Dell Security Management Server Technical Advisories v11.0.0 May 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
Contents Chapter 1: Dell Security Management Server Technical Advisories................................................ 6 Contact Dell ProSupport....................................................................................................................................................6 New Features and Functionality v11.0.0........................................................................................................................ 6 Resolved Technical Advisories v11.0.0..................
Resolved Technical Advisories v10.1.............................................................................................................................20 Technical Advisories v10.1............................................................................................................................................... 20 New Features and Functionality v10.0.........................................................................................................................
New Features and Functionality v8.3...........................................................................................................................40 Resolved Technical Advisories v8.3..............................................................................................................................40 Technical Advisories v8.3................................................................................................................................................
1 Dell Security Management Server Technical Advisories Contact Dell ProSupport Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support. Online support includes drivers, manuals, technical advisories, FAQs, and emerging issues. Be sure to help us quickly connect you to the right technical expert by having your Service Tag or Express Service Code available when you call.
Technical Advisories v11.0.0 ● No technical advisories exist. New Features and Functionality v10.2.14 ● With a global shift to inclusive language, several terms and expressions have been updated. ● Lengthy lists of policies within policy groups have been restructured to improve readability and access.
○ Null Pointer Exception handling has resolved an issue where a blank search or search for a specific device returns NaN for the number of endpoints. Now, information displays. [DDPS-9769, DDPS-9910] ○ An issue has been resolved for a user in a User Group with the role of Report Administrator, Report Owner, and Report User. After logging in, the user with those roles can now view the Dashboard.
Technical Advisories v10.2.12 ● Currently, Server Encryption devices may fail to activate after a Server is upgraded to 10.2.11 or later. Existing devices remain encrypted. [DDPSUS-2839, DDPS-9843, DDPC-12115] Resolved Technical Advisories v10.2.12 ● Management Console: ○ On the Endpoint Detail page > Details & Actions tab, the States section now displays only the disks present in the last inventory that is received from the endpoint. Historical data regarding disks is retained but no longer displays.
To enable this requirement on the Security Management Server, you must have the root issuing certificate for the domain controller certificates that are imported into the "Trusted Root" store within the Microsoft Certificate Key Store. ● Licenses purchased on-the-box can now be bulk-inserted with a .csv file. To obtain this file, contact your Dell Security sales representative or Dell Security support.
Resolved Security Advisories v10.2.11 ● Several Java-based vulnerabilities have been resolved. [DDPS-9101, DDPS-9332] Updates are to these versions: ○ Java Version: 1.8.0.241 ○ Jetty Version: 9.4.25 ● Technical Advisories v10.2.11 ● In the Management Console, if endpoints display without Serial Number, the administrator must set the following: ○ UseBiosSerialNumber entries within the InventoryObjects.
If the auditdb.size.NotificationPercentage value is exceeded, a notification of the cleanup displays the Security Management Server and the duration defined in auditdb.cleanup.delete.hours is used to clean up the data in the ddp_audit database below the auditdb.size.percentage threshold.
Resolved Security Advisories v10.2.10 ● An issue allowing remote deserialization of data through an RMI interface is resolved. For more information, see KB article SLN320536. [DDPS-9446] ● An issue resulting in users with the Account Administrator role in the Security Management Server elevating their permissions inappropriately is resolved. [DDPS-9516] ● An issue resulting in blank headers incorrectly displaying during a security scan is resolved. [DDPS-9519] Technical Advisories v10.2.
Upgrading the Security Management Server does not change these by default to avoid any compatibility issues with currently connecting devices. For information on modifying the SSL/TLS accepted protocols for existing Security Management Server installs, and for information on securing the Dell Core server, a Microsoft .NET based service, see KB article SLN313386. Resolved Technical Advisories v10.2.
3. Specify the email to test and select Send Email. If the email passes through the Dell Server successfully, the following results screen displays. The following is an example of successful test email.
● The Data Guardian web portal can now be activated through a Security Management Server front end server. See Data Guardian Windows, Mac, Mobile, and Web Administrator Guide for requirements of activating the Data Guardian web portal against a Security Management Server. Resolved Technical Advisories v10.2.7 ● ● ● ● ● ● ● ● ● ● ● ● An issue resulting in the inability to log into the Data Guardian web portal is resolved.
● If an existing email notification is modified then saved, the next new email notification inherits the previous notification's modifications. [DDPS-8881] ● Scheduled reporting emails send 30 minutes later than their scheduled time. [DDPS-8888] ● If an administrator's password contains double quotations, password validation fails and the following message displays: Credentials are invalid. Please verify the logon and password.
● Resolved an issue where the Security Management Server's Core Server, ACL Service, and Key Server would not start after a reboot. For more information, see https://www.dell.com/support/article/us/en/04/sln316840. [DDPS-8522] Technical Advisories v10.2.4 ● No technical advisories exist. New Features and Functionality v10.2.3 ● Administrators can now manage keys in the Management Console. To find/change the owner for a key: 1. 2. 3. 4. In the left pane, navigate to Management > Data Guardian Management.
Resolved Technical Advisories v10.2.2 ● The Security Management Server now validates the version of Microsoft Visual C++ 2013 version 12.0.40660. If this version is not found, the installer exits. Please validate this version is installed before installing the Security Management Server. [DDPS-8010, DDPSUS-2437] ● Translation consistency is improved.
○ Time, will schedule the time based upon your current location. ○ Schedule Details page shows the date sent, schedule, next send, etc. Resolved Technical Advisories v10.1 ● A forensic key bundle download using the Administrative Download Utility (CMGAd) now succeed for endpoints with large key sets based on a high number of activations.
Technical Advisories v10.0 ● Audit Events with pins per object counts close to 500 cause the management console to become unresponsive for some time. To work around this issue, modify the search scope to reduce the count below 500 consolidated events. [DDPS-7430] New Features and Functionality v9.11 ● Below are the requirements for SQL permissions. The current user performing the installation and the services must have local administrator rights.
To enable, the administrator must modify the InventoryObjects.config file which is located in < C:\Program Files\Dell\Enterprise Edition\Core Server\> by default. the section to change is :
New Features and Functionality v9.8 ● Security Management Server now supports the Data Guardian web client. Based on policy, internal and external users can view and edit protected Office documents and .xen files, with Print Control, Block Copy, and Embargo features, without installing the full Data Guardian client on their computers. The administrator runs a quick installation to set up a virtual machine that hosts the web client and communicates with the Dell Server.
● The "Certificate" type is now populated in the Type of Notification column of the All Notification Report in Compliance Reporter. [DDPS-5217] ● Upgrade no longer fails when the Run As Service account is changed during the upgrade. [DDPS-5226] ● Audit events can be exported to a SIEM/syslog server with TLS/SSL over TCP, with the following configuration changes: To use TLS/SSL, the syslog server must be configured to listen for TLS/SSL messages.
{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/ audit-export.log"},"exportToSyslog": {"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellServer.yourdomain.com" ,"port":"5540"}}} [DDPS-5234] Resolved Customer Issues ● An issue is resolved that resulted in a license import failure with an error in the Security Server log that the system cannot find the \AppData\Local\Temp\ folder.
● Endpoint Group Precedence can now be modified using drag-and-drop functionality. This functionality applies to AdminDefined, Rule-Defined, and Active Directory but not System-Defined Endpoint Groups. Precedence of System-Defined Endpoint Groups for new installations and upgrades is as follows: Highest precedence is given to Non-Persistent VDI followed by Persistent VDI Endpoint Group. Lowest precedence is given to Default followed by Opt-in Endpoint Group.
[DDPS-2889] ● An issue is resolved that resulted in an intermittent Internal Error in the Remote Management Console. [DDPS-4446] ● SSL/TLS protocols for Compliance Reporter are now configurable in the eserver.ssl.protocols property in the reporter/ conf/eserver.properties file and are preserved during backup/restore operations. [DDPS-4547] ● An issue is resolved in the French Remote Management Console that resulted in an internal error when accessing the Dashboard.
● The installer error message that occurs when a hostname includes an underscore, which is not allowed, is now more specific. [DDPS-3902] ● A data access error no longer occurs in the Remote Management Console when the default language of a SQL profile is not English. [DDPS-4349] ● A non-domain endpoint is no longer reported as unprotected in the Remote Management Console if the user has logged in more recently than other users on an endpoint and that user has a pending or incomplete encryption sweep.
○ A callback beacon can be inserted into every protected Office file, when the beacon server is installed as part of the Front End server installation. ● As of v9.4.1.6,Dell Enterprise Server supports Advanced Threat Prevention on Mac computers. Advanced Threat Prevention provides real-time threat detection by analyzing potential file executions for malware in both the operating system and memory layers to prevent the delivery of malicious payloads.
4. In the Remote Management Console, navigate to view policy at the level where the Error Validating Policy previously occurred, and note the policy name identified in the error. 5. Correct the policy value formatting, and click Save. 6. In the left pane, click Management > Commit, enter the policy change description, and click Commit Policies. 7. If desired, change the StrictValidation property value from false back to true, to re-enable policy validation. [DDPS-4779] New Features and Functionality v9.4.
● The Alerts Management menu item in the Remote Management Console has been renamed to Notification Management. ● Dell Enterprise Server installations are no longer supported on 32-bit operating systems. Resolved Technical Advisories v9.4 ● The installer no longer accepts underscores in host names. An underscore character ("_") in either the Compatibility Server host name or Security Server host name causes connection to that Server to fail.
Technical Advisories v9.4 ● After Dell Enterprise Server and DDP Enterprise Server - Virtual Edition installation, the Remote Management Console displays "1 Uncommitted Override," indicating a pending policy commit. The policy represents an internal setting. To work around this issue, commit policies after installation. In the left pane, click Management > Commit, enter the description, "Initial commit," and click Commit Policies.
● When retrieving the BitLocker Manager recovery password in the Remote Management Console for more than one volume, the first recovery password is now cleared before second and subsequent BitLocker volumes are selected. [DDPS-1808] ● Uninstallation with setup.exe no longer requires reboot. [DDPS-1839] ● At the end of Server installation, the check box next to Show windows installer log is now visible.
● "Override Count" is truncated on the Endpoint Security Policies tab in the Spanish, Italian, French, Portuguese, and Brazilian Portuguese Remote Management Console. [DDPS-2843] ● The AdminHelp icon is not available from the Remote Management Console login screen. [DDPS-2858] ● The Remote Management Console User Detail tab displays the Effective Policies icon for mobile devices although effective policies do not apply to mobile devices.
New Features and Functionality v9.1 ● Forensic Administrator rights for a User Group can now be delegated by the Superadmin or Security Administrator to a member of the User Group. ● Server Encryption is now supported, featuring port control and removable storage encryption as well as support for maintenance scheduling, which allows control over enforcement of policies that require reboot.
● If Compliance Reporter default reports have been customized prior to upgrade, the previous version of customized reports must be restored in order to continue to use them. However, after the previous version is restored, new reports included in the upgrade are not available. [DDPMTR-870] ● When a self-signed certificate is created at installation, the certificate is valid from a time approximately six hours later than the installation time, rather than being immediately valid.
● ● ● ● ● executable that is added does not display until the rule is closed then reopened. [DDPSTE-414, DDPSTE-415, DDPSTE-421, DDPSTE-426, DDPSTE-430, DDPSTE-431, DDPSTE-437, DDPSTE-443] In the Remote Management Console, when Client Firewall rules are added, the Add dialog occasionally freezes when incorrectly formatted values are entered. To work around this issue, click the close button in the upper right corner of the dialog then click the Add button under Specify Networks to reopen the dialog.
○ A new Cloud Users report displays enrollment and remote wipe information about Dropbox for Business users. ○ New filtering options are available with the Cloud Edition Encrypted Files/Actions report to provide greater customization of event and key management detail. ○ The Device Detail report now includes a field to indicate devices that have self-encrypting drives installed. ● Dell Enterprise Server v8.5 has been validated with VMware ESX/ESXi 5.5. Resolved Technical Advisories v8.
New Features and Functionality v8.3 ● The Dell Identity Server is now embedded in the Enterprise Server installer and no longer must be manually created. It can be installed in conjunction with Enterprise Server or separately, using the Custom Installation option. ● Reliability is improved through performance optimizations, transfer of features previously present in the Document Store to the relational database, and removal of Document Store. Resolved Technical Advisories v8.
1. At www.dell.com/support, search "HCA recovery" to find the knowledge base article associated with this issue. Download the attached ZIP file, which contains the updated LSARecoveryLibDll.dll. 2. Stop the Core Server, Security Server, and Console services. 3. Copy LSARecoveryLibDll.dll to the following components' installation directories: Core Server, Security Server, and Console. 4. Restart the Core Server, Security Server, and Console services. [DDPS-468] New Features and Functionality v8.
Resolved Technical Advisories v8.0 ● Forensic Mode is now automatically set by default in both the Security Server and Device Server. Forensic Mode is enabled on back-end servers and disabled on front-end servers. These settings are placed appropriately upon installation. ● Templates can now be applied only at the Enterprise level. ● Group priority settings in the Remote Management Console to control policy arbitration now work as expected. Resolved Technical Advisories v7.7.
This release adds the Dell Message Broker Service to optimize Dell Enterprise Server communications. Dell Compliance Reporter Two new fields have been added to the Dell Compliance Reporter's Device Details Report for up-to-date reporting capabilities when using Dell Data Protection | Mobile Edition.
2 Default Policy Changes Default policy value changes in new Dell Server versions do not affect Server migrations. This prevents unexpected changes to existing environments. If you need to apply the new default values, you must manually change and commit the policy after migration is complete. CAUTION: Carefully plan changes to default policy values, taking into account their effects on all groups, endpoints, or users to which the policy applies.
Endpoint Security Suite Enterprise Default Policy Changes The following Endpoint Security Suite Enterprise policies' default values are changed. Table 4. Security Management Server or Security Management Server Virtual v9.8 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value Advanced Threat Prevention No policies' default values Not applicable changed in v9.8. New Default Value Not applicable Table 5. Enterprise Server or VE 9.
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Agent\x86\policyupgrad e.exe \Program Files\McAfee\Agent\x86\UpdaterUI.ex e \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe \Program File
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fehidin.exe \Program Files\McAfee\Endpoint Security\
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfem ms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfev tps.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsi nfo.exe \Program Files\McAfee\Endpoint Security\Endpoint Securit
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\McScript_InUse.exe \Program Files\McAfee\mctray_back.exe \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConso
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m msinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\v tpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\aacin fo.exe \Program Files (x86)\McAfee\E
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewcui.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\McAfee_Web_C ontrol_x64.msi \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\setupWC.exe \Program Files (x86)\McAfee\Endpoint