Flexera’s Software Vulnerability Manager 2019 is a Vulnerability and Patch Management Software Solution that facilitates a customized Patch Management process. It combines Vulnerability Intelligence, Vulnerability Scanning, and Patch Creation with Patch Deployment Tool Integration to enable targeted, reliable, and cost-efficient Patch Management.
Vulnerability and Patch Management are critical components of any security infrastructure because it enables proactive detection and remediation of vulnerabilities before they are actively exploited and your security compromised. With Software Vulnerability Manager 2019, IT Operations and Security Teams are empowered to prevent vulnerability threats from both Microsoft and non-Microsoft (third-party) product vulnerabilities, covering Microsoft Windows, Mac OS, and Red Hat Enterprise Linux.
Software Vulnerability Manager 2019 integrates seamlessly with Microsoft® WSUS and System Center Configuration Manager.
Software Vulnerability Manager 2019 R1 (On-Premises Edition) includes the following new features and enhancements:
• | Support Type 1 scanning for SCCM imports |
• | Making Session cookies more secure |
• | Change LDAP bind password without having to run install scripts |
• | Add timeout for Windows Update Agent (WUA) calls |
• | Ensure Smart groups does not compile for inactive/expired accounts |
• | Add more logging for reports sent with emails |
Note • To see the following new features and enhancements in your Software Vulnerability Manager 2019 interface, you must refresh your browser’s cache.
SCCM Imports now support Type 1 scans via ActiveX or the Daemon (CSIL-8924).
To enable this advanced feature, edit the following registry keys:
• | For the Daemon, you can specify the inspection type using the -t command line parameter or the Daemon registry key: [HKEY_CURRENT_USER\Software\Secunia\Daemon]"InspectionType" = dword:00000001 |
• | For ActiveX, you can specify the inspection type using the CSI Plugin registry key: [HKEY_CURRENT_USER\Software\Secunia\CSI Plugin]"InspectionType" = dword:00000001 |
Session cookies have been made secure by adding HTML only and secure attributes (CSIL-8957).
A new script at /usr/local/Secunia/csi/install/ldappassword.sh is available to change the LDAP bind password (CSIL-8183).
The SVM agent has a new time-out mechanism that enables one to configure a time-out period for WUA searches. This option prevents the SVM agent from being stuck waiting for the WUA service to return with data. The default timeout is 30 minutes and is configurable via the -- wua-timeout option. A value of zero means the SVM agent will wait indefinitely for the WUA call to respond back (CSIL-9002).
Example: csia.exe –I –L – wua-timeout 5
To improve the efficiency of smart group compilation and to increase scalability, smart group logic has been enhanced to ensure that smart groups for inactive/expired accounts are not compiled (CSIL-8968).
Note • By default, smart groups are automatically added to the compilation queue when a user logs in.
For better debugging and to ensure reports emails are sent to the correct email list, more logging data is available in log files when the debug level is set too high (CSIL-8987).
Software Vulnerability Manager 2019 R1 (On-Premises Edition) has resolved the following issues:
• | Resolved user deletion issue |
• | Resolved handling of special characters in database password |
• | Resolved database cleanup functionality |
• | Resolved saving of SMS setting in Smart Group Notification |
• | Resolved display of Users with restricted permission |
• | Removed trailing spaces from Blacklist/Whitelist path when saving |
• | Resolved display of Nordic characters in data export |
• | Resolved handling of space in domain name for Mac agents |
Users created after the Software Vulnerability Manager 2018 R5 upgrade could not be deleted due to missing the root_account_id in the accounts table. This issue has been resolved. Support will provide an “updated” SQL for those customers with existing issues (CSIL-8959).
Before this release, database passwords with special characters like “%” were not supported (CSIL-9056).
The cleanup rule was not deleting very old hosts. This issue has been resolved (CSIL-8814).
Even though the Short Message Service (SMS) setting was saved properly in the database, it did not display correctly on the web page, and it always showed the checkbox for default recipients as checked. This issue has been resolved (CSIL-8808).
Restricted Users were being displayed as Read only in the User management module. This issue has been resolved (CSIL-884).
Trailing spaces entered by users while saving Blacklist/Whitelist paths led to agents ignoring these paths as they could not match the actual paths on the host machines. This issue has been resolved by ensuring that trailing spaces are removed before saving the data to the database (CSIL-9008).
Nordic characters were not properly displayed in CSV files. This issue has been resolved (CSIL-8900).
Mac agents could not post scan data to servers if the host domain names contained spaces. In such cases, the agent reported “400=>Http/1.1 400 Bad Request”. This issue has been resolved (CSIL-9051).
Have a suggestion for how we can improve this product? Please come share direct feedback with the product team and vote on ideas submitted by other users in our online community at https://flexeracommunity.force.com/customer/ideas/ideaList.apexp.
To use the Software Vulnerability Manager 2019 console, your system should meet the following requirements:
• | Minimum resolution: 1280x1024 |
• | Internet Explorer 11 or higher (Scan results can also be viewed from other browsers) |
• | Internet connection capable of connecting to http(s)://csi_server_name/. |
• | The http(s)://csi_server_name/ should be white-listed in the Firewall/Proxy configuration |
• | First-Party cookie settings at least to Prompt (in Internet Explorer) |
• | Allow session cookies |
• | A PDF reader |
Copyright Notice
Copyright © 2019 Flexera.
This publication contains proprietary and confidential information and creative works owned by Flexera and its licensors, if any. Any use, copying, publication, distribution, display, modification, or transmission of such publication in whole or in part in any form or by any means without the prior express written permission of Flexera is strictly prohibited. Except where expressly provided by Flexera in writing, possession of this publication shall not be construed to confer any license or rights under any Flexera intellectual property rights, whether by estoppel, implication, or otherwise.
All copies of the technology and related information, if allowed by Flexera, must display this notice of copyright and ownership in full.
Intellectual Property
For a list of trademarks and patents that are owned by Flexera, see https://www.flexera.com/producer/company/about/intellectual-property/. All other brand and product names mentioned in Flexera products, product documentation, and marketing materials are the trademarks and registered trademarks of their respective owners.
Restricted Rights Legend
The Software is commercial computer software. If the user or licensee of the Software is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Software, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Software was developed fully at private expense. All other use is prohibited.