This document is meant to be a guide of some good documents and links specific to Shavlik Protect version 9.1. This is not a comprehensive list of documents.
Installation & Configuration
- Download Site
- Protect 9.1 Installation Guide
- Protect 9.1 System Requirements
- Shavlik Protect Requirements Guide
- Firewall & Proxy Exception White-List
- Installing Prerequisite Software
- How to Activate Shavlik Protect
9.1.4334.0 New Features and Bug Fixes
Major New Features
- Localized Console Experience
- Shavlik Protect is now localized for the following languages: Chinese (Standard), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish.
- Localized SafeReboot
- The SafeReboot dialog has been localized to support the same language set as above. The language of the client machine’s operating system will determine which language is displayed. The SafeReboot dialog will default to English if the operating system language is not supported.
- Online Help
- Localized versions of the Help system are now available on the Web. The help text will be localized according to the language specified on the Display Options dialog. An Internet connection is required in order to access localized help text from the console. For environments that do not have direct Internet access, an English-only version of the Help system is still shipped with the product and is available locally on the console.
- IPv6 Support
- Shavlik Protect now supports IPv6. IPv4 is still the preferred IP scheme that will be displayed in the UI, so for environments that happen to have IPv6 turned on but are not utilizing it yet, the IPv4 address will be the default address shown for machines.
- Report Views
- In conjunction with this release, Shavlik is providing a Report Views Guide that describes how to use database views within SQL Server database queries to generate custom reports for Shavlik Protect. This also allows for third-party tools such as SQL Reporting Services, Crystal Reports, Splunk, and others to be used to create reports for Shavlik Protect.
- Localized Console Experience
- Minor New Features and Enhancements
- Improved Machine Resolution in FQDN and IP-only Environments
- For customers who have environments that require FQDN or IP to resolve machines, Shavlik has made significant improvements to our machine resolver so that Shavlik Protect will retain multiple resolution methods for each machine. FQDN, Hostname, and IP can all be attempted to ensure the machine is resolved correctly.
- Scan by Vendor Severity
- The patch scan templates and the assessment engine have been updated to include filters that enable you to scan by vendor severity. You can now scan specifically for Critical, Important, Moderate, Low, or Unassigned security or non-security patches.
- Deployment Workflow Enhancements
- The deployment workflow has been consolidated to reduce the many branches that existed in the deployment experience. When you perform a deployment now you will see the same level of detail as a scheduled deployment. The deployment results are also available for viewing after the deployment is complete.
- Machine-Level Status in Operations Monitor and in Deployment Tracker
- A machine-level status has been added to the deployment flows. This gives you better visibility into the current state of your deployments.
- Deployment Return Codes
- Deployment return codes are now available within Deployment Tracker and within the deployment reports. Making the return codes available within the Shavlik Protect UI eliminates the need to comb through target machine logs for the return codes.
- Active Directory (AD) Enhancements
- Shavlik Protect is now able to discover any Active Directory Forests and Domains that are broadcasting themselves to the console machine’s domain. In addition, you can now add additional Forests and Domains and save credentials for these items. This allows you to browse these items without having to reconnect each time.
- Improved Machine Resolution in FQDN and IP-only Environments
- Deprecated Features
Features That Have Been Removed in Shavlik Protect 9.1
- The following platforms are no longer supported for use as a console:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008 (prior to R2)
- Windows 8 (Windows 8.1 is supported)
- 32-bit architecture operating systems
- In response to Microsoft’s strategic direction and recent end-of-life announcements, Shavlik has removed support for the above platforms as a Shavlik Protect console. Shavlik Protect 9.0 is the last version to support these platforms as a Protect console. All of these platforms are still supported as agentless and agent-based targets.
To help ease the migration to newer platforms, Shavlik has developed a migration tool that will help administrators to transition a console from one machine to another. Microsoft has announced an end-of-life for Windows XP in April 2014 and for Windows Server 2003 in April 2016. We are recommending that customers on these platforms migrate to newer operating systems as soon as possible. Shavlik will not be supporting Windows 8 as a console due to an incompatibility issue with Powershell 4.0, which is a new prerequisite in Protect 9.1. Windows 8.1 support is being added with Protect 9.1.
- The following VMware ESX Hypervisors are no longer supported:
- ESX 4.0
- ESX 4.1 (ESXi 4.1 Hypervisors are still supported)
- Shavlik is removing support for hypervisor patching and offline VM, template, and snapshot features for these versions, as VMware is ending support for these platforms in 2014. Shavlik Protect 9.0 is the last version to support these versions.
- Export to TIF, TXT, and RTF formats
Shavlik has removed support for these formats as they are little used and provide little value to the majority of customers. Future versions of Shavlik Protect will still support export to PDF, XLS, TSV, CSV, and XML formats.
Features That are Targeted for Removal After Shavlik Protect 9.1
- Windows Server 2000 support for agentless scan and remediation will be removed after 9.1
- Shavlik is announcing that Protect 9.1 will be the last version to support Windows Server 2000 as an agentless target. Protect 9.1 will support this version of Windows until it reaches its end-of-life, which has not yet been announced.
- SQL Server 2005 support will be removed after Protect 9.1
Shavlik is announcing that Protect 9.1 will be the last version to support SQL Server 2005 (all editions). Customers should work towards moving to newer editions of SQL Server as soon as possible.
- User Criticality Filter will be removed after Protect 9.1
- With the introduction of the Vendor Severity filter, the User Criticality Filter’s primary function is now obsolete and will be removed in a later release. The feature has a high maintenance cost and low value for most customers.
- Resolved an issue where duplicate agent results could conflict, causing import to fail.
- Resolved an issue where duplicate agent results cause a loop on import, blocking up the import queue.
- Resolved an issue where custom patch could allow a .bat file to be used which would cause agents to fail deployment. The .bat extension has been pulled from the custom patch file options.
- Resolved an issue where LDAP over SSL connections would attempt to use the Shavlik Certificate. The Shavlik Certificate on upgrade will be moved into a custom store.
- Resolved an issue where the 'Is Policy Current' value for Threat Protection Agents could incorrectly show as No when they really are up to date.
- Updated the Help System to include descriptions for agent icons that were not documented.
- Updated the Help System with an outbound port 443 requirement for the Protect Cloud Sync feature.
- Resolved an issue where a result could not be imported if the service pack of the product could not be determined.
- Resolved an issue where attempts to delete a partial scan result could result in a console crash.
- Resolved an issue where an agent result missing the EndTime attribute would fail to import.
- Resolved an issue where the Patch Status Detail Report could end up with PatchBulletinTitle on multiple lines due to a carriage return.
- Updated the community link for data conversion errors on upgrade to point to the proper community article.
- Resolved an issue where the Executive Summary Report could reflect the Effectively Installed Patches count incorrectly.
- Resolved an issue where scan results could fail to import do to a 'Arithmetic overflow error' on the primary key in the ScanItems table.
- Updated the Administration Guide to place the 'What's New?' section in the correct location in the document.
- Resolved an issue where using the Microsoft Scheduler could cause scans to add five minutes to the specified scheduled time.
- Resolved an upgrade issue where an unassociated event subscription could cause the database upgrade to fail from 8.0.2 to 9.0.1182.
- Resolved an import issue where Agent Deployment Results could cause the importer to loop backing up the import queue.
- Resolved an issue where the console could crash when you start many scans simultaneously on a resource constrained machine.
- Changed from using MD5 hash to SHA1 in asset value normalization to be compliant on a FIPS enabled machine.
- Resolved an issue where HFCLI.exe was not using the Protect License Key, causing certain licensed features of HFCLI to not work.
- Resolved an issue where using the Browse Active Directory feature would not allow you to select a forest.
- Resolved an issue where the console service could crash on foreign key exceptions.
- Resolved an issue where the console service could crash when encountering an unknown service pack item type.
- Resolved an issue where 2003 R2 SP2 systems could reboot unexpectedly when upgrading the agent from 8.0.2 to 9.0.1106.
- Resolved an issue where an unnecessary horizontal scroll bar would appear in the Machine View.
- Resolved an issue where the console service could crash when it is unable to decrypt credentials.
Shavlik Protect 9.1.x