Release Notes for Confidence Online for Web Applications and Confidence Online for Corporate PCs, Release 5.1

Article:TECH102887  |  Created: 2007-01-12  |  Updated: 2008-01-08  |  Article URL http://www.symantec.com/docs/TECH102887
Article Type
Technical Solution


Environment

Issue






Solution



Release Notes for Confidence Online™ for Web Applications and Confidence Online for Corporate PCs, Release 5.1
These are the release notes for the Confidence Online (CO) Release 5.1. The notes document new features with this release and any known issues with the product and documentation at the time of
the release.

Related Documentation
Confidence Online for Web Applications and Confidence Online for Corporate PCs Release 5.1 is supported by the following documentation:
  • Installation Guide (Version 5.1) — documents hardware and software requirements and provides instructions for installing and configuring the components of Confidence Online.
  • Administrator’s Guide (Version 5.1) — documents how to set up the Confidence Online Management Console and use the Management Console to interact with the client.
  • Integration Guide (Version 5.1) — documents how to integrate Confidence Online with the integration packages included with the product.
  • Integration Toolkit (Version 5.1) — documents how to create a package for a remote access product using SSL VPN platforms that integrates the Confidence Online scan into the login process of the product. Confidence Online Management Console context-sensitive online help system. These Release Notes.


All of these documents, except the online help system, are provided in pdf format and require Adobe® Reader®, which can be downloaded from www.adobe.com.

Announcements
Ending Support of Windows 98, ME, and 2000
Effective November 1, 2008, Confidence Online will no longer support Windows 98, ME, or 2000 installed on the client.

Features and Resolved Issues
  • Release 5.1
  • New Features
  • MySQL 5.0 support


For new installations, Confidence Online now requires MySQL 5.0 or 5.1. If you are upgrading from a previous CO release and you are using MySQL 4.1, you can either stay with MySQL 4.1 or upgrade
to 5.X. If you are running MySQL 3.23, you must first upgrade to MySQL 4.1 or 5.X before installing Confidence Online release 5.1.

Remote MySQL server support
In release 5.1, the Confidence Online installer supports either a local or remote MySQL server. The installer will prompt for the location of the MySQL server. If you are upgrading from a previous release
and have already moved MySQL to a remote server, the installer will read the configuration files and will not prompt for the location.

Setting the Database User Password during installation

Confidence Online creates a MySQL database called lanlord with a user account that is also called lanlord. In previous releases, the lanlord user password was built into the product. The installer now
prompts for a password.

Windows Vista Support
Confidence Online now supports all 32-bit editions of Windows Vista for both Corporate PCs and Web Applications. It does not support any 64-bit editions.

Because of security changes in the Vista OS, the Confidence Online on-demand scan requires the following on Vista:
  • Installation and uninstallation must be done by an admin user
  • The scan runs with elevated privileges for admin users
  • The scan runs in medium integrity for non-admin users. In order to run in medium integrity, users must add the scan site to the Trusted Sites list in Internet Explorer.
  • The scan will not run in low integrity
  • The scan requires Internet Explorer 7, Firefox 2.0, or Netscape 8.1 and higher


In addition, you can upgrade from Windows XP to Windows Vista without reinstalling Confidence Online.


Management Console Changes

Embedded Malware Detection option
Confidence Online can detect malware threats that are embedded in other programs, such as Internet Explorer. It will report these threats to the Management Console, but it cannot mitigate them. In
previous releases, embedded malware detection was automatically enabled. Starting with 5.1, this feature is disabled by default for new installations. It can be turned on or off in the Sensitivity screen
in the Management Console.

New Home Page
A new home page has been introduced in the Management Console to improve performance. The old home page is also retained and is now called the Original Home Page.

New Database Maintenance Screen

A new screen has been added for the following database maintenance utilities:
  • Archive Inactive Computers: This utility archives all database records for computers that are no longer active. The process and mitigation data for these computers will no longer be displayed in the Management Console or in any reports.
  • Delete Redundant Data: This utility deletes the redundant records in the database to save the disk space and improve performance in the Management Console. Redundant records include the following:
  • For LAN deployments, multiple reports of weeks when no malicious processes were found on the same computer.
  • For all deployments, multiple reports of the same process that was detected on the same computer.


After deleting the redundant data, the following records will remain:
  • For LAN deployments, only the most recent record of the week when no malicious processes were found on the same computer.
  • For all deployments, the first time and the most recent time that the same process was detected on the same computer.


Here are the known issues in this release:
  • If a deployment has no inactive computers, the Archive Inactive Computers utility will post the completion status "No matching record found. No action taken." If the global admin selects multiple deployments and one of the deployments has no inactive computers, this warning will still be displayed when the utility completes. The other deployments will be archived as needed.
  • The global admin can run only one database maintenance utility at a time. If he clicks Run a second time, he will receive a warning and the page will refresh. The first run will continue until the database update is complete.
  • The database maintenance utility runs as a task called dbupdate.exe. The global admin cannot cancel the utility from the Management Console. Do not attempt to cancel the task by closing the status window. On a large database, the utility may take up to an hour to complete.
  • The status window displays "Database Maintenance Run in Progress" when dbupdate.exe is running. If dbupdate.exe does not terminate normally, the status window may continue to display this message. If you find that dbupdate.exe is no longer running, close the status window and check dbupdate.log in the logs directory. For further assistance, contact Symantec Technical Support.



New Database Maintenance History Screen

A new screen has been added for displaying the database maintenance history. The Database Maintenance History page contains the following information:
  • Deployment Name: Name of the Deployment archived or deleted.
  • Archived: Archived Computers that have not been reported for 30/60/90 days.
  • Time: Date when the database action was performed.
  • Status: Status of the database action initiated.
  • DB Operation: Type of the database maintenance utility performed.


New Search Screen
The search screen has been greatly enhanced. Administrators can now create custom searches by selecting various parameters and sorting the results.

New/Changed Integrations
The following integrations have been added for Nortel:
  • Contivity IPsec VPN
  • SSL VPN Gateway


Confidence Online now integrates with Citrix Presentation Server version 4.0 and Access Gateway version 4.2. It does not support Citrix versions 4.5 and higher.
Cisco integrations have been dropped from this release. Refer to the Confidence Online Integration Guide for more details.


New Platform support
The following are the supported and non-supported platforms for Confidence Online.

Supported Platforms for CO 5.1 server
  • New Installation
  • Upgrade
  • FreeBSD 6.0
  • Solaris 8 and 9 , Solaris 10
  • Windows Server 2000 with SP 3+
  • Windows Server 2003 (Standard Edition)
  • FreeBSD 4.9, 4.10, and 4.11
  • Solaris 8 and 9
  • Windows Server 2000 with SP 3+
  • Windows Server 2003 (Standard Edition)



Supported Platforms for CO 5.1 client
  • New Installation
  • Upgrade
  • Windows XP Home and Professional
  • Windows 2000 Workstation
  • Windows 98
  • Windows ME
  • Windows Vista 32 bit
  • Windows XP Home and Professional
  • Windows 2000 Workstation
  • Windows 98
  • Windows ME
  • Windows Vista 32 bit


Non-Supported Platforms for CO 5.1 client
  • New Installation
  • Upgrade
  • Windows NT Workstation 4.0 SP 5 or higher
  • Windows NT Server
  • Windows 2000 Advanced Server
  • Windows DataCenter Server
  • Windows Server 2003
  • Windows XP Tablet PC Edition
  • Windows CE
  • Windows Vista 64 bit
  • Windows XP 64 bit
  • Windows NT Workstation 4.0 SP 5 or higher
  • Windows NT Server
  • Windows 2000 Advanced Server
  • Windows DataCenter Server
  • Windows Server 2003
  • Windows XP Tablet PC Edition
  • Windows CE
  • Windows Vista 64 bit
  • Windows XP 64 bit


Note: As previously announced, Confidence Online support for Windows NT ended on September 26, 2006. For backward compatibility, the Windows NT always-on and on-demand clients are still available in this release, but they are no longer supported.

New On-Demand Error Pages for Windows Vista Two error pages have been added for on-demand scans on Windows Vista:
  • Trustedsitenotset.html: if non-admin users have not added the scan site to the Trusted Sites list of Internet Explorer, this page will be displayed.
  • Scancancel.html: if admin users cancel the User Account Control (UAC) prompt when the scan is launched, this page will be displayed.

Fixed Defects
  • Citrix AAC deployments can now use SSL connections between the AAC server and the Confidence Online server.
  • Some changes that were introduced in ActiveState Perl version 5.8.8 (build 818) caused an error during CO server installation. This has been corrected.
  • MySQL 4.1 has a default limit on table size, and this limit was too small for one CO database table at some large customer sites. CO now configures a much higher row limit.
  • Adding a custom company logo could result in a CGI error. To avoid the error, the environment variable tmpdir is now added if it does not exist.


Release 5.0.3
  • Code has been added to ensure that end users of the 64-bit XP, 32-bit and 64-bit Vista operating systems will be notified that such operating systems are unsupported when they attempt to login.
    End users of those systems that are not upgraded to Confidence Online Release 5.0.3 will not be properly notified that their systems are unsupported, and the Confidence Online scan may start
    and then hang.


Note: As a workaround for these unsupported Windows operating systems, you can select Yes for the Allow Login on Unsupported Platforms option on the Login Policy page in
the Management Console. However, this will allow login for end users of other unsupported platforms, such as Linux, UNIX, and Macintosh, which may pose an increased security risk
to your network because those systems will not be scanned by the Confidence Online software. For more information, see Login Policy in the Confidence Online Administrator’s Guide.

  • The software has been updated to support new versions of existing anti-virus products.
  • A condition in which the client reported to the server every few minutes has been fixed so that the client reports to the server according to the time frequency set by the administrator.
  • A NamedPipe leak that could cause server failure when the Confidence Online server runs overtime has been fixed. The fix affected these two files: isapi_fcgi.dll and libfcgi.dll.
  • The ability to enable dynamic updates (the download of .lui files) through a password-protected proxy has been added.



Release 5.0.2
The Confidence Online software was changed to support remote-user access via the following third-party integration products:
  • Citrix Access Gateway™ Enterprise (AAC) — requires an integration package supplied with the 5.0.2 Confidence Online product distribution. Also requires selection of this deployment option in the Management Console.

Note: This integration type was tested with the Citrix Access Gateway Enterprise (CAGE) software, but not with the CAGE hardware appliance of the same name.

  • Nortel™ VPN Gateway — requires integration instructions supplied by Nortel. Also requires selection of this deployment option in the Management Console.



Release 5.0.1
Automatic Upgrade Behavior
The automatic upgrade feature for installations of the Confidence Online software prior to 5.0 is now supported. The 5.0 LAN client cannot dynamically upgrade itself. Therefore, any 5.0 LAN clients must
be uninstalled and then the 5.0.1 (or higher) client must be installed. To understand the impact of this fix, please review the Upgrade Considerations section on the next page.

Compliance Issues
  • When a compliance failure is encountered on an upgraded deployment, the compliance failure message is now properly displayed.
  • A compliance failure error associated with the McAfee VirusScan v.10 software has been corrected. The fix also includes updated support for other anti-virus products.


On-Demand Integration System Crash on Windows 2003 Platform
A failure to detect Microsoft Windows 2003 as an unsupported platform no longer causes a system crash on that platform. Now the user is informed that the platform is unsupported.




Cisco Integrations
  • An issue that prevented user login during the initial scan for Confidence Online implementations using a Cisco NRH remote-access product has been corrected.
  • For integrations using a Cisco NRH remote-access product in conjunction with an unsupported platform, the “Platform Not Supported” message is now properly displayed.
  • The wsas.fcgi file, which was missing from the Solaris build of the 5.0 version of Confidence Online, has been included in the 5.0.1 version of the product.


Juniper Integrations
  • For integrations using the Juniper remote-access products, the initial post-login scan now completes more quickly.
  • For integrations using the Juniper Multi-IVE feature with a post-login deployment, an error indicating “checkin failed” no longer occurs.
  • A failure to properly redirect to a Web page on a Juniper box after the scan completes has been corrected so that a Javascript error no longer appears on the scan page.
  • Page 78 of the Confidence Online Integration Guide version 5.0, Revision 1 includes the following text in the instructions for configuring the Juniper Networks SSL VPN (post-login scan):
    “If you intend to share client deployments across multiple IVE servers, enter “MULTI-IVE” when requested to enter the IPADDRESS of the Juniper Networks IVE server. This causes the client to
    dynamically bind to the IVE server in use at run-time.”



Installing Version 5.1
Use the following steps to upgrade the Confidence Online server to version 5.1 for UNIX systems. If upgrading Windows systems, see Upgrading the Server and Database for Windows Systems.
For additional information, see the Confidence Online Installation Guide.

Upgrade Considerations
IMPORTANT: Proceed with the 5.1 upgrade only after reading these upgrade considerations and assessing the state of your particular server installation and client deployment.
  • If your current Confidence Online server and clients are running version 4.3 or earlier
  • If your current Confidence Online server is 5.0 and clients are running 4.2 or 4.3
  • If your current Confidence Online server and clients are running 5.0
  • If your current Confidence Online server and clients are running 5.0.1, 5.0.2, or 5.0.3
  • You must first upgrade to release 5.0 before you can upgrade to 5.1. If you are running 4.2 or 4.3, you can upgrade to 5.0. If you are running 4.1 or if you do not have access to release 5.0, please contact Symantec
    Technical Support.
  • After you upgrade to 5.0, DO NOT CLICK the “Convert Deployment” button for any LAN deployments. Wait until you complete the upgrade to 5.1.

  1. Complete the steps in these Release Notes to upgrade your server to 5.1.
  2. Open the Management Console.
  3. On the Edit Installed Client Version page, set the “Default version for new deployments” to 5.1.
  4. Click the “Convert Deployments” button on the Deployment Detail page.
  5. The LAN clients will be automatically upgraded to 5.1.

  1. Complete the steps in these Release Notes to upgrade your server to 5.1.
  2. Uninstall each of the LAN (always-on) clients that are running 5.0. On-demand clients are not affected by this issue.
  3. Open the Management Console.
  4. On the Edit Installed Client Version page, set the “Default version for new deployments” to 5.1.
  5. Click the “Convert Deployments” button on the Deployment Detail page.
  6. Reinstall your LAN clients with the 5.1 version.

  1. Complete the steps in these Release Notes to upgrade your server to 5.1.
  2. Open the Management Console.
  3. On the Edit Installed Client Version page, set the “Default version for new deployments” to 5.1.
  4. Click the “Convert Deployments” button on the Deployment Detail page.
  5. The LAN clients will be automatically upgraded to 5.1.



Upgrading the Server and Database for UNIX Systems

The steps below upgrade the Confidence Online from version 5.0 to version 5.1. The user running the upgrade script must have root privileges on the server and must perform the upgrade in the following
order:
  1. Upgrade the application server.
  2. Upgrade the database.


All portions of the upgrade must be completed and Apache must be stopped and restarted in order for changes to take effect. The Upgrade_db.sh script will offer to do this automatically, but the user may
decline the automatic stop and restart and do it manually after the upgrade scripts have completed.

Note: The alert service (co_alertd) and the dynamic update service (co_syncd) must be started. The Upgrade_db.sh script will start this service automatically if you allow the script to automatically restart Apache.
    If not, you can start the service manually with these commands:
    > /usr/local/etc/rc.d/co_alertd.sh start (for FreeBSD)
    > /usr/local/etc/rc.d/co_syncd.sh start (for FreeBSD)
    > /etc/init.d/co_alertd start (for Solaris)
    > /etc/init.d/co_syncd start (for Solaris)


Upgrade the application server (must be run as root):
    > cd Unix/upgrade
    > ./Upgrade_app_server.sh

The following series of messages either request confirmation to continue or indicate the progress of the upgrade. Answer [yes] to all requests to continue. In this example, the upgrade is directly from version 5.0 to 5.1:
This script is prepared to do the following in order to upgrade this Confidence Online Server:

Upgrade the following packages from version 5.0 to version 5.1
  • Confidence Base
  • Confidence Server
  • Confidence Management Console
  • Confidence Template directory
  • Confidence Database schema scripts
  • Do you want to continue? [no]
  • Saving off current Confidence installation
    • db ...
    • cgi-bin ...
    • lib ...
    • template ...

Uninstalling old Confidence packages: Base...
  • Server...
  • Management Console...
  • Database schema scripts...
  • Template directory...
  • Integration...

Installing new Confidence packages:
  • Server base...
  • Server...
  • Management Console...
  • Database schema scripts...
  • Template directory...


Integration directory...
When the server has been successfully upgraded, the following message displays:
    Application server package upgrade complete.


Upgrade the database (must be run as root):
    > ./Upgrade_db.sh


In response to the following series of messages, enter [Yes] when requested to automatically stop or restart Apache.

For upgrading the confidence schema in MySQL, it will be necessary to supply a login and password that has administrative access to MySQL database.
Enter user name for MySQL access [root]: You will now be asked to enter the MySQL password for this user. This password will be used as an argument on mysql command lines. You may choose to not enter
it here and will instead be prompted for it later, each time that the mysql command is invoked. Enter MySQL password for user root []:

Apache must be stopped and re-started after this upgrade is complete. Do you want this to be done automatically?

The Confidence Online database schema will be upgraded from 5.0 to 5.1 using the following information:
  • MySQL user: root
  • MySQL passwd: (supplied)


Apache will be restarted at the end of the upgrade. Do you want to continue this installation?
  • Restarting Apache...
  • /usr/local/apache/bin/apachectl restart:httpd restarted
  • Restarting Confidence alert server...
  • co_alertd stopped
  • co_alertd started
  • co_syncd stopped
  • co_syncd started
  • Database upgrade complete.

If manually restarting, use the following command line: > apachectl startssl

Upgrading the Server and Database for Windows Systems
Previous versions of the Confidence Online Server can be upgraded for Microsoft Windows systems by inserting the Confidence Online CD and running setup.exe just like a fresh install.

If you are currently running MySQL version 3.23, you must upgrade to MySQL 4.1, 5.0, or 5.1 before installing Confidence Online release 5.1. If you are currently running MySQL 4.1, you do not have to upgrade to MySQL 5.0 or 5.1, but you can if you wish. See Appendix B, Upgrading MySQL and/or
Apache in the Confidence Online Installation Guide for preliminary information.


Understanding Installed Client Versions
Once you have completed the installation steps, the Installed Client Versions page in the Management Console shows that 5.1 is the default version set for client deployments. Your Installed
Client Versions list may not include all of the versions in this example.

To understand how to upgrade client deployments, see Upgrading or Converting Deployments in the Confidence Online Administrator’s Guide.

Customer Support
Contact Customer Support at 1.800.494.0247 (option 1) or 512.874.7400. Confidence Online™ is a trademark of WholeSecurity, Inc., which was purchased by Symantec Corporation in October 2005. Symantec, the Symantec logo, Norton Ghost, Norton GoBack, Live Update, Norton AntiSpam, Norton Internet Security, Norton
Personal Firewall, Norton Protection Center, Norton SystemWorks, Symantec Security Check, and Symantec Security Response are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.
Adobe and Acrobat are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Windows is a trademark of Microsoft Corporation. Other names may be trademarks of their respective
owners.





Legacy ID



2007111212565548


Article URL http://www.symantec.com/docs/TECH102887


Terms of use for this information are found in Legal Notices