HP Insight Vulnerability and Patch Manager software 6.0 Release Notes
Table Of Contents
1 Updates and notes
IMPORTANT: HP is phasing out the HP Vulnerability and Patch Manager software (VPM) from Insight
Control. Technical support will be offered based on the Technical Support and Upgrade offerings for HP
Insight Control sold through November 2009. HP Insight Control licenses include 1 year of Technical Support
& Update, which you can upgrade to 3, 4, or 5 years. Depending on the purchase date of Insight Control
licenses and technical support extension, support for Vulnerability and Patch Manager functionality will end
no later than November 2012.
Starting with the Insight software 6.0 DVD, Vulnerability and Patch Manger will no longer be available.
However, existing users of the vulnerability and patch management capabilities can upgrade to Vulnerability
and Patch Manger 6.0 by downloading the software and manually installing it on the CMS. You can
download the software from Software depot.
New capabilities
• HP Insight Vulnerability and Patch Manager 6.0 is reimplemented as a standalone product with
standalone installer and documentation.
• Implemented a new vulnerability update process directly from the Lumension portal. Starting with HP
Insight Vulnerability and Patch Manager 6.0 you must complete an additional registration step, which
you can access on the HP Insight Vulnerability and Patch Manager settings page. The registration
link will take you to Lumension registration portal to obtain a new user name, password, and a serial
number. This information is used to update your settings on the HP Insight Vulnerability and Patch
Manager settings page.
• Added support for Red Hat 5 managed nodes.
• Fixed known issues with remote database configurations.
Issues and workarounds
• Issue: Vulnerability and Patch Manager only performs patches and displays the fixes, but does not
perform these fixes automatically.
Description: When performing a scan over a target system, two different types of vulnerabilities might
be found:
• Fixes correct small system configuration issues and Vulnerability and Patch Manager 6.0 cannot
resolve those issues.
• Patches correct system vulnerabilities based on patch files downloaded using Radia.
Before VPM version 3.00, Vulnerability and Patch Manager fixed both types of vulnerabilities by calling
the STAT API (the "fix" method), and by issuing a request to the Radia infrastructure to apply patches
that were previously downloaded from the operating system vendor patch feed site. The new STAT
Scanner 6.4x does not provide fixes. As a result, Vulnerability and Patch Manager only performs
patches. Vulnerability and Patch Manager displays the fixes, but does not perform these fixes
automatically.
Solution: If you wish to perform an action detailed here, you can do so by running the fixes that are
displayed.
• Issue: The Radia Management Agent (RMA) does not correctly uninstall from Windows® target systems.
Description: If the RMA is removed using the Add or Remove Programs option in the Control Panel, you
can successfully remove it from the list, but its services continue to run, even if the target system is
rebooted.
Solution: Needs to be updated.
New capabilities 4