Users Guide
● A new Web Protection policy allows administrators to block more than 100 specific categories of information.
● Administrators can now bulk upload and import a CSV list of Users to add to Admin-Defined User Groups. User Group priority
can now be modified using drag-and-drop functionality.
● The License Management page now displays On the Box Licenses Collected, with the relevant Service Tags.
● Pre-Boot Authentication policies now display in the Authentication Technology Group on the Security Policies tab. A new
policy allows the administrator to enable or disable users' ability to select Remember Me on the PBA login screen.
● As of v9.8, the ESXi vSphere thick client can no longer be used for deployment.
● The Remote Wipe command to remove a Dropbox for Business user has been deprecated. Administrators may use the
Dropbox for Business function to remove users.
● Hardware Crypto Accelerator and Mobile Edition are no longer supported. Their policies have been deprecated.
● Virtual Edition is rebranded to Security Management Server Virtual.
Resolved Technical Advisories v9.8
● An error now displays when an invalid domain address is entered for DNS blocking in Threat Prevention Client Firewall
settings. [DDPS-3201]
● Connection types are now validated; the executables table now displays the value entered for Signature and the correct
column name for Fingerprint; and a network name is now required for specifying network protocol, when adding a Threat
Prevention Client Firewall custom rule. EtherType and custom EtherType values (for non-IP network protocol) and transport
protocol values display after a Firewall rule is saved. Duplicate rules must now be saved with unique rule names.
[DDPS-3429, DDPS-3678, DDPS-3679, DDPS-3725, DDPS-3726, DDPS-3727, DDPS-5196]
● The administrator role change confirmation prompt now shows the correct user name after a user's administrative roles are
modified, and the prompt now displays for changes made from the User Details Admin tab. [DDPS-4097, DDPS-4099]
● An external user no longer must reactivate Data Guardian after being removed from the Full Access List. [DDPS-5021]
● Log Analyzer logs are now generated when notification email addresses are added or edited in Notification Management.
[DDPS-5063]
● Audit event exports to the SIEM/syslog server are now resent if a transmission error occurs during the initial export attempt.
[DDPS-5132]
● Active Directory contacts' Data Guardian registration now succeeds, and the prompt for a domain password no longer
displays during registration. [DDPS-5160, DDPS-5164, DDPS-5168]
● Formatting requirements for the following Advanced Threat Prevention policies are now included in Dell Server tooltips and
AdminHelp: Memory Actions - Exclude executable files, Script Control - Approve Scripts in Folders (and Subfolders), and
Protection Settings - Exclude Specific Folders (includes subfolders). AdminHelp now correctly indicates that the Help Desk
and Security Administrator roles can download recovery key bundles. [DDPS-5184, DDPS-5287]
● Hyperlinks in Advanced Threat Prevention notifications now function properly when one or more endpoints are activated
against a Dell Server with the host property set to the front-end Server host. [DDPS-5188]
● The "Certificate" type is now populated in the Type of Notification column of the All Notification Report in Compliance
Reporter. [DDPS-5217]
● Audit events can be exported to a SIEM/syslog server with TLS/SSL over TCP, with the following configuration changes:
To use TLS/SSL, the syslog server must be configured to listen for TLS/SSL messages. The root certificate used for the
syslog server configuration must be added to the Dell Server Java keystore.
The following example shows necessary configurations for a Splunk server with default certificates. Configurations are
specific to individual environments. Property values vary when using non-default certificates.
1. Configure the Splunk server to use the Splunk Server certificate and root certificate to listen on TCP for TLS/SSL
messages:
$SPLUNK_HOME\etc\system\local\inputs.conf
[tcp-ssl:<port number>]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME\etc\auth\server.pem
sslPassword = <password>
requireClientCert = false
$SPLUNK_HOME\etc\system\local\server.conf
[sslConfig]
24
Dell Security Management Server Virtual Technical Advisories