Release Notes for Symantec™ Critical System Protection Version 5.2.4.1 Chapter 1 Release Notes for Symantec™ Critical System Protection Version 5.2.4.1 This chapter includes the following topics: About Symantec Critical System Protection What's new in this version Additional release information What you need to know before you install or upgrade your software Known issues Resolved issues Product documentation Legal Notice About Symantec Critical System Protection Welcome to Symantec Critical System Protection, a flexible, multi-layer security solution for servers that detects abnormal system activities. Symantec Critical System Protection prevents and blocks viruses and worms, hacking attacks, and zero-day vulnerability attacks. Symantec Critical System Protection also hardens systems, enforcing behavior-based security policies on clients and servers. Symantec Critical System Protection includes a management console and server components, and agent components that enforce policies on computers. The management server and management console run on Windows operating systems. The agent runs on Windows and UNIX operating systems. Among Symantec Critical System Protection's key features are: Predefined application policies for common Microsoft interactive applications Out-of-the-box policies that continuously lock down the operating system, high-risk applications, and databases to prevent unauthorized executables from being introduced and run Microsoft Windows, Sun Solaris, and Linux platform support Among Symantec Critical System Protection's key benefits are: Provides proactive, host-based security against day-zero attacks Offers protection against buffer overflow and memory-based attacks Helps to maintain compliance with security policies by providing granular control over programs and data What's new in this version The current maintenance pack contains new browser support, improved Web UI functionality and Customer Defect fixes. Note: This release may also be referred to as Symantec Critical System Protection 5.2 Release Update 4 Maintenance Pack 1. Updated Hardware Requirement Symantec Critical System Protection Manager requires minimum 2 Gigabytes of memory. Browser support Symantec Critical System Protection contains new and improved browser support. New Internet Explorer 7 Support Improved Internet Explorer 8 Support Web-based user interface Symantec Protection Center Symantec Protection Center is a Web-based console that lets you integrate management of your Symantec security products into a single environment. Symantec Protection Center includes a centralized Dashboard that reports on the overall security of your network based on the products that you integrate. You integrate supported products in Symantec Protection Center in a registration process. After you register your products, you can log on to Symantec Protection Center to manage them all. Symantec Critical System Protection must be installed and configured separately before you can register it with the Symantec Protection Center. Registered products still function independently of Symantec Protection Center. You can manage Symantec Critical System Protection and other supported products together, in the Symantec Protection Center, or separately, in the Symantec Critical System Protection console. For information about how to register Symantec Critical System Protection in the Symantec Protection Center, see the Symantec Protection Center information in the Administration Guide for Symantec Endpoint Protection and Symantec Network Access Control that accompanies Symantec Endpoint Protection version 11 RU6. Only Symantec Endpoint Protection includes Symantec Protection Center. Note: Symantec Critical System Protection continues to support both its own Web-based console and its Java-based console. Symantec Critical System Protection Web UI Console You can optionally start and view the Symantec Critical System Protection management console from a browser window. The console now runs in both Internet Explorer 7 and 8. If you are using a Prevention policy on your Symantec Critical System Protection management server, you must update the policies to 5.2.4.1 at the same time that you update the management server software to 5.2.4.1. The new Web UI feature of the management server will not work if the older 5.2.0 Prevention policies are applied on the management server system. If you have previously installed the Symantec Critical System Protection Server, ensure that .NET 2.0 is installed on your system, and then perform the Server upgrade to get the Web-based user interface. To launch the console interface from a Web browser 1. Open your Web browser. 