Prevx 3.0 Enterprise Software Releases

Prevx Enterprise Patch 1.6.4.95

This is a maintenance Patch for Prevx Enterprise Service Pack 6

This patch fixes minor issues and includes minor improvements

NEW: A new policy options has been introduced which allows hiding the endpoint's authentication dialog.
NEW: New policy options have been introduced which allow the configuration of heuristic settings.
NEW: The indexing of the server's local storage has been redesgined, now supporting cloned machines without the need of ReSID'ing.
NEW: Scan log caching" has been introduced which allows the server to cache the entire last scan log of each endpoint and can be reviewed by the administrator.
NEW: New "Advanced Agent Services" have been introduced allowing the admin to centrally view extended system information, list of active processes and user, installed services and software products etc.
NEW: Overrides can now be added as a manually entered PX5.
NEW: New full-text search across the entire client database has been introduced for extended research.
UPDATE: Minor redesigns of the Userinterface and wordings.
UPDATE: All components are now signed
UPDATE: Bug fixed where the policy remediation option "Cleanup" was disabled if the product was purchased without "EDGE"
UPDATE: Bug fixed within the lowlevel protocol checksum calculation algorithm
UPDATE: Performance improvements

Prevx 3.0 Enterprise - Service Pack 6

We are pleased to announce the release of Prevx Enterprise Service Pack 6.
This Service Pack focuses on the scalability improvements, new management features , stronger endpoint protection and remediation capabilities as well customer requested functionality and bug fixes.

NEW: SQL Sync A new SQL synchronization process has been introduced which allows the storage of all server operational and endpoint/infection related data into a single SQL database. This allows customer to build their own report- and search portals based on their in-house Prevx Enterprise data. The SQL sync also allows multiple enterprise servers to reports into the same SQL server.
NEW: Server Migration A new policydriven feature has been implemented allowing the administrator to remotely migrate one or more endpoints to a new primary enterprise server
NEW: Consolidated Server The TCPIP server and Enterprise server have been merged into a single service, increasing performance and reducing resource footprint.
NEW: Auto-Sense Configuration Critical scalability parameters on the enterprise server are now automatically tweaked by the software based on the capabilities of the underlying hardware.
NEW: IOCP Model The TCPIP Layer of the server now uses the Microsoft IO Completion Port API to take full advantage of this asynchronous IO model, allowing faster response times and higher server throughput and better handling of very high server contention scenarios - at lower resource costs.
NEW: Dynamic Thread Pooling The server's thread pooling has been rewritten to be dynamic, using less resources at times of low-contention but scales automatically once needed.
NEW: Unified logging Only one logfile is now created by the server service. Automatic Log rollover at 100MB in size.
NEW: "Client Config" Panel administration utilities New context menu options to ICMP Ping, Explore and Open Remote Desktop session have been added to aid centralized management and troubleshooting
NEW: "Infection History" Report A new report has been added allowing the collection of infection information not only of current infections but also of past infections over a configurable period of time
NEW: "Inventory" Report A new export functionality has been added - the "Inventory" report - which allows the export of all endpoint related server data to a CSV file which can be imported into other programs for monitoring and/or reporting purposes.
NEW: Audit Logging Audit Logging has been implemented, essentially logging all events related to server operations and endpoint comunications (Poll, Scans, RTQs and infections) into an audit file which can be used for integration into log collection systems such as Splunk or SysLog. The audit log file boasts a consistent, human-readable and easy to parse format. The audit log rolls over automatically at 100MB of size and can be enabled/disabled via the console.
NEW: Unknown Cache introduced A new volatile "Unknown cache" has been implemented, caching up to 10000 unknown lookups in memory, reducing the latency of unknown lookups on the enterprise server and therefore increases response times and throughput dramatically.
NEW: Command line aided report generation All reports can now be generated via the console command line parameters, allowing the scripting of reports.
NEW: Command line aided report generation All reports can now be generated via the console command line parameters, allowing the scripting of reports.
NEW: Find Computer A new "Find Computer" option has been introduced into the "Client Config" panel of the management console, helping with the handling of large deployments
NEW: Miscellaneous
  • - The "Client Config" panel now displays the amount of machines currently selected and currently displayed
  • - Group changes, Endpoint-Group belongings and policy changes can now be applied to the server without the need of restarting the server
  • - "Tip of the Day" framework has been added
  • - The Domain and Workgroup name is now collected and stored for each endpoint
  • - The columns to be displayed in the "Client Config" panel is now freely configurable
  • - Additional Tool buttons have been added to the "client config" panel in the console, allowing the copying, deletion, edition and creation of new policies
  • - Data in reports are now sorted
  • - New installer introduced handling the full automatic scripted SQL database creation and tweak of the TCPIP parameters on server platforms
  • - Latest CORE library deployed to improve communications between server and Prevx central database
  • - Server Support of Windows 2000 has been revived
  • - The 4th version of the endpoint->server protocol has been implemented, boasting streamlined and therefore smaller data packages and better compression
  • - updated certificate used for signing binaries
  • - Information about the current selected machines in the "Client config" panel can now be copied into the clipboard.
UPDATE: New graphics Minor graphic changes to the program interface
UPDATE: Remote Deployment Tool The remote deployment tool has been revised, allowing now optional targeted deployment to a specified list of hostnames without the need of full network discovery. Automatic batch rollouts are now supported as well. Multi-Selection is now supported to make install/updates/uninstalls easier. The Remote operating system version and architecture of each endpoint successfully discovered, is not displayed in the remote deployment tool to aid with targeted x86/x64 deployments.
UPDATE: Scan History Information Additional audit information have been added to the "Scan History" for the endpoint, now stating the type of action currently performed by an endpoint after an infection has been encountered - according to policy settings. The amount of files their determinations found during each scan have also been added.
Bugfixes:
  • - A bug has been fixed in the Client Config panel of the console which resulted in drawing the wrong icons in certain circumstances
  • - Bug fixed which could lead to a crash when suspending/shutting down the server under heavy load
  • - Improved handling and tolerance when handling License Lookup failures under heavy server contention
  • - A bug with the service handling (start/stop) routines has been fixed
  • - A stablity bug in the remote deployment wizard has been fixed
  • - Minor usablity issues fixed in the Enterprise QuickStart Wizard
  • - various Typos fixed across the console
  • - A critical bug has been fixed when handling and ignoring RTQ and Poll requests under certain circumstances
  • - Reports have been cleaned up, typos fixed, scale/axis graphics improved
  • - A critical bug has been addressed when handling signatures from 64 bit endpoints
  • - A medium critical bug has been fixed which caused the agent to scan twice after deployment
  • - Bug fixed where the hostname of an endpoint was not stored by the server if the license lookup failed
  • - Hostnames are now always displayed in upper case to ensure propper sorting
  • - Log lines of parts of the server bootstrap code weren't logged to file, this has now been fixed
  • - bug fixed in license key verification routines
  • - the "Change Password" option is now working as intended
  • - The order of "Yes/No" buttons in the confirmation dialog when deleting an endpoint, has been reversed
  • - FINISH button in the remote deployment tool is now enabled
  • - Bug fixed where the user can change rule parameters despite not having selected a rule (Server config panel)
  • - bug fixed in the license key loopkup routines



How to update

 This Service Pack is cumulative.
This release includes changes to both, the endpoint as well the enterprise server/console, therefore, all components need to be updated.
To upgrade any existing version, please follow these steps:

Updating the enterprise server and console:

- Navigate to the “Updates” Panel in the Enterprise Console and download the corresponding Enterprise Server installer
- Shutdown Prevx Enterprise and run the installer. The installer will automatically upgrade your server software
- Start the Enterprise Server again via the StartMenu

Update the enterprise endpoints:

- Navigate to the “Updates” Panel in the Enterprise Console and download the corresponding Enterprise Agent installer
- Download the agent installer with the architecture and language of your choice
- Configure the server hostname to be used within the installer
- Use the preferred deployment method of your choice such as SMS, Login Script, Network Script, Remote Deployment Tool or manual installation, to upgrade existing endpoints or perform fresh installations

Note for Service Pack 4 and 5 Users:

The new enterprise server is backward compatible with Server Pack 4 Endpoints, however, not all features will be available until endpoints are upgraded to latest version.

Note for users of Service Pack 1, 2 and 3:

This version of the enterprise server is no longer compatible with Service Pack 1, 2 and 3 Endpoints. Please upgrade all endpoints to latest version to ensure you can benefit from all improvements.

Changes in System Requirements

The same system requirements apply as outlined in Service Pack 5.




Prevx Enterprise Patch 1.5.3.3

This is a maintenance Patch for Prevx Enterprise Service Pack 5

This patch fixes minor issues and includes minor

UPDATE: A minor memory leak has been fixed in the Prevx Enterprise Server process.
UPDATE: Minor wording changes and typos corrected.
UPDATE: The application manifests have been reviewed and changed to enable the Prevx Enterprise Server to run on Windows7 and Windows Server 2008 with UAC enabled.
UPDATE: Minor Bug fixes in the MSI installer for the Prevx Enterprise Server.

