SiteProtector SP8.1 Update - README ===================================================================== Last modified: September 13, 2011 Copyright © 1994-2011 Internet Security Systems, Inc. All rights reserved worldwide. PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. ===================================================================== CONTENTS ===================================================================== - Description - Compatibility - Applying the Update - Getting the latest Documentation - Customer Support - Reporting product issues - Files included with The Update DESCRIPTION ===================================================================== This is a Cumulative SiteProtector Patch. Please see the list of issues covered below. Cumulative Patch -- 09/13/2011 ========================================= Issue ID 407567 --------------- When viewing the analysis view and the Auto Refresh option is enabled it is possible for the console to start consuming a large amount of memory over time depending on your console environment. This update allows SiteProtector to properly clean up the analysis view objects to prevent improper console memory increases. Cumulative Patch -- 08/01/2011 ========================================= Issue ID 407533 --------------- When deploying policies, a command window appears that allows you to pick targets, policies, and a schedule for the deployment. On some sites with a large number of agents, this window may take a long time to appear. This update allows SiteProtector to ignore processing of agent specific repositories when deploying policies at a group level, increasing performance of the deploy policy command window. Issue ID 407507 --------------- When editing the Security Events policy and using multiple nested repositories you may see an incorrect blocking configuration in the policy if a higher level repository has a different block setting than the lower level repository. This update allows SiteProtector to correctly display the lower level block setting from the lower level repository when editing a policy at a lower level repository. Cumulative Patch -- 05/24/2011 ========================================= Issue ID 407454 --------------- When using analysis reports from the reporting tab and choosing to save them as CSV files you may see numbered column names instead of the textual column names. This does not occur when using the data export to CSV via the Analysis tab. This update updates the code to populate the textual information for the templates to use, and updates the template to use this information. Note: You must apply the analysis.rptdesign file included in the patch or your reports will no longer function after applying this patch. Cumulative Patch -- 02/14/2011 ========================================= Issue ID 407305 --------------- When performing many console actions while attempting to deploy a policy to many agents with the Force Heartbeat option enabled, it may be possible to get a conflict in console actions. This will prevent further actions from occurring and will cause the application server to stop doing some actions until restarted. The user may see an error such as: "Multiple concurrent threads attempted to access a single broker." This update forces SiteProtector to handle the multiple actions to help prevent multiple accesses from different threads. Issue ID 407321 --------------- There has been a vulnerability discovered in the Deployment Manager where an attacker could use a cross-site scripting attack from the network that the Deployment Manager is on. This update contains the fix for this but needs to be applied in combination with Deployment Manager files. The Deployment Manager files will be released as a separate patch due to them not being applicable unless you have a currently installed Deployment Manager. All other items in this patch will work normally without these additional files. Cumulative Patch -- 11/08/2010 ========================================= Issue ID 407203 --------------- When using two factor authentication in SiteProtector is it possible for the console to stop refreshing data correctly if left idle for a long period of time. This is caused by an expired token requesting a re-login, which fails due to an improper initialization. This update allows SiteProtector to correctly process the login after the console has gone idle for a long period of time. This also allows the login dialog to properly redisplay after the idle period has expired. NOTE: Although the fixes in the cumulative patch are normally included in the next release version, this fix is an exception to that rule due to the release schedule. If you need this fix, another cumulative patch will be released after the core xpu that also includes this fix. This note is not applicable to the below fixes or patches after XPU 1.0. Cumulative Patch -- 09/27/2010 ========================================= Issue ID 407130 --------------- When applying xpu's on Chinese systems (Traditional), the text describing the XPU is not readable. This is a cosmetic issue that does not impede functionality. This problem occurs due to the Chinese systems' inability to display italicized characters. The italics have been removed. Cumulative Patch -- 09/02/2010 ========================================= Issue ID 407104 --------------- When migrating a locally managed Proventia M to a repository you may encounter problems with the Proventia M not accepting the SSL VPN policy after migration. The Proventia M will go into an Active with Errors state even though the policy will otherwise look normal in the Policy Editor. This occurs because temporary variables are left in the SSL VPN policy after migration and normally removed upon the next edit of the policy, but the Proventia M does not correctly parse these temporary variables if it receives the migrated policy before it is edited. This update allows SiteProtector to perform the migration without leaving the temporary variables in the policy so the Proventia M will stay active even if there are no additional edits to the policy. Note: If you are migrating Proventia Ms to repository, it is recommended to also get the "Migrate to Repository SSL VPN Portal Resources Fix", Patch ID 1366. Cumulative Patch -- 08/16/2010 ========================================= Issue ID 405821 --------------- When attempting to use the Event Collector Failover scripts provided with SiteProtector SP7 - 8.1, users may experience a race condition between the SensorController and the EC Failover Scripts. This will cause the sensors to not get the proper EC assignment and go "Offline". This patch removes the race condition and allows proper EC assignment. Cumulative Patch -- 08/11/2010 ========================================= Issue ID 407102 --------------- When viewing events in the SiteProtector analysis view on a console with the timezone option set differently from the system clock, the view's time filters may not work as expected. This fix allows SiteProtector to correctly filter time based on the timezone set in the options of the console. Note: this does not affect the behavior of changing timezones in the options while in use. If you change the timezone option after connecting the console, please reconnect the console to ensure the option change is able to propogate. Cumulative Patch -- 07/30/2010 ========================================= Issue ID 407072 --------------- On sites that contain Central Response rules that were manually created without specifying a vulnerability status, you may see responses trigger on rules they were not meant to trigger on. This fix allows SiteProtector to correctly treat Central Response rules with no vulnerability status specified as an "any" vulnerability status filter. NOTE: Because a new policy will need to be pushed out AFTER the fix is applied, be sure to delete CAPolicy.xml from the PF\ISS\SiteProtector\Application Server\temp\CentralResponseServer directory OR temporarily make a minor change to the Central Response policy to trigger an automatic policy push after you have applied the fix. ========================================= To resolve this, follow the steps to replace files in the APPLYING THE UPDATE section carefully. Be sure to read any notes on individual fixes. MD5 for the files included in this update: - 8bdd670f15fd299a94f0d0e251912b97 Console\SiteProtector.jar - d86bdcb08b90e9d2c00ca4b4938f60be Server\SiteProtector.jar - e3eec406edb6fb1a46d57a264667027c analysis.rptdesign Build Number: 2.8.1.247 COMPATIBILITY ===================================================================== This update is applicable only to: - SiteProtector 2.0 (SP8.1 XPU 1.0) NOTE: Do NOT apply this update to a SP8.1 XPU 0 system. You should apply the xpu first as it contains additional fixes. The version can be viewed in the console by looking at the SiteProtector Core component's version on the agent tab. APPLYING THE UPDATE ===================================================================== To apply the update: Step 0 - Verify you are applying this patch to a system on core version SP8.1 XPU 1.0. If not, you will need to apply the core XPU 1.0 first. The version can be viewed in the console by looking at the SiteProtector Core component's version on the agent tab. Step 1 - Close out all SiteProtector consoles. Step 2 - On the Application Server, stop the three SiteProtector services: SiteProtector Application Server Service SiteProtector Sensor Controller Service SiteProtector Web Server Step 2 - Put the SiteProtector.jar file from the Console directory in the patch in the following location on all Consoles. Be sure to backup the original files first. \Program Files\ISS\SiteProtector\Console\bin\ Step 3 - Put the SiteProtector.jar file from the Server directory in the patch in the following locations on the Application Server. Be sure to backup the original files first. \Program Files\ISS\SiteProtector\Application Server\bin\ \Program Files\ISS\SiteProtector\Application Server\deployed-apps\iss\SiteProtector.ear\lib\ Step 4 - Put the analysis.rptdesign file from the patch in the following location on the Application Server. Be sure to back up the original file first. \Program Files\ISS\SiteProtector\Application Server\config\reporttemplates\ Note: You must perform this step or your reports may no longer function. Step 5 - On the Application Server, start the three SiteProtector services back up: SiteProtector Application Server Service SiteProtector Sensor Controller Service SiteProtector Web Server Step 6 - If you are currently experiencing Central Responses triggering on rules they were not meant to trigger on (Issue ID 407072) you will need to delete the following file to force a new policy push and ensure the Event Collectors get the fixed policy: \Program Files\ISS\SiteProtector\Application Server\temp\CentralResponseServer\CAPolicy.xml If you feel the need to remove the patch at a later date, the original files can be restored using the same process. GETTING THE LATEST DOCUMENTATION ===================================================================== For the latest SiteProtector Information: http://www.iss.net/support/documentation/docs.php?product=16&family=8 CONTACT IBM SUPPORT WORLDWIDE ===================================================================== Phone: Call IBM Support by selecting phone number from this location: http://www.ibm.com/planetwide/ When prompted for type of support, select option 2 for Software Support You will need to provide your IBM Customer Number (ICN). Electronically: Go to https://www.ibm.com/support/servicerequest and open a new Service Request. INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES ===================================================================== If you encounter a problem with this product, please make notes that are as detailed as possible about the following: - Component and Build versions - Specific failure symptoms or undesirable behavior This information helps us reproduce the problem and resolve it as quickly as possible. FILES INCLUDED ===================================================================== - Console\SiteProtector.jar - Server\SiteProtector.jar - analysis.rptdesign ===================================================================== =====================================================================