Dell Security Management Server Technical Advisories v11.1.1 July 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
Contents Chapter 1: Dell Security Management Server Technical Advisories................................................ 6 Contact Dell ProSupport....................................................................................................................................................6 Resolved Technical Advisories v11.1.1............................................................................................................................. 6 New Features and Functionality v11.1.0.............
New Features and Functionality v10.2.2...................................................................................................................... 19 Resolved Technical Advisories v10.2.2.........................................................................................................................20 Technical Advisories v10.2.2...........................................................................................................................................
Technical Advisories v9.0................................................................................................................................................38 Resolved Technical Advisories v8.5.1........................................................................................................................... 39 Technical Advisories v8.5.1.............................................................................................................................................
1 Dell Security Management Server Technical Advisories Contact Dell ProSupport Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support. Online support includes drivers, manuals, technical advisories, FAQs, and emerging issues. Be sure to help us quickly connect you to the right technical expert by having your Service Tag or Express Service Code available when you call.
New Features and Functionality v11.0.1 ● For Passwordless Authentication and information about configuring Dell Encryption Enterprise to authenticate with Windows Hello, see KB article 188216. Management Console ● In Populations > User Groups, after clicking a group name and selecting the Members tab, the administrator can now click an Export File button to export the list of members within a User Group.
○ In Services Management > Events Management tab, an Enable Threat Events checkbox ensures that the Threat Events tab displays in Populations > Enterprise or Populations > Endpoints > Details & Actions tab > Endpoint Detail. Under the Threat Events tab, Web Protection and Client Firewall are listed under the Threat Prevention group. [DDPS-10095] ○ An issue is resolved so that when attempting to load an existing domain within the Dell Security Management Server running 11.0.
New Features and Functionality v10.2.13 ● A web-based portal, the Dell Data Security - Self-Service Recovery Portal tool that is hosted by the Dell Security Management Server, allows administrators with specific roles to recover devices that are managed by BitLocker. Roles include Self-Service Recovery, System, Security, and Help Desk administrators. Resolved Technical Advisories v10.2.13 ● In the Security Server, SSOS activation is no longer failing for v 10.2.11 and later.
○ The legacy management console has been deprecated. The legacy login and corresponding URLs are no longer available. ○ Microsoft Edge (Chromium) is supported. ○ For newly deployed Security Management Servers, the Sync Users at PBA Activation policy in the Pre-Boot Authentication policy group is now enabled by default to sync all active user accounts to the PBA during activation.
New Features and Functionality v10.2.11 ● SQL Server 2019 is now supported. ● Microsoft Edge is now supported. ● The Security Management Server may have issues with UI elements for Internet Explorer 11. Due to the lack of support for modern web engines, Internet Explorer 11 will no longer be supported. ● The Security Management Server is compatible with the Microsoft requirement for LDAP channel binding and LDAP signing when Active Directory is in use.
● In the Management Console > Management > Services Management > Events Management, an issue has been resolved where the Security Server logs displayed recent events but would not export events when an unexpectedly older event was discovered. [DDPS-9662] ● Administrators with the Help Desk role can no longer remove endpoints that are presented within an endpoint's Details and Actions tab. [DDPS-9698] ● Advanced Threat Events once again can search by hostname or SHA256 hash.
The auditdb.size.NotificationPercentage property is now included inApplication.properties of the Security Server to manage the size of the Advanced Threat Prevention Audit database. The auditdb.size.percentage property is the cleanup threshold. When this percentage of the database is exceeded, after the auditdb.clear.cron is activated, the percentage of total space is calculated. The auditdb.clear.cron default value is every two hours. If the auditdb.size.
● The Security Management Server can now be configured to allow non-domain activations. If your environment requires this activation workflow, see KB article SLN306341. [DDPS-9531, DDPSUS-2578] ● Added 12/2020 - Microsoft Edge is supported. [DDPS-9814] Resolved Security Advisories v10.2.10 ● An issue allowing remote deserialization of data through an RMI interface is resolved. For more information, see KB article SLN320536.
● New installs of the Security Management Server now listen on TLS 1.2 by default for all Java-based services, including Dell Security Server, Dell Device Server, and Dell Compliance Reporter Server. Note that the Dell Core Server is not configured by default to use TLS 1.2 on new installs to avoid introducing compatibility issues with other applications that may exist on the same server.
1. Navigate to Management > Notification Management. 2. Select Send Test Email. 3. Specify the email to test and select Send Email. If the email passes through the Dell Server successfully, the following results screen displays. The following is an example of successful test email.
● The Data Guardian web portal can now be activated through a Security Management Server front end server. See Data Guardian Windows, Mac, Mobile, and Web Administrator Guide for requirements of activating the Data Guardian web portal against a Security Management Server. Resolved Technical Advisories v10.2.7 ● ● ● ● ● ● ● ● ● ● ● ● An issue resulting in the inability to log into the Data Guardian web portal is resolved.
● If an existing email notification is modified then saved, the next new email notification inherits the previous notification's modifications. [DDPS-8881] ● Scheduled reporting emails send 30 minutes later than their scheduled time. [DDPS-8888] ● If an administrator's password contains double quotations, password validation fails and the following message displays: Credentials are invalid. Please verify the logon and password.
● Resolved an issue where the Security Management Server's Core Server, ACL Service, and Key Server would not start after a reboot. For more information, see https://www.dell.com/support/article/us/en/04/sln316840. [DDPS-8522] Technical Advisories v10.2.4 ● No technical advisories exist. New Features and Functionality v10.2.3 ● Administrators can now manage keys in the Management Console. To find/change the owner for a key: 1. 2. 3. 4. In the left pane, navigate to Management > Data Guardian Management.
Resolved Technical Advisories v10.2.2 ● The Security Management Server now validates the version of Microsoft Visual C++ 2013 version 12.0.40660. If this version is not found, the installer exits. Please validate this version is installed before installing the Security Management Server. [DDPS-8010, DDPSUS-2437] ● Translation consistency is improved.
○ Time, will schedule the time based upon your current location. ○ Schedule Details page shows the date sent, schedule, next send, etc. Resolved Technical Advisories v10.1 ● A forensic key bundle download using the Administrative Download Utility (CMGAd) now succeed for endpoints with large key sets based on a high number of activations.
Technical Advisories v10.0 ● Audit Events with pins per object counts close to 500 cause the management console to become unresponsive for some time. To work around this issue, modify the search scope to reduce the count below 500 consolidated events. [DDPS-7430] New Features and Functionality v9.11 ● Below are the requirements for SQL permissions. The current user performing the installation and the services must have local administrator rights.
To enable, the administrator must modify the InventoryObjects.config file which is located in < C:\Program Files\Dell\Enterprise Edition\Core Server\> by default. the section to change is :
New Features and Functionality v9.8 ● Security Management Server now supports the Data Guardian web client. Based on policy, internal and external users can view and edit protected Office documents and .xen files, with Print Control, Block Copy, and Embargo features, without installing the full Data Guardian client on their computers. The administrator runs a quick installation to set up a virtual machine that hosts the web client and communicates with the Dell Server.
● The "Certificate" type is now populated in the Type of Notification column of the All Notification Report in Compliance Reporter. [DDPS-5217] ● Upgrade no longer fails when the Run As Service account is changed during the upgrade. [DDPS-5226] ● Audit events can be exported to a SIEM/syslog server with TLS/SSL over TCP, with the following configuration changes: To use TLS/SSL, the syslog server must be configured to listen for TLS/SSL messages.
{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/ audit-export.log"},"exportToSyslog": {"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellServer.yourdomain.com" ,"port":"5540"}}} [DDPS-5234] Resolved Customer Issues ● An issue is resolved that resulted in a license import failure with an error in the Security Server log that the system cannot find the \AppData\Local\Temp\ folder.
● Endpoint Group Precedence can now be modified using drag-and-drop functionality. This functionality applies to AdminDefined, Rule-Defined, and Active Directory but not System-Defined Endpoint Groups. Precedence of System-Defined Endpoint Groups for new installations and upgrades is as follows: Highest precedence is given to Non-Persistent VDI followed by Persistent VDI Endpoint Group. Lowest precedence is given to Default followed by Opt-in Endpoint Group.
[DDPS-2889] ● An issue is resolved that resulted in an intermittent Internal Error in the Remote Management Console. [DDPS-4446] ● SSL/TLS protocols for Compliance Reporter are now configurable in the eserver.ssl.protocols property in the reporter/ conf/eserver.properties file and are preserved during backup/restore operations. [DDPS-4547] ● An issue is resolved in the French Remote Management Console that resulted in an internal error when accessing the Dashboard.
● The installer error message that occurs when a hostname includes an underscore, which is not allowed, is now more specific. [DDPS-3902] ● A data access error no longer occurs in the Remote Management Console when the default language of a SQL profile is not English. [DDPS-4349] ● A non-domain endpoint is no longer reported as unprotected in the Remote Management Console if the user has logged in more recently than other users on an endpoint and that user has a pending or incomplete encryption sweep.
○ A callback beacon can be inserted into every protected Office file, when the beacon server is installed as part of the Front End server installation. ● As of v9.4.1.6,Dell Enterprise Server supports Advanced Threat Prevention on Mac computers. Advanced Threat Prevention provides real-time threat detection by analyzing potential file executions for malware in both the operating system and memory layers to prevent the delivery of malicious payloads.
4. In the Remote Management Console, navigate to view policy at the level where the Error Validating Policy previously occurred, and note the policy name identified in the error. 5. Correct the policy value formatting, and click Save. 6. In the left pane, click Management > Commit, enter the policy change description, and click Commit Policies. 7. If desired, change the StrictValidation property value from false back to true, to re-enable policy validation. [DDPS-4779] New Features and Functionality v9.4.
● The Alerts Management menu item in the Remote Management Console has been renamed to Notification Management. ● Dell Enterprise Server installations are no longer supported on 32-bit operating systems. Resolved Technical Advisories v9.4 ● The installer no longer accepts underscores in host names. An underscore character ("_") in either the Compatibility Server host name or Security Server host name causes connection to that Server to fail.
Technical Advisories v9.4 ● After Dell Enterprise Server and DDP Enterprise Server - Virtual Edition installation, the Remote Management Console displays "1 Uncommitted Override," indicating a pending policy commit. The policy represents an internal setting. To work around this issue, commit policies after installation. In the left pane, click Management > Commit, enter the description, "Initial commit," and click Commit Policies.
● When retrieving the BitLocker Manager recovery password in the Remote Management Console for more than one volume, the first recovery password is now cleared before second and subsequent BitLocker volumes are selected. [DDPS-1808] ● Uninstallation with setup.exe no longer requires reboot. [DDPS-1839] ● At the end of Server installation, the check box next to Show windows installer log is now visible.
● "Override Count" is truncated on the Endpoint Security Policies tab in the Spanish, Italian, French, Portuguese, and Brazilian Portuguese Remote Management Console. [DDPS-2843] ● The AdminHelp icon is not available from the Remote Management Console login screen. [DDPS-2858] ● The Remote Management Console User Detail tab displays the Effective Policies icon for mobile devices although effective policies do not apply to mobile devices.
New Features and Functionality v9.1 ● Forensic Administrator rights for a User Group can now be delegated by the Superadmin or Security Administrator to a member of the User Group. ● Server Encryption is now supported, featuring port control and removable storage encryption as well as support for maintenance scheduling, which allows control over enforcement of policies that require reboot.