Prevx 3.0 Enterprise - Service Pack 5 - Patch 1.5.2.235

UPDATE: This is a maintenance patch version 1.5.2.235

This patch fixes minor usability and wording issues in the Enterprise Server and Console.

This patch includes an updated endpoint version which adresses a potential problem causing the Windows Shell not to load under certain circumstances . This version also fixes a crash occuring at the endpoint when performing a manual shell-extension scan.

Prevx 3.0 Enterprise - Service Pack 5

We are pleased to announce the release of Prevx Enterprise Service Pack 5.
This Service Pack focuses on the implementation of server performance- and scalability improvements, new management features, stronger endpoint protection and remediation capabilities as well customer requested functionality and bug fixes.

NEW: New Report Engine A new report engine has been implemented, allowing the generation graphical status -, infection- and machine reports with great details about infection history, short- and long term server statistics as well an advisory section which will ensuring the Prevx Enterprise environment is running trouble-free.
NEW: Official 64Bit endpoint support The Prevx Enterprise Endpoints are now supported for 64 bit architectures. x86 and x64 endpoint installers can be downloaded via the "Updates" Panel in your Prevx Enterprise Console
NEW: Improved endpoint protection and remediation capabilities The cleanup and remediation capabilities of the Prevx Enterprise Endpoints have been greatly improved to be able to tacke the very latest Trojans, virii and rootkits.
NEW: Improved server scalability The Enterprise Server has been streamlined and communications enhanced further to improve scalability. This service pack of Prevx Enterprise will allow the deployment of 10.000 endpoints per server.
NEW: New Protection Modes Service Pack 5 implements 2 new protection modes which can be run on single machines or group of machines. These protection modes are for advanced users only and allow to the endpoints to operate in "Override Only" or "Whitelist Lockdown" mode. Please refer to the operators guide for more information.
NEW: Remote Endpoint Control The Enterprise Endpoint supports a new UDP-based control port, over which Scans and Polls can be triggered from the central Enterprise Server. (UDP Port 21001 must be enabled on firewalls for this feature to work)
NEW: Policy driven Endpoint appearance configuration New policy options have been introduced which allow selectively enabling shutdown menu, self-protection and Explorer context menu integration.
NEW: Endpoint MSI Configurator After downloading a MSI endpoint installer, the server hostname property can now be freely configured to be either hostname, DNS name or physical IP address .
UPDATE: Bugfixes Various bugs have been fixed across all components of the product.
UPDATE: Remote Deployment Wizard Updated The remote deployment wizard has been updated to make it more user-friendly and less error prone. The MSI installer will now also setup Windows Firewall exceptions automatically to ensure seemless deployment.
UPDATE: Improved QuickStart Wizard The QuickStart wizard has been refined and allows now the pre-configuration of the default security policy
UPDATE: Improved Alert Rule Editor The AlertRule editor has been enhanced for easier creations of parameterized text and contains now a preview section and a variable list. New variables such as %FILENAMES% are now available for maximum customization.



How to update

 This Service Pack is cumulative.
This release includes changes to both, the endpoint as well the enterprise server/console, therefore, all components need to be updated.
To upgrade any existing version, please follow these steps:

Updating the enterprise server and console:

- Navigate to the “Updates” Panel in the Enterprise Console and download the corresponding Enterprise Server installer
- Shutdown Prevx Enterprise and run the installer. The installer will automatically upgrade your server software
- Start the Enterprise Server again via the StartMenu

Update the enterprise endpoints:

- Navigate to the “Updates” Panel in the Enterprise Console and download the corresponding Enterprise Agent installer
- Download the agent installer with the architecture and language of your choice
- Configure the server hostname to be used within the installer
- Use the preferred deployment method of your choice such as SMS, Login-Script, NetworkScript, Remote Deployment Tool or manual installation, to upgrade existing endpoints or perform fresh installations

Note for Service Pack 4 Users:

The new enterprise server is backward compatible with Server Pack 4 Endpoints, however, not all features will be available until endpoints are upgraded to latest version.

Note for users of Service Pack 1, 2 and 3:

This version of the enterprise server is no longer compatible with ServicePack 1, 2 and 3 Endpoints. Please upgrade all endpoints to latest version to ensure you can benefit from all improvements.

Changes in System Requirements

Due to the new Endpoint Backchannel support, firewalls need to be configured to allow UDP communications on port 21001.




Prevx 3.0 Enterprise - Service Pack 4

Prevx 3.0 Enterprise Service Pack 4 is now available.

Prevx CSI-Enterprise has been rebranded to Prevx 3.0 Enterprise.

This service pack has significant functional and architectural changes in Prevx 3.0 Enterprise server as well the end-point agents.

IMPORTANT UPGRADE INFORMATION:
 Before you upgrade, please ensure that you follow these steps in this order:

1. Upgrade the Prevx 3.0 Enterprise console from the link located in the Update section in the console (1.4.2.92)
2. Download the new agent from the update section (3.0.1.56 Prevx 3.0 Agent)
3. Deploy the new agent via the “Remote deployment Tool” or any other MSI deployment method

NEW: Rebranding and new look & feel
NEW: Advanced end-point agent protection now with optional real-time protection
NEW: Server console architecture changed, boasting separate server and console applications with logon/authentication capablities
NEW: Infection and Scan history allows easy click-and-go override handling
NEW: Improved parallel processing via multiplexed queues for realtime and scan events
NEW: Policies options extended to support "Silent" agents
UPDATE: Status screen enhanced
UPDATE: Support is now entirely webbased
UPDATE: Streamlined communication between Agent and Serve console with massive performance improvements
UPDATE: Minor bugfixes across all components

CSI-E Update 1.3.2.2 R514

NEW: CSIE-Server: Multithreading enabled (max. 16 threads) for improved performance
NEW: CSIE-Server: Context sensitive help has been introduced across the application
NEW: CSIE-Server: Client configuration screen redesigned for enhanced useability and management for very large amount of agents introducing advanced Drag&Drop, extended multi-selection and filters
UPDATE: CSIE-Agent: New agent deployed with improved performance and stability
UPDATE: CSIE-Server: Bug fixed which prevented to run the CSIE server behind a proxy server
UPDATE: CSIE-Server: New core deployed improving load balancing and connection management
UPDATE: CSIE-Server: bug in the report preset's fixed
UPDATE: CSIE-Server: minor changes to the user interface to improve useability
UPDATE: CSIE-Server: minor bugfixes

CSI-E Service Pack 3 (1.3.1.234 R490) - Final

NEW: A new CSI-E agent has been introduced including great improvements in stability, compatibility, improved scanning and cleanup by raw file system parsing and vastly improved rootkit detection and cleanup.
NEW: The first version of the RDW (Remote Deployment Wizard) has been introduced as a stand-alone application which allows 'single-click' remote deployment of CSI-E agents across the network from one desktop.
NEW: A New communication interface between agent and server has been introduced which improves parsing reliability in order to minimize memory corruption issues and crashes.
NEW: Compression has been added to the communication layer between agent and console to minimize and speed up network traffic within the corporate network.
UPDATE: Performance improvements have been made all over the product code to ensure faster data throughput on the server side, improving performance in some areas by 60 per cent.
UPDATE: LDB-Data sanity checks have been introduced to improve server console stability.
NEW: Several Debug and troubleshooting options have been added such as LDB journaling, MDB-only mode and suppression of crash dumps.
NEW: A Server Watchdog has been introduced in conjunction with improved exception handling in order reduce potential memory corruption issues and the ability to automatically restart the server console on any unexpected termination - reducing the management overhead for the administrator even further.
NEW: All important product executables are now properly signed.
NEW: An option to query the determination of a particular PX5 has been introduced.
NEW: Filename support has been added which allows the system to track proper localized file and pathnames of each infections within all audit trails and reports.
NEW: Overrides and Agents can now be deleted permanently from the servers data cache.
NEW: A TimeToLive (TTL) value has been introduced, allowing the administrator to specify the maximum age of any PX5 determination locally cached before a re-lookup is forced.
UPDATE: improved memory management for graphics in the console on very large scale agent deployments.
UPDATE: Legacy code has been remove and cleaned up (Stats code).
UPDATE: LDB Batch processing added for improved performance and reduced locking contention.
UPDATE: TCPIP service is now dependant on the server console and will no longer function if the server console is not running.
UPDATE: Logging in the TCPIP service has been improved to uniquely identify each message to its origin machine (IP).
UPDATE: Numerous fixes to bugs discovered in previous versions.
ISSUE: Windows Vista Clients
There is only limited support for Microsoft Windows Vista client when deploying using hte Remote Deployment Tool. After deployment, the machine needs to be rebooted, while that is not neccessary for Agents on other Microsoft Operating Systems.
ISSUE: Vista UAC and Remote Deploment Wizard
Rollouts using the Remote Deployment Tools on Windows Vista clients with UAC turned on will fail. This is due to the new security policies enforced by Vista. UAC needs to be turned off the Remote Deployment Wizard is used for deployment.
ISSUE: Firewalls and Simple File Sharing in conjunction with Remote Deployment Wizard
Firewalls can block the remote deployment wizard and must be turned off. Windows Simple File Sharing needs to be turned off on the client machine if the Remote Deployment Wizard is used for deployment.

Other Support Information: