deployment status was
showing date and time the job was scheduled on, and not the date and time the job
- Resolved an issue in the STAgent.exe where a race condition could cause a crash.
- Resolved an issue in the IAVA reporter where Patch Status Detail would crash if
viewed by specific product and service pack combinations.
- Resolved an issue in the Help file where a link for ITScripts would redirect to
custom patch instead.
- Resolved an issue where refreshing a license after viewing a power status scan
result could result in a crash.
- Resolved an issue where Browse Active Directory feature in Machine Groups did
not list child OUs.
- Updated Help file to correct steps for creating a manual install script for agent
- Resolved an issue where upgrade from 7.x to 8.x results in agents running threat
protection needing to be re-installed.
- Resolved an issue where STAgentUpdater could crash when creating SSL
- Resolved an issue where the service could crash when retrieving system credentials due to size of credential store.
- Resolved a regression where the patch pane in Machine View defaulted to expanded instead of collapsed.
- Resolved an issue in Custom Patch where a string registry value always returned missing.
- Resolved an issue where database upgrade fails with uniqueness constraint violation. This only affects 7.x upgrade to 8.0.
- Resolved an issue where agents would be unable to deploy a custom patch.
(NOTE: This build includes fixes from SKB17119)
- Resolved an issue with the custom patch editor. After saving news xml, the user had been unable to access the custom patch editor.
- If the administrator does not check the Disable Active Protection box on the General tab, the end-user will not be able to permanently or temporarily disable Active Protection. Prior to this patch the user was still able to temporarily disable Active Protection.
- Resolved an issue with the custom action functionality that occurred following a post reboot.
- Resolved an issue with deploying service packs from an agent that was upgraded from 7.6 (the service pack would not deploy).
- Resolved an issue with agent deployment where failed downloads of service packs or patches from a distribution server could indefinitely block the agent's deployment of those service packs or patches. Also related to this issue, the Clear Retry Counts command, in addition to resetting retry counts, will now delete an agent's local copies of downloaded patches and service packs. This will not affect the state of installed patches or service packs.
- Resolved an issue with mounting VMs, where the user was not able to mount VMs with datacenters under a folder.
- Resolved an issue when deleting a patch task from a copy of an agent policy. • Resolved an issue where agents failed to download patches/service packs when
- BITS Service is configured to have a startup type of 'Disabled.'
- Resolved an issue where the managed machine resolver did not correctly exclude IP addresses.
- Resolved an issue where, if the user exceeds the number of deployment seats permitted by their license, they could not use the Get more deployment seats button.
- Resolved an issue with the deployment of Office patches when an Administrative Installation Point (AIP) is used.
Released 12/15/2010 (NOTE: This build includes fixes from 7.6.1482 and SKB16779)
- Resolved an issue where the ‘Item History’ report and the ‘Seat License Status’ report were not available in the report gallery
- Scan fails to import properly due to file locking issue on the scan information importer
- Resolved an issue where deployments would fail when deploying patches that could not be downloaded
- Resolved an issue where scans would hang on importing new definitions: Error – ‘Object synchronization method was called from an unsynchronized block of code.’
- Resolved an issue where deployments fail when installing or upgrading to 7.6 on a disconnected network
Features and Enhancements
Shavlik NetChk Protect 7.6 includes the following enhancements:
- Patch Scan caching abilities that will improve the performance especially over WANs
- Ability to execute agent policy actions by sending ad hoc commands from the console to your agents (e.g. executing a patch\power\asset task, update definitions or binaries, clearing retry counts, etc.)
- Original Scan State column added to Scan and Machine views (Option to display the original scan state as an additional grouping\filtering option)
- Agent AV ad-hoc tasks from the console - simplified management for the administrator
- Quarantine management (both policy driven & ad-hoc tasks) – better control for the administrator over quarantined threats
- “Threat Events View” – new more granular view of threat and Active Protection events for the administrator·
- Perform AV threat scan on a specific file/folder – allows an individual user (agent) to perform a scan of a specific file\folder or an entire USB drive that they just placed on their computer
- New AV/Threat Reports – better reporting for the administrator and their management
- AV Alerting from console – automatic alerting for the administrator when Active Protection thresholds are reached
- Exclude files/folders from being scanned (policy-driven w/ wildcards, environmental variables) – ability for the administrator to exclude files/folders that you don’t want to scan for performance or other reasons
- Resolved a UI issue when deploying patches using Distribution server where the distribution server IP range does NOT have a primary distribution server specified
- Resolved Data Rollup to include machines that fail to scan in the scan results as shown on the Central Console
- Resolved an issue to save IP Address in Data Rollup configuration screen
- Resolved RPC timing issue that cause error 1726
- Resolved an Importer failure to move file to bad files folder if exception occurs during import
- Resolved an issue when selecting "deploy all missing" From a scan of a windows 2000 box shows informational patches in the "deployment configuration" screen
- Resolved an issue of not being able to deploy .NET Framework 2.0 SP2 from Scan View
- Resolved an issue where Agent installs allows for non-administrators leaving system in bad state
