Applying the Control Compliance Suite 8.60 Reporting & Analytics March 2009 Cumulative Hotfix (CHF=6)

Article:TECH115763  |  Created: 2009-01-22  |  Updated: 2012-01-27  |  Article URL http://www.symantec.com/docs/TECH115763
Article Type
Technical Solution


Issue





Symptoms
Issues fixed in Control Compliance Suite Content:


This Hotfix addresses the following issue in Platform support for Windows:
 

    Whenever you run a data import job and you manually scope to a machine in
    Windows NT 4.0 domain, the job throws an exception and an error message
    is displayed. This Hotfix corrects the error and the data import job does not
    throw an exception.

    Whenever you run a data import job with invalid scopes, the job throws an
    exception. Invalid scopes do not have mandatory scope components defined.
    For example, the file path is a required component for a file scope whereas
    whether to search under one or all levels under the file path is optional. This
    Hotfix corrects the error and now if the file path component is missing, the
    scope is excluded from the list of valid scopes included for data collection. And
    the invalid scope is logged.

    A field ‘Network access: Allow anonymous SID/Name translation‘ that reports
    the local security setting on Network access: Allow anonymous SID/Name
    translation is added to Machine data source. This field is applicable in Windows
    XP, 2003 Server or later.

    Whenever you run service startup type and service permissions of checks on
    Windows all OS TSPs, then the compliance report displayed manual review as
    a result for such checks. This result was displayed when service was not present
    on the target machine. This Hotfix corrects the error and now the compliance
    report displays Not Applicable for the service startup type and service
    permissions of checks.

This Hotfix addresses the following issue in Platform support for UNIX:

Performance issues exist when you run a data import job for CRC Check Sum
field in UNIX Files data source. This Hotfix corrects the error. Now, data is not
collected from the Information Server for the CRC Check Sum field in UNIX
Files data source.
To enable the use of CRC Check Sum, run the following script:

UPDATE bv_DataTableColumns
SET dtc_IsRMSField= 1,
dtc_IsHidden = 0
WHERE dtc_UID=’A38AA6E7-8C84-445C-81E7-250B583FC998’

After you restart the SMC Job Server and SMC Server, RMS data may be
collected for the field and checks may be built using this field.

Remediation for the following check in CIS Solaris Benchmark v1.3 have been
updated:
 

    Hosts.allow file exists?

This Hotfix addresses the following issue in Application support for SQL:

The Latest SQL Server 2005 service pack installed? check has been updated to
verify the latest SQL Server Service Pack in the Security Essentials for Microsoft
SQL Server 2005 TSP.

This Hotfix addresses the following issue in Application support for Oracle:

A timeout occurs during execution of clean query after running a data import
job. This Hotfix corrects the error and now the time out does not occur. This
Hotfix corrects the error by changing the query timeout settings and making
it configurable.

Now, the clean query command timeout is read from the following:
 

    File BVAssessmentService.exe.config
    Key
    Default value of the key 3600 (sec)



Timeout occurs during Oracle-UNIX chain data import while importing UNIX
Files data. This Hotfix corrects the error and now the time out does not occur.
This Hotfix corrects the error by changing the scopes being sent to UNIX scope
builder when the job chained with Oracle Database Initialization Parameters
datasource only. Now, instead of a list of files/directories, appropriate %FIND
scopes are sent.

Issues fixed in Control Compliance Suite Server

This Hotfix addresses the following issues:

Fresh deployments of the Control Compliance Suite console occasionally and
incorrectly suggests 1236 as the port number of the CCS Application Server,
rather than the correct 3991. This Hotfix corrects the error and now CCS
console suggests the correct port.

If theSMCJob Server does not sync with theSMCServer due to the two services
running as different user accounts, the dashboard aggregation jobs fails
silently. Then an incomplete error message is displayed in SMC Job Server
logs. This Hotfix corrects the error and now the complete error message is
displayed in SMC Job Server logs.

During connect and update data provider operation, if an error occurs, then
an error message is displayed. The error message is displayed in the Application
Information dialog box and is shaded. This Hotfix corrects the error and now
the error message is not shaded.

Issues fixed in Dashboards

This Hotfix addresses the following issues:

In the Dashboards dialog boxes, the threshold filter, Normal, was configured
explicitly to report a status, Normal, when no configured thresholds matched
the other threshold filters.
This Hotfix resolves the issue and Dashboards now displays checkboxes for
only three threshold status' along with the following message:
The status is Normal when no configured thresholds are met .


When you export Report when exported to an excel file or when you print
preview Reports from the Analysis tab of the Dashboards, Reports would
display only four default fields. The four default fields include Object Name,
Failed, Passed, and Manual Review. This Hotfix corrects the issue and all of
the fields selected from the column chooser of a report are displayed when
exported to an excel file.

Issues fixed in the Standards module

This Hotfix addresses the following issues:

The BVCollectionImport utility can incorrectly delete existing collections when
it performs an import. This Hotfix corrects the issue, and existing collections
are no longer deleted.


If you change the components of a collection and then use the Evaluation
Results view to examine any existing evaluation jobs that were run against
the collection, all evaluations improperly list the current version of the
collection as the target. The change to the collection was not displayed properly.
This Hotfix corrects the error, and changes to collections properly list in the
Evaluation Results view.

If you install the December, 2008 Comprehensive Hotfix for Control Compliance
Suite 8.60 and then you use the BVDBCleaner utility, errors can occur. The
BVDBCleaner utility can incorrectly delete data that is used by evaluation job.
This Hotfix corrects the error, and the data is not deleted.

The formulae that drive the "machine compliance" histographs in both the C9
-Evaluation Results by Standard - Checks Perspective and C7 - Evaluation
Results by Standard - Object Perspective reports contains a typographical
error, causing the bars of the graph to show incorrect data. The 80-90% bar
always shows 0. This Hotfix corrects the errors, and the reports now display
correctly.

If an evaluation fails due to an error, the Evaluation Results view indicates
that there are no objects to evaluate for the evaluation, rather than indicating
the error. This Hotfix corrects the error, and if the Control Compliance Suite
is unable to complete the evaluation successfully, the Evaluation Results view
now indicates the error.

If an evaluation includes two objects or checks that fail but both granted
exceptions and both exceptions contained the same text including the time
within a single minute, an internal SQL error occurs when the Control
Compliance Suite performs the evaluation. The error was logged, and the error
message "No objects to evaluate" appears in the Evaluation Results view. This
Hotfix corrects the error, and the SQL error no longer occurs.

Under certain circumstances, data purge jobs fail to purge old data correctly,
and no error message appears. This Hotfix corrects the error, and the data is
purged correctly.


If a large number of expressions are added to or edited in a check expression,
an out of memory error can occur. This Hotfix corrects the error, and an out
of memory error no longer occurs when you edit check expressions.

 



 


Solution




Reporting & Analytics:

March 2009 CHF:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_control_compli
ance_suite/8.6/updates/reporting_analytics/CCS_ReportingAndAnalytics_8.60.280.10600_March_2009_Update.exe

PinEdit Patch:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_control_compli
ance_suite/8.6/updates/reporting_analytics/PinEditSupportFiles.exe
Analytics:=0D=0A=0D=0ASept =

Readme:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_control_compli
ance_suite/8.6/updates/reporting_analytics/ReadMe_CCS_ReportingAndAnalytics_8.60.280.10600_March_2009_Update.pdf

Windows Patch Check Libraries:

Patch:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_control_compli
ance_suite/8.6/updates/reporting_analytics/CCS_WindowsPatchAssessmentCheckLibrary_8.60.275.10504_March_2009_Update.exe

Readme:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_control_compli
ance_suite/8.6/updates/reporting_analytics/Read_Me_CCS_WindowsPatchAssessmentCheckLibrary_8.60.275.10504_March_2009_Update.htm

Release Notes:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_control_compli
ance_suite/8.6/updates/reporting_analytics/CCS_WindowsPatchAssessmentCheckLibrary_Release_Notes_March_2009.htm






 



Legacy ID



2009052215484953


Article URL http://www.symantec.com/docs/TECH115763


Terms of use for this information are found in Legal Notices