This release is available by download from the BeyondTrust Client Portal (https://www.beyondtrust.com/support/) and using the BeyondTrust Auto-Updater.
The MD5 signature is: 29aba457f83735d0079219d5e7ae1d50
The SHA-1 signature is: 38573e4f65d29ac3d01ecda9a3a0484754524eeb
New Features and Enhancements:
Added user and group enumeration support for Cisco NetScaler devices.
User privileges are reported for accounts configured with pbrun.
Added ability to prevent recursive file system audits from running locally against a remote target.
Added a timeout value to prevent REMOTE_EXECUTE_REGEX audits from exceeding the scan threshold.
Improved error handling and recovery of audit XML files.
Removed audit dependencies on database enumeration job option.
Resolved an issue with a scanner exception when the remote command fails during REMOTE_EXECUTE_REGEX audits.
Resolved an issue with a scanner exception when enumerating NICs against a Solaris target and ifconfig is not found in the command path.
Resolved an issue with certain Apache distributions returning false positives against backported vulnerabilities.
Resolved an issue with enumerated processes failing to display in management console.
Resolved an issue with "Not Vulnerable" audit results sent to management console even when option is disabled.
Resolved an issue with reports failing to run when associated job file is missing a data source.
Resolved an issue with Docker images with duplicate image IDs being audited multiple times per target.
Resolved an issue with false negatives for audits 16410 ("Microsoft OneDrive Detected") and 18084 ("Windows Unquoted Service Path Enumeration") when scanning a Docker container.
Resolved an issue with asset reporting failing due to WMI errors that occur when obtaining scan engine information for the management console.
Resolved an issue with audits that flag against a running Docker container incorrectly failing to flag against its associated image.
Resolved an issue with audit 74023 ("Microsoft RDP BlueKeep Vulnerability") running against non-RDP ports.
Resolved an issue with audit 74023 ("Microsoft RDP BlueKeep Vulnerability") resulting in extended scan times in certain error scenarios.
Resolved an issue with CHECK_QUERY audits not allowing a null OS field.
Resolved an issue with a scanner exception during hardware enumeration due to a NULL pointer dereference after a COM interface timeout.
Resolved an issue with a scanner exception when COM call returns a NULL pointer but indicates success.
VMware offline scanning is supported only for virtual machines with Windows installed as the guest operating system.
For Vulnerability Management (formerly Retina) 651 and UVM embedded scanners, database scanning works only for Microsoft SQL Server and Oracle databases. MySQL database scanning is not supported.
Authentication requirements for custom audits are not properly defined.
After the Engine service has stopped, the raw packet driver continues to run.
When using the Local Scan Service option, SCAP scan jobs running against Red Hat targets could take several minutes to enter a paused or scan-restricted state.
Features that use the Microsoft .NET framework - including SCAP support, the audit modification and customization dialogs, PowerShell integration, reporting, and the guided user interface - require Microsoft .NET 4.5.2 or higher.
Network Security Scanner 6.4.0 and higher install the Microsoft Universal C runtime.
Network Security Scanner 6.4.0 and higher install the Microsoft Visual C++ 2017 x86 runtimes.
Network Security Scanner 6.0.1 and higher install the Microsoft Visual C++ 2008 x86 runtimes.
To scan offline VMware virtual machines without having to power them on prior to scanning, you must have BeyondInsight installed.
VMware offline scanning requires VMware's Virtual Disk Development Kit (VDDK). Please see KB001042 for directions for obtaining and installing the VMware VDDK (http://kb.beyondtrust.com/home/viewkb/KB001042).
Scanning of MySQL databases depends upon the prior installation of an ODBC driver; Connector/ODBC 5.1 or higher is recommended.
Database scanning will yield the best results with the most powerful users; for MySQL, this will be the 'root' user; for Oracle, it will be the 'sys' user acting 'AS SYSDBA'.
Scanning of Amazon Web Services instances requires BeyondInsight.