- Resolved an issue to handle duplicate Patch names in PD5.xml
- Resolved an issue where application shuts down when you press TEST button when adding credentials with NO password
- Resolved an issue to save command Timeout setting in during upgrades
- Resolved OU structure display duplicates and machine on the main node
- Resolved an Importer failure where the process cannot access the file 'arrival file path' because it is being used by another process
- Resolved an issue where Deployment Templates created by Admin A do not show in drop down when choosing default Deployment Template for other admin
- Resolved skippatchmail and scanemail command options missing from ShavlikConsoleTask
- Resolved reports issue where - No data in Machine HW Detail report from Agent running Asset Scan task - Data shows in MV
- Resolved an issue where Left navigation panel cannot be expanded past default
- Resolved an issue with SafeReboot - Restart on User log off causes Program still needs to close dialog box to appear on Windows 7
- Resolved an issue where No warning logged when disconnected console attempts to import results created from newer XML
- Resolved an issue where Refresh Files causes unhandled SQL Transaction Timeout exception when attempting to import patch data
- Resolved an issue with Scheduled jobs with '&' in name do not appear in the GUI queue
- Resolved an issue with Executive Scan Summary (with view current status option) is showing more than the latest scan results
- Resolved an issue with Data Base upgrade timeout
- Resolved an issue with Reports: Patches by Machine Detail shows multiple entries for the same missing patch on the same machine (across multiple scans)
- Resolved an issue with Machine Group: Scan only settings are being ignored in patch scans
- Resolved Unhandled exception from BuildNewsfeedInternal()
- Resolved a tracker issue after rescan where tracker reports Unable to Verify
- Resolved an issue of not being able to use UNC shares as patch repository
- Resolved an issue where copied patches were not included in Missing Patch Count column
- Resolved an issue where threat data were not downloading to console when roles are enabled
- Resolved an issue with Tracker drop down list does not refresh
- Resolved an issue where User Criticality in Patch View was not current with actual value even when refreshed
- Resolved an issue when you remove an agent machine from MCV, it can no longer check in
- Resolved issue with Threat data scan smart filters
- Resolved a race condition with StartFileSet()
- Resolved an issue when deploying to Office 2003 build 1183138221
- Resolved an issue with "View Current Status" should not be available inside Advanced Report Settings
- Resolved an issue when Entering in a long Distribution Server name
- Resolved an issue with Deployment Seat Enforcement Algorithm doesn't work with multiple consoles
- Resolved an issue of not being able to change the DB timeout for Protect upgrades
- Resolved an issue when attempting to scan offline machine on FREE ESXi
- Resolved an issue with Tools --> Options --> Save with Subquery returned more than 1 value
- Resolved an issue of not all results are being imported into the database, all agent scan results are going into BAD FILES folder. DB Error DisplayVersion exceeds database field length '55'
- Resolved an issue of not being able to upgrade 7.2 database to 7.5 due to existence of Spyware patch groups
- Resolved an issue when updating policy for 4000 agents
- Resolved an issue where remote dialogue with special characters will corrupt display
- Resolved an issue with MCV: Missing patches NOT shown after refresh of machine where user deleted the last scan. Other scans exist
- Resolved an issue with Protect fails to open after deleting User's Profile
- Resolved SQL-DATABASE-MAINTANENCE Script fails on databases that have old scans due to constraint issues
- Resolved Agent UI crashes that resulted from a race condition in event subscribtion
- Corrected the Patch Assessment Service so it no longer stops running and does not send a message back to the GUI
- Fixed Threat definitions that failed to sync if a single Distribution Server is offline
- Resolved an issue where deployments fail because of a Detection Only patch
- Fixed a problem that resulted in a scheduled scan on a Win 2K8R2 system creating an interactive console task
- Fixed an issue where patch scanning is returning incorrect scan results due to probably network errors. Patches are detected as missing when they are installed.
- Resolved a problem with NetChk Agent log file activity that causes NetChk Agent UI to crash
- Corrected an issue with NetChk Agent policies where creating a copy of a policy causes an Always Allow entry to go to the Never Allow entry
- Fixed a problem with asset scans that resulted in Boolean variables always show as false
- Resolved an issue where wrong service packs being displayed and deployed
- Fixed SafeReboot so it no longer fails if executed on system where 1 or more users are connected via RDP
- Corrected a problem where Software Deployments stays checked after unchecking under certain conditions, resulting in software being deployed unintentionally when clicking cancel
Major New Features
- Added Power Management Module
- Create a licensable module to manage the power state of computers. By turning off computer at night and on weekends, businesses can save up to $60 per computer per year
- Integrated Wake-on-LAN to the Power Management Module. Conflicts exist between a company’s desire for Greener IT and the need to deploy critical security updates. Shavlik’s Power Management Module is a seamless integration of powering computers off when not in use and waking them up for scheduled maintenance windows.
- Added Hardware and Software Asset Inventory capability to the NetChk Agent. Asset information about Agent-managed machines are rolled up to the central console for management and reporting.
- Added Software Asset Inventory collection on virtual machines that are powered off (offline). This allows NetChk Protect to create and maintain a current and accurate inventory of software assets on physical and virtual machines regardless of power state.
- Fixed issue related to download patches from Patch View (Firefox 1.0 and selecting all languages)
- Added MS XML Hotfix in boot strapper to resolve Large scan crash
- Corrected an issue with NetChk Agent download Patch or Threat Data using Ironport or Blue Coat proxies when set to download from Vendor over internet
- Fixed issue of asset scanning of machine found in multiple nested machine groups
- Fixed issue with saving existing custom XML file by clicking save icon (floppy disk)
- Fixed database upgrade failure when you have duplicate Machine definition in machinelist table (one included and one excluded)
- Fixed issue with Auto-email and reports being sent before deployment happens
- Fixed Agents failure to install on domain controllers
- Fixed failure in installation if http reservations exist for port 3121 and port 3122
- Fixed issues with incorrect number of missing patches showing in machine view
- Allow more than 32767 managed machines while viewing scan resultsFixed database upgrade issue once you manually set the Database (e.g. ShavlikScansTest) properties->Options->Numeric Round-Abort = true
- Fixed timing issue to ensure patch scan results are available after scans complete
- Added capability to deploy greater than 40 agents at one time with a 40+ character user name and password
- Corrected a problem with deployments being removed when scans were being deleted
- Fixed issue with deleting a Scan from Manage->Items
- Fixed the Agent Check in fallback address
- Fixed problem with logging and tracing once setting “all logging levels”
- Fixed capability to scan nested groups where one group was deleted
- Fixing error when logging off from computer using machine level credentials on Schedule scan
- Fixed Asset scans when machine group includes machines via the "Link to file" external source option
- Fixed ability to connect to Remote SQL DB using Windows Authentication
- Corrected an issue that prevent automatic emails to be sent after scheduled scan completes
- Enabled scheduled scans across domain without trusts
- Solved thread issue when multiple scan threads access the same target at the same time
- Fixed Machine type filtering under the advanced filtering for reports
- Enhanced ability to download large number of patches
- Fixed error when scheduling recursive scans
- Enabled Shavlik Task Manager to handle bad XML from target
- Updated .Net 3.5 download for pre-req installer for Machines not connected to the internet
- Removed Spyware Signatures from Patch View
- Fixed problem where rebooting a list of computers stopping after the first failure
- Fixed resetting highlighted machines in scan results when grouping by specific column
- Fixed incorrect scanning console name being reported when migrating existing database to a new console
- Fixed foreign local issues where simple string comparisons would cause the application to fail
- Fixed issue with entering a Shavlik Scheduler port number higher than 49000 Fixed errors in Patch Status summary report
- Prevent installation of Agents on a FAT partition
- Fixed issue of not being able to check the asset scan template under Tools
- Fixed inconsistency reporting number of patches in the scan results
- Ability for Manual Licensing to handle x64 bit machine
- Fixed error when using advanced filters for Patches by Machines report
- Fixed Unhandled exception when attempting to Remove E-Mail Address from Machine Group
- Fixed problem with ability to perform scan with auto deployment from a non-English OS
- Improved Importer Performance when 'Updating the database with the latest descriptions'
- Fixed issue with deleting distribution server
- Fixed issue with XML not updating for re-occurring scans
- Fixing problem with setting up data rollup, when user tries to import 6.5 data rollup .drs file
- Fixed close of Scheduled Tasks GUI when refreshing machines
- Showing Custom Deployment Template in drop-down if it was created by another user when My Items only is disabled
- Fixed problem with ability to schedule reoccurring scan
- Fixed ability to delete filter from Patch Centric view
- Enabled Organizational Units to be sorted alphabetically by name
- Resolved E-mail address validation to ensure valid addresses are not blocked
- Fixed parsing issue when settings stored in the sysInfo table using the bit data type
- Fixed Scan Results importer to handle the apostrophe character correctly when inserting domain Rule's
- Fixed setting default credentials in tools --> options
- Fixed a regional settings issue that resulted in an unexpected error and need to close to recover when Customer clicks on scan results in Today’s Items
- Reduced the time it takes to verify seat licenses
- Fixed Machine Status Summary report graphic header
- Fixed an issue with the agent UI failing to terminate when the user logs off
- Fixed an issue with Agent not deploying on machines with IPv6
- Resolved an issue of time out when running the SchemaInstaller.UI.exe on a large remote database
- Corrected an issue of download failure when Patch downloads sources through DS or Custom Share in Tools/Options are looking for the wrong patch format
- Eliminated duplicates in Top 10 Missing Patches Report on a Roll-up console
- Fixed importer problem with the result importer does not download newer data files when it receives results of scans that used a newer XML
- Fixed an Agent Import issue
- Added the Sending Console ID to Threat Results Export
- Resolved an issue with Machine View when refresh machine doesn't update middle pane
- Fixed a problem when providing bad user name in Set Credentials dialog
- Warn users that SQL 2000 is not supported when Protect database upgrade on SQL 2000
- Corrected an issue when Windows Xp 64 bit is incorrectly reported as Windows Server 2003 on agent check-in
- Fixed failure to import of software asset scan results with invalid product cultures
- Corrected install failure if VMware VDDK 1.1 Installed
- Fixed failure to import Scan Results if xml version is out of date
- Fixed a problem of results files being marked as "Orphaned" by the importer even though they were successfully processed
- Corrected failure to import scan results with a scan name
- Fixed Office Deployment prompts for the wrong product, Excel 2000 instead of MS Office 2003
- Fixed a problem with threat data always downloads from vendor, regardless of Tools > Options setting
- Fixed a problem with download of Large Service Pack which hangs at 100% complete indefinitely and closes the app when clicking cancel
- Corrected an issue where scheduling a scan more than 32 days in the future resulted in the scans running immediately
- Fixed an issue with application operations and Ironport or Blue Coat proxies
- Resolved a problem with stSched that prevented scheduled deployments of patches to NT4 systems
- Modified how results are imported into the NetChk console to significantly speed up importing results
- Fixed the results importer so asset scan results are successfully imported into the NetChk console
- Corrected recurring jobs to work properly with Microsoft scheduler 2.0
- Prohibit Vista and later operating systems from using the Microsoft AT scheduler; use of the AT scheduler on these operating systems results in hundreds of scheduled jobs being generated as a result of pingback failures
- Resolved an issue with the Microsoft scheduler 1.0 that resulted in an application crash when scheduling recurring scans
- Fixed an issue where deployments using reboot dates more than a month out in the deployment template were not scheduled correctly
- Deployments scheduled in the past will now run immediately rather than a month in the future
- Corrected issues with silient.exe that prevented successful deployments without user intervention
- Corrected an issue with the NetChk Protect 7.2 update 1 patch that deletes install location resulting in the application not remembering the previous installed location
- Resolved an issue that prevented scheduled deployment jobs from being deleted
- Enhanced Data File Download and Distribution Server Sync functionality. Specify never download data files (run disconnected), download newer files when the application launches, specify an interval for data file downloads and anchor that interval to a specific hour, or specify newer data files are downloaded on a specific day of the week and hour of the day.
- Extended NetChk Agent policy version control to components modified outside of the Agent policy. If you modify a scan or deployment template, or patch group used by a template, it will be updated in the Agent policy on the next Agent check in.
- Resolved an issue that prevents NetChk Agents from checking in when the listener fails to initialize.
- Corrected an issue where adding the same contact name to the address book caused the console to crash.
- Fixed problems with regional settings that prevented results from being imported and reports from being generated properly.
- Changed the installer to allow control of where the product is installed. Upgrades will be installed in the previously-defined location.
- Resolved deployment seat count issue with the NetChk Agent.
- Enabled the Agent to use recognize the Patch Group Text file.
- Fixed the Agent so it would not crash when attempting to install more than 8,000 patches.
- Corrected a problem so the scheduler could be successfully uninstalled.
- Modified the Agent to initiate a reboot after deployment in all cases when the deployment template specifies a reboot.
- Resolved an issue where deploying patches to a specific IP range when multiple IP ranges were scanned resulted in all missing patches in all IP ranges being deployed.
- Added a variable to the STEnvironment configuration file to control how long to wait for scan results to be imported before automatically generating reports to be emailed. Default is 30 minutes (increased from 2 minutes).
- Fixed an issue where creating a very large patch group (200+ patches) by doing a right-click select, crashed the application.
- Eliminated a console crash when the system errors out with multiple failed patch downloads.
- Corrected an issue that prevents removal of a specific patch from a patch group.
- Changed the database query to support changing the Office path/credentials when multiple consoles are connected to the same database.
- Resolved a Scan View issue that prevented deleting multiple selected patches.
- Implemented a change support console installation on a Windows Server 2003 SP2 terminal server.
- Fixed a timing issue that resulted in an error when selecting a large number of patches in the Scan Results view.
- Corrected a problem that prevents the console UI from correctly updating during Agent installs.
- Added use of a shared drive as the patch download center path.
- Fixed an issue where the console was started minimized.
- Resolved a problem that prevents patch deployments from Machine View.
- Added ‘Friday’ as a selection in the scheduler. Removed duplicate ‘Saturday’.
- Corrected issues when scheduling scans, deployments, or scans with auto deployments across month boundaries.
- Eliminated a timing issue that resulted in inconsistent scan results numbers in Executive Summary.
- Verified the pre-req installer handles detection and installation of MSXML 6.0 hot fix for all supported operating systems.
- Changed the license scheme to eliminate need for console activation after moving the console with VMotion.
- Modified database queries to prevent ‘Out of Memory’ exception when opening Machine View that includes Asset Scan information.
- Increased the SQL command timeout to prevent an application crash when Deleting Scans from Managed Items in a large database.
- Re-enabled support for console operations that do not require access to admin shares.
- Corrected an issue that prevents threat data files from being downloaded in a proxy server environment.
- Added the machine group used for scanning to asset scan results of virtual servers.
- Fixed an issue that prevented obtaining a console certificate if the application was not installed in the default location.
- Resolved a problem that resulted in an application crash when removing address box contacts from Managed Groups.
- Eliminated a limitation of performing asset scans on no more than 64 machines.
- Corrected an application crash when deploying patches when IE 5.5 SP2, IE 6 SP1 or IE 6 SP2 is contained in the deployment.
- Fixed an issue where Agent deployments would fail if the machine had been previously scanned by IP address.
- Modified the product so data roll up ignores deleted machines.
- Resolved multiple Agent updater executable issues that prevent successful updates during data drops.
- Corrected an issue that resulted in a console crash when attempting to download language-specific patches and the patch does not exist in that language.
- Fixed an issue where a distribution server with null credentials failed to upgrade.
- Added support for automatic email of reports upon completion of a scheduled asset scan.
- Fixed an unhandled exception when testing proxy credentials in a disconnected environment.
- Resolved an issue where run disconnected mode was not being remembered.
- Added support for assets scans of a machine group defined by a linked text file.
- Corrected an issue parsing asset scan results from non-English languages.
- Fixed scan results reporting of Windows Server 2008 R2 as an ‘unknown OS’.
- Added Last Threat Scan Date and Last Threat Definition File information to machine view.
Major New Features
- Asset Management: Shavlik’s Asset Management leverages the company’s innovative Agentless approach to thoroughly and dynamically discover and catalog IT assets.
- Software Assets
- Hardware Assets
- Virtual Machine Assets
- Enhanced Integration with Virtual Infrastructure: Significant enhancement over previous handling of virtual machines within NetChk Protect. Now there is a tight coupling of NetChk Protect with virtual infrastructure including vSphere, VI, ESX, or ESXi.
- Resolved an error that prevented scheduling recurring scans on Fridays
- Corrected issue where threat results repeatedly sent to the rollup console at every rollup interval
- Added MSXML hotfix (KB960064) to the boot strapper to address a memory consumption issue that resulted in hangs while scanning large numbers of machines
- Fixed Importer failure to import agent patch deployment result files that contain no patches
- Database Installer Fails when an existing SQL Login is specified for Services Connectivity that is not already mapped to a Database User
- Fixed Prereq installer to NOT install c++ runtime
- NetChk Patch Service Fails to start before the maximum OS service start timeout
- Fixed access denied error on Console if doing a scan while the service is importing newer XML
- Resolved Scan view crash during a large service pack download
- Corrected issue where earlier versions of HFCLI cannot scan target after a 7.0 deployment
- Added charts missing after performing first scan
- Corrected issue in DB Updater that caused Distribution screen to error on upgrade
- Addressed the incorrect default value of the data rollup port
- Fixed an issue where remote database installs and upgrades fail on Windows Server 2003 when connected via Terminal Service
- Resolved problem with the right-click context menu in scan view to filter by the selection (it was defaulting to selecting all machines in the scan as in context)
- Corrected an application crash when opening the Distribution Server manager
- Added input validation for content entered in the Tools->options->Proxy user dialog box as invalid content resulted in an application crash
- Fixed an issue that prevent deploying patches from machine view to machines found during dynamic ESX server scan
- Resolved a console crash when deleting a contact from the address book
- Corrected an application crash from a null string when downloading less common non-English language patches
- Fixed an issue where editing Distribution Servers failed repeatedly
- Removed limit of 64 as the maximum number of asset scans
- Fixed a bug where entering a duplicate email address in the address book would cause the console to crash
- Fixed a bug where viewing scan results or selecting machines in the scan view might cause the application to crash
- Fixed a bug where downloading large files (such as Service Packs) would fail on XP and WS03 consoles due to an issue with checking digital signatures on large files
- Fixed a bug where agent scan results and/or child console rollup results would not appear in the main console if the agents or downlevel consoles were running with a newer version of hfnetchk6b.xml
- Fixed a bug where agents failed to check-in with the console if the agent policy was configured to use 'Distribution Server - by Agent IP range' and that policy did not include a reference to a backup Distribution Server
- Fixed a bug where version 7 claimed that all license seats were in use and could prevent installation of patches and/or functionality of agents.
- Fixed a bug where agents were not able to be deployed on some Domain Controllers
- Removed the need for WMI to be running on systems where the agent was being deployed
- Fixed a bug where the agent UI would not function if the agent policy was configured to use 'Distribution Server - by Agent IP range'
- Fixed a bug where the Shavlik services may fail to start
- Fixed a bug where version 7 may fail to install if the console was not connected to the Internet or was running behind an authenticating proxy server (installer issue - fixed in the new installation bundle only)
- Fixed several bugs where the database migration process failed when upgrading from version 6.x to version 7 (installer issue - fixed in the new installation bundle only)
- Fixed a bug that prevented installing version 7 if a prior installation of version 7 had failed (installer issue - fixed in the new installation bundle only)
Major New Features:
- Added antivirus / threat management engine to the NetChk Agent
- Added on-access and on-execution Active Protection capabilities to the NetChk Agent
- Shavlik NetChk Console
- Refreshed and redesigned the main page with new charts and new items. New charts provide immediate view into the latest status of machines on the network. New items include 'How do I...' links to the Help File making it easier to get the most value out of NetChk Protect.
- Multi-tasking GUI. Launch multiple scans, review results, initiate deployments - all at the same time.
- Shavlik NetChk console can be installed on Vista systems
- Enhanced the machine group interface. Machines can be sorted and grouped by a variety of attributes.
- Enhanced the patch group interface. Patches can be sorted and grouped by a variety of attributes.
- Enhanced the left navigator to use Outlook-style display
- Enhanced patch download window. Patch download status is displayed for each patch being downloaded.
- Enhanced the patch deployment test function. The test function follows the same code path as real deployments.
- Added bulletin release date, bulletin title, and patch type columns to the patch group window
- Added group name to patch scan results in the left navigator
- Added ability to perform automated data file downloads every X hours
- Distribution Servers can be synced every X hours
- Enhanced the console functions to operate more efficiently\quicker when reading from large databases
- Added ability to add machines to existing machine groups via right click menu option
- Added ability to add patches to existing patch groups via right click menu option
- Enhanced the Machine View - added smart filters, search capabilities, and sorting\filtering\grouping functions.
- Added a column to the Machine View to display the last agent checkin date
- Added Microsoft Exploitability Index values to patch data in the Patch View
- Consolidated ports - the data rollup function uses same port number as NetChk Agents
- Enhanced E-Mail selection window
- Added ability to delete old machines from the machine view (as long as they're not currently occupying a deployment or agent license)
- Improved speed and responsiveness -- the patch scan engine is 3x to 5x faster
- Shavlik Agent Infrastructure
- NetChk Agents do not require distribution servers. Data and engine files can be downloaded directly from the Internet.
- NetChk Agent installations use an MSI file
- NetChk Agent can be installed on Vista systems
- NetChk Agent can be installed on the NetChk console
- Enhanced the NetChk Agent scheduling capabilities. NetChk Agents now have the same flexible scheduling available in Agentless operations.
