Dell Security Management Server Technical Advisories v10.2.13 December 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
Contents Chapter 1: Dell Security Management Server Technical Advisories................................................ 6 Contact Dell ProSupport....................................................................................................................................................6 New Features and Functionality v10.2.13...................................................................................................................... 6 Resolved Technical Advisories v10.2.13..................
Resolved Technical Advisories v9.11.............................................................................................................................20 Technical Advisories v9.11............................................................................................................................................... 20 New Features and Functionality v9.10.........................................................................................................................
New Features and Functionality v8.0...........................................................................................................................40 Resolved Technical Advisories v8.0..............................................................................................................................40 Resolved Technical Advisories v7.7.2...........................................................................................................................40 Technical Advisories v7.7.
1 Dell Security Management Server Technical Advisories Contact Dell ProSupport Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support. Online support includes drivers, manuals, technical advisories, FAQs, and emerging issues. Be sure to help us quickly connect you to the right technical expert by having your Service Tag or Express Service Code available when you call.
Resolved Security Advisories v10.2.13 ● No security advisories exist. Technical Advisories v10.2.13 ● Management Console: ○ Currently, when the administrator performs a mass import to an administrator-defined Endpoint Group and case does not match exactly, the import fails. [DDPS-9967, DDPSUS-2891] ○ Currently, the Security Management Server does not properly update the Directory URL in the Domain Settings tab to display LDAPS when a Secure LDAP connection is being leveraged.
○ In Endpoint Detail > Details & Action > Plugins & Agent, only those plugins from the last check-in on the endpoint display. The plugins displayed change when the plugin's state is changed from any State (Active, Available) to Not Present or the reverse.
● The APNS (Apple Push Notification Server) database tables, which are used for iOS device support, have been removed. [DDPS-9453] ● The MDM (mobile device support) database tables have been removed. [DDPS-9454] ● When sending an email through JavaMail in the Management Console > Notification Management page, the Console sends the email as anonymous. Updating to the latest version of JavaMail resolved the issue.
The client and the agent must then update to use the AssetTag field instead of the Serial field that is stored in DeviceData:UseBiosSerialNumber entries. [DDPS-9619] ● Log Analyzer does not have the ability to filter using a start and end time. [DDPS-9637] ● Report emails scheduled through the Management Console > Reporting > Manage Reports feature do not localize the email subject properly for Japanese and Korean languages.
Resolved Technical Advisories v10.2.10 ● All instances of Data Guardian are removed from the License Management page. [DDPS-9367] ● The Management Console's About page now properly displays Disconnected Mode when Disconnected Mode is in use. [DDPS-9369] ● PBA Device Control commands now function as expected. [DDPS-9373] ● The Management Console now times out as expected after 30 minutes of inactivity.
Technical Advisories v10.2.10 ● In rare circumstances, unaccepted policies do not display an error. As a work around, check the Security Server logs for Invalid Values. [DDPS-9501, DDPS-9534] ● If the common name of a user is changed at the Domain Controller level, the Management Console does not reflect the new name. [DDPS-9510] ● If an existing email notification is modified then saved, the next new email notification inherits the previous notification's modifications.
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● The correct error message now displays when adding a domain with an invalid port number. [DDPS-6263] In License Management, the correct tooltip now displays when the license pool is exceeded. [DDPS-7176] All text now displays properly when adding or modifying Endpoint Groups or User Groups. [DDPS-7177] The German and French Event Managements page now properly displays.
If the email passes through the Dell Server successfully, the following results screen displays. The following is an example of successful test email. ● The Data Guardian web portal can now be activated through a Security Management Server front end server. See Data Guardian Windows, Mac, Mobile, and Web Administrator Guide for requirements of activating the Data Guardian web portal against a Security Management Server. Resolved Technical Advisories v10.2.
● ● ● ● ● Selected mobile devices can be removed from Populations > Endpoints as expected. [DDPS-8853] In Populations > Endpoints, Export File as an Excel document now functions as expected. [DDPS-8857] New email notifications no longer inherit modifications to existing email notifications. [DDPS-8881] Scheduled reporting emails now send at their scheduled time. [DDPS-8888] Manage Reports now only accepts emails distinguished by comma separated values. [DDPS-8955] Technical Advisories v10.2.
Resolved Technical Advisories v10.2.5 ● Search performance for Advanced Threat Events and Audit Event data has been improved. [DDPS-8342, DDPS-8373] ● The default version of PostgreSQL has been updated to resolve third-party vulnerabilities. The PostgreSQL service leveraged by the Security Management Server is rebranded to Dell PostgreSQL 10.7. [DDPS-8480, DDPS-8985] ● An error is no longer returned to an external user when attempting to pre-share key access to another external user.
2. Select the Key Management tab. 3. Enter the keyid and click Find Owner. The owner displays in the Current Owner field. 4. In the New Owner field, enter the email address of the new owner and click Change Owner. To 1. 2. 3. 4. 5. 6. change ownership for all keys: In the left pane, navigate to Management > Data Guardian Management. Select the Key Management tab. Select Change Ownership for ALL keys. Enter the email address of the current owner. Enter the email address of the new owner. Click Change Owner.
Technical Advisories v10.2.2 ● No technical advisories exist. New Features and Functionality v10.2.1 ● Audit data for blocked print screen events, blocked processes events, and blocked prints events are now displayed in the Management Console. Resolved Technical Advisories v10.2.1 ● Threat Events tab is now visible when at least one Threat Prevention or Advanced Threat Prevention license is consumed. [DDPS-5728] ● Manage Reports work as expected when special characters are added to the Report Name .
● Servers with large amount of events from Advanced Threat Prevention may experience high memory usage on the Dell Security Management Server or Dell Security Management Server Virtual. This may result in services crashing on the server. Maximum heap space and physical memory can be increased to work-around this issue. [DDPS-7469] ● Compliance Reporter is hidden by default on the Management Console.
Type Action Scenario SQL Privilege Required Back end Upgrade By definition, upgrades already have DB and Login/ User established db_owner Back end Restore Install Restore involves an existing DB and login.
○ Block Print Screen: disables the user's ability to take screen captures via the Windows Print Screen capability while a Protected Office Document is open ○ Protected Office Document Process Protection: A comma separated list of EXE's that will be blocked from running while a Protected Office Document is open ● Web Portal Policies and their tool tips are localized. Resolved Technical Advisories v9.10 ● The "Enable Digital Signature Check" box in the WebUI now blocks the user from adding any text.
● If browser cookies are not enabled, the message "Cookies must be enabled on your browser to use this application" now displays at logon to the Remote Management Console. [DDPS-2661] ● A notification for a successful bulletin pull will now appear for the first successful bulletin pull after a bulletin pull failure. [DDPS-4811] ● Precedence changes for Endpoint Groups and User Groups are now displayed in the Log Analyzer.
● Advanced Threat Event notification emails now include hyperlinks to additional detail about each category of event (Critical, High, Medium, Low, and Total). ● A new Web Protection policy allows administrators to block more than 100 specific categories of information. ● Administrators can now bulk upload and import a CSV list of Users to add to Admin-Defined User Groups. User Group priority can now be modified using drag-and-drop functionality.
[SSL] serverCert = $SPLUNK_HOME\etc\auth\server.pem sslPassword = requireClientCert = false $SPLUNK_HOME\etc\system\local\server.conf [sslConfig] sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem sslPassword = 2. Restart the Splunk server. After the restart, splunkd.log will have entries similar to the following: 07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.
● The Device Lease Period can now be reduced to a minimum of 14 days. [DDPS-5281] ● An issue that resulted in an access violation error in module 'GKConsole.exe' is now resolved. [DDPS-5300] ● A page selector and drop-down list now allows the administrator to navigate between pages of Endpoint Groups and select the number of groups to display per page. [DDPS-5349] ● Policy commit comments that begin with special characters are now logged in Commit History.
Resolved Technical Advisories v9.7 ● On the Client Firewall Custom Rule Specify Network page in the Remote Management Console, the Fully qualified domain name field now validates and rejects invalid formats. Also, the Transport protocol drop-down list item ICMP and the displayed Message type are now consistent. [DDPS-2820, DDPS-2826, DDPS-2885] ● Transport Protocol values are now populated in the drop-down list in Client Firewall Custom Rules. [DDPS-3819].
● The Pending Value field now displays the correct value in the Compliance Reporter Pending Policy Detail Report. [DDPS-4840] ● SED data time stamps are now preserved when recovery data is archived. [DDPS-4877] ● A Cloud Profile Update poll no longer results in uncommitted policies. [DDPS-4878] ● An issue is resolved that resulted in an Internal Error when Reporting > Audit Events is selected in the Remote Management Console.
● Forensic key retrieval now proceeds as expected when one or more key_id instances is invalid. [DDPS-4689] Resolved Customer Issues ● Enabling non-domain activations in the server_config.xml file now succeeds as expected, without regard to case sensitivity of the value entered for the property, accountType.nonActiveDirectory.enabled. Also, Compatibility Server logs now indicate when enabling non-domain activation fails due to case-sensitivity issues with the property name, itself.
Resolved Technical Advisories v9.5 ● When an existing certificate is imported during upgrade, the installer no longer displays an error if the certificate password has been changed from the default password. [DDPS-2644] ● Searching for endpoints in the Remote Management Console using the Shield Recovery ID now returns expected results. [DDPS-4017] ● An issue is resolved that resulted in Summary Statistics in the Remote Management Console Dashboard occasionally not updating as expected.
New Features and Functionality v9.4.1.6 ● Dell Enterprise Server now supports Advanced Threat Prevention on Mac computers. Advanced Threat Prevention provides real-time threat detection by analyzing potential file executions for malware in both the operating system and memory layers to prevent the delivery of malicious payloads. Control of execution at the endpoint allows for accurate and effective detection of malicious threats - even those that have never been seen before.
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● character ("_"), due to a Java platform issue, JDK-6587184. For more information, see http://bugs.java.com/view_bug.do? bug_id=6587184. [DDPMTR-1345, DDPS-3570] The policy values in the BitLocker Manager Policy report are now correctly populated, and managed devices no longer display on duplicate rows. [DDPS-2810, DDPS-3427] Dell Enterprise Server now supports multiple entitlements associated with a single service tag.
● In order for Dell Data Protection SED and HCA v8.5.1 and earlier clients to communicate with Dell Enterprise Server and Virtual Edition v9.4, the following settings must be configured on the Server: 1. On the Security Server, access \Enterprise Edition\Security Server\conf\spring-jetty.xml, and comment out the excludeProtocols property: --> 2. In the ..\Dell\Java Runtime\jre1.8\lib\security\java.
● The error message that displays when the Core Server is running during Server Configuration Tool startup no longer states that the Compatibility Server must be stopped. The Server Configuration Tool functions properly when the Compatibility Server is running. [DDPS-1863] ● The new name of a renamed computer now replaces the previous name rather than displaying as a second endpoint in the Remote Management Console when keys are escrowed before the new computer name is processed in inventory.
● The Add Domain page in the Remote Management Console has no vertical scrollbar, so on small screens or screens with low resolution, the Add Domain button is not visible. [DDPS-2945] ● Entering an invalid LDAP password when adding a domain in the Remote Management Console results in a prompt to check the logs rather than a message that the password is invalid. [DDPS-2954] ● The Remote Management Console does not function if TLS v1.0 is disabled.
Resolved Technical Advisories v9.1 ● When Client Firewall rules are added or edited in the Remote Management Console, Custom EtherType now accepts only four characters, and values entered into the Domain name field are now validated. [DDPMTR-528, DDPMTR-732] ● In the Remote Management Console, when Core Networking rules are added or edited, the Connection types field is now locked as expected and cannot be edited.
be stored in a folder that is accessible during installation to both the domain services account and the logged on user. If the credentials of the logged on user differ from the credentials of the domain services account and a self-signed certificate is used, before beginning installation or upgrade, you must log in with the domain services account credentials. [DDPSUS-406] New Features and Functionality v9.
Enterprise Server, change both the broker.port value in the server_config.xml file and the activemq.port.tcp value in Message Broker\conf\application.properties to the correct port number. [DDPSTE-654] Resolved Technical Advisories v8.5.1 ● Silverlight Console connectivity is improved when Enterprise Server is constrained. [DDPS-239] ● Enterprise Server v8.5.1 includes a security update addressing an OpenSSL vulnerability (OpenSSL CVE-2014-3566). Customers and field teams should take v8.5.
● Server migration no longer fails if the DeviceData table in the database contains a locale value of more than 12 characters. [DDPS-167] ● If the SQL database becomes unavailable, the Dell Core Server service now remains in the Running state. [DDPS-572] ● Searches for users in the Remote Management Console that include the wildcard character with other characters no longer return additional users in the results. [DDPS-810] ● Optimizations have been made to inventory processing and related logging.
● When using the Recover Endpoint option, if the user enters an invalid host name into the Host Name field, an error message now displays and the user can correct the entry. Previously, an unhandled exception occurred, and the Remote Management Console became unresponsive. [DDPS-55] ● When provisioned by Exchange ActiveSync, iOS devices now move as expected from the Discovered to the Protected state on the Protection Status page.
Resolved Technical Advisories v8.1 ● The certificate that is created or imported into the Server installer is now used for all components, not just the Dell Security Server. Technical Advisories v8.1 ● Adding enterprise managed smart cards in v8.1 requires the use of Certificate Revocation List (CRL) in AD. The Enterprise Server does not support binding to global catalogs (does not support binding to port 3268 for smart card authentication) for CRL distribution point resolution.
Technical Advisories v7.7.2 ● The list of reports does not display in Compliance Reporter when using Internet Explorer 10. To work around the issue, once at the Compliance Reporter web page, go to Internet Explorer's menu bar and select Tools > Compatibility View settings. When the Compatibility View Settings dialog displays, click Add and then click Close. The list of reports will now display as usual. New Features and Functionality v7.7.
Technical Advisories v7.2.3 ● During certificate configuration for the Dell Compatibility Server components (java keystore) and the Dell Core Server (Microsoft keystore), if certificates are not generated or imported for all of these components, then the Dell Enterprise Server may not function correctly.
2 Default Policy Changes Default policy value changes in new Dell Server versions do not affect Server migrations. This prevents unexpected changes to existing environments. If you need to apply the new default values, you must manually change and commit the policy after migration is complete. CAUTION: Carefully plan changes to default policy values, taking into account their effects on all groups, endpoints, or users to which the policy applies.
Endpoint Security Suite Enterprise Default Policy Changes The following Endpoint Security Suite Enterprise policies' default values are changed. Table 4. Security Management Server or Security Management Server Virtual v9.8 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value Advanced Threat Prevention No policies' default values Not applicable changed in v9.8. New Default Value Not applicable Table 5. Enterprise Server or VE 9.
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \ESConfigTool.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \MFEConsole.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \mfeesp.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \mfeProvisionModeUtility.exe \Program Fil
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\Release \mfehidin.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\Release \mfemms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\Release \mfevtps.exe \Program Files\McAfee\Endpoint Security\
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Firewall \FwWindowsFirewallHandler.exe \Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe \Program Files\McAfee\Endpoint Security\Firewall\RepairCache \McAfee_Firewall_x64.msi \Program Files\McAfee\Endpoint Security\Firewall\RepairCache \McAfee_Firewall_x86.msi \Program Files\McAfee\Endpoint Security\Firew
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform \RepairCache\CCUninst.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\Release \aacinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\Release \cacheinfo.exe \Program Files (x86)\McAfee\Endp
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\x64\mfecanary.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\x64\mfefire.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform \VSCore_ENS_10.1\x64\mfehidin.exe \Program Files (x86)\McAfee\Endpoi