● If Compliance Reporter default reports have been customized prior to upgrade, the previous version of customized reports must be restored in order to continue to use them. However, after the previous version is restored, new reports included in the upgrade are not available. [DDPMTR-870] ● When a self-signed certificate is created at installation, the certificate is valid from a time approximately six hours later than the installation time, rather than being immediately valid.
● ● ● ● ● executable that is added does not display until the rule is closed then reopened. [DDPSTE-414, DDPSTE-415, DDPSTE-421, DDPSTE-426, DDPSTE-430, DDPSTE-431, DDPSTE-437, DDPSTE-443] In the Remote Management Console, when Client Firewall rules are added, the Add dialog occasionally freezes when incorrectly formatted values are entered. To work around this issue, click the close button in the upper right corner of the dialog then click the Add button under Specify Networks to reopen the dialog.
○ A new Cloud Users report displays enrollment and remote wipe information about Dropbox for Business users. ○ New filtering options are available with the Cloud Edition Encrypted Files/Actions report to provide greater customization of event and key management detail. ○ The Device Detail report now includes a field to indicate devices that have self-encrypting drives installed. ● Dell Enterprise Server v8.5 has been validated with VMware ESX/ESXi 5.5. Resolved Technical Advisories v8.
New Features and Functionality v8.3 ● The Dell Identity Server is now embedded in the Enterprise Server installer and no longer must be manually created. It can be installed in conjunction with Enterprise Server or separately, using the Custom Installation option. ● Reliability is improved through performance optimizations, transfer of features previously present in the Document Store to the relational database, and removal of Document Store. Resolved Technical Advisories v8.
1. At www.dell.com/support, search "HCA recovery" to find the knowledge base article associated with this issue. Download the attached ZIP file, which contains the updated LSARecoveryLibDll.dll. 2. Stop the Core Server, Security Server, and Console services. 3. Copy LSARecoveryLibDll.dll to the following components' installation directories: Core Server, Security Server, and Console. 4. Restart the Core Server, Security Server, and Console services. [DDPS-468] New Features and Functionality v8.
Resolved Technical Advisories v8.0 ● Forensic Mode is now automatically set by default in both the Security Server and Device Server. Forensic Mode is enabled on back-end servers and disabled on front-end servers. These settings are placed appropriately upon installation. ● Templates can now be applied only at the Enterprise level. ● Group priority settings in the Remote Management Console to control policy arbitration now work as expected. Resolved Technical Advisories v7.7.
This release adds the Dell Message Broker Service to optimize Dell Enterprise Server communications. Dell Compliance Reporter Two new fields have been added to the Dell Compliance Reporter's Device Details Report for up-to-date reporting capabilities when using Dell Data Protection | Mobile Edition.
2 Default Policy Changes Default policy value changes in new Dell Server versions do not affect Server migrations. This prevents unexpected changes to existing environments. If you need to apply the new default values, you must manually change and commit the policy after migration is complete. CAUTION: Carefully plan changes to default policy values, taking into account their effects on all groups, endpoints, or users to which the policy applies.
Endpoint Security Suite Enterprise Default Policy Changes The following Endpoint Security Suite Enterprise policies' default values are changed. Table 4. Security Management Server or Security Management Server Virtual v9.8 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value Advanced Threat Prevention No policies' default values Not applicable changed in v9.8. New Default Value Not applicable Table 5. Enterprise Server or VE 9.
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Agent\x86\policyupgrad e.exe \Program Files\McAfee\Agent\x86\UpdaterUI.ex e \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe \Program File
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fehidin.exe \Program Files\McAfee\Endpoint Security\
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfem ms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfev tps.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsi nfo.exe \Program Files\McAfee\Endpoint Security\Endpoint Securit
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\McScript_InUse.exe \Program Files\McAfee\mctray_back.exe \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConso
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m msinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\v tpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\aacin fo.exe \Program Files (x86)\McAfee\E
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewcui.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\McAfee_Web_C ontrol_x64.msi \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\setupWC.exe \Program Files (x86)\McAfee\Endpoint