- Multiple patch and threat tasks can be assigned to one policy
- Enhanced the agent policy manager (multi-select)
- NetChk Agent can be configured with a 'listening' port to receive agent policy updates and instructions instantly
- Agent patch policies can leverage existing agentless scan templates
- Agent patch policies can leverage existing patch groups. The 'approved patches' list has been replaced by selection of one of three options: deploy all missing, deploy from patch group, deploy all vendor Critical patches (or deploy patch group PLUS all vendor critical patches)
- Agent patch policies can be configured to always scan for (and deploy) vendor Critical patches, eliminating the need to define and maintain patch groups
- Agents checkin with the console for updated policies, rather than the distribution server
- Enhanced the NetChk Agent client user interface
- Added option to perform agent tasks X minutes after system start if previously scheduled start time was missed
- Added ability for non-administrator users to launch patch and threat scans and perform remediations from the agent GUI (if configured to allow users to do this)
Other New Features, Enhancements, and Bug Fixes:
- Fixed a bug where the patch scan engine might fail when doing aqentless scans of thousands of systems
- Fixed a bug where canceling scans or deployments against offline VM images might not work properly
- Fixed errors encountered when scanning offline VM images that are part of nested machine groups
- Fixed a patch deployment bug where SystemRoot could not be identified on some systems
- Fixed a bug where the Deployment Status Report would include data on all patches even though the report is set to filter on specific criticalities
- Fixed a bug where Report Only users were able to delete scan and deployment results
- Fixed a bug where the console display would not refresh properly after canceling a patch download
- Updated NetChk Agent (patch) to correctly deploy certain SQL Server patches
- Fixed a bug where deleting machine group credentials removed Domain credentials after the scan completed
- Fixed a bug where custom patch features failed to execute on agent-managed machines
- Fixed a bug where custom patch features failed to work as expected with R2 systems
- Enhanced the console to provide better results for agents when agents perform multiple scans per day
- Fixed a bug where Office media path credentials may not have been saved in the deployment template
- Fixed a bug where deployments from a Windows Server 2008 console failed to execute on NT4 systems
- Fixed a bug that prevented the use of a Distribution Server on a remote system where that location was the specified console download location
- Fixed a bug where automated e-mails failed to operate for offline virtual machine images
- Fixed a bug with NetChk Tracker where patch rescans were initiated before the target system was read to be rescanned
- Enhanced NetChk Tracker with additional status messages to indicate that machine was restarted and was awaiting rescan
- Enhanced the patch download status window to display download status for each patch
- Enhanced the NetChk Agent so it can checkin with the console by using its IP address rather than hostname (Agent must be installed manually and console's IP address should be specified during installation)
- Fixed a bug where canceling an agentless patch scan wouldn't cancel immediately
- Modified the NetChk Console to only allow one running instance of the application
- Fixed a bug where the 'Machines not Scanned' report would not allow filtering on individual scans
- Fixed a bug in the NetChk Agent deployment process where the Agent icon wouldn't appear in the system tray when first installed
- Fixed a bug where scheduling a deployment across a month boundary would fail if using the Microsoft scheduler
- Fixed a bug where patches that had been uninstalled were not able to be installed again using the NetChk Agent
- Fixed a bug where SafeReboot was not always executing on Windows 2000 systems
- Fixed a bug where the Machine Inventory and Top Ten Missing Patches reports were not automatically sent out (as configured) at the end of a patch scan
- Fixed a bug where patches with .msp extension were not not always being installed on Agent-managed systems
- Fixed a bug where scheduled scans were using incorrect time and date when console was set to Danish regional settings
- Fixed a bug where custom patches marked as 64 bit were looking into the 32 bit registry
- Fixed a bug where SQL Server Service Packs could not be installed from the Summary by Patch screen
- Fixed a bug where offline VM image scans did not return the target system's workgroup name
- Fixed a bug where filtering by comment did not work in the advanced filtering report options
- Fixed a bug where canceling a scan of offline VM images may leave some images mounted
- Added MSXML 6.0 Hot Fix to the Boot Strapper to resolve GUI hangs and memory corruption that result from large scans
- Fixed the GUI so editing an ESX server validates the information entered
- Remove orphan records from 5.8.1, 5.9, and 6.0 databases so upgrades to 6.5.x database are successful
- Remove orphan service pack relationship with products so database upgrades are successful
- Enhanced Agent to install .MSP files
- Corrected inconsistencies between Executive Summary and various charts
- Fixed the Cancel Deployment action to successfully terminate
- Resolved an issue that resulted in extremely slow scan times when Internet Explorer 7 was included
- Corrected custom patch scan behavior to correctly use the x64 registry
- Fixed an issue where a rescan of an offline virtual workstation machine resulted in an application crash
- Resolved an error so the new Microsoft digital signatures can be validated
- Fixed an issue where images were some times not loaded properly into the application
- Resolved issues with credentials and offline VMs
- Modified the product so rescan status is set to ‘unable to rescan’ if the scan object cannot be instantiated
- Updated the sum.bat tool for updating XML and engines for disconnected consoles
- Corrected behavior when scheduler security negotiation fails
- Added support for installing NetChk Protect console on Windows Server 2008
- Fixed an issue where attempting to select one patch for a patch group resulted in All patches being selected
- Corrected deployments scheduled across month boundaries so the deployment no longer reports “time is in past”
- Fixed an issue where the Scheduler schedules jobs a month out if the time has passed
- Resolved an issue where VMotion of a virtual machine that hosts the Shavlik console deactivates the license key
- Corrected a problem with machine group copy that resulted in ESX server or VMware Workstation images not being copied
- Fixed an unhandled exception that occurred when deleting a machine group that included an offline machine
- Resolved an issue where a right-click to deploy all missing patches on an virtual machine failed
- Corrected a problem that prevent deployment of SQL Server service pack from the Summary by Patch view
- Fixed an issue where Service Packs for XP x64 systems were not properly handled
- Resolved an issue where canceling a scan of virtual machines took a long time
- Corrected a problem with target machine registry’s that prevent scans by a 6.x.x version if the target machine had been scanned by Protect 7
- Fixed an issue where agents might uninstall themselves if they were unable to contact the Shavlik console
- Fixed an issue where the malware scan engine fails to scan when multiple user accounts exist on the target system
- Fixed an issue where deployments using the Microsoft scheduler would be scheduled a month out if the scheduled time already occurred
- Fixed an issue where deployments to an x64 system from a 32 bit console would use the Microsoft scheduler rather than the Shavlik scheduler
- Fixed an issue where the agent installer port could not be changed from the default port number 3121
- Fixed an issue where the NetChk Patch Service fails to autostart after a console reboot. Also fixed an issue where the NetChk Patch Service might fail to start if the Service was unable to connect to the database on a local or remote system. These two changes should enhance the reliability of the PatchPush Track function.
- Added a second credential option to the domain scanning function on the machine group window. The second provided credential will be used to enumerate membership of the specified domain in instances where the currently logged on console user does not have access to that domain.
- Fixed an issue where the reboot function on a Windows Server 2003 system would not provide a 'reason for shutdown' and could therefore cause the system to pause at startup until this reason is entered.
- Fixed an issue where manually installed agents might result in the following error during a patch or malware scan "stSchedEx.exe has encountered a problem and needs to close"
- Fixed an issue where the Shavlik console process might fail to end when the application is shutdown
- Fixed an issue where tasks might fail to be scheduled on remote systems where IPv6 is present
- Fixed an issue where the system may not reboot as expected if a non-administrative user is logged on at the time the reboot is expected
- Fixed an issue where an 'Unexpected Error' might be encountered when using the 'scan with' option from the File menu
- Fixed an issue where choosing a Service Pack to deploy from the missing machines tab under the 'Summary by Patch' view would display 'Service Pack 1' as the only available Service Pack to deploy.
- Enhanced the deployment configuration dialog box so that the 'deploy now' button was not selected by default
- Changed the default focus on the deployment status window to 'close this window' rather than 'cancel'
- Fixed an issue where machine names display as truncated (underneath) the machine icon in the scan view
- Fixed an issue where the IAVA Reporter utility failed to function with version 6.5
- Fixed an issue with a registry key entry on the Shavlik console that prevented certain system backup utilities from functioning correctly
- Fixed an issue where duplicate Service Pack names appeared in the custom actions window
- Fixed an issue with custom actions assigned to Service Pack deployments where incorrect SP info might display in the Edit window
- Fixed an issue where running the 'apprunonce' function would re-install Shavlik services with different service names than the original service names
- Added descriptions for the Shavlik installed services
- Fixed an issue where OU enumeration credentials might not be saved in the GUI
- Fixed several issues that caused unhandled exceptions when editing machine groups containing nested groups
- Fixed an issue in the PatchPush Tracker application where some patches would fail to appear in the PPTracker GUI if a large number of patches was being deployed
- Fixed an issue with malware scan results where signature evidence for one piece of malware might incorrectly appear as signature evidence for another piece of detected malware
- Modified the application EULA
- Fixed a bug where deployments would fail to initiate, including those performed after rescans, from the NetChk Home Page, and as part of an auto-remediation task following a scan
- Fixed a bug where deployments were failing with 'Invalid Optional header type' in the PM.log file
- Fixed a bug where console-based scheduled activities weren't upgraded when installing a new version of Shavlik NetChk
- Modified Shavlik Agent behavior so that it operates on new agent policy immediately after receiving updated policies
- Fixed an issue where the Shavlik Agent wasn't able to be installed from the Machine Properties window
- Fixed an issue where the Save button wasn't available when changing agent policies in the machine properties window
- Modified Distribution Server behavior so that agent installs don't require full file synchronization to all Distribution Servers
- Fixed a bug where remote patch repositories weren't being updated properly
- Fixed an issue in the scan engine where the target system's Operating System wasn't being identified if the scan engine encountered a 'Server too busy - error 1726' event
- Fixed an issue in the SafeReboot window where the Snooze bar appeared when it wasn't configured to do so
- Fixed an issue where scheduled scans weren't respecting the 'run disconnected' setting in the Tools-Options menu
- Fixed a bug where deployments were failing if the target machine was removed from the machine group in which it was initially scanned
- Fixed an error that occurred when choosing to email scan status results from the machine summary window
- Fixed a bug where exporting report data containing no results caused an exception
- Fixed a bug in the machine group window where Tools-Export Text File was outputting XML instead of TXT
- Fixed a bug in the Deployment Detail report where the Bulletin Number and KB numbers weren't being displayed
- Added ability to perform patch scans and deployments to offline VMware Workstation, Server, and ESX Server images
- Fixed a bug where the agentless distribution server function did not respect primary vs secondary distribution server settings properly
- Fixed a bug where the stschedex.exe process might crash on a target system
- Changed the default configuration of the Safe Reboot dialog to remove the focus from the Reboot Now button so that it wouldn't inadvertently be pressed
- Fixed a bug that allowed users to upgrade with the Shavlik application already open. The user interface would not behave properly until all instances were closed
- Fixed a memory leak in the patch deployment function
- Fixed a bug where the 'rename' and 'delete' right click options weren't working properly when executed on items in the left navigator pane
- Fixed a bug where scans scheduled prior to Upgrade/Install continue to use old file version
- Fixed a bug where the deployment configuration screen allowed date and time changes when 'install immediately' was selected
- Fixed a bug where patch deployments failed on FAT32 systems
- Fixed a bug where a job was not displayed in the Schedule Task Manager for Windows Server 2008
- Fixed a bug that caused a crash when canceling an 'add credentials' request
- Fixed a bug where distributions servers may have failed to synchronize with the console if Role Based Administration was enabled
- Fixed a bug that caused the scan to fail and the scan status window to hang when scanning a large number of machines
- Fixed a bug where remediation template option was displayed twice in the 'Tools - Options - General - Navigator' window
- Fixed a bug where agent-based patch deployments would fail on Windows Server 2008 systems
- Updated the license key upgrade process so that Audit keys will maintain proper reporting/output options
- Fixed a bug where the 'filter by' function in the machine group window would fail to operate as expected
- Fixed a bug where Windows Server 2008 machines would display 'OS not known for SP1' in the machine centric view'
- Fixed a bug where a target system was told to reboot but would not reboot if no user was logged on
- Fixed a bug that prevented deployments from occurring on some systems due to incorrect ACLs on the windows\propatches folder
- Fixed a bug where large patch deployments failed with 'out of memory' messages
- Fixed a bug where 'download all patches' failed to operate
- Fixed an issue where stPatchAssessment.exe continued to run even after all patch scans completed
- Fixed a bug where agent policy creation would crash if passwords were supplied
- Fixed a bug where the version 6.0 dissolving scheduler failed to dissolve when performing remote deployments
- Fixed an error that caused target systems to display a crash for cl5.exe and/or stschedex.exe
- Fixed a bug that prevented 'deploy all missing patches' from operating when selected from scan items in left navigator
- Fixed a bug where sorting or grouping data by download icon or agent status in the Machine Centric View would make the relevant icons disappear
- Fixed a bug where copying a patch group would simply rename the selected patch group
- Fixed a bug where agent policies could not be edited if they were created in earlier versions of the product
- Fixed a bug where agent scan results were not appearing in the Machine Centric View
- Fixed a bug where the Machine Centric View would error when filtering by a large patch group
- Fixed a bug download icons would not appear for some patches after download new Shavlik XML files
- Fixed a bug where cross-domain deployments would fail with a message about invalid credentials
- Reverted behavior back to pre 6.0 functionality so the scan engine will respect both patch group and patch type filters specified in a scan template
- Modified the database conversion routine during the installation process to address the following issues
Notes: Customers that have successfully installed 6.0 and have not experienced the above issues do not need to to upgrade to this version. Customers who have installed 6.0 and are experiencing the above issues should contact firstname.lastname@example.org to obtain a standalone database repair tool as installing this version on top of an existing version 6 installation will not correct these issues.
- Corrected a database issue where in some cases it was not possible to remove selected machines from a machine group
- Corrected a database issue that might prevent deployments from occurring
- Updated the database conversion process to address an issue where some databases were not successfully converted during the installation process
Other New Features, Enhancements, and Bug Fixes:
- Added ability to scan systems where the systemdrive share (such as C$ or D$) has been disabled
- The 6.0 installation process will automatically migrate scheduled scans from 5.81 and later consoles
- Added support for deploying Microsoft Office patches and service packs when the Office application is a different language than the Operating System
- Removed support for the JET (MDB) database and included a new SQL database setup tool
- Updated safe reboot to display the countdown window on 64 bit systems
- Udpated safe reboot to display the countdown window on Vista systems
- Updated safe reboot to display the countdown window to the primary Terminal Service session
- Added ability to create a custom timeout period before reports are auto-emailed - to allow for all scan results to be uploaded to the database prior to sending the emailed report
- Improved console performance when launching the Netchk application which is connected to a database with large numbers of scans
- Improved overall PatchPush Tracker performance
- Enhanced report generation process to create large reports faster using less memory
- Added ability to install the application on Windows Server 2008 systems
- Enabled ability for users to see all created distribution servers
- Enabled users to view all email addresses
- Added ability to modify patch agents to only scan for certain patch types - based on registry key setting (2039)
- Modified scan results so domain name will be shown in domain column, rather than OU name, when scanning by OU
- Enhanced log maintenance. Patch scan and remediation logs (hf.log and pm.log) will not be overwritten during each scan or deployment. Logs will grow to a customizable max size (100 meg default) before starting a new log file. Prior log file is saved.
- Fixed a bug where the scan engine failed to retry authentication with the currently logged on credentials when the supplied credentials failed
- Modified scan engine behavior - when scanning for a specific set of patches (patch group), the 'patch type' filter will be disregarded
- Fixed bug where the PatchPush Tracker default listening port would not change when modified in the tools-options dialog
- Corrected safe reboot execution date attributes to respect international date formats
- Corrected an issue where attempting to import machine credentials for a machine group would fail
- Fixed an issue with auto-emailing the Patch Scan Summary report where the report would fail to generate when SQL Server authentication was used with the Shavlik database
- Modified Office Media Path to work whether a trailing backslash was included in the path or not
- Removed International Mode Download Center option as this capability has been fully integrated into the product
- Modified all Shavlik related service names to start with 'Shavlik'
- Fixed an error that occurred when importing large numbers of machine names to a machine group (greater than 10,000 machine names)
- Added support for managing machines names containing multibyte characters
- Corrected several bugs related to using SQL Server as the data repository for Shavlik scans
- Fixed a bug report rollup from children to master consoles was not working if the child console was using SQL Server as the data store
- Fixed a bug where the scan engine would slow down when scanning large numbers of systems
- Fixed a bug in report generation when using advanced filters and selecting Service Packs
- Fixed a bug where scheduled scans were not operating with the Shavlik Scheduler (they would only use the Microsoft scheduler)
- Fixed a bug in the Test Deployment function when testing against 32bit Vista systems
- Fixed a bug in the Shavlik Scheduler where CPU would rise to 100% if the scheduler was able to obtain the requested TCP port number
- Fixed a bug where the scan engine was failing to use the supplied proxy credentials
- Fixed a bug where scheduled scans were not functioning when the admin was logged off of the system hosting the NetChk console
- Fixed a bug in report generation for reporting by machine type
- Fixed a bug where several Service Pack entries failed to display download icons
- Fixed a bug where remote console synchronization would fail when missing specific data files
- Fixed a bug in the scan engine where scanning 'only for missing patches' would not return a scan result
- Fixed a bug where a text file containing a list of patches that was linked to a scan template did not function as a patch filter
- Fixed a bug where double reboots might occur in some instances
- Fixed a bug where credentials in nested groups weren't being used
- Corrected an error when testing credentials against a group of machines where incorrect credentials were supplied
- Fixed a bug where scanning for software distribution patches via a patch group might fail to scan as expected
- Corrected an issue where deploying patches via the Summary By Patch view would deploy patches to all machines whether the patch was needed or not
- Corrected an issue where scheduled reboots using SafeReboot would occur before the scheduled time
- Extended the spyware scan console timeout value from 10 minutes to 40 minutes. Also added a registry key value to the console machine to control this timeout. To modify this value, go to HKLM\SOFTWARE\Shavlik\HFNetChkPro4\GUI\Options and change the 'SpyWait' decimal value to the number of minutes you'd like to use for the scan wait process
- Fixed a crash when testing credentials associated with a machine group where both IP addresses and IP ranges where specified
- Updated the spyware scan engine to better handle low resource environments on client machines
- Enhanced the handling of sensitive information when this information was decrypted in memory