Previously Shavlik NetChk Configure and Shavlik NetChk Compliance

4.3.19.0

Released 1/10/2012

    Bug Fixes

    • Fixed issues with enforcing a check after a second scan on the same machine or a similar machine with the same OS
4.3.17.0

Released 10/25/2011

    New Features

    • Allowed for compatibility with UAC settings on new operating systems; users no longer need to right-click run application as administrator
    • Rebranded product to VMware vCenter™ Protect Essentials Plus - Configuration Management including graphics, logos, and product naming

    Deprecated Features

    • Deprecated the Security Best Practices Center
    • Deprecated ISO 17799/27002 Framework content within policies, reporting, and scan results filtering
    • Deprecated ISO/SOX Baseline

    Bug Fixes

    • Fixed issues with installation of pre-requisites
    • Fixed issues with automatic downloading of XML data files
    • Fixed engine issues with 2008 and 2008 R2 checks
    • Fixed issues checking audit subcategories checks on some newer operating systems
4.2.0.20

Released 12/30/2009

    New Features

    • Added support for installing the NetChk Configure Console on Windows 7 operating systems
    • Added support for installing the NetChk Configure Console on Windows Server 2008 R2 operating systems

    Bug Fixes

    • Corrected an issue with the database schema installer when upgrading from NetChk Configure 4.1 to NetChk Configure 4.2
    • Enhanced NetChk Configure to download the latest XML data automatically
    • Fixed an issue with password complexity checks on Domain Controllers
    • Address false positives on Windows XP systems
    • Corrected the format of credentials passes from console to target for RSOP checks
4.1.0.209

Released 10/6/2009

    Major New Features

    • Integrated with Virtual Machine Infrastructure: New integration with Virtual Machine Infrastructure to identify and add virtual machines to create or add to existing machine groups.
    • Added File Age Checking: Compares the file modification date to the current date.
    • Database Enhancements: Replace Microsoft Access as the backend database and add database maintenance tools

    Bug Fixes

    • Added standard policies to the left navigation panel on the home page
    • Restricted database naming convention to include alpha characters and number but excludes periods and spaces
    • Corrected Configure Desktop Icon so you can right-click to open the application
    • Fixed unhandled exception in Scheduled Jobs Edit if name has single quote
    • Fixed Custom Checks 'Make all check values the same' causing unhandled exception to be thrown
    • Resolved Configure 4.0 AuditEcho check failure if Registry Value Type is Set to REG_NONE
    • Added Password Complexity check when scanning Domain Controllers
    • Fixed issue with report of maximum security log size
    • Removed references to x64 C++ runtime prereq from the installreadme.txt file
    • Corrected Configure 4.1 showed wrong version number in Help -> About
    • Added the ability to see users in a group
    • Fixed error when Export Most Recent Scan Policy Compliance Detail report in xls or html format
    • Addressed large scans crash with compliance/configure
    • Updated report samples in the report gallery
    • Enhanced desktop icon to display correctly in Vista/Windows Server 2008
    • Fixed Nested Groups so Scan Results import correctly
4.0.0.45

Released 4/7/2009

    New Features and Enhancements:

    • Changed product name from NetChk Compliance to NetChk Configure to better align the product name with the value that it provides managing configuration settings and compliance auditing. Features to achieve and sustain compliance with internal policies and regulatory frameworks were not removed.
    • Added Shares scanning to provide details on Shares so potentially-exploitable security issues can be assessed.
    • Added Group Membership scanning to provide the details of User Groups on machines. This capability exposes potential extra members and excess privileges for group.
    • Added possible comparisons for services and audit settings to allow wider logic when setting policy. Options include allowing compliance for “not installed services” when policy requires the disabled condition or allowing for variations of audit comparisons such as success and failure.
    • Improved loading performance for policy when traversing the policy tree.
    • Added console installation support for x64 operating systems, including Vista and Windows 2008
    • Added support for SQL Server 2008.

    Bug Fixes:

    • Removed the 60 character limit for OU entries.
    • Improved scanning for user-based custom registry checks so scans would not hang.
    • Fixed engine issues with audit checks enforcement. Improved logic for custom registry keys so number comparisons performed as expected.
    • Improved special character handling (carriage return and line feed) for the login message checks.
3.1.0.144

Released 5/27/2008

    New Features and Enhancements:

    • Single File Policy Export: Create a policy that includes both built-in and custom checks. Export that policy as a single file. This feature provides for easier policy distribution and maintenance because all the checks that make up a policy are contained in one file rather than a series of files.
    • Expanded Built-In Checks: Expanded the number of built-in checks to include Require Password Complexity, Guest Account Status, Rename Guest Account, Administrator Account Status, Rename Administrator Account , Restricted Group Membership, and Vista audit subcategories.
    • Additional Custom Checks: Expanded the capabilities of the Custom Checks wizard beyond registry and services checks. The Custom Checks wizard feature can be used for user-defined checks for User Rights Assignment , File and Directory ACLs, Existence of an Item in the Registry, User-Based Registry Items, and Multi-String Registry Keys.

    Bug Fixes:

    • Addressed issue that prevented data updates for happening automatically
    • Resolved SQL 2005 lock out of users during the weak password check
    • Fixed patch and spyware data checks
    • Addressed unusual results reported when scanning a large number of machines
    • Fixed enforceable items not showing enforcement available in scan results
    • Resolved issue with Custom services checks not reporting the correct state
3.0

Released 8/21/2007

    New Features and Enhancements:

    • Change Management Feature Group: This group of features provides management and reporting options around changes to security policy and machine security state. The group includes such options as reports on machine and policy changes; user notes on policy, machine, scan, and enforcements; export of machine and policy changes to for change management/ticketing systems; out-of-compliance reports filtering; and on-screen machine scan and change history. These features manage the data and automate reporting for review and auditing of change management processes.
    • Custom Checks Wizard: With this wizard, users can define registry or services checks that are specific to their IT or security configuration requirements. Such items may include ensuring necessary services such as anti-virus are running or a specific configuration for the SNMP community string has been renamed, as required by PCI. The wizard approach allows users to quickly build with very limited key information checks that are tailored to their environment and even test the settings for correctness before including them in a policy.
    • Context-Sensitive Reporting: Reports are generated based on where users are when viewing compliance results in the application when they generate the report.
    • Start/Stop Services: Enterprises can turn off or turn on services as part of enforcement of their compliance policies. Previously, machines required a reboot to enforce starting or stopping a service as part of enforcement.
    • New Scan Processing: Changes to the underlying scan engine enable processing of individual machine scan results as they are returned to the console. Earlier versions of NetChk Compliance managed scan results as a single entity. If scans did not fully complete, either intentionally or unintentionally, the portion of the results that had been completed was also lost. This capability removes this "all-or-nothing" scan behavior.
    • File Link in Machine Groups: Enables customers to build and manage machine groups by linking to an external text file generated by an asset management system or other tools. Allows for more dynamic creation and management of machine groups. This file linking capability is also common to Shavlik's NetChk Protect product allowing for sharing of such linked files between Shavlik products.

    Bug Fixes:

    • IP range scanning issues addressed.
    • Corrected errors related to scanned account names with apostrophes in name.
    • Addressed regional settings issues.
    • Fixed cut and paste issues on policy dashboard.
2.1

Released 4/17/2007

    New Features and Enhancements:

    • Shavlik Policy Dashboard: The policy dashboard provides a high-level view of your policy compliance state and trends. It permits configuration and monitoring to view a specific policy as applied to a machine group; the dashboard shows the current state of compliance for the policy and also compliance trending over time. New policies for patch and spyware items allow additional specific views for these items also.
    • NIST 800-53 Framework: The controls framework used to address FISMA compliance is included and provides mappings to assist with FISMA compliance efforts. In addition, other frameworks are included such as Shavlik’s compliance checks categories and the ISO 17799 standard. Filters to view compliance checks, policy, scan results, and reporting allow drilldown into policy setup and compliance results using these various frameworks. New baselines incorporating best practices of the ISO 17799 and NIST 800-53 frameworks are also included.
    • Vista Hardening Guide and Compliance Checks: Windows Vista as a new operating system includes compliance checks, such as User Account Control, that are new to Vista and others that also exist from past operating systems. A new hardening guide in the Compliance Info Center focuses on Vista and provides insights into securing this new operating system.

    Bug Fixes:

    • Added Account Expires field to Local Account Summary report.
    • Removed no machines scanned message on cancelled scan.
    • Added option for improved scan performance by omitting account scanning of machines with large numbers of accounts.
    • Fixed .csv and .tsv file export issues on some reports.
    • Added notification if database is not available.
2.0.2

Released 7/17/2006

    New Features and Enhancements:

    • Shavlik NetChk™ Compliance – Audit Edition: The Audit Edition provides all the functionality of the full edition of the product including the ability to create, monitor and report on established policies, providing a comprehensive measure of the current state of your network
    • Shavlik NetChk™ Compliance – Operations Edition: The Operations edition provides access to the complete set of features in the Full Edition of the product, in addition to providing comprehensive policy enforcement capabilities. The Operations Edition does not include the integrated ISO 17799 security framework, which is a standard feature in both the Full and Audit Editions
    • Scheduled Scanning: This new feature allows the user to specify when and how often a scan should be run. It also provides the means of performing automated enforcement.
    • Import and Export Policies: This feature allows the user to export as well as import any policy, which will be beneficial to customers who have multiple installations of the application (i.e. Operations and Audit), and want to share polices that are already developed and approved.
    • 110 Additional New Security Configuration Checks

    Bug Fixes:

    • None for this release

What's New

October Patch Tuesday Round-Up
Microsoft had a rough month.  Instead of the nine announced bulletins they ...

No POODLES Allowed! How to Avoid the POODLE Vulnerability
Ever wonder why poodles seem so evil? Maybe it is because of the pretentiou...

Patch Tuesday Advanced Notification October 2014
Microsoft has announced 9 bulletins for October 2014, three of which are ra...