Foundstone 7.0 Patch 8 Release Notes

Transcription

1 Foundstone 7.0 Patch 8 Release Notes These release notes describe the changes and updates for Foundstone 7.0, patch 8. This application installs only the patch needed to update the Foundstone system. Foundstone Release Notes Fixed form authentication using a credential that includes the character "ñ". Fixed FSAssessment crash in the FASLModule. Fixed date format specification for the FSUpdate table SQL query. Fixed XCCDF Benchmark reports for STIG templates. Fixed stored procedure to not delete existing profiles when importing SCAP content. Enhanced performance of stored procedure used to retrieve asset data for the scan editor. Fixed stored procedure to correctly compute the exclusion list. Fixed date conversion error while updating the job state on a British-English SQL Server. Fixed the MVM Data Import task invoked by the MVM epo extension. Added host name to notifications for ticket events. Fixed the Vuln Set rule editor to hide the preview button until the editor has completed processing. Fixed the workgroup-delete operation to display an error when the delete fails. Fixed the role editor to allow the viewing of the complete organization tree. For McAfee Vulnerability Manager 7.0 Patch 8 Known Issues, refer to the KnowledgeBase article: Foundstone Release Notes Improved the way the Alerts page builds the Vulns lists. Added FASL output to CSV report (enabled by registry tweak). Fixed XCCDF Benchmark reports for STIG templates. Fixed Benchmark Rule results when large amounts of text are displayed. Fixed Passed Hosts in Compliance Pass/Fail section of PCI Reports. Fixed the maintenance task to report the number of deleted historical asset data while running. Fixed stored procedure to correctly snapshot the vuln set used by the scan configuration. Fixed the Alerts page to account for an empty section created when a vulnerability risk level is updated. Fixed the slider position when the configuration is viewed in read-only mode. Fixed sorting by organization name, previous navigation, and removed sorting on item count. Fixed the rendering of the Asset context menu when Quickscan is disabled. Fixed the Delete Asset operation to report the error when the asset cannot be deleted. Improved memory usage in the scan engine when reporting the scan results to the scan controller. Reduce the memory usage of the FSAssessment and FSScanCtrlSvc components when processing assessment results for Policy Auditor type scans.

2 Fixed the scan controller error "Failed to add engine [engine_guid] to engine map." when the engine GUID that is specified in the registry is in lower case. Fixed the scan engine error "Unable to send POST request. Failed to send POST body" when reporting results to the scan controller. Foundstone Release Notes Updated data probe to elicit response from UDP port 500. Fixed the stale engine delete operation in the scan controller and added more verbose logging for better diagnostics. Fixed premature timeouts in the watchdog timer for WMI scripts. Fixed the algorithm used to process the http response received after posting Assessment results to the scan controller. Fixed the algorithm used to process the http response received after posting Discovery results to the scan controller. Fixed sudo command processing when the command includes a pipe ( ) command delimiter. Updated the FASL engine to load the WinPcap drivers from the same folder as the core FASL engine component. Fixed handling of OS Category when epo OS Category is unknown. Fixed registration of Audit Request with no associated MVM assets. Fixed Report Server out-of-memory condition when generating very large Benchmark Summary page. Reports can now render multiple CVE entries contained in the updated VulnDatabase.xml. Fixed data service error when attempting to start a Quickscan that has been modified to use a named vuln set. Fixed log file path validation. Fixed FCServer crash due to invalid agent configuration data. Enhanced FCAgent connection logic. Fixed Portal script timeout while receiving very large reports. Fixed validation of special characters when creating user accounts. Fixed Portal memory issues while downloading large reports (less than 300MB zipped). Provide notification for changing configuration when changing Display By or Search By settings. Fixed Manage Assets so that QuickScan is not available when it is disabled in the config.ini file. Added support for Cyberark credentials. Fixed WebFSLModule processing for Windows 2008 targets. Foundstone Release Notes Fixed rules-based vuln sets to use the NVD CVSS scoring vector. Fixed the access rights for Scan Targets. Enhanced the performance of the operation that saves the scan-snapshot to avoid timeouts. Fixed encoding of User passwords. Added a warning dialog if the vulns selection has been changed but not saved. Added UTC suffix to times displayed in Enterprise Manager Reports page. Fixed scan engine to pause batches when they attempt to start outside of a scan window. Increased the number of attempts to recover a job on scan engine start. Fixed the start up sequence of the scan engine service. In the event of a failure, the service will not start up and an appropriate error messages will be logged. Fixed Notification time consistency (time now clearly displayed as UTC).

