Kaseya Community

9.4.0.33 and 9.4.0.34 Patch Releases - 12 December 2017 - ROLLUP

  • We have just released Kaseya VSA Patch 9.4.0.34:

    http://help.kaseya.com/webhelp/EN/RN/index.asp#40019.htm

    9.4.0.33 and 9.4.0.34 Patch Releases - 12 December 2017

    ————— 9.4.0.34 - 12 December 2017—————

    Virtual System Administrator™

    • In some situations, a fix included in the 9.4.0.33 patch (NINEFOURPT-710) may cause issues with using the SOAP API with Service Desk. This rolls back the SOAP API fix to avoid in-field issues.This functionality will be refactored and included in a future patch. (NINEFOURPT-813/APPF-2590)

    ————— 9.4.0.33 - 7 December 2017—————

    Virtual System Administrator™

    • The agent version is updated to 9.4.0.16. (NINEFOURPT-769)
    • Updating agents on Windows 10 will no longer cause the agent icon on the system tray to disappear. (NINEFOURPT-688/EES-173)
    • Corrected a rare instance where downloading a Mac agent would display as a previously released version than the current released version (i.e., 9.4.0.x). (NINEFOURPT-632/EES-1479)
    • Fixed page display issues when TLS 1.0 and 1.1 is disabled. (NINEFOURPT-678/SDP-3027)
    • Improved performance of small file downloads for endpoints. (NINEFOURPT-768/AF-3241)
    • Portal users running Internet Explorer will now see the scroll bar in Agent Procedures. (NINEFOURPT-766/AF-3208)
    • Corrected how disk space is measured when running audits on Linux endpoints to provide more accurate results. (NINEFOURPT-758/EES-1849)
    • Agents may now be deleted or moved if a custom filter is enabled as a column. (NINEFOURPT-756/SDP-2711)
    • Agents may now be suspended if a custom filter is enabled as a column. (NINEFOURPT-746/SDP-2533)
    • Quick View will now work in Service Desk tickets which will allow you to launch Remote Control and Live Connect. (NINEFOURPT-749/EXT-3372)
    • There is now an option for portal users to update their contact details. (NINEFOURPT-748/AF-2423)
    • Corrected an issue where scheduled reports do not run according to the local VSA browser time. (NINEFOURPT-730/APPF-2982)
    • When special characters in custom fields are queried via the SOAP API, it will now return values in valid escaped XML format. (NINEFOURPT-710/APPF-2590)
    • Our REST API now supports querying by Incident Number. (NINEFOURPT-708/APPF-2947)
    • Corrected an issue with patch reports containing missing patch release dates. (NINEFOURPT-701/APPF-2946)
    • Corrected an issue with Executive Summary reports showing incorrect Antivirus data. (NINEFOURPT-699/EXT-2922)
    • Fixed an issue where API logs are reporting foreign key constraint errors when P2P is used. (NINEFOURPT-684/EES-1915)
    • Added report parts for Antivirus and Anti-Malware to indicate whether they are not installed or had never been installed on agents. This will meet GDPR compliance requirements. (NINEFOURPT-674/APPF-2913)
    • Discovered agents without identified MAC addresses will now be prevented from being promoted into assets. (NINEFOURPT-655/APPF-2606)
    • Improved BMS server performance by preventing re-authentication requests if integration is disabled on the VSA server. (NINEFOURPT-757/BMSI-599)
    • Corrected an instance where agent procedures will run on incorrect days when scheduled for weekend days. (NINEFOURPT-745/APPF-406)
    • Any large log entries committed by agent procedures can now be reviewed through row expanders. (NINEFOURPT-661/SDP-2255)
    • Corrected scheduling logic where repeating agent procedures will run from the last completed time instead of the selected start time. (NINEFOURPT-729/APPF-2849)

    Policy Management

    • Improved a method of checking policies for compliance to ensure it does not go out of compliance when using any type of scheduled process. (NINEFOURPT-685/SDP-3461)
    • Corrected scheduling logic where the distribution window of Update List by Scan was not applying properly. (NINEFOURPT-681/SDP-2708)

    Software Deployment

    • Corrected an instance where unapproved third party software would appear and approving them would not have any effect. (NINEFOURPT-669/SDP-3465)

    Software Management

    • Improved overall performance with the inclusion of indexing. (NINEFOURPT-761/SDP-3941)
    • Improved performance of scans by increasing thread usage. (NINEFOURPT-733/EES-1955)
    • Filters will now be respected when assigning profiles. (NINEFOURPT-750/SDP-3920)
    • Corrected an instance where retrieving new title updates will no longer work if the Plugin Host service was restarted during the title import process. (NINEFOURPT-743/SDP-3589)
    • Corrected an instance where disconnecting an agent from Patch Management would be prevented despite having no Patch Management settings applied. (NINEFOURPT-742/SDP-3361)
    • Suspending an agent will no longer throw an error if no third party licenses are provisioned. (NINEFOURPT-740/SDP-3904)
    • Outstanding scans and deployments that do not complete within 24 hours will now be cleared. (NINEFOURPT-741/SDP-3849)
    • Improved clarity regarding disconnecting agents that are already disconnected from Patch Management. It will state, “This machine is already disconnected.” (NINEFOURPT-739/SDP-3591)

    Cloud Backup

    • Citrix Xenserver guest machines are now correctly licensed as virtual machines. (NINEFOURPT-660/EXT-3300)

    Backup

    • In the event of defining a network path without setting credentials, the Set Credentials link will now properly redirect the user to the Agent module in order to set credentials. (NINEFOURPT-658/EXT-2855)

    Discovery

    • Fixed an issue in Alert Monitoring where the Run Script option would fail to save if the agent selected was different from the alerting agent. (NINEFOURPT-717/DISMON-1660)
    • Fixed an issue auto-deploying a large number of agents concurrently. (NINEFOURPT-545/DISMON-1475)

    Antivirus

    • Running an install or upgrade will now properly return the install status when checking Pending Actions. (NINEFOURPT-720/EXT-3399)
    • Agents will no longer report being out of compliance when unchecking Include Global Exclusions, Global Trusted Apps, and Global Trusted URLs. (NINEFOURPT-695/EXT-2139)
    • Corrected an instance where private profiles would allow a scoped user to see an incorrect number of profiles or duplicated profiles. (NINEFOURPT-677/EXT-2752)
    • Scanning removable drives is now supported. It is visible under Antivirus > Configuration > Profiles > Advanced Settings tab > Scan Removable Drives on Connection. It is configurable to run quick scan, detailed scan, or do nothing. It is turned off by default. (NINEFOURPT-694/EXT-3282)

    Live Connect

    • Corrected an instance where closing remote control sessions would prevent users from typing in Live Connect afterwards. (NINEFOURPT-762/AF-3182)
    • Resolved an instance where CPU usage would remain high when running in headless environments. (NINEFOURPT-759/AF-2813)
    • Clicking on the agent status icon while a Live Connect session is running will no longer require you to enter an administrative reason twice. (NINEFOURPT-755/AF-3032)
    • Searching for agents using org: or group: will no longer return with an undefined error. (NINEFOURPT-753/AF-2975)
    • Live Connect will now properly display a prompt with a working link to download the newest version of Live Connect. It will also no longer prompt multiple times -- only the first time. (NINEFOURPT-752/AF-2690)
    • Special characters such as ampersands (&) are now supported in general searches. (NINEFOURPT-751/AF-2673)
    • A confirmation box now displays when closing Live Connect while a Remote Control session is running, warning you that closing Live Connect will also end the Remote Control session. (NINEFOURPT-738/AF-2699)

    Network Monitor

    • Resolved a memory leak issue associated with the KNM Record Manager service. (NINEFOURPT-786/EES-1845)
    • Corrected an instance where CPU utilization monitoring will incorrectly report high CPU usage on Linux agents. (NINEFOURPT-760/EES-1930)

    Service Desk

    • Corrected an issue where incoming tickets did not comply with the coverage schedule when using the Time Measured Against Coverage option. (NINEFOURPT-747/EXT-2368)
    • Fixed an issue where HTML e-mail content were being stripped by the e-mail reader. (NINEFOURPT-616/EXT-3240)

    Tenant Management

    • Whenever a module’s activation state is changed, it will now register report parts properly. (NINEFOURPT-715/APPF-2914)

    Security Fixes

    • Fixed a code execution security issue -- authenticated users have the ability to upload files to the VSA server as required to distribute software and other files, however, in some cases, authenticated users have the ability to execute certain files on the VSA server. File uploads now have additional restricted privileges to prevent execution. (NINEFOURPT-791/SDP-3847)
    • Fixed an authentication bypass security issue -- authenticated users with knowledge of the underlying system have the ability to manipulate inputs to view machines that they are not allowed to view within their VSA scope. (NINEFOURPT-682/APPF-2576)
    • Fixed an arbitrary file read security issue -- authenticated users with knowledge of the underlying VSA system have the ability to download files from the VSA or remote computers whose files have been synced to the VSA. This was resolved previously in patch release 9.4.0.21 but this patch provides additional hardening. (NINEFOURPT-692/SDP-2639) (NINEFOURPT-691/SDP-2640) (NINEFOURPT-690/SDP-2641)
    • Fixed a potential SQL injection flaw in the VSA web GUI which can only be accessed by authenticated administrators. (NINEFOURPT-765/APPF-2964)

  • There were a few issues mentioned in the .32 thread community.kaseya.com/.../23682.aspx

    One issue was with regards to reapplying schema after applying the .32 patch. Has that issue been resolved in this patch?

    Another issue mentioned was something about Webroot, but that issue sounded more like a problem on Webroot's end. Can anyone confirm if that issue still exists? Moreso, if I'm on an older patch am I affected by that issue, or is it specific to .32 (and possibly .34)?

  •  

    Hope you are doing well, from reviewing the reapply schema errors mentioned in the referenced thread, one seems like it was not related to the patch and the other related to WebRoot.

    WebRoot, as others mentioned, may present a schema issue, but this may be due to some condition of the WebRoot version but I cannot confirm, as I have it installed in my system and did not have any issues with WebRoot - from what I can tell there were only 2 reports of it to our support team (If you do face an issue with reapply schema, please do raise a support ticket).

    If you are on an older patch, they should all roll up and it should not present you with the reapply schema issue identified in VSA Patch 9.4.0.30.

    Let me know if I can provide any further clarifications on this as I know it has been rather confusing.

  •  

    We did run into an error during the Reapply Schema from the (post)installer launch from the Webroot patch.  After the error I was able to run the reapply from the Kaseya console successfully.  This behavior was not seen in the lab test but did occur in production (9.4.0.34) last night.  I am not sure that it is worth the time to enter a ticket as it is working now.

    #222958 WEBROOT - REAPPLY OF SCHEMA ERROR



    Added support ticket information
    [edited by: Tim Varvais at 6:19 AM (GMT -8) on Dec 21, 2017]