Security for Virtualized Environments Version 1.2.4 Release Notes



Security for Virtualized Environments (SVE) is the first comprehensive security solution for virtualized datacenters. The solution protects virtualized Windows, Linux, and Solaris systems, both servers and desktops. While integrated with VMware vShield, the unique architecture of the solution allows it to be leveraged when using any system virtualization offering.

This article provides information on the improvements introduced in Security for Virtualized Environmentsversion 1.2.4, the list of known and resolved issues and the upgrade procedure. Update for VMware with vShield was released on November 29, 2012. Update for Multi-Platform version was released on December 20, 2012.

Overview

Version 1.2.4 is a minor update to version 1.2 (it is also referred to as Version 1.2 Update 4). This version delivers a number of minor improvements and bug fixes.

Release Notes (VMware vShield)

New Features and Improvements

  • Silent Agent includes on-access scanning support for specific Linux kernels via integration with the DazukoFS kernel module. DazukoFS is a stackable file system that enables third-party applications to control file access on Linux systems. On-access scanning must be enabled manually on each Linux virtual machine with Silent Agent installed. For information on supported Linux kernels and enabling the feature, refer to the Administrator’s Guide. Note that on-access scanning for Linux is in beta.
  • Security logs now show the full path to the infected files detected on Windows virtual machines.
  • Improved Security Virtual Appliance management support:
    • For easier virtual machine management, Security Console now automatically shuts down the Security Virtual Appliance when placing the host in maintenance mode. Security Console also powers on the Security Virtual Appliance when the host exits maintenance mode.
    • In clusters with vSphere DRS enabled, to prevent powered-off Security Virtual Appliance machines from being automatically migrated to or running on another cluster host, Security Console creates vSphere DRS affinity rules whenever you deploy Security Virtual Appliance on a cluster host or move to a cluster a host having Security Virtual Appliance already deployed. The affinity rules force Security Virtual Appliance machines to run on the host on which they were initially deployed. For information on DRS and using affinity rules, refer to the VMware vSphere documentation.
  • Silent Agent user interface for Windows has been localized into Spanish, French, German and Japanese. Silent Agent user interface language reflects the Security Console language setting that is in use when downloading the installation package or when running the remote installation task.

Resolved Issues

The following issue discovered after the release of version 1.2.3 were fixed:

  • Silent Agent events log does not include information about malware detected on network shares accessed via DFS (Distributed File System), although the malware is successfully blocked and the event is recorded in the Security Console logs. Issue reproduces only on Windows XP and 2003.

Known Issues

  • New! On supported Linux distributions, on-access scanning does not work if the SELinux policy is set to enforcing.
  • New! Silent Agent reports that the system is unprotected (red status bar) when excluding the C:\\Windows\\Temp path in the real time scan policy. Avoid excluding this path from real time scanning (consider that malware often targets this folder).
  • Security Console accepts two username syntaxes when logging in with local vCenterServer users, LocalUser and Hostname\\LocalUser, but treats them as separate users. To avoid this issue, Bitdefender recommends to always use the same syntax (version LocalUser is preferred).
  • Security Console and Security Virtual Appliance might fail to boot up after deployment if the time of the ESXi host is incorrectly set to a past date. In such situations, the appliance console in vSphere Client displays fsck errors reporting that the last mount time of extended partitions is in the future. The workaround is to ignore the fsck errors by pressing the I key in the appliance console. The issue does not reproduce for subsequent reboots. To prevent this issue, make sure the ESXi hosts in your environment are synchronized with a reliable time source. For example, with a Network Time Protocol (NTP) server.
  • Offline Scan does not work when logged in to Security Console with a user that does not have administrator permission on the root vCenter Server.
  • Offline Scan does not scan LVM, SVM or GPT partitions.
  • Windows VMs going into sleep or hibernation, or booting up, might trigger Antimalware OFF notifications.
  • Some features and options are not available for Linux and Solaris VMs.
    • Real-time scan and corresponding policy work only for specific Linux distributions and support must be manually enabled on each virtual machine.
    • Following options in On Demand Scan and Quick Scan policies and corresponding tasks: Scan memory, Scan detachable volumes, Scan shadow copy volumes.
    • Memory Scan task.
  • Locked files can be quarantined multiple times.
  • Restoring files from quarantine does not currently work.
  • On-demand scans follow symlinks outside the specified scan target, also disregarding file and folder exclusions. If a scanned symlink references a file or folder not included in the scan target or explicitly excluded from scanning, that file or folder will be scanned and actions will be taken on detected threats.
  • If a user has configured email notifications in Security Console and changes the user password in vCenter Server, email notifications cannot be sent until the user logs in to Security Console. The workaround for this issue is to log in to Security Console immediately after changing the user password in vCenter Server.


Release Notes (Multi-Platform)

New Features and Improvements

  • Silent Agent includes on-access scanning support for specific Linux kernels via integration with the DazukoFS kernel module. DazukoFS is a stackable file system that enables third-party applications to control file access on Linux systems.On-access scanning must be enabled manually on each Linux virtual machine with Silent Agent installed. For information on supported Linux kernels and enabling the feature, refer to the Administrator’s Guide. Note that on-access scanning for Linux is in beta.
  • Added SMTP and Proxy settings to the company account page.
    • Proxy settings enable Security Console to connect to the Internet via a proxy server. Security Console requires Internet access for license activation and to download updates.
    • SMTP settings allow administrators to configure Security Console to send email reports and notifications via the company mail server instead of the built-in postfix mail server.

    Note that Security Console only supports proxy servers using basic authentication or no authentication. For proxy servers requiring Active Directory authentication, use the workaround described in this KB article.

  • Security Virtual Appliances can now be listed in Security Console, Computers page, by selecting the corresponding option from the Show filter. To support this feature, the Security Virtual Appliance configuration script was modified to also require the Security Console IP address. After upgrading an older deployment to version 1.2.4, you must re-run the sva-setup configuration script in order for the Security Virtual Appliance to be visible in Security Console.
  • Silent Agent now integrates with Windows Security Center on Windows 8.
  • When preparing a parent/golden image with Silent Agent installed, it is no longer required to reset the unique instance ID of the Silent Agent installation. Silent Agent automatically detects when it is running on a machine created from a parent/golden image and creates a unique instance ID. Note that the documentation does not include this improvement.
  • Implemented mechanism for load balancing between SVAs. Policies allow specifying multiple Security Virtual Appliances that Silent Agent can use for scanning (settings available on the General > Advanced page). Silent Agent used to select one of the specified Security Virtual Appliances based on their priority and availability only. Starting with 1.2.4, Silent Agent selects one of the specified Security Virtual Appliance instances based on assigned priority, availability and current load (normal, overload, underload). The preferred Security Virtual Appliance for the specific group of agents selected in the policy target must be set with priority 1.
    • If the Security Virtual Appliance with priority 1 is initially unavailable, or becomes unavailable later on, Silent Agent attempts to connect to the Security Virtual Appliance with priority 2 and so on, until it finds a Security Virtual Appliance that is available.
    • If the selected Security Virtual Appliance instance repeatedly reports being overloaded, Silent Agent reinitiates the selection process, attempting to connect to a Security Virtual Appliance instance having a normal load. If no such instance is available, Silent Agent connects to a Security Virtual Appliance instance that is underloaded or less overloaded (if any).
    • If the selected Security Virtual Appliance instance repeatedly reports being underloaded, Silent Agent searches for and connects to a Security Virtual Appliance instance having a normal load (if any).
  • Silent Agent user interface for Windows has been localized into Spanish, French, German and Japanese. Silent Agent user interface language reflects the Security Console language setting that is in use when downloading the installation package or when running the remote installation task.

Resolved Issues

The following issues affecting previous versions were fixed:

  • Setup password cannot be disabled using the policy.
  • In particular situations, on-demand scan tasks do not run. Security Console reports error scan cannot start.
  • Security Console shows virtual machines as protected when no Security Virtual Appliance is available.
  • Sometimes, Security Console might report as outdated virtual machines having a time setting that is very different than its own setting.

Known Issues

  • Multi-platform Silent Agent does not currently support Solaris.
  • Some managed virtual machines might also appear as unmanaged, but with different IPs.
  • If the Silent Agent daemons are stopped on Linux clients and an Uninstall task is run from Security Console, clients are removed from console, but Silent Agent is not.
  • Windows Server 2008 computers might experience a 30 to 60 seconds delay after installing Silent Agent when the epcsrv.exe service is first started.


Upgrade

For information on upgrading from a version prior to 1.2, refer to this KB article.

To upgrade from version 1.2.x, follow the information provided hereinafter. You need to upgrade both the SVE appliances and agents.

Upgrading from version 1.2.x (VMware vShield)

Upgrade can be performed from Security Console:

  1. Prerequisite: Check that all Security Virtual Appliance instances installed in your environment are up and running and that they communicate with the Security Console appliance. For example, appliances must be powered on.
  2. Connect to Security Console via HTTPS.
  3. Go to the Computers > Security VMs page. You can see that updates are available for installed appliances.
  4. Click the Update link corresponding to the Security Console appliance to upgrade all installed appliances.
  5. Wait for all appliances to be upgraded.
  6. If you have deployed Silent Agent on virtual machines, go to the Computers > Silent Agents page to upgrade them.
    1. Select all VMs listed in the table.
    2. Click Actions and choose Upgrade Silent Agent.

Upgrading from version 1.2.x (Multi-Platform)

The upgrade procedure requires manually updating each installed appliance from the command line interface of each virtual machine.

Upgrade can be performed by following these steps:

  1. Upgrade Security Console by running the following commands in the appliance’s CLI:
    • $ apt-get update
    • $ apt-get install bitdefender-web-server
  2. Upgrade Security Virtual Appliance by running the following commands in the appliance’s CLI:
    • $ apt-get update
    • $ apt-get install bitdefender-scan-server

      After the upgrade, you must re-run the sva-setup configuration script in order for the Security Virtual Appliance to be visible in Security Console.

Windows Silent Agent is automatically upgraded during regular update process. Linux Silent Agent must be upgraded by reinstalling it using the new packages available in the upgraded Security Console version. For more information on installing Linux Silent Agent, refer to the Administrator’s Guide.





Applies to: Security for Virtualized Environments by Bitdefender

Operating Systems: Citrix 5.x, Citrix 6.x, Debian/Ubuntu, Microsoft Hyper-V Server, VMware vSphere 4.1 (ESXi 4.1 P3), vSphere 5.0 (ESXi 5.0 P1), Windows 2003, Windows 2008, Windows 2008 R2, Windows 7, Windows VISTA, Windows XP

Related Articles: