Dell Security Management Server Virtual Technical Advisories v11.0.0 May 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2021 Dell Inc. All rights reserved.
Contents Chapter 1: Dell Security Management Server Virtual Technical Advisories..................................... 6 Contact Dell ProSupport....................................................................................................................................................6 New Features and Functionality v11.0.0........................................................................................................................ 6 Resolved Technical Advisories v11.0.0.....................
Resolved Technical Advisories v10.1..............................................................................................................................19 Technical Advisories v10.1............................................................................................................................................... 20 New Features and Functionality v10.0.........................................................................................................................
New Features and Functionality v8.2.3........................................................................................................................ 41 Resolved Technical Advisories v8.2.3........................................................................................................................... 41 Technical Advisories v8.2.3.............................................................................................................................................
1 Dell Security Management Server Virtual Technical Advisories Dell Security Management Server Virtual is an all-in-one management solution that includes a management console, integrated database, and key management system. The Dell Server runs in a virtual environment and is targeted for the small or midsized enterprise with an existing VMware environment.
Resolved Security Advisories v11.0.0 ● No security advisories exist. Technical Advisories v11.0.0 ● No technical advisories exist. New Features and Functionality v10.2.14 ● With a global shift to inclusive language, several terms and expressions have been updated. ● Lengthy lists of policies within policy groups have been restructured to improve readability and access. [DDPS-9667] ● Security Management Server Virtual now runs Ubuntu 18.04 as the core operating system.
Resolved Technical Advisories v10.2.13 ● In the Security Server, SSOS activation is no longer failing for v 10.2.11 and later. [DDPS-9843] ● An issue has been resolved so that the Server Configuration Tool is now updating service configuration files and the files are properly signed. [DDPS-9904] ● Management Console: ○ Null Pointer Exception handling has resolved an issue where a blank search or search for a specific device returns NaN for the number of endpoints. Now, information displays.
○ The Device Detail report in Reporting > Manage Reports > Create New Report > Device Detail, contains a new column titled Enabled Technologies. Resolved Technical Advisories v10.2.12 ● Management Console: ○ On the Endpoint Detail page > Details & Actions tab, the States section now displays only the disks present in the last inventory that is received from the endpoint. Historical data regarding disks is retained but no longer displays.
New Features and Functionality v10.2.11 ● SQL Server 2019 is now supported. ● The Security Management Server Virtual is compatible with the Microsoft requirement for LDAP channel binding and LDAP signing when Active Directory is in use. ● Licenses purchased on-the-box can now be bulk-inserted with a .csv file. To obtain this file, contact your Dell Security sales representative or Dell Security support.
Resolved Security Advisories v10.2.11 ● Several Java-based vulnerabilities have been resolved. [DDPS-9101, DDPS-9332] Updates are to these versions: ○ Java Version: 1.8.0.241 ○ Jetty Version: 9.4.25 ● Technical Advisories v10.2.11 ● In the Management Console, if endpoints display without Serial Number, the administrator must set the following: ○ UseBiosSerialNumber entries within the InventoryObjects.
If the auditdb.size.NotificationPercentage value is exceeded, a notification of the cleanup displays the Security Management Server Virtual and the duration defined in auditdb.cleanup.delete.hours is used to clean up the data in the ddp_audit database below the auditdb.size.percentage threshold.
● The Security Management Server Virtual can now be configured to allow non-domain activations. If your environment requires this activation workflow, see KB article SLN306341. [DDPS-9531, DDPSUS-2578] ● Added 12/2020 - Microsoft Edge is supported. [DDPS-9814] Resolved Security Advisories v10.2.10 ● An issue allowing remote deserialization of data through an RMI interface is resolved. For more information, see KB article SLN320536.
Upgrading the Security Management Server Virtual does not change these by default to avoid any compatibility issues with currently connecting devices. For information on modifying the SSL/TLS accepted protocols for existing Security Management Server Virtual installs, and for information on securing the Dell Core server, a Microsoft .NET based service, see KB article SLN313386. Resolved Technical Advisories v10.2.
3. Specify the email to test and select Send Email. If the email passes through the Dell Server successfully, the following results screen displays. The following is an example of successful test email.
Resolved Technical Advisories v10.2.7 ● ● ● ● ● ● ● ● ● ● Authentication processes around the Dell Server's message broker is improved. [DDPS-8456] Services are hardened to improve security posture. [DDPS-8487, DDPS-8689, DDPS-8740] An issue resulting in an inaccurate number of policy overrides displaying is resolved. [DDPS-8492] When changing priority values for Content Based Protection, all values populate and remain as expected.
New Features and Functionality v10.2.5 ● No new features or functionality exist. Resolved Technical Advisories v10.2.5 ● Search performance for Advanced Threat Events and Audit Event data has been improved. [DDPS-8342, DDPS-8373] ● The default version of PostgreSQL has been updated to resolve third-party vulnerabilities. The PostgreSQL service leveraged by the Security Management Server Virtual is rebranded to Dell PostgreSQL 10.7.
New Features and Functionality v10.2.3 ● Administrators can now manage keys in the Management Console. To find/change the owner for a key: 1. 2. 3. 4. In the left pane, navigate to Management > Data Guardian Management. Select the Key Management tab. Enter the keyid and click Find Owner. The owner displays in the Current Owner field. In the New Owner field, enter the email address of the new owner and click Change Owner. To 1. 2. 3. 4. 5. 6.
● An issue resulting in the following error message is resolved: Return code of 127 for check of service on host 'localhost' was out of bounds. Make sure the plugin you're trying to run actually exists. [DDPS-8295] Technical Advisories v10.2.2 ● No technical advisories exist. New Features and Functionality v10.2.1 ● Audit data for blocked print screen events, blocked processes events, and blocked prints events are now displayed in the Management Console.
● An issue resulting with a customer unable to run Advanced Threat Prevention reports while using the compliance reporter due to low memory has been resolved. [DDPS-7386, DDPSUS-2341] ● Selections made in the Audit Events page are now saved after a user navigates away from the page. [DDPS-7445] ● Servers with large amount of events from Advanced Threat Prevention may experience high memory usage on the Dell Security Management Server or Dell Security Management Server Virtual.
New Features and Functionality v9.11 ● Starting with Dell Security Management Server Virtual 9.11.0, software updates will be pulled from a Dell-hosted Debian repository. Development OVA builds are configured to pull from the development Debian repository. Production OVA builds are configured to pull from the production Debian repository ● Operating system has been upgraded to Ubuntu 16.04.3 Long Term Support. ● Python interpreter used to drive the Administration Console has been upgraded to 3.5.2.
Includes 'Version History' widget that displays versioned database schema changes. Data comes from the 'information' table and is sorted by time, with newest version on top. ○ UI elements are now localized. Not just the EULA text. ○ Current time zone setting will be selected automatically when the form is displayed ○ Administrator Console has been added as a sub-menu under View Logs ■ Resolved Technical Advisories v9.
Resolved Technical Advisories v9.10 ● The "Enable Digital Signature Check" box in the WebUI now blocks the user from adding any text. [DDPS-5857] ● An issue that resulted in an error message during installation of Security Management Server with TLS 1.0 and TLS 1.1 disabled on the target SQL has been resolved. [DDPS-5982] ● Resolved an issue with the Dell Security Management Server Virtual would stop responding to requests to the server.
● A notification for a successful bulletin pull will now appear for the first successful bulletin pull after a bulletin pull failure. [DDPS-4811] ● Precedence changes for Endpoint Groups and User Groups are now displayed in the Log Analyzer. [DDPS-5024] ● AdminHelp and Compliance Reporter Help have been updated with Administrator Roles changes. The System role is marked as being able to "Manage Data Guardian external user key requests".
● A new Web Protection policy allows administrators to block more than 100 specific categories of information. ● Administrators can now bulk upload and import a CSV list of Users to add to Admin-Defined User Groups. User Group priority can now be modified using drag-and-drop functionality. ● The License Management page now displays On the Box Licenses Collected, with the relevant Service Tags. ● Pre-Boot Authentication policies now display in the Authentication Technology Group on the Security Policies tab.
sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem sslPassword = 2. Restart the Splunk server. After the restart, splunkd.log will have entries similar to the following: 07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol 07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.
Technical Advisories v9.8 ● Added 01/2018-Advanced Threat Event results are automatically limited to the first 10000 results. This will resolve issues where Advanced Threat Events were not properly displaying when selecting the tab within the Dell Security Management Server ● To block all PowerShell scripts with Advanced Threat Prevention, both the PowerShell and PowerShell Console policies must be set to Block.
● The Error Validating Policy dialog that displays when an updated policy value fails validation now includes the related policy name. [DDPS-4812] ● The Data Guardian policy, Enable Callback Beacon, is now disabled by default. [DDPS-4985] ● Advanced Threat Event Dashboard Notifications are now properly categorized by Type. [DDPS-4994] ● VE updates now succeed as expected. [DDPS-5130] ● Localizations of Remote Management Console and the VE terminal are improved.
New Features and Functionality v9.6 ● VE is now supported with VMware Workstation 12.5. ● VE now supports Advanced Threat Prevention and Encryption on persistent and non-persistent VMware and Citrix VDI clients. ● Secure Lifecycle audit events logs can now be exported to SIEM. ● New Server Encryption policies allow the administrator to configure the maximum number of attempts and retry interval for connection to the Dell Server. ● Remote PBA management of local user accounts is now available.
● DDP Enterprise Server - VE now supports Secure Lifecycle. Secure Lifecycle provides data security, wherever it goes data at rest, data in motion and data in use - through encryption. Data Loss Prevention (DLP) ensures no data is lost in motion or in flight, while Data Rights Management (DRM) defines access and usage control. Additionally, file monitoring provides detailed data usage visibility to support forensics needs.
Technical Advisories v9.5 ● Amended 7/2017 - The Remote Management Console Login button may be disabled in Google Chrome or Internet Explorer on Server 2012. To work around this issue, clear the browser cache and then attempt login or use Mozilla Firefox 41.x or later. [DDPS-4558] ● Advanced Threat Prevention policies are not properly validated if their values are not enclosed in double quotes (") and contain wildcards or special characters, including commas (,), brackets ([ ]), and tildes (~).
● An error now alerts the administrator that special characters are not allowed in ddpuser, ddpconsole, or ddpsupport passwords. Special characters in these passwords may cause authentication issues with VE services. [DDPS-3357] ● The Inventory Received field on the Endpoint Detail page of the Remote Management Console is now populated upon activation of an endpoint.
● Logging is improved for the error that results when a user with duplicate UPNs in the Dell Data Protection database attempts to log in to the Remote Management Console. [DDPS-3578] ● Logging is improved for the error that results when searching for a user whose group name includes a special character. [DDPS-3587] ● The Common Encrypted Folders policy is now correctly applied to %ENV:USERPROFILE%\Downloads.
New Features and Functionality v9.2 ● DDP Enterprise Server - VE now supports Advanced Threat Prevention. Advanced Threat Prevention provides real-time threat detection by analyzing potential file executions for malware in both the operating system and memory layers to prevent the delivery of malicious payloads. Control of execution at the endpoint allows for accurate and effective detection of malicious threats - even those that have never been seen before.
● Inventory polls for managed clients have been reduced from twelve to two hours to more accurately reflect status changes. [DDPS-2371] ● After a certificate request is successfully created in the VE Terminal, returning to the Create Certificate Request screen no longer returns the user to the shell prompt. [DDPS-2405] ● The Server Encryption identity certificate is now preserved when restoring from a pre-v9.1 backup.
