10.8.1 Release Notes

October 8th, 2020:

Enhancements

Enhancements available with the 10.8.1 release of Verify Privilege Manager. Enhancements are for both versions, On-premises and Cloud, unless otherwise outlined under a specific On-prem or Cloud subtopic.

• Improved the way we treat cookies as they pertain to IIS header limits (see https://docs.microsoft.com/en-us/troubleshoot/iis/http-bad-request-response-kerberos) in user group memberships to avoid potential error conditions.

• Group Member Based Approvals for offline support via Endpoint Group Member Approval Action.

  • Updates to the ServiceNow Integration Setup for supervisor roles based on group membership for ServiceNow integrations.
• Mobile and manual approvals now appear in the approval list in the Verify Privilege Manager Console under Tools | Manage Approvals.
• Improved agent based Directory Services import for added computers.
• Improved applicable Application Control Configuration policy calculation to honor priority settings.

Cloud

• Verify Privilege Manager now inventories domain users (full username, i.e. domain\username with SID) and groups in the Local Security Group Policy. Resource resolvers can use either to resolve to the unique resource for:

  • User Context Filter fields
  • GMA Action fields
  • Approval metadata reported during approval requests.

Bug Fixes

• The macOS agent can experience high memory utilization during File Inventory.
• 10.8.0 agent causes high CPU utilization.
• Unnecessary Change History records in DB that cause performance issues.
• Merge duplicate SID resources fails after on-prem AD sync.
• Changes to Syslog tasks can't be saved.
• XML entities in requests to ServiceNow would cause the request to fail.
• Database string reconfiguration does not work for integrated authentication.
• Promoting Windows domains to AD domains fails if the AD domain isn't available.
• The Application Justification Report by default shows all justification events for all computers instead of just events for the selected computer.
• Agent versions 10.4 and 10.5 cause error condition "Failed to resolve user SID" during approval workflow.
• RegEx syntax rules are broken when targeting secondary file filter information.
• When upgrading from 10.5 (and potentially other prior Verify Privilege Manager versions), you may encounter an Item Not Found exception when first navigating to the console.
• Endpoints on Virtual Machines do not show local users associated with resources.
• In IE11 the dates in the agent log calendar view are rendered in the same color as the background and only readable when selected.
• When setting the Monitor Resource switch to active on a computer resource, an error is thrown.
• Custom Range in Console Log Viewer Only Displays Last Hour of Logs.
• The File Scan Results File Filter (Policy) shows the wrong description and references computers instead of a specific policy.
• Issue with using various VirusTotal and Cylance filters in different policies.
• In the Resource viewer the justification activity shows all justification events in the default "Application Justification Report".
• When setting the Monitor Resource switch to active on a computer resource, an error is thrown.
• Missing policy reports not working for all agents.
• After Upgrading to 10.8.0 AD Sync fails to run with "TypeError: Cannot read property 'Trigger' of null\n at active_directory".

Cloud

• Windows domain not promoted to AD domain after on-premises agent import.
• Sign out now working correctly.

macOS

• Scheduled commands are run later than their scheduled time due to the last run time timezone offset.
• Drag-n-drop app bundle from non-DMG can result in dialog asking for credentials.
• macOS Agent SecurityRatingFilterContract logic is inverted for the Failure and Timeout result.
• Predefined five XML entities in a policy name causes an exception when creating a ServiceNow approval request.

Known Issues

• Upgrading to Verify Privilege Manager 10.8 causes a task to run to merge computer groups and remove unused system computer groups. This primarily affects the Application Control policies that are using resource targets/computer groups named All Windows Computers with Application Control Agent Installed. With 10.8, those policies will use the Windows Computers computer group and macOS will use macOS Computers.

  If you want to prevent this automatic merge, modify the XML of this item:

  PrivilegeManager/#/item/xml/b2e02684-d154-48ca-9987-12b1759df822

  Add on line 2 <adc:Attributes>NoModify</adc:Attributes>.

• Offline upgrades on multiple servers will need to be done manually.

• With an approval policy targeting a PowerShell script (.ps1 file) via secondary file filter, the Approval Notice pop-up causes a critical error alert when accessing the .ps1 file via right-click Edit menu option.

macOS Specific

• On endpoints using OneDrive, GoogleDrive, DropBox, or similar extensions, the endpoint will take about 2 min to correctly initialize the Finder Extension functionality after enabling the extension or after the upgrade to 10.8 with an enabled extension.