3 Fixed generation of invalid hyperlink for no vulnerability results. Fixed scroll bar on asset tree. Fixed handling of large recordset data to prevent out-of-memory condition. Added First and Last found columns to vulnerabilities.csv report. Fixed infinite loop during post-processing. Fixed hang condition in the FSDiscovery module when not all adapters can be initialized. Fixed hang condition during renegotiation for the TLS man in the middle attack check. Fixed memory corruption causing the FSDiscovery module to crash. Fixed result processor to use an increased timeout value for database operation retries. Added registry setting to adjust SMTP command receive timeout. Improved logging. Foundstone Release Notes Fixed Mac OSX reporting. Fixed blank lines in FCM Manage OS Fingerprints. Fixed issue selecting Full Access in the access permissions when using roles. Fixed updating Shell credentials to preserve root password. Fixed import of IP Pool and Exclusions using CIDR format. Fixed combining IP ranges during IP Pool edit. Fixed Enterprise Manager UI to clearly indicate reported Foundscore type. Fixed Global IP exclusions to prevent scanning excluded IPs from root organization scan. Fixed memory leak in continuous scan against shell targets. Fixed Enterprise Manager login error when SCAP scan is the "default view" on the Dashboard. Fixed FSScanEngineSvc memory usage when processing empty batches. Reduced scan controller memory usage while processing assessment results. Increased the number of retries for the fssavesnapshot database operation to 10. Fixed XML encoding of malformed URLs within an HTML page body. Fixed memory leak observed in JScript.dll when using the IE8 scripting engine. Fixed the exception generated by the ReadContentAsInt method when processing an empty discovery result set. Fixed intermittent FSScanEngineSvc service crash. Fix various modules to respond to the cancel request in a more timely manner. Discovery module enhancements: - Added probe for detection of and banner grabbing from UDP port 427 (SRVLOC). - Updated UDP port 5353 (mdns) probe. - Added check for EMC systems during Windows OS identification. Fixed small memory leak in the Shell Module. Added CVSS scoring to ticketing. Fixed report server 'Unknown error 0x800A0CC1' while loading the 'AssetsVulns' recordset. Fixed synchronization of Benchmarks during Policy Auditor Maintain Foundstone Audits. Sends set preference commands for NSM-enabled FCAgent only when needed. Fixed intermittent failure when communicating with NSM.

4 API server settings are now present for NSM-enabled clients. Foundstone Release Notes Added the ability to detect the Oracle Transparent Network Substrate (TNS) protocol running on non-standard ports. Create a new scan or edit an existing scan. On the Settings tab, click Services, then click Advanced Options. Make sure Detecting services running on non-standard ports is selected. Select tns under Available Services, then click >> to add it to Selected Services. Click Close. Under TCP Scanning, select Custom. Type the custom port number, separating the numbers with a space. Save your scan. Added Awaiting Resources to the Status column on the scan status page. This status appears when the engine has insufficient memory to run the scan. When scan engine resources become available, the scan will resume. Fixed NetBIOS name not being correctly recorded. Fixed WHAM module state transition during the pause command right after the module completes processing of the batch. Fixed OS identification conflict resolution. Updated the McAfee Community URL on the Portal login page. Fixed Report Server hang on encountering an Asset/OS mismatch. Fixed throttling to wait until the default number of threads is available when throttling back in low memory conditions. Fixed update of LastFoundDateTime column during asset reconciliation. Fixed scan completion notifications to list correct Scan Engine. Added SSL code to support checks such as CVE (TLS / SSL Man-In-The-Middle Renegotiation Vulnerability). Fixed scan start notification to be sent at the actual scan start time. Added additional logging in the Scan Controller to identify malformed XML documents. Fixed Scan Engine hang when batching hosts for assessment. Fixed IP Range import failure. Fixed Scan Configuration to correctly select Use Engine Time for all new scans. Fixed unexpected credentials set removal from Scan Configuration. Fixed unexpected log out from Asset Management. Fixed character escaping which caused CSV and XML reports to fail. Fixed trend.xml file growth due to redundant data. Fixed ticket verification error handling. Fixed IP search feature from Report Server. Fixed creation of LDAP Data Source. Fixed notification when Tickets are exported. Fixed Asset Filter to allow empty string for DNS name and NetBIOS name. Fixed issue with pasting text into scan description field of Scan Configuration. Foundstone Release Notes

5 Fixed the maintenance job delete operation to delete only inactive jobs. Fixed the scan status page to enable the Resume button for scans paused by user. Fixed the Enterprise Manager to correctly extract files from the generated report archive transferred by the Report Server. Fixed sort by asset owner on the Manage Assets page. Updated and improved content of Portal online help. Fixed the scan editor to use the correct Organization ID when validating IP addresses as they are added to the scan configuration. Fixed Discovery to perform RFC compliant banner grab. Fixed Discovery to allow certificates during shell target authentication. Added Actual and Expected columns to the compliancevulnerabilities.csv file of the generated report. Fixed Report Search to avoid filtering based on ticket assignment. Fixed OS mapping tables so that the Shell Module runs appropriate assessment scripts. Fixed usability issue with the Enter key in the Ticket Assignment page. Fixed ticket assignment on the Ticket Details page. Added NT_SERVICE_NULL value to Service policy Start and State options. Added FILE_PERM_NONE value to File Permission policy option. Added NONE value to Registry Key policy option. Fixed Scan Engine to preserve the user-modified logical engine name instead of reverting to the NETBIOS name of the engine. Fixed shell target authentication to gather the most secure key available. Fixed poor portal performance attributed to numerous unique Vulnerability Sets. Fixed Scan Engine performance when host names are configured in the scan. Fixed localization of PDF reports for supported languages. Fixed scan scheduling to account for scan configuration time zone. Fixed scan configuration Save for non-administrator users when using unnamed Vulnerability Sets. Fixed deletion of the previous unnamed Vulnerability Set when it is replaced by a new unnamed Vulnerability Set. Fixed WebFASL Module to run scripts against IP address when target DNS name is not available. Fixed SNMP trap for Close Ticket. Foundstone Release Notes Added registry tweak to control OVAL script timeout. Added legacy NetBiosComputer.connect functionality. Fixed target share enumeration loop during assessment. Fixed target network API enumeration cleanup. Added NetShareEnum workaround to avoid infinite Win32 API loop. Fixed scan engine crash when scan is configured with more than 32 DNS names in the exclusion list. Fixed timeout mismatch between scan engine and scan controller. Fixed FCServer to push a complete FASL script update package to an FCAgent that detects missing scripts. Fixed upgrade of the RMI version on FS-850 appliances to version Upload-validation certificates are also installed on the FS- 850 appliance to validate uploaded applications. Fixed erroneous 'Due Date' for remediation tickets updated by Non-Admin Users. Fixed missing fields 'Scan' and 'Criticality' in the ticket details.

6 Fixed the MVM license registration tool to correctly locate the license file. Improved scan engine selection for Quick Scans. Fixed erroneous report using authentication status as asset filters. Fixed the scan status page so that the scan details are displayed for all pending scans. Fixed the "Clear All Inactive" button on the scan status page to hide all canceled scans. Fixed scan configuration editor to allow epo tags as scan targets. Fixed scheduling issues for weekly scans. Fixed scheduling issues for scans affected by Foundstone 7.0 upgrade. Fixed sort by group name in Asset Management interface. Fixed input validation of role description when creating new role. Fixed IP import validation. Improved accuracy of Windows/Unix/Infrastructure Host Assessment report sections. Fixed log file retention to remove empty folders. Added FCM support for MVM2100 and MVM3100. Added Portal support for MVM2100 and MVM3100. Fixed erroneous report using authentication status as asset filters. Implemented Tweak to Omit Redundant Services data in Risk_data.xml Stopped generating the redundant VulnDatabase section for PDF report. Fixed PDF report section for PCI Vuln by severity.