BeyondInsight Version History 6.3.1 to 6.8

BeyondInsight 6.8 Release Notes

December 7, 2018 Requirements:

• BeyondInsight requires Adobe Flash Player version 22.0+.

• This release is available for download by BeyondTrust customers at https://beyondtrustsecurity.force.com/customer/login and also through BeyondTrust BT Updater. o MD5 signature: 5fc9bad49c3eff303b89091696f9d4f9

o SHA-1 signature: 2b032052f86ab9c1ea73f87e9e8c02e0ed442cd5

o SHA-256 signature: df23e01276d38cc1457f2de3838bb1a42bb3205265a7a4a8a09247c4a444195e

New Features and Enhancements:

BeyondInsight

• Added permissions for the connector and scan Options.

• Added an email alert for failed credentials/keys for Azure and Amazon Web Services cloud connectors.

• Added an option to purge cloud assets.

• Added a configuration option to redirect users back to the single sign-on login page at log off or timeout.

• Added an option to append or to overwrite address groups with the content of the file being imported.

• Added an option to remove BeyondTrust social media links.

• Updated the Rackspace connector to support the latest API.

• Added a new format (comma-delimited) option for syslog event forwarding.

• Added new Password Safe events to all event forwarders.

• Added additional event field mappings for predefined CEF fields to the ArcSight connector.

• Added The multiselect filter support to the Asset grid.

• Added improvements to the McAfee DXL connector.

• Replaced configuration screens for API Registration, Address Groups, Credentials, and User Audits.

• Updated the Remedy connector to support complex field mappings.

• Improved keyboard control and navigation.

• Improved session timeout tracking.

• Moved multi-tenancy organization picker to the user profile.

Analytics and Reporting

• Added multi-line comment support in the email body via the subscription wizard.

• Added an Asset Name filter in the PowerBroker for Windows Event Details report.

• Assets without Vulnerabilities Report.

• Added vendor name as a multi-select and added software as a partial text match parameter for Vulnerabilities in the Business Unit, Vulnerabilities Delta by Month, and Vulnerabilities Delta by Day reports.

• Added vendor name to Vulnerabilities by Security report.

• Improved performance to the daily synchronization of PowerBroker for Windows data.

Password Safe

• Added ISA-based session support for Direct Connect SSH.

• Added remote applications support for Direct Connect.

• Added the ability to play sound on active RDP sessions.

• Added the ability to mask passwords in RDP sessions.

• Added cryptography options for SSH proxies.

• Added a limitation to allow only one Manage Assets using Password Safe action in a smart rule.

• Added a limitation to allow only one Manage Account Settings action in a smart rule.

• Removed the Unmanaged Session Notification option.

• Added auditing for all changes made under Global Settings.

• Added a /admin option for RDP sessions.

• Changed maximum password checkout duration to 365 days. • Added the ability to modify the Oracle database connection string.

• Added the ability to allow the F5 Xforwarded header to be used in access policy validation.

• Added the Allow API Rotation Override option to access policies to prevent password rotation while using the password cache.

• Added UPN support for Direct Connect.

• Improved error messaging for RDP sessions not able to connect.

• Disabled the ability to replay RDP sessions recorded prior to BeyondInsight version 5.5.

• Please see the API release notes.

Issues Resolved:

• Resolved a reporting issue with the Password and Session Activity report.

• Resolved an issue with launching PowerBroker Password Safe sessions.

• Resolved a display issue for RDP sessions in Password Safe.

• Resolved an issue with editing smart rules.

• Resolved an issue with delivering Analytics and Reporting reports to a share.

• Resolved an issue with opening RDP sessions with the RoyalTS client.

• Resolved a session management issue with applications requiring UAC prompts.

• Resolved a password change issue for PowerBroker for Windows clients.

• Resolved a password cache issue.

• Resolved an issue with Audit Syncit updates.

• Resolved an issue with displaying WSUS patches.

• Resolved an issue with user IDs being unable to access BeyondInsight.

• Resolved an issue with the Password Safe email agent.

• Resolved an issue with displaying incorrect scanner statuses.

• Resolved an issue with displaying duplicate job information.

• Resolved an issue with loading the BeyondInsight console.

• Resolved an issue with the Assets report counts.

• Resolved password cache issues.

• Resolved an issue with generating the Hardware report.

• Resolved an issue with disabling debug logging.

• Resolved an issue with using the Azure connector.

• Resolved a login issue when using a managed bind account.

• Resolved a filter issue on the PowerBroker for Windows Events grid.

• Resolved an issue with loading cloud assets on the Asset grid.

• Resolved an issue with the Benchmark Compliance report.

• Resolved a test password issue with PowerBroker Windows accounts.

• Resolved an issue with displaying EPP data.

• Resolved an issue with using the SecureCRT SSH for Direct Connect.

• Resolved an issue with ordering scans to run SNMP OS detection.

• Resolved an issue with missing PowerBroker Windows events.

• Resolved a spelling mistake.

• Resolved an issue with display data on the Jobs grid.

• Resolved a sync issue with managed PowerBroker Windows accounts.

• Resolved an issue with processing smart rules.

• Resolved an issue with changing passwords for managed PowerBroker Windows accounts.

• Resolved an issue with displaying vulnerabilities.

• Resolved an issue with Retina’s host scanner detection.

• Resolved an issue with the Enable PasswordSafe smart rule action.

• Resolved a performance issue with analytics and reporting.

• Resolved an issue with changing passwords for Oracle managed accounts.

• Resolved an issue with displaying passwords.

• Resolved an issue with UPN logins.

• Resolved an issue with cloning directory queries.

• Resolved an issue with displaying users under Asset Details.

• Resolved an issue with displaying assets in the 169. range.

• Resolved an issue with PSRUN.

• Resolved an issue with missing reports. • Resolved an issue with managed account caching.

• Resolved an issue with LDAP validation.

• Resolved an issue with login authentication.

• Resolved an issue with error messaging for failed usernames and passwords.

• Resolved an error handling issue with Anti-CSRF token validation.

Issues Resolved from Previous Releases:

6.6.2

• Resolved an SSH connection error.

6.6.1

• Resolved an operational issue with BeyondInsight.

6.6.0

• Resolved an issue with terminating and closing active Password Safe RDP sessions.

• Resolved an issue with moving Password Safe RDP sessions to a separate monitor.

• Resolved an issue with Password Safe SSH Direct Connect replays.

• Resolved an issue with Password Safe RDP sessions that have RDP Security enabled.

• Resolved a multi-plexing issue with Password Safe SSH sessions.

• Resolved an issue with displaying nonactive sessions as active sessions.

• Resolved an issue with creating managed systems for inactive platforms.

• Resolved an issue with scheduled password changes for Active Directory accounts.

• Resolved an issue with displaying linked accounts on the Password Safe portal.

• Resolved an issue with functional accounts for work groups.

• Resolved mapping issues for dedicated accounts.

• Resolved an issue with changing the password on a checkpoint system.

• Resolved a session monitoring masking issue.

• Resolved a formatting issue for NTLM authentication.

• Resolved an issue with a missing approve quick link.

• Resolved an issue with updates to functional accounts.

• Resolved an issue with changing passwords for Windows Scheduled Tasks.

• Resolved an issue with testing password changes on custom platforms.

• Resolved an issue with the password cache.

• Resolved several issues with the SailPoint connector.

• Resolved an issue using Entrust two-factor authentication.

• Resolved an ADFS login issue.

• Modified messaging around password failures on custom platforms.

• Resolved an issue with deleting applications.

• Resolved an issue with SAML logins.

• Resolved an issue with syncing account passwords for PowerBroker for Windows.

• Resolved an issue launching multiple application sessions using the same managed account.

• Resolved an issue with changing passwords on Windows systems.

• Resolved an issue with using RoyalITS for launching Password Safe sessions.

• Resolved a ServiceNow state validation issue.

• Resolved an issue with smart rule processing.

• Resolved an issue with configuring a preferred domain controller.

• Resolved an issue with updating scheduled jobs.

• Resolved an issue with enumerating Oracle users.

• Resolved a duplicate asset issue.

• Resolved an issue with target lists for scheduled scans.

• Resolved an issue with scheduling scans.

• Resolved a login issue using HSM.

• Resolved an issue with creating custom audit groups.

• Resolved an issue with updating the operating system of an asset.

• Resolved an issue with enumerating the operating system of an asset.

• Resolved an issue with enumerating user accounts.

• Resolved a display issue on the Member of Group tab for an asset. • Resolved a display issue of asset IP addresses.

• Resolved a BeyondInsight database configuration issue.

• Resolved an issue with CPU usage.

• Resolved a data issue with the software report.

• Resolved an issue with removing a database instance from an asset.

• Resolved an issue with displaying WSUS patches.

• Resolved a purging issue.

• Resolved a display issue for address groups.

• Resolved a display issue in the Jobs grid.

• Resolved a login issue for multi-tenant environments.

• Resolved an issue with processing large ServiceNow imports.

• Resolved an issue with PowerBroker for Windows normalization.

6.4.8

• Enforced global authentication for AMF remoting services in order to enhance security around AMF requests.

• Ensured binary files are digitally signed.

6.4.7

• Resolved an issue with the Analytics and Reporting daily job.

• Resolved an issue with two-factor authentication using the API.

6.4.6

• Resolved a logging issue.

• Resolved a functional account, multi-tenancy issue

• Resolved an issue with asset metadata.

• Resolved an issue with faded text in reports.

• Resolved an issue with Active Directory query availability.

• Resolved an issue with the date picker for subscriptions.

• Resolved an access issue for administrators.

• Resolved an issue with the built-in platform for Fortinet.

• Resolved a licensing issue.

• Resolved a data issue with the Vulnerability report.

• Resolved an issue with the web console app pool.

• Resolved an SSRS email notification issue.

• Resolved an issue with changing passwords from the Managed Accounts grid.

• Resolved an issue with RDP sessions freezing and disconnecting.

• Resolved an audit issue.

• Resolved a performance issue with the PowerBroker for Windows Rollup grid.

• Resolved an issue with dedicated account smart rules.

• Resolved a Radius authentication issue.

• Resolved a PowerBroker for Windows session monitoring display issue.

• Resolved an issue with displaying applications within the Password Safe portal.

• Resolved an issue with the daily synchronization.

• Resolved a Users and Groups permission issue.

6.4.4

• Prevent organizations from using reserved names (Global, Everyone).

• Resolved a connection issue for an Oracle Database instance.

• Resolved an issue with failed scans.

• Resolved an issue with managed Retina credentials.

• Resolved vulnerability last found/last updated dates displaying in local time.

• Resolved an issue with loading Active Directory users for a given group.

• Resolved an issue with displaying incorrect Domain data.

• Resolved an issue with updating the Retina Host Security Scanner queue.

• Resolved an issue with displaying assets for VMWare cloud connector.

• Resolved an issue with the BeyondInsight website getting stuck initializing.

• Resolved a login issue when FIPS is enabled in BeyondInsight.

• Resolved an issue with scheduled tasks disappearing from the Asset grid.

• Resolved an issue with smart rules reverting to a previously saved version.

• Resolved an issue with updating Active Directory group changes.

• Resolved an issue with displaying non-versioned information in the Version field. • Resolved an out of memory issue for Class A network scans.

• Resolved a display issue for disabled user accounts.

• Resolved an issue with deleted assets incorrectly displaying under the Scan Job Information section.

• Resolved an issue with incorrect IP addresses.

• Resolved a smart rule count issue.

• Resolved a display issue with custom smart rules.

• Resolved an issue with displaying long smart rule name.

• Resolved an RTD import issue.

• Resolved an issue with audit upgrades.

• Resolved an excess CPU usage issue.

• Resolved an issue with vulnerabilities getting auto marked as resolved in BeyondInsight with the auto aging logic.

• Resolved a timeout issue for long running Analytics and Reporting reports.

• Resolved an issue with vulnerabilities not being associated with an asset.

• Resolved an issue with applying WSUS-approved patches.

• Resolved an issue with deleting PowerBroker for Windows user policies.

• Resolved an issue with moving policies between policy groups under the Protection Policies section.

• Resolved an issue with PowerBroker SOLR searches.

• Resolved an issue with unknown PowerBroker for Windows events displaying in custom reports.

• Resolved a display issue for the PowerBroker for Windows/PowerBroker for Mac Rollup and All grids.

• Resolved a sorting issue with the PowerBroker for Windows grid.

• Resolved an issue with inserting event data in bulk.

• Resolved an issue with the PowerBroker for Password Safe import scan template displaying multiple values for changed attributes.

• Resolved an issue where PBSMD consumes excess CPU.

• Resolved an issue with trying to delete Cloud assets.

• Resolved an issue with using ALT characters in a password.

• Resolved an issue with the Password and Session Activity report incorrectly reporting RDP requests.

• Resolved a default port issue for the smart rule action Manage Assets using Password Safe.

• Resolved an issue with removing deleted assets from the Favorite tab of the PowerBroker Password Safe portal.

• Resolved an issue with password change options for scheduled tasks.

• Resolved an issue that could potentially lead to passwords getting out of sync with managed systems.

• Resolved an issue where Direct Connect SSH failed for users due to a timeout in authentication.

• Resolved an issue with password changes on Active Directory, functional accounts under the Auto Management section.

• Resolved a CA Service Desk connector issue.

• Resolved an issue with RDP outputs displaying a dark screen.

• Resolved an issue with changing passwords for Oracle accounts.

• Resolved an issue with inactive smart rules.

• Resolved a keyboard language issue with RDP Direct Connect.

• Resolved an issue with launching an application session.

• Resolved an issue with application sessions connecting using DNS.

• Resolved a permission issue with a member belonging to multiple groups.

• Resolved a mouse lag issue with enhanced session monitoring.

• Resolved an issue with removing a policy user.

• Resolved an input issue on the Admin Session tab of the PowerBroker Password Safe portal.

• Resolved an issue with managing MYSQL accounts.

• Resolved a Telnet logon issue.

• Resolved a display issue for remote applications.

• Resolved a smart rules processing issue.

• Resolved a concurrency error for password changes.

• Resolved an issue preventing custom platforms from working properly when connecting to systems on non-standard SSH ports.

• Resolved an issue with changing passwords for Active Directory managed accounts that do not have an SID.

• Resolved a date format issue for connection profile alert emails.

• Resolved an issue with sending email release notifications.

• Resolved an issue with launching RDP sessions via PowerBroker for Password Safe when PowerBroker for Password Safe has FIPS enabled. • Resolved an issue with changing passwords on Linux machines.

• Resolved an issue with deleted managed accounts.

• Resolved an issue with scheduled password changes when using PowerBroker for Windows agents.

• Resolved an issue with password checkouts using PowerBroker for Windows agents.

6.3.1

• Resolved a performance issue with the Vulnerabilities grid.

• Resolved a duplication issue with Active Directory users.

• Resolved a deadlock issue when processing scan data.

• Resolved an audit group setting issue.

• Resolved a sorting issue with assigned policies.

• Resolved a duplicate asset issue generated from PBEPP 8.1 data.

• Resolved an issue with purging stale email records.

• Resolved an issue with scheduled tasks.

• Resolved an issue with TempDB usage.

• Resolved a purging issue.

• Resolved an issue with loading domain-linked accounts for Password Safe.

• Resolved an issue with the domain-joined single sign-on login page.

• Resolved a custom platforms issue for functional accounts with elevated privileges.

• Resolved a mapping issue with dedicated accounts.

• Resolved an issue with the auto-management failing on Active Directory functional accounts.

Known Issues:

• For Analytics and Reporting, entitlement by group is not showing the correct account counts.

• The Audit Group screen allows you to edit a smart rule-driven audit group, but the Update action and other buttons are intentionally disabled. However, if changes are made and another audit group is clicked, the system offers to save the changes, and saving the changes overwrites the audits picked by the smart rule.

• If running against stored data and an earlier report is selected, reports run against live data with changes to exclusions will not display. The history of the exclusions is not being stored and will always show the latest regardless of what is reported on for existing data report selections.

• Data cannot be processed in the Third Party Feed handler log for Japanese.

• When exported data exceeds the default character form field length in Remedy, the associated vulnerability or asset is not inserted into the Remedy AR System. The workaround is to increase the form field length in Remedy.

• When using the certificate installation MSI and uninstalling, the certificate is not removed. This is by design and only uninstalls the certificate deployer.

• When launching a Retina scan in BeyondInsight where host names are specified as targets, target host names that are not resolved by the scanner may report a job status of "Job Did Not Start” even if some of the targets were successfully scanned.

• Cloning a smart rule with a Patch action will succeed, but it also silently drops the patch action.

• Adding a second organization and removing it will leave an All Assets smart rule for Default Organization. Users can manually remove the rule.

• Users who have access to smart rules marked as inactive or do not have access to smart group actions for a specific organization are still shown the choice of that organization on the Smart Group browser. If the organization is selected, the browser appears empty, and the last accessible smart rule asset remains on the Asset grid.

• When editing the last remaining smart rule for an organization and marking that smart rule as inactive, the Assets page will continue to display assets for that organization.

• Due to a dependency in the local publishing portion of the WSUS API, it is required that all WSUS resources (servers and consoles) be at the same service pack level. If not, the following error may appear in the ThirdPartyPatchSvc.txt log file: System.InvalidOperationException: Publishing operation failed because the console and remote server versions do not match.

• If a scheduled job includes a report and the associated smart rule is changed to use a set scanner action with two or more scanners, each scanner will produce a report for the portion of the scan it handled.

• If you have a scan job configured for a smart rule that is set to Rule Level distribution and only one scanner is configured, you can set the scan job to have a report association. If you later add additional scanners to the smart rule, the job will work. However, separate reports will appear for each scanner and may contain incomplete data.

• When connecting to a WSUS server that already has third-party patches, the Community Edition will display these patches in addition to the free, supported patches.

• When choosing the option to modify the products and classifications for third-party patches, changes are made to all WSUS servers -not just the selected WSUS Server.

• If attempting to scan cloud assets with a scanner that does not support cloud scanning, cloud assets will be ignored.

• Scheduled, recurring Benchmark Compliance reports show historical data.

• If a user duplicates a report template and others have scheduled scans and reports for that report, the duplicated report template cannot be deleted.

• If WSUS and BeyondInisght are not installed on the C: drive, the Approved, Installed, and Required Patches reports fail to generate.

• When retrieving data from the WSUS server and the Patch View option is selected, smart groups containing several assets or patches may take a long time to render or may encounter a timeout error. In this situation, it may be better to use the Asset view and drill into the patches on the Asset level.

• When viewing reports in Internet Explorer with script debugging enabled, you may occasionally see the JavaScript error message 'this._docMapSplitter' is null or not an object. Despite the error message displaying, the report will work as expected.

• When using an IAVA license and running existing data with the Non-Vulnerable Audit Status selected, the report may fail and display an out of memory error.

• When a Ticket Report returns several tickets and the option to include assets and notes has been selected, an out of memory error may be received.

• When several report parameters are selected and several selections/re-selections are performed, parameters listed in grids may disappear. To restore missing parameters, click on the Clear Filter icon for that grid, or cancel the screen and re-enter.

• Email alerts for smart rules returning large asset counts may generate emails exceeding what the email server can actually send. If this occurs, the user is not made aware that the email did not send.

• Changes made to Scan Restrictions in the Scan Agent interface are not reflected in the BeyondInsight interface.

• If a protection agent is installed on the same asset as a scanning agent, the scan agent will be listed as the only scanner in the run on existing data report parameters. However, scans from both will still be selectable.

• If the scanning agent fails to complete a benchmark scan for an asset, no xccdf-output.xml is created, and no asset information is displayed in the report.

• For benchmark scans, large result files may not be transferred successfully from the scanner to BeyondInsight. However, the result files are still available on the scanner agent’s file system.

• When using Quick Scan Credentials for reports with job metrics, the Credential Description displays as a GUID.

• If a report returns more assets than the 256 allowed, the report may stay in the processing state.

• BeyondInsight may install on SQL servers not set to Latin Case Insensitive. However, this is not supported for BeyondInsight and may not work appropriately.

• NT Authority\System Accounts do not exist in SQL Server 2012. As a result, an invalid license message will appear when attempting to authenticate with an NT Authority\System.

• Scheduled Benchmark Compliance Reports display no data after upgrades. To display data, the report must be rescheduled.

• When WSUS is installed, suscomp.dll is defined globally and loaded in every application pool. The BeyondInsight application pool is only 32-bit and will result in the following error when the 64-bit suscomp.dll attempts to load. Windows Server 2012 is a 64bit only Operating System. Solutions are provided below. o Option 1 . Take IIS backup.

. Open IIS Manager.

. Click on server module node at the top of the left-hand tree. Choose Modules.

. Right-click on DynamicCompressionModule, then choose Unlock.

. Right-click on StaticCompressionModule, then choose Unlock.

. Open Default Web Site > Open Modules.

. Right-click on DynamicCompressionModules, then choose Remove.

. Right-click on StaticCompressionModule, then choose Remove.

. From an elevated or administrative command prompt, enter IISRESET.

o Option 2 . Install BeyondInsight and WSUS on separate 2012 servers.

• Updated permission changes to a logged in account will not be applied until the user is logged off.

• Trying to create a smart rule with the same name as one that already exists as a different type (Asset/Vulnerability/Account) will give the following error: This Smart Rule was not saved because an error occurred: Sequence contains no matching element.

• When clicking the Apply Patch Now button, a user may receive a generic error message in the BeyondInsight interface. The workaround is to use the Approve button, or right-click the menu option for patch selection.

• Unless new attributes are added to filters via the smart rule editor, newly-added attribute types are not available in existing smart rule attribute filters. • If the description of the PowerBroker policy is more than 1024 characters in length, Analytics and Reporting Process Daily Job will fail.

Password Safe

• HP iLO and iDRAC accounts cannot be discovered. The accounts must be manually added.

• Deprecated change password options still appear in smart rules containing the Managed Password Safe Accounts action. The change password options are Retrieve password, Allow SSH Connection, Allow RDP Connection, and Record session. These options have been migrated to password safe roles. However, they may still appear as an upgraded smart rule. Removing the Manage Password Safe Account action and re-adding it will rectify the display issue.

• When accounts are discovered and brought under automatic management via Password Safe smart rule actions and the use current password to change password option is enabled, the password will never change due to the absence of the initial password. It is recommended this option only be enabled in smart rules that are not using discovery options.

• When the Link domain accounts to managed systems smart rule action is enabled in a smart rule and contains the Active Directory query filter with the Discover Accounts option also enabled, the smart rule may remain in a processing state. It is recommended the Link domain accounts to managed systems action only be enabled in smart rules not utilizing the Discover Accounts option.

• SAP assets cannot be managed by smart rules. The asset can only be managed manually.

• During the installation or upgrade of some environments, the Sybase.Charset archive may fail to decompress. If using the Sysbase Platform for Password Safe management, the archive can be manually decompressed.

• Scanning with DSS Keys in Retina Network Security Scanner version 5.23 and 5.23.1 will fail as a result of a public key authentication issue in Retina Network Security Scanner.

• If a functional account is tied to a remote client asset in PowerBroker for Windows, the functional account password will not change.

• In SSHDirectConnect, you are not able to create sessions 1 minute and 59 seconds before the access schedule expires. The access policy must extend to the current time plus the default request duration.

• In SSHDirectConnect, the user can login from another location even when the access policy is set to restrict the user’s location.

• The use of non-incremental keys in DSA or RSA causes auto-managed key changes to fail.

• Ctrl+Action (Ctrl+C) is captured as ^C and is attached to the beginning of the next keystroke.

• Cloud systems cannot be deleted when the managed account is linked to a remote application. The workaround is to remove the link between the managed account and the remote application via the Managed Account Settings screen, then delete the cloud system.

• On occasion, proxy sessions will not fully release the request, and sessions remain active and viewable within active sessions. As a workaround, locate all pbsmd.exe *32 processes in the BeyondInsight server, and select End Process for each process. This removes the inactive sessions and removes the sessions from the Active Sessions grid.

• Deleted systems previously marked as favorites will display as a favorite until the system is removed from the Favorites section.

• The new smart rule action called Account Name Format drop-down is not available for existing smart rules. If the action is required, delete and re-add the smart rule action.

• Users attempting an RDP DirectConnect to Windows 7 servers are not able to connect.

Notes:

• None

Date of Release: 20 July 2018

Product Name: BeyondInsight

Updated Version: 6.6.2

Superseded Versions: 1.0.0-6.6.1

Table of Contents

1. Installation Prerequisite

2. What's New in This Release

3. Known Issues:

4. General Notes

5. Release Availability

6. Current and HistoricalIssues Resolved:

1. Installation/Upgrade Prerequisites

=======================================================================

If BeyondInsight is installed on the BeyondTrust Security Management Virtual Appliances UVMv20 that were shipped between June 2014 and October 2016(versions 1.2 - 1.5.9) that have NOT been updated to 2.2.4 or higher,

the following steps are required prior to installing BeyondInsight version 6.4.8 if upgrading from a version prior to 6.3.1:

1. RDP to UVMv20 (versions 1.2 - 1.5.9)

2. Start | Run | c:\oracle\uninstall.bat all myhome

3. Upgrade to 6.4.4

4. Reboot

Should you require the RDP code to access the UVMv20 (versions 1.2 - 1.5.9) and/or additional assistance please contact BeyondTrust Customer Support

2. What's New in 6.6.2

=======================================================================

GENERAL:

- Added a new configuration landing page with search capability

- Added PowerBroker Management Suite Web Console link for installations on UVMs

- Added the ability to select an organization to the user profile section for a multiple organization

- Added Asset Grid Improvements

- Added Vulnerability Tab Improvements

- Added Support Package creation improvements

- Added Asset Purge Improvements

- Added the ability to clone directory queries

- Added the ability to sort directory queries

- Additional details added to audit change alerts

- Added a Policy User Smart Rule filter for User Accounts

- Added PBW/PBMac policy assignment using new User Account based Policy Users

- Added a catch all Smart Group for assets not belonging to of any other Smart Groups

- Added the ability to customize information contained within the completed scans alert

- Added the ability for multiple organizations to use one scanner

- Added ability to export groups to SailPoint

- Added UI improvements to the User Groups

- Added UI improvements to the credentials screen

- Added Docker Container Image support

- Added a warning when the target list has changed due to changes made to a Smart Group for scheduled scans

- Changed REMEMConfig tool to allow special characters for passwords

- Changed the PCI report to meet the latest PCI requirements

- Added warning when user attempts to delete HSM credentials

- Added the ability to perform Scanner/Credential mapping for network scanners

- Added the ability to disable AD/LDAP/Local BI user login by user

- Restricted the scan job name text field to 58 characters

- Added the ability to create smart rule filter based on CVE information

- Added the ability to stop all scan jobs from the Jobs grid.

- Added the ability to scan multiple Oracle databases using a single Oracle credential

- PBUL/PBSUDO SOLR search improvements

- 3rd Party Asset import improvements

- Added auditing for login/logout events and changes to security settings for local users

- Added auditing for adding new AD users

- Added Radius login improvements

- Added support for Radius auto-failover

- Replaced Asset Kind with Asset Type in Smart Rule Asset Attribute.

- Deprecated The Smart Rule option "Make primary Policy"

ANALYTICS and REPORTING:

- Added the ability to save scheduled reports to a network share

- Added Entitlement by User report

- Added CVSSv3 score and CVSSv3 score range to Vulnerability and PCI Compliance reports

- Added the Database User Report

- Added Last Login Date column to Asset User Account List

- Added new columns and filters to the Extended Vulnerability Export report

- Added data and performance improvements to PowerBroker Password Safe reports

- Added PBW Heartbeat report

- Added Asset User Account Delta by Week report

- Added Asset User Account Delta by Day report

- Added PBW/PBMac Lateral Movement report

- Added Docker Host Summary report

- Added Docker Image Details report

- Added Docker image vulnerability report

- Added PowerBroker Password Safe user cluster data

PowerBroker Password Safe:

- Added localization to the Password Safe for portal for: German, French (Canada), French (France)

- Added the ability to replay of sessions from any node in an Active-Active cluster

- Added the ability to view and/or copy the password to the clipboard from the password retrieval page

- Added the ability to use the SYSDBA privilege for an Oracle Functional Account

- Added keystroke recording performance improvements

- Added "LANG=en_US;" to custom platforms

- Added "Set Attributes on each account" Smart Rule Action for Managed Accounts

- Added ‘Attribute Assigned’ Smart Rule filter for Managed Accounts

- Changed Session Monitoring Window Position to no longer default to center of the screen

- Added Active Directory Functional Account Test improvements using UPN account names

- Post Release password changes processing improvements

- Added auditing for changes to Managed Systems, Managed Accounts, Password Complexity rules

- Added support for Managed Account password test via the PBW Agent

- Added PBUL/PBRUN jump host support

- Added login security improvements

- API enhancements to support Dynamic Access Policy

- For API enhancements please see the API release notes

3. Known Issues:

=======================================================================

- If a user is using Firefox 55 or newer, they may encounter a black screen upon their first visit to one of the Flex pages within the BeyondInsight web application. It may not be apparent that there is any user action possible from this black screen.

Resolution - When encountering this black screen, the user must click on the black area to show the "Activate Adobe Flash" link, and click it to allow the content to show. This activation step only needs to be done the first time a user visits a Flex area within the BeyondInsight web application.

- If Event Server 4.1.0.0 is missing from Programs and Features after the a completed BeyondInsight 6.4.4 upgrade / install and re-boot, re-launch the "BeyondInsight_6.4.4.222.exe" installer, which will re-install Event Server as one of its first actions, after this, when the BeyondInsight Setup window appears with the options for "Repair" or "Remove", close the window instead (using the 'X' in the top right hand corner) and confirm that you want to close / cancel.

- PowerBroker for Windows - File Integrity Monitor events triggered by specific users always shown as system user or empty

- The audit group screen will allows editing a smart rule driven audit group but the "Update" and other buttons are disabled.

This is as intended; but if changes are made and then click on another audit group it will offer to save the changes, saving them will work and overwrite the audits picked by the smart rule.

- Reports run against live data with changes to exclusions will not show if running against stored data and selecting a earlier/specific report.

The history of the exclusions is not being stored and will always show the latest regardless of report on existing data past report selections.

- Japanese - Unable to process data in ThirdParty Feed handler log

- The associated vulnerability or asset will not get inserted into the Remedy AR System when the exported data exceeds the default character form field length in Remedy.

-Workaround: Increase the form field length in Remedy

- PBW Privileged Rule Impact Dashboard low level drill through is missing Argument data

when multiple PBW events take place in the same second, only the arguments from the first event found in the

database will show in the lowest level drill-through.

- Using the certificate installation MSI and then running the uninstall in "Add/Remove Programs" does not uninstall the certificate. This is by design

and only uninstalls the certificate deployer.

- Scheduled scans in Chrome can be off by an hour. Disabling Chrome'sPPAPI version of flash plugin will workaround the issue (see

chrome://plugins). The issue is not observed in Internet Explorer 9 or Firefox 15.

- When launching a Retina scan in BeyondInsight and host names are specified as targets, if any target host name cannot be resolved by the scanner the job status may be reported

as "Job Did Not Start" when, in fact, some of the targets were successfully scanned.

- Cloning a SmartRule with a Patch action in it will succeed but silently drop the Patch Action.

- Adding a second organization and then removing it will leave an "All Assets" SmartRule for "Default Organization". User can remove it manually.

- Organization information is not available on the Report screen.

- Users for which all the smart rules they have access to are either inactive or donÕt have the Smart Group action for a particular organization will be shown the choice of that organization on the

Smart Group browser on the left but if selected the browser will appear empty and the last accessible smart ruleÕs asset will remain showing on the Asset grid.

- When editing the last remaining Smart Rule for an organization, and marking that Smart Rule as inactive, the Assets page will continue to display assets for that organization.

- Due to a dependency in the Local Publishing portion of the WSUS API,it is necessary for all WSUS resources (servers and consoles) to be at the same Service Pack level for WSUS. If not,

the following error may appear in the ThirdPartyPatchSvc.txt log file: System.InvalidOperationException: Publishing operation failed because the console and remote server versions do not match.

- If a scheduled job includes a report and the associated smart rule is changed to use a set scanner action with two or more scanners, each scanner will produce a report for the

portion of the scan it handled.

- If you have a scan job setup for a smart rule that is set to "Rule Level" distribution but only contains 1 scanner you can setup the scan job with a report associated. If you later add additional

scanners to the smart rule the job will work but separate reports will appear for each scanner and may contain incomplete data.

- When connecting to a WSUS server that already has third party patches the Community edition will display these patches in addition to the free ones supported by the Community Edition.

- Choosing the option to modify the Products and Classifications for third party patches, the changes are made to all WSUS servers and not just the selected WSUS Server.

- Attempting to scan cloud assets with scanners that do not support cloud scanning will result in those cloud assets being ignored by the scanner.

- Recurring scheduled Benchmark Compliance reports will show historical data.

- A user who has duplicated a report template and for which other users have scheduled scan§reports for cannot be deleted.

- Patch Management: If WSUS and BeyondInisght are not installed on the C: drive, the Approved, Installed and Required Patches reports fail to generate.

- Patch Management: Smart groups that contain a large number of assets or patches may take a long time to render or may encounter a timeout error when retrieving data from the WSUS server when the patch view

option is selected. In this situation it may serve better to use the asset view and drill into the patches on the asset level as needed.

- When viewing reports in Internet Explorer with script debugging enabled, you may occasionally see the JavaScript error message "'this._docMapSplitter' is null or not an object", but the report will continue to work normally.

- When using an IAVA license and running on existing data with the Non-Vulnerable audit status selected, for large groups of assets the report may fail with an "out of memory" error.

- When running a Ticket Report that returns a large number of Tickets and the option to include Assets and Notes has been selected, an "out of memory" error may result.

- When selecting report parameters and performing several selections and re-selections, parameters listed in grids may disappear. To restore missing parameters, click on the "Clear Filter" icon for

that grid, or cancel the screen and re-enter.

- Smart Rules: Emailing alerts on smart rules that return extremely large asset counts (exact count will vary) may generate an email that exceeds what the email server will send. If this occurs the

user is not given and notice that the email wasn't sent.

- Assets Tab: The Assets and Agents grids are not able to filter on Protection Policy Name.

- Scan Restrictions: Changes made to Scan Restrictions in the scan agent UI are not reflected in the BeyondInsight UI.

- Scan: If a Protection Agent is installed on the same asset as a scanning agent, only the scan agent will be listed as a scanner in the run on existing data report parameters. However, scans from both will still be selectable.

- Benchmark Scan: If the scanning agent fails to complete a Benchmark scan for an asset, no xccdf-output.xml will be created, and no asset information will be displayed in the report.

- Benchmark Scans: Very large result files may not successfully be transferred from the scanner to BeyondInsight. The result files will still be available on the scanner agent file system. This

will be fixed in a later release.

- When using Quick Scan Credentials for reports that have Job Metrics, the Credential Description will display as a GUID.

- Community: if a report returns more assets than the 256 allowed,the report may stay in the processing state.

- BeyondInsight may install on SQL Servers configured with a server that is not set to Latin Case Insensitive but BeyondInsight do not support operating in that configuration and may not work correctly.

- The NT Authority\System account does not exist with SQL Server 2012, as a result an invalid license message will appear when attempting to authenticate with an NT Authority\System

- Scheduled Benchmark Compliance Display No Data After an Upgrade and Needs Rescheduling

- Windows Server 2012 is a 64bit only Operating System. When WSUS is installed, suscomp.dll is defined globally and loaded in every application pool. The BeyondInsight application pool

is 32bit and will result in the above error when the 64bit suscomp.dll attempts to load.

Solution:

Option 1

-> Take IIS backup.

-> Open IIS Manager

-> Click on server module node at the top of the left hand tree and choose "Modules".

-> Right click on DynamicCompressionModule and choose "Unlock"

-> Right click on StaticCompressionModule and choose "Unlock".

-> Open Default Web Site -> Open Modules.

-> Right click on DynamicCompressionModules and choose Remove".

-> Right click on StaticCompressionModule and choose "Remove".

-> Do IISRESET from an elevated/administrative command prompt.

Option 2

Install BeyondInsight and WSUS on separate 2012 servers

- Viewing a Report in IE 11 - Can't scroll to see all of report

- A Re-Start of SSAS is required if the SQL 2012 Servers do not have the .NET framework 4.5 installed prior to installing 5.X and the database has an instance name

- Error seen accessing web site on 2012R2 and 2012 server due to Asp.Net v4.0 restriction, which can not be fixed running register command, To install ASP.NET 4.5 on Windows Server 2012, use one of the following options:

Run the following command from an administrative command prompt: dism /online /enable-feature /featurename:IIS-ASPNET45

For Windows Server 2012 computers, enable "IIS-ASPNET45" using Server Manager, under "Web Server (IIS) -> Web Server ->Application Development -> ASP.NET 4.5".

- Scanner selection doesn't work in multi-tenant mark old scanners as inactive

- Updated permission changes to a logged in account will not be applied until the user is logged off

- Trying to create a smart rule with the same name as one that already exists as a different type (Asset/Vulnerability/Account) will give the following error

"This Smart Rule was not saved because an error occurred: Sequence contains no matching element"

- Patch Management - A user may receive a generic Error message in the BeyondInsight UI when using the Apply Patch Now Button,

the workaround is to use the Approve button or right-click menu option when selecting patches

- Password Safe - HP Ilo and Idrac accounts are not currently discoverable, these accounts have to be manually added.

- Password Safe - Deprecated Change password options will still appear in Smart Rules containing the Managed Password Safe Accounts action.

The change password options in question are: Retrieve password, Allow SSH Connection, Allow RDP Connection, Record session.

These options have been migrated to password safe roles. However they may still appear is inan upgraded smart rule.

Removing the Manage Password Safe Account action and re-adding it will rectify the display issue.

- Password Safe - In situations where accounts are discovered and brought under automatic management via Password Safe Smart Rule actions with the "use current password to change password"

option enabled the password will never change due to the absence of the initial password. It is recommended that this option only be enabled in smart rules that are not using discovery options.

- Password Safe - In situations where the "Link domain accounts to managed systems" smart rule action is enabled in a Smart Rule containing the Active Directory query filter with the discover accounts option enabled,

the Smart Rule may get stuck in a processing state. It is recommended that the "Link domain accounts to managed systems" action only be enabled in Smart Rules that are not utilizing the discover accounts option.

- Password Safe - The SAP asset cannot be managed via the smart rule. The asset can only be managed manually

- Password Safe - The Sybase.Charset archive may fail to decompress during install or upgrade on some environments. If using the Sysbase Platform for Password Safe management, the archive can be manually decompressed if needed.

- Scanning with DSS Keys using Retina Network Security Scanner version 5.23 and 5.23.1 will fail as a result of a public key authentication issue in Retina Network Security Scanner.

- Password Safe - if Functional Account is tied to a remote client asset (PBW), Functional Account password will not change

- Password Safe - SSHDirectConnect - unable to create sessions 1 minute 59 seconds before the Access Schedule expires, the Access Policy must extend to the current time plus the default request duration

- Password Safe - SSHDirectConnect - when Access Policy is set to Restrict Location the User is able to login from another location

- Password Safe - Using non-incremental keys in DSA or RSA causes auto managed key change to fail

- Passowrd Safe - Keystrokes - Ctrl+Action (Ctrl+C) is being capture as ^C and attached to the beginning of the next keystroke

- Password Safe - Cannot delete cloud systems when the managed account is linked to a remote application. Workaround is to remove the link between the managed account and the remote application via the Managed Account Settings screen and then delete the cloud system.

- Password Safe - On occasion, proxy sessions will not fully release the request and the sessions remained as active and was view able within Active Sessions. Workaround: Within the BI server, locate all pbsmd.exe *32 processes and select End Process for each. This will remove the inactive sessions and remove them from the Active Sessions grid.

- Password Safe - a deleted system, if previously marked as a Favorite, will still display under Favorites until the system is removed from Favorites

- Password Safe - Cloud Applications sessions are not displaying within Active/Replay for an Administrator

- Password Safe - The new smart rule action called Account Name Format drop-down is not available for existing smart rules, if the action is required, then delete and re-add the Smart Rule Action

- Password Safe - Users attempting an RDP DirectConnect cannot connect to Windows 7 servers

- Smart Rules - Newly added attribute types are not available in existing Smart Rule Attribute filters unless the new attribute is added to the filter via the Smart Rule editor

4. General Notes

=======================================================================

- BeyondInsight requires Adobe Flash Player 22.0 or higher

5. Release Availability

========================================================================

- This release is available by download from BeyondTrust customers

(https://beyondtrustsecurity.force.com/customer/login) and using the BeyondTrust Auto-Updater.

The MD5 signature is: 2cbafcbfc27a924149cd6601d2c8ddac

The SHA-1 signature is: ef745cb60b23dee6b3ec9377f477d9ccf79d2241

The SHA-256 signature is: 23d3d609bdfce1d306d98ed7b178385b62fdb15e92975068032bc41fc74d1553

6.Issues Resolved:

========================================================================

6.6.2

- Fixed a SSH connection error

6.6.1

- Fixed an operational issue with BeyondInsight

6.6.0

- Fixed an issue terminating and closing active PBPS RDP sessions

- Fixed an issue with moving PBPS RDP sessions to a separate monitor

- Fixed an issue with PBPS SSH Direct Connect replays

- Fixed an issue with PBPS RDP Sessions with RDP Security enabled

- Fixed a multiplexing issue with PBPS SSH Sessions

- Fixed an issue with displaying non-active sessions as Active sessions

- Fixed an issue with creating managed systems for inactive platforms

- Fixed an issue with scheduled password changes for AD accounts

- Fixed an issue displaying linked accounts on PBPS portal

- Fixed an issue with Functional Accounts for workgroups

- Fixed mapping issues for Dedicated Accounts

- Fixed an issue changing the password on a Checkpoint system

- Fixed a session monitoring masking issue

- Fixed a format issue for NTLM authentication

- Fixed an issue with a missing Approve quick link

- Fixed an issue with updates to Functional Accounts

- Fixed an issue with changing passwords for Windows Scheduled Tasks

- Fixed an issue with testing password changes on custom platforms

- Fixed an issue with the Password Cache

- Fixed several issues with the SailPoint connector

- Fixed an issue using Entrust 2-factor authentication

- Fixed an ADFS login issue

- Fixed messaging around password failures on custom platforms

- Fixed an issue deleting an application

- Fixed an issue with SAML logins

- Fixed an issue with Syncing account passwords for PBW

- Fixed an issue launching multiple application sessions using the same managed account

- Fixed an issue with changing passwords on Windows Systems

- Fixed an issue with using RoyalITS for launching PBPS sessions

- Fixed a ServiceNow State validation issue

- Fixed an issue with Smart Rule processing

- Fixed an issue with configuring the preferred Domain Controller

- Fixed an issue with updating scheduled jobs

- Fixed an issue with enumerating Oracle users

- Fixed a duplicate asset issue

- Fixed an issue with target lists for scheduled scans

- Fixed an issue with scheduling scans

- Fixed a login issue using HSM

- Fixed an issue creating custom audit groups

- Fixed an issue updating the operating system of an asset

- Fixed an issue enumerating the operating system of an asset

- Fixed an issue enumerating user accounts

- Fixed a display issue on the Member of Group tab for an asset

- Fixed a display issue of an Asset's IP address

- Fixed a BeyondInsight database Configuration issue

- Fixed an issue with CPU usage.

- Fixed a data issue with the software report

- Fixed an issue with removing a database instance from an asset

- Fixed an issue displaying WSUS patches

- Fixed a purging issue

- Fixed a display issue for Address Groups

- Fixed a display issue in the Jobs grid

- Fixed a login issue for multi-tenant environments

- Fixed an issue with processing large ServiceNow imports

- Fixed an issue with PBW normalization

6.4.8

- Enforce global authentication for AMF remoting service to enhance security around AMF requests

- Ensured binary files are digitally signed

6.4.7

- Fixed an issue with the Analytics and Reporting daily job

- Fixed an issue with 2 factor authentication using the API

6.4.6

- Fixed a logging issue

- Fixed a functional account multi-tenancy issue

- Fixed an issue with Asset Metadata

- Fixed an issue with faded text in reports

- Fixed an issue with AD query availability

- Fixed an issue with the Date Picker for Subscriptions

- Fixed an access issue for administrators

- Fixed an issue with the built-in platform for Fortinet

- Fixed a licensing issue

- Fixed a data issue with the Vulnerability report

- Fixed an issue with the Web Console App Pool

- Fixed an SSRS email notification issue

- Fixed an issue on changing passwords from the Managed Accounts grid

- Fixed an issue with RDP sessions freezing and disconnecting

- Fixed an audit issue

- Fixed a performance issue with the PBW Rollup grid

- Fixed an issue with Dedicated Account Smart Rules

- Fixed a Radius authentication issue

- Fixed a PBW Session Monitoring display issue

- Fixed an issue displaying applications within the PBPS portal

- Fixed an issue with the daily sync

- Fixed a Users & Groups permission issue

6.4.4

- Prevent organizations from using reserved names (Global, Everyone)

- Fixed a connection issue for an Oracle Database instance

- Fixed an issue with failed scans

- Fixed an issue with managed Retina credentials

- Fixed Vulnerability last found / last updated date to display in local time

-Fixed an issue loading AD users for a given group

- Fixed an issue with displaying incorrect Domain data

- Fixed an issue with updating the Retina Host Security Scanner queue

- Fixed an issue displaying assets for VMWare cloud connector

- Fixed an issue with the BeyondInsight website getting stuck in initializing

- Fixed a login issue when BeyondInsight is FIPS enabled

- Fixed an issue scheduled tasks disappearing from the asset grid

- Fixed an issue with Smart Rules reverting to a previously saved version

- Fixed an issue with updating AD Group changes

- Fixed an issue with displaying non-version information in the version field

- Fixed an out of memory issue for Class A Network Scans

- Fixed a display issue for disabled user accounts

- Fixed an issue with deleted assets incorrectly displaying under Scan Job Information

- Fixed an issue with incorrect IP addresses

- Fixed a Smart Rule counts issue

- Fixed a display issue with custom smart rules

- Fixed an issue displaying long Smart Rule name

- Fixed an RTD import issue

- Fixed an issue with Audit upgrades

- Fixed an excess CPU issue

- Fixed an issue with the way vulnerabilities get auto marked as fixed in BeyondInsight with the auto aging logic

- Fixed a timeout issue for long running Analytics and Reporting reports

- Fixed an issue with a vulnerability not being associated with an asset

- Fixed an issue with applying WSUS approved patches

- Fixed an issue with deleting PowerBroker for Windows user policies

- Fixed an issue with moving Policies between Policy groups under Protection Policies

- Fixed an issue with SOLR searches

- Fixed an issue with "Unknown" PowerBroker for Windows events displaying in custom reports

- Fixed a display issue for the PowerBroker for Windows/PowerBroker for Mac Rollup and All grids

- Fixed a sorting issue with the PowerBroker for Windows grid

- Fixed an issue with inserting Event data in bulk

- Fixed an issue with the PowerBroker for Password Safe import scan template displaying multiple values for changed attributes

- Fixed an issue where PBSMD consumes excess CPU

- Fixed an issue with trying to delete Cloud assets

- Fixed an issue using ALT characters in a password

- Fixed an issue with Password and Session Activity Report misreporting RDP requests

- Fixed a default port issue for the Smart Rule Action "Manage Assets using Password Safe"

- Fixed an issue to remove deleted Assets from Favorite tab of the PowerBroker Password Safe portal

- Fixed an issue with Password change options for Scheduled tasks

- Fixed an issue that could potentially lead to passwords getting out of sync with managed systems

- Fixed an issue where Direct Connect SSH failed for users due to a timeout in authentication

- Fixed an issue with password changes on AD functional accounts under Auto Management

- Fixed a CA Service desk connector issue

- Fixed an issue with RDP output displaying a dark screen

- Fixed an issue changing passwords for Oracle accounts

- Fixed an issue with inactive Smart Rules

- Fixed a keyboard language issue with RDP Direct Connect

- Fixed an issue launching an application session

- Fixed an issue with Application sessions connecting using DNS

- Fixed a permission issue with a member belonging to multiple groups

- Fixed a mouse lag issue with enhanced session monitoring

- Fixed an issue with removing a policy user

- Fixed an input issue on the Admin Session tab of the PowerBroker Password Safe portal

- Fixed an issue with managing MYSQL accounts

- Fixed a Telenet logon issue

- Fixed a display issue of Remote Applications

- Fixed a Smart Rules processing issue

- Fixed a concurrency error for password changes

- Fixed an issue that prevented custom platforms from working when connecting to systems on non-standard ssh ports

- Fixed an issue with changing passwords on for AD managed accounts that do not have a SID

- Fixed a date format issue with connection profile alert emails

- Fixed an issue with sending email release notifications

- Fixed an issue with launching RDP sessions via PowerBroker for Password Safe when PowerBroker for Password Safe is FIPS enabled

- Fixed an issue with changing passwords on Linux machines

- Fixed an issue with deleted managed accounts

- Fixed an issue with scheduled password changes when using PowerBroker for Windows agents

- Fixed an issue with password checkouts using PowerBroker for Windows agents

6.3.1

- Fixed a performance issue with the vulnerabilities grid

- Fixed a duplication issue with Active Directory users

- Fixed a deadlock issue while processing scan data

- Fixed an Audit Group setting issue

- Fixed a sorting issue with Assigned Policies

- Fixed a duplicate asset issue generated from PBEPP 8.1 data

- Fixed an issue with purging stale email records

- Fixed in issue with scheduled tasks

- Fixed an issue with TempDB usage

- Fixed a purging issue

- Fixed an issue with loading Domain Linked accounts for Password Safe

- Fixed an issue with the Domain Joined Single Sign-On login page

- Fixed a custom platforms issue around functional accounts with elevated privileges

- Fixed a mapping issue with dedicated accounts

- Fixed an issue with the Auto Management failing on AD functional accounts

6.3

- Fixed an upgrade issue overwriting SAML configuration

- Fixed an issue with creating assets with the same name under different workgroups

- Fixed an issue with creating duplicate assets in error

- Fixed an issue with displaying duplicate assets in the Asset Grid

- Fixed an issue with Audit settings

- Fixed an issue with high CPU usage

- Fixed an issue with PBW processing of events

- Fixed an issue with replaying PBUL IO logs

- Fixed an issue with creating WSUS certificates

- Fixed a timeout issue on the Audit Viewer for Analytics and Reporting

- Fixed an issue with the print button not working for Analytics and Reporting

- Fixed a login issue when the user is part of multiple groups for Analytics and Reporting

- Fixed an issue with displaying HTML tags on the pre-login banner for Analytics and Reporting

- Fixed an issue with the Download logs button for Analytics and Reporting

- Fixed a data issue and timeout issue with the Password Safe Activity report within Analytics and Reporting

- Fixed an issue report options displaying blank values for Analytics and Reporting

- Fixed an SSH Connection issue with FIPS enabled

- Fixed an invalid credential error during the check-in of SSH requests

- Fixed an issue with creating Account smart rules

- Fixed an issue executing Account smart rules

- Fixed an issue with deleting cloud systems when the Managed Account is linked to a remote application

- Fixed an issue with black screens displaying on RDP logout/disconnect

- Fixed an issue with users with the Auditor role being unable to request passwords or perform session management activities

- Fixed an issue with a display issue with dedicated accounts in the Password Safe grid

6.2.2

- Fixed an issue with Linked Accounts with applications being added to Database Assets

- Fixed an issue with onboarding Account Smart Rules

- Fixed an issue overwriting the web config file for Active Directory Federation Services when using the BeyondInsight Configuraiton tool

- Fixed an issue with upgrading Favourites on the Password Safe Portal grid

- Fixed an access issue with Favorites under the Password Safe Portal grid

- Fixed an authentication issue using the Active Directory Short Name

- Fixed an access issue for Cloud Accounts under the Password Safe Portal grid

Date of Release: 16 July 2018

Product Name: BeyondInsight

Updated Version: 6.6.1

Superseded Versions: 1.0.0-6.4.8

Table of Contents

1. Installation Prerequisite

2. What's New in This Release

3. Known Issues:

4. General Notes

5. Release Availability

6. Current and HistoricalIssues Resolved:

1. Installation/Upgrade Prerequisites

=======================================================================

the following steps are required prior to installing BeyondInsight version 6.4.8 if upgrading from a version prior to 6.3.1:

1. RDP to UVMv20 (versions 1.2 - 1.5.9)

2. Start | Run | c:\oracle\uninstall.bat all myhome

3. Upgrade to 6.4.4

4. Reboot

Should you require the RDP code to access the UVMv20 (versions 1.2 - 1.5.9) and/or additional assistance please contact BeyondTrust Customer Support

2. What's New in 6.6

=======================================================================

GENERAL:

- Added a new configuration landing page with search capability

- Added PowerBroker Management Suite Web Console link for installations on UVMs

- Added the ability to select an organization to the user profile section for a multiple organization

- Added Asset Grid Improvements

- Added Vulnerability Tab Improvements

- Added Support Package creation improvements

- Added Asset Purge Improvements

- Added the ability to clone directory queries

- Added the ability to sort directory queries

- Additional details added to audit change alerts

- Added a Policy User Smart Rule filter for User Accounts

- Added PBW/PBMac policy assignment using new User Account based Policy Users

- Added a catch all Smart Group for assets not belonging to of any other Smart Groups

- Added the ability to customize information contained within the completed scans alert

- Added the ability for multiple organizations to use one scanner

- Added ability to export groups to SailPoint

- Added UI improvements to the User Groups

- Added UI improvements to the credentials screen

- Added Docker Container Image support

- Added a warning when the target list has changed due to changes made to a Smart Group for scheduled scans

- Changed REMEMConfig tool to allow special characters for passwords

- Changed the PCI report to meet the latest PCI requirements

- Added warning when user attempts to delete HSM credentials

- Added the ability to perform Scanner/Credential mapping for network scanners

- Added the ability to disable AD/LDAP/Local BI user login by user

- Restricted the scan job name text field to 58 characters

- Added the ability to create smart rule filter based on CVE information

- Added the ability to stop all scan jobs from the Jobs grid.

- Added the ability to scan multiple Oracle databases using a single Oracle credential

- PBUL/PBSUDO SOLR search improvements

- 3rd Party Asset import improvements

- Added auditing for login/logout events and changes to security settings for local users

- Added auditing for adding new AD users

- Added Radius login improvements

- Added support for Radius auto-failover

- Replaced Asset Kind with Asset Type in Smart Rule Asset Attribute.

- Deprecated The Smart Rule option "Make primary Policy"

ANALYTICS and REPORTING:

- Added the ability to save scheduled reports to a network share

- Added Entitlement by User report

- Added CVSSv3 score and CVSSv3 score range to Vulnerability and PCI Compliance reports

- Added the Database User Report

- Added Last Login Date column to Asset User Account List

- Added new columns and filters to the Extended Vulnerability Export report

- Added data and performance improvements to PowerBroker Password Safe reports

- Added PBW Heartbeat report

- Added Asset User Account Delta by Week report

- Added Asset User Account Delta by Day report

- Added PBW/PBMac Lateral Movement report

- Added Docker Host Summary report

- Added Docker Image Details report

- Added Docker image vulnerability report

- Added PowerBroker Password Safe user cluster data

PowerBroker Password Safe:

- Added localization to the Password Safe for portal for: German, French (Canada), French (France)

- Added the ability to replay of sessions from any node in an Active-Active cluster

- Added the ability to view and/or copy the password to the clipboard from the password retrieval page

- Added the ability to use the SYSDBA privilege for an Oracle Functional Account

- Added keystroke recording performance improvements

- Added "LANG=en_US;" to custom platforms

- Added "Set Attributes on each account" Smart Rule Action for Managed Accounts

- Added ‘Attribute Assigned’ Smart Rule filter for Managed Accounts

- Changed Session Monitoring Window Position to no longer default to center of the screen

- Added Active Directory Functional Account Test improvements using UPN account names

- Post Release password changes processing improvements

- Removed the Change Password feature for PBPS web portal local users