PowerBroker for Windows 7.8.2.17 Release Notes

April 2, 2019

Information:

  • Microsoft Windows Server 2019: PowerBroker for Windows 7.8.2 is compatible with Microsoft Windows Server 2019.
  • Microsoft Windows Server 2008 and Windows 8: Microsoft Windows Server 2008 (not R2) and Microsoft Windows 8 (not 8.1) are no longer supported.
  • SHA1 Installers: The SHA1 installers are no longer included with this release. The SHA256 installers can be installed on Windows 7 and Windows 2008 R2 as long as Microsoft patch KB3033929 has been installed.

    For operating systems that support SHA256 (Windows 7 and Windows 2008 R2 with Microsoft patch KB3033929, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019), the standard SHA256 signed installers are recommended. The latest Verisign Universal Root Certification Authority Certificate may need to be installed on older operating systems, especially for machines that do not have internet access when the client is installed.

  • Registry Monitoring Rules: Registry Monitoring Rules are not supported in ePO Mode.

New Features and Enhancements:

  • Rebranding: The PowerBroker Policy Editor and clients were updated with the new logo and branding.
  • PowerBroker for Mac - FQDN Lookup: The option to set the FQDN lookup method for PowerBroker for Mac is now available in the policy editor.
  • Event Logging: Discovery Scan and Registry Monitoring Events are now written to the Windows Event Log.

Issues Resolved:

  • McAfee ePO Policy - Issue with delimiter: The "|" character is no longer allowed when creating a rule.
  • Security Software Compatibility: A change was made to improve compatibility with third-party security software, including Sophos.
  • Error in Event Log: An error no longer appears in the event log related to Registry Monitoring rules when Central Policy is used.
  • Discovery Scan: Group Policy update no longer starts a discovery scan.
  • Caching Issue: A privilege escalation issue related to caching was resolved.
  • Registry Monitoring Hives: The policy editor was updated to allow only supported registry hives to be selected.

    The following registry hives are supported:

    • HKEY_LOCAL_MACHINE (HKLM)
    • HKEY_USERS (HKU)

    The following registry hives are NOT supported, since they are shortcuts to other keys:

    • HKEY_CLASSES_ROOT: Use HKEY_LOCAL_MACHINE\SOFTWARE\Classes
    • HKEY_CURRENT_CONFIG: Use HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current
    • HKEY_CURRENT_USER: Use HKEY_USERS\[CURRENT_USER-SID]
  • Duplicate Registry Monitoring Rules: Duplicate rules will no longer send multiple events to BeyondInsight.
  • Registry Monitoring: The Policy Editor will now connect to BeyondInsight for Registry Monitoring Audit IDs, regardless of the policy distribution method selected on install.
  • Passive Rules: Passive rules now report the correct information in Passcode Authorization Code emails.
  • Justification Logging: Justification text is now logged correctly when the secure desktop is disabled.