2. Type the following URL in the Address field: https://localhost:8081/scsp Note: By default, the Web server administration port number is 8081. If you change the port when you install Symantec Critical System Protection, then you must substitute the port number that you used in this URL. Additional release information This section outlines some additional information that you should know about. What you need to know before you install or upgrade your software The Symantec Critical System Protection Installation Guide contains detailed information about how to install the Symantec Critical System Protection components. If you are installing for the first-time, you should install, configure, and test Symantec Critical System Protection in a test environment. For the latest and most complete information about the release and known issues and workarounds, refer to the readme file that accompanies this release. Table 1-3 Overview of an installation Step Action Description 1 Plan the installation When planning your installation, you may need to consider the following: Network architecture and policy distribution Firewalls Name resolution IP routing 2 Review the system requirements All the computers on which you install Symantec Critical System Protection should meet or exceed the recommended operating system and hardware requirements. 3 Decide on the computers to install the software components You can install the management console and management server on the same computer or on separate computers. You can install agents on any computer. All computers must run a supported operating system. 4 Decide on the management server installation type You can install the following management server installation types: An evaluation installation that runs SQL Server 2005 Express on the local system An evaluation installation that uses an existing MS SQL instance A production installation with Tomcat and the database schema The Tomcat component only 5 Configure the TEMP environment variable The installation packages unpack installation files into the directory that is specified by the TEMP environment variable. The volume that contains this directory must have at least 200 MB of available disk space. If this volume does not have the required disk space, you must change your TEMP environment variable. 6 Install the management server You begin the installation by installing the management server. Management server installation prompts you to enter a series of values consisting of port numbers, user names, passwords, and so on. Each database that you can install uses different default settings and options for the management server and database. 7 Install the management console Install the management console after you install the management server. The management console installation also installs the authoring environment. The management console installation does not prompt you to enter port numbers or server names. You enter this information after installation, when you configure the management console. 8 Configure the management console Management console configuration prompts you to enter a series of values consisting of port numbers, passwords, and a server name. In a few instances, the port numbers must match the port numbers that were specified during management server installation. 9 Install the agents Install the agents after you install the management server, and after you install and configure the management console. The agent installation prompts you to enter a series of agent values consisting of port numbers, management server name, etc. Supported platforms Supported platforms and Symantec Critical System Protection components supported on each lists the platforms supported by Symantec Critical System Protection release 5.2.4. Table 1-4 Supported platforms and Symantec Critical System Protection components supported on each Operating system Processor IDS support IPS support Red Hat Enterprise Linux ES 3.0 (2.4 Kernel) x86, AMD64, EM64T, Hugemem (32bit) X X Red Hat Enterprise Linux ES 4.0 (2.6 Kernel) x86, AMD64, EM64T, Hugemem (32bit), IA64 X X, except on IA64 Red Hat Enterprise Linux ES 5.0 (2.6 Kernel) x86, AMD64, EM64T X X SuSE Linux Enterprise Server 8 (2.4 Kernel) x86, AMD64, EM64T X X SuSE Linux Enterprise Server 9 (2.6 Kernel) x86, AMD64, EM64T X X SuSE Linux Enterprise Server 10 (2.6 Kernel) x86, AMD64, EM64T X X Solaris 8 (32- and 64-bit) SPARC X X SPARC X X SPARC, x86, AMD64, EM64T X X Note: Symantec Critical System Protection 5.2.4 only supports global zones on Solaris. Local zones are not supported at this time. Solaris 9 (32- and 64-bit) Note: Symantec Critical System Protection 5.2.4 only supports global zones on Solaris. Local zones are not supported at this time. Solaris 10 (32- and 64-bit) Note: Symantec Critical System Protection 5.2.4 Console support Manager support supports local zones in IDS mode only. IPS is not supported for local zones at this time. HP-UX 11i V1 (11.11) (64bit) PARISC X Itanium2 X HP Tru64 5.1B-3 Alpha X AIX 5L 5.1 (32- and 64-bit) POWERPC X Windows NT4 SP6 x86 X X Windows 2000 Advanced Server SP4 x86 X X X Windows 2000 Server SP4 x86 X X X Windows 2000 Professional SP4 x86 X X X Windows XP Professional SP2, SP3 x86 X X X Windows 2003 Enterprise Edition SP2 x86, AMD64, EM64T X X X X Windows 2003 Enterprise Edition R2 x86, AMD64, EM64T X X X X Windows 2003 Standard Edition SP2 x86, AMD64, EM64T X X X X Windows 2003 Standard Edition R2 x86, AMD64, EM64T X X X X Windows 2008 Standard Edition and Enterprise Edition, SP1 x86, AMD64, EM64T X X X x86, AMD64 X X X HP-UX 11i V2 (11.23) (64bit) HP-UX 11i V3 (11.31) (64bit) HP-UX 11i V2 (11.23) (64bit) HP-UX 11i V3 (11.31) (64bit) AIX 5L 5.2 (32- and 64-bit) AIX 5L 5.3 (32- and 64-bit) Windows 2008 Standard Edition and Enterprise Edition, SP2 Windows 2008 Standard Edition and Enterprise Edition, R2 SQL Enterprise Server 2005 SP2 x86 X SQL Enterprise Server 2005 Express 32-bit, 64-bit X SQL Enterprise Server 2008 32-bit, 64-bit X Windows Vista X VMWare Server ESX 3.5 Host Note: x86 X The supported platforms include those running as a Guest OS running in any VMWare product. Linux Kernel version support (includes x86, x86_64, UP, SMP) lists the Linux kernel versions Symantec Critical System Protection supports. Table 1-5 Linux Kernel version support (includes x86, x86_64, UP, SMP) Linux distribution Kernel RedHat Enterprise Linux 3 Version RHEL 3 GA 2.4.21-4.EL RHEL 3 U1 2.4.21-9.EL RHEL 3 U2 2.4.21-15.EL RHEL 3 U3 2.4.21-20.EL RHEL 3 U4 2.4.21-27.EL RHEL 3 U5 2.4.21-32.EL RHEL 3 U6 2.4.21-37.EL RHEL 3 U8 2.4.21-47.EL RedHat Enterprise Linux 4 Version RHEL 4.1 2.6.9-11.EL RHEL 4.2 2.6.9-22.EL RHEL 4.3 2.6.9-34.EL RHEL 4.4 2.6.9-42.EL RHEL 4.5 2.6.9-55.EL RHEL 4.6 2.6.9-67.EL RHEL 4.7 2.6.9-78.EL RedHat Enterprise Linux 5 Version RHEL 5.1 2.6.18-53.el5 RHEL 5.2 2.6.18-92.el5 SuSE Linux Enterprise Server 8 Version SLES 8 SP4 hotfix 2.4.21-304 SLES 8 SP4 hotfix 2.4.21-306 SLES 8 SP4 hotfix 2.4.21-314 SuSE Linux Enterprise Server 9 Version SLES 9 GA 2.6.5-7.97 SLES 9 SP1 2.6.5-7.139 SLES 9 SP2 2.6.5-7.191 SLES 9 SP3 2.6.5-7.244 SLES 9 SP3 hotfix 2.6.5-7.283 SLES 9 SP4 2.6.5-7.308 SuSE Linux Enterprise Server 10 Version SLES 10 SP1 2.6.16.46 SLES 10 SP1 hotfixes 2.6.16.54-* SLES 10 SP2 2.6.16.60-* VMWare ESX 3.5 Host Version ESX 3.5.0 GA and U1 2.4.21-47.Elvmnix ESX 3.5.0 U2 - U4 2.4.21-57.Elvmnix Scalability guidelines The Symantec Critical System Protection agent is licensed to service no more than 25 virtual agents. This is based on the following assumptions: A virtual agent instance services no more than ten dedicated and shared logs. On Windows platforms, the combination of logs includes forwarded Windows event log messages for the Application, Security, and Service logs, and any additional application logs that are either text logs or custom Windows event logs, such as Web server logs, database server logs and so on. On UNIX/Linux platforms, the combination of logs includes forwarded syslog or syslog-ng messages, and application-specific logs. The aggregate sum of messages coming from the various logs is approximately no more than 250/second, and that input messages are spread across more than a single collector. A Symantec Critical System Protection agent that is configured to host a large number of virtual agents dedicates a large portion of its resources to the monitoring of various input logs, and therefore should be expected to be at least partially dedicated to this purpose. There is no way to exactly quantify the number of messages that are processed by the agent, as this varies greatly between platforms, configurations, and application usage. Additional consideration must be given to the hardware and network environment. Therefore, these recommendations are only a rough guideline. Known issues Installation on computers that run Windows 2008 R2 may cause the wrong error message to display When you install the Symantec Critical System Protection console, agent, or server on computers that run Windows 2008 R2, the computer may not display the typical disk space check messages. Instead, you may see the following error message: This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows installer package. To work around this issue, ensure that you have a sufficient amount of disk space on the computer for installation before you begin to install. The filewatch collector does not monitor file permