Dell Security Management Server Virtual Technical Advisories v11.1.1 July 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2021 Dell Inc. All rights reserved.
Contents Chapter 1: Dell Security Management Server Virtual Technical Advisories..................................... 6 Contact Dell ProSupport....................................................................................................................................................6 Resolved Technical Advisories v11.1.1............................................................................................................................. 6 New Features and Functionality v11.1.0................
New Features and Functionality v10.2.1...................................................................................................................... 20 Resolved Technical Advisories v10.2.1......................................................................................................................... 20 Technical Advisories v10.2.1...........................................................................................................................................
Technical Advisories v8.5.................................................................................................................................................41 New Features and Functionality v8.4........................................................................................................................... 41 Resolved Technical Advisories v8.4...............................................................................................................................
1 Dell Security Management Server Virtual Technical Advisories Dell Security Management Server Virtual is an all-in-one management solution that includes a management console, integrated database, and key management system. The Dell Server runs in a virtual environment and is targeted for the small or midsized enterprise with an existing VMware environment.
Technical Advisories v11.1.0 ● Currently, with the Dell Server, a scenario occurs where large policies, such as large SDE, Common, or User PBE rule sets or many EMS allowlist items, are not able to make it to the Dell Encryption clients. [DDPSUS-2980, DDPC-12553] New Features and Functionality v11.0.0 ● New Passwordless authentication for the users who are using Windows Hello Authentication.
Resolved Technical Advisories v10.2.14 ● For the Recovery Portal, an issue is resolved where the portal automatically logs out when an administrator enters a space or any special characters apart from underscore or hyphen in the Recovery ID field and then clicks Get Recovery Password. [DDPS-9968] ● Management Console: ○ Administrators can now enter custom ports with Client Firewall policies. [DDPS-9779] ○ Importing devices into an Admin-Defined Endpoint Group is no longer case sensitive.
○ An issue has been resolved so that the Shield Detail page in Manage Reports can filter and data is returned. [DDPS-9915] ○ An issue has been resolved so that the Device Detail report can be exported. [DDPS-9983] Resolved Security Advisories v10.2.13 ● No security advisories exist. Technical Advisories v10.2.13 ● Management Console: ○ Currently, when the administrator performs a mass import to an administrator-defined Endpoint Group and case does not match exactly, the import fails.
○ Resolved an issue where Security Management Server Virtual would accept an incorrect IP address schema. [DDPS-9706] ○ An issue has been resolved where, after an update, notification email messages would not properly send if ALL was selected for the TYPE and PRIORITY, resulting in an incorrectly NULL filter field. This field is now be properly handled, and the notification is sent.
● The password used when downloading an endpoint recovery bundle is no longer written in cleartext in output.log file from the Security Server logs when in debug mode. [DDPS-9541] ● In the Management Console > Notification Management page, the Send Test Email dialog now displays the correct information. [DDPS-9542] ● Due to product deprecation, the cloud-profile-updater. properties file has been removed from '/opt/dell/ server/security-server/conf' and '/opt/dell/server/security-server/bin'.
● The Security Management Server Virtualdoes not currently allow Cryptographic Next Generation (CNG)-based certificates. Any certificates within the PKI that are created with a CNG-based key result in an error. Currently when this error appears, the cycle to import the unsupported certificate may loop. Select Cancel to revert to the Import Certificate screen. ● Currently, the Uncommitted Policy Changes notification displays to administrators whose roles do not have permission to commit policy.
Resolved Technical Advisories v10.2.10 ● All instances of Data Guardian are removed from the License Management page. [DDPS-9367] ● The Management Console's About page now properly displays Disconnected Mode when Disconnected Mode is in use. [DDPS-9369] ● PBA Device Control commands now function as expected. [DDPS-9373] ● The Management Console now times out as expected after 30 minutes of inactivity.
● An issue resulting in blank headers incorrectly displaying during a security scan is resolved. [DDPS-9519] Technical Advisories v10.2.10 ● In rare circumstances, unaccepted policies do not display an error. As a work around, check the Security Server logs for Invalid Values. [DDPS-9501, DDPS-9534] ● If the common name of a user is changed at the Domain Controller level, the Management Console does not reflect the new name.
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● The correct error message now displays when adding a domain with an invalid port number. [DDPS-6263] In License Management, the correct tooltip now displays when the license pool is exceeded. [DDPS-7176] All text now displays properly when adding or modifying Endpoint Groups or User Groups. [DDPS-7177] The German and French Event Managements page now properly displays.
3. Specify the email to test and select Send Email. If the email passes through the Dell Server successfully, the following results screen displays. The following is an example of successful test email.
Resolved Technical Advisories v10.2.7 ● ● ● ● ● ● ● ● ● ● Authentication processes around the Dell Server's message broker is improved. [DDPS-8456] Services are hardened to improve security posture. [DDPS-8487, DDPS-8689, DDPS-8740] An issue resulting in an inaccurate number of policy overrides displaying is resolved. [DDPS-8492] When changing priority values for Content Based Protection, all values populate and remain as expected.
New Features and Functionality v10.2.5 ● No new features or functionality exist. Resolved Technical Advisories v10.2.5 ● Search performance for Advanced Threat Events and Audit Event data has been improved. [DDPS-8342, DDPS-8373] ● The default version of PostgreSQL has been updated to resolve third-party vulnerabilities. The PostgreSQL service leveraged by the Security Management Server Virtual is rebranded to Dell PostgreSQL 10.7.
New Features and Functionality v10.2.3 ● Administrators can now manage keys in the Management Console. To find/change the owner for a key: 1. 2. 3. 4. In the left pane, navigate to Management > Data Guardian Management. Select the Key Management tab. Enter the keyid and click Find Owner. The owner displays in the Current Owner field. In the New Owner field, enter the email address of the new owner and click Change Owner. To 1. 2. 3. 4. 5. 6.
● An issue resulting in the following error message is resolved: Return code of 127 for check of service on host 'localhost' was out of bounds. Make sure the plugin you're trying to run actually exists. [DDPS-8295] Technical Advisories v10.2.2 ● No technical advisories exist. New Features and Functionality v10.2.1 ● Audit data for blocked print screen events, blocked processes events, and blocked prints events are now displayed in the Management Console.
● An issue resulting with a customer unable to run Advanced Threat Prevention reports while using the compliance reporter due to low memory has been resolved. [DDPS-7386, DDPSUS-2341] ● Selections made in the Audit Events page are now saved after a user navigates away from the page. [DDPS-7445] ● Servers with large amount of events from Advanced Threat Prevention may experience high memory usage on the Dell Security Management Server or Dell Security Management Server Virtual.
New Features and Functionality v9.11 ● Starting with Dell Security Management Server Virtual 9.11.0, software updates will be pulled from a Dell-hosted Debian repository. Development OVA builds are configured to pull from the development Debian repository. Production OVA builds are configured to pull from the production Debian repository ● Operating system has been upgraded to Ubuntu 16.04.3 Long Term Support. ● Python interpreter used to drive the Administration Console has been upgraded to 3.5.2.
Includes 'Version History' widget that displays versioned database schema changes. Data comes from the 'information' table and is sorted by time, with newest version on top. ○ UI elements are now localized. Not just the EULA text. ○ Current time zone setting will be selected automatically when the form is displayed ○ Administrator Console has been added as a sub-menu under View Logs ■ Resolved Technical Advisories v9.
Resolved Technical Advisories v9.10 ● The "Enable Digital Signature Check" box in the WebUI now blocks the user from adding any text. [DDPS-5857] ● An issue that resulted in an error message during installation of Security Management Server with TLS 1.0 and TLS 1.1 disabled on the target SQL has been resolved. [DDPS-5982] ● Resolved an issue with the Dell Security Management Server Virtual would stop responding to requests to the server.
● A notification for a successful bulletin pull will now appear for the first successful bulletin pull after a bulletin pull failure. [DDPS-4811] ● Precedence changes for Endpoint Groups and User Groups are now displayed in the Log Analyzer. [DDPS-5024] ● AdminHelp and Compliance Reporter Help have been updated with Administrator Roles changes. The System role is marked as being able to "Manage Data Guardian external user key requests".
● A new Web Protection policy allows administrators to block more than 100 specific categories of information. ● Administrators can now bulk upload and import a CSV list of Users to add to Admin-Defined User Groups. User Group priority can now be modified using drag-and-drop functionality. ● The License Management page now displays On the Box Licenses Collected, with the relevant Service Tags. ● Pre-Boot Authentication policies now display in the Authentication Technology Group on the Security Policies tab.
sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem sslPassword = 2. Restart the Splunk server. After the restart, splunkd.log will have entries similar to the following: 07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol 07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.
Technical Advisories v9.8 ● Added 01/2018-Advanced Threat Event results are automatically limited to the first 10000 results. This will resolve issues where Advanced Threat Events were not properly displaying when selecting the tab within the Dell Security Management Server ● To block all PowerShell scripts with Advanced Threat Prevention, both the PowerShell and PowerShell Console policies must be set to Block.
● The Error Validating Policy dialog that displays when an updated policy value fails validation now includes the related policy name. [DDPS-4812] ● The Data Guardian policy, Enable Callback Beacon, is now disabled by default. [DDPS-4985] ● Advanced Threat Event Dashboard Notifications are now properly categorized by Type. [DDPS-4994] ● VE updates now succeed as expected. [DDPS-5130] ● Localizations of Remote Management Console and the VE terminal are improved.
New Features and Functionality v9.6 ● VE is now supported with VMware Workstation 12.5. ● VE now supports Advanced Threat Prevention and Encryption on persistent and non-persistent VMware and Citrix VDI clients. ● Secure Lifecycle audit events logs can now be exported to SIEM. ● New Server Encryption policies allow the administrator to configure the maximum number of attempts and retry interval for connection to the Dell Server. ● Remote PBA management of local user accounts is now available.
● DDP Enterprise Server - VE now supports Secure Lifecycle. Secure Lifecycle provides data security, wherever it goes data at rest, data in motion and data in use - through encryption. Data Loss Prevention (DLP) ensures no data is lost in motion or in flight, while Data Rights Management (DRM) defines access and usage control. Additionally, file monitoring provides detailed data usage visibility to support forensics needs.
Technical Advisories v9.5 ● Amended 7/2017 - The Remote Management Console Login button may be disabled in Google Chrome or Internet Explorer on Server 2012. To work around this issue, clear the browser cache and then attempt login or use Mozilla Firefox 41.x or later. [DDPS-4558] ● Advanced Threat Prevention policies are not properly validated if their values are not enclosed in double quotes (") and contain wildcards or special characters, including commas (,), brackets ([ ]), and tildes (~).
● An error now alerts the administrator that special characters are not allowed in ddpuser, ddpconsole, or ddpsupport passwords. Special characters in these passwords may cause authentication issues with VE services. [DDPS-3357] ● The Inventory Received field on the Endpoint Detail page of the Remote Management Console is now populated upon activation of an endpoint.
● Logging is improved for the error that results when a user with duplicate UPNs in the Dell Data Protection database attempts to log in to the Remote Management Console. [DDPS-3578] ● Logging is improved for the error that results when searching for a user whose group name includes a special character. [DDPS-3587] ● The Common Encrypted Folders policy is now correctly applied to %ENV:USERPROFILE%\Downloads.
New Features and Functionality v9.2 ● DDP Enterprise Server - VE now supports Advanced Threat Prevention. Advanced Threat Prevention provides real-time threat detection by analyzing potential file executions for malware in both the operating system and memory layers to prevent the delivery of malicious payloads. Control of execution at the endpoint allows for accurate and effective detection of malicious threats - even those that have never been seen before.
● Inventory polls for managed clients have been reduced from twelve to two hours to more accurately reflect status changes. [DDPS-2371] ● After a certificate request is successfully created in the VE Terminal, returning to the Create Certificate Request screen no longer returns the user to the shell prompt. [DDPS-2405] ● The Server Encryption identity certificate is now preserved when restoring from a pre-v9.1 backup.
● If an invalid hostname is entered during Advanced Threat Prevention Service setup, a timeout occurs. To work around this issue, click OK in the Timeout dialog to return to the Services Management page. Verify the hostname, and begin Advanced Threat Prevention Service setup again. [DDPS-3019] ● Email alerts of Advanced Threat Prevention events are not being sent. [DDPS-3031] ● When upgrading a VE Server to v9.2, after it was previously upgraded to v8.2.
Resolved Technical Advisories v9.1 ● When Client Firewall rules are added or edited in the Remote Management Console, Custom EtherType now accepts only four characters, and values entered into the Domain name field are now validated. [DDPMTR-528, DDPMTR-732] ● In the Remote Management Console, when Core Networking rules are added or edited, the Connection types field is now locked as expected and cannot be edited.
New Features and Functionality v9.0 ● VE now supports Endpoint Security Suite with an extensive set of new policies and Compliance Reporter reporting options. Endpoint Security Suite includes the following: ● Malware Protection ● Client Firewall ● Web Protection ● DDP|E Encryption ● SED Management ● Advanced Authentication ● BitLocker Manager ● Capability is added to update self-signed certificates through the VE Terminal user interface. Resolved Technical Advisories v9.
executable that is added does not display until the rule is closed then reopened. [DDPSTE-414, DDPSTE-415, DDPSTE-421, DDPSTE-426, DDPSTE-430, DDPSTE-431, DDPSTE-437, DDPSTE-443] ● In the Remote Management Console, when Client Firewall rules are added, the Add dialog occasionally freezes when incorrectly formatted values are entered. To work around this issue, click the close button in the upper right corner of the dialog then click the Add button under Specify Networks to reopen the dialog.
usn-2364-1/). As a matter of best practice, customers (and field teams) should always take VE updates or sustaining releases. [DDPS-1368] Technical Advisories v8.5 ● In Compliance Reporter, results of generated report views and plugin data are not retained after VE is updated. [DDPS-1155, DDPS-1156] New Features and Functionality v8.4 ● DDP Enterprise Server - Virtual Edition now supports new Cloud Edition policies that offer expanded protection and management options.
If Internet Explorer is set as the default browser when the user activates against VE, the user must change the default browser to Google Chrome or Mozilla Firefox then activate against VE again. [DDPS-765] New Features and Functionality v8.2.3 ● DDP Enterprise Server - Virtual Edition now supports VMWare Workstation 10. Resolved Technical Advisories v8.2.3 ● When the task to enable remote database access is canceled with no changes, the selection is now cleared in the Enable Database Remote Access field.
● When restoring from backup, the Inventory Server service now properly restarts without dependence on a VE Server reboot. [DDPS-132] ● When VE Server is started, if a VE Server update is available, a notification of the update displays. [DDPS-139] ● The update notification and password change emails now include the correct hostnames of the VE Servers from which they originate.
2 Default Policy Changes Default policy value changes in new Dell Server versions do not affect Server migrations. This prevents unexpected changes to existing environments. If you need to apply the new default values, you must manually change and commit the policy after migration is complete. CAUTION: Carefully plan changes to default policy values, taking into account their effects on all groups, endpoints, or users to which the policy applies.
Endpoint Security Suite Enterprise Default Policy Changes The following Endpoint Security Suite Enterprise policies' default values are changed. Table 4. Security Management Server or Security Management Server Virtual v9.8 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value Advanced Threat Prevention No policies' default values Not applicable changed in v9.8. New Default Value Not applicable Table 5. Enterprise Server or VE 9.
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Agent\x86\policyupgrad e.exe \Program Files\McAfee\Agent\x86\UpdaterUI.ex e \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe \Program File
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m fehidin.exe \Program Files\McAfee\Endpoint Security\
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfem ms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfev tps.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsi nfo.exe \Program Files\McAfee\Endpoint Security\Endpoint Securit
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files\McAfee\McScript_InUse.exe \Program Files\McAfee\mctray_back.exe \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConso
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\m msinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\v tpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\aacin fo.exe \Program Files (x86)\McAfee\E
Table 5. Enterprise Server or VE 9.7 - Endpoint Security Suite Enterprise policy changes Technology Group Policy Previous Default Value New Default Value \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewcui.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\McAfee_Web_C ontrol_x64.msi \Program Files (x86)\McAfee\Endpoint Security\Web Control\RepairCache\setupWC.exe \Program Files (x86)\McAfee\Endpoint