● If an invalid hostname is entered during Advanced Threat Prevention Service setup, a timeout occurs. To work around this issue, click OK in the Timeout dialog to return to the Services Management page. Verify the hostname, and begin Advanced Threat Prevention Service setup again. [DDPS-3019] ● Email alerts of Advanced Threat Prevention events are not being sent. [DDPS-3031] ● When upgrading a VE Server to v9.2, after it was previously upgraded to v8.2.
Resolved Technical Advisories v9.1 ● When Client Firewall rules are added or edited in the Remote Management Console, Custom EtherType now accepts only four characters, and values entered into the Domain name field are now validated. [DDPMTR-528, DDPMTR-732] ● In the Remote Management Console, when Core Networking rules are added or edited, the Connection types field is now locked as expected and cannot be edited.
New Features and Functionality v9.0 ● VE now supports Endpoint Security Suite with an extensive set of new policies and Compliance Reporter reporting options. Endpoint Security Suite includes the following: ● Malware Protection ● Client Firewall ● Web Protection ● DDP|E Encryption ● SED Management ● Advanced Authentication ● BitLocker Manager ● Capability is added to update self-signed certificates through the VE Terminal user interface. Resolved Technical Advisories v9.
executable that is added does not display until the rule is closed then reopened. [DDPSTE-414, DDPSTE-415, DDPSTE-421, DDPSTE-426, DDPSTE-430, DDPSTE-431, DDPSTE-437, DDPSTE-443] ● In the Remote Management Console, when Client Firewall rules are added, the Add dialog occasionally freezes when incorrectly formatted values are entered. To work around this issue, click the close button in the upper right corner of the dialog then click the Add button under Specify Networks to reopen the dialog.
usn-2364-1/). As a matter of best practice, customers (and field teams) should always take VE updates or sustaining releases. [DDPS-1368] Technical Advisories v8.5 ● In Compliance Reporter, results of generated report views and plugin data are not retained after VE is updated. [DDPS-1155, DDPS-1156] New Features and Functionality v8.4 ● DDP Enterprise Server - Virtual Edition now supports new Cloud Edition policies that offer expanded protection and management options.
If Internet Explorer is set as the default browser when the user activates against VE, the user must change the default browser to Google Chrome or Mozilla Firefox then activate against VE again. [DDPS-765] New Features and Functionality v8.2.3 ● DDP Enterprise Server - Virtual Edition now supports VMWare Workstation 10. Resolved Technical Advisories v8.2.3 ● When the task to enable remote database access is canceled with no changes, the selection is now cleared in the Enable Database Remote Access field.
● When restoring from backup, the Inventory Server service now properly restarts without dependence on a VE Server reboot. [DDPS-132] ● When VE Server is started, if a VE Server update is available, a notification of the update displays. [DDPS-139] ● The update notification and password change emails now include the correct hostnames of the VE Servers from which they originate.
2 Default Policy Changes Default policy value changes in new Dell Server versions do not affect Server migrations. This prevents unexpected changes to existing environments. If you need to apply the new default values, you must manually change and commit the policy after migration is complete. CAUTION: Carefully plan changes to default policy values, taking into account their effects on all groups, endpoints, or users to which the policy applies.
Endpoint Security Suite Enterprise Default Policy Changes The following Endpoint Security Suite Enterprise policies' default values are changed. Table 4. Security Management Server or Security Management Server Virtual v9.8 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value Advanced Threat Prevention No policies' default values Not applicable changed in v9.8. New Default Value Not applicable Table 5. Enterprise Server or VE 9.
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Agent\x86\policyupgrad e.exe \Program Files\McAfee\Agent\x86\UpdaterUI.ex e \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe \Program File
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fehidin.exe \Program Files\McAfee\Endpoint Security\
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfem ms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfev tps.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsi nfo.exe \Program Files\McAfee\Endpoint Security\Endpoint Securit
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\McScript_InUse.exe \Program Files\McAfee\mctray_back.exe \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConso
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m msinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\v tpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\aacin fo.exe \Program Files (x86)\McAfee\E
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewcui.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\McAfee_Web_C ontrol_x64.msi \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\setupWC.exe \Program Files (x86)\McAfee\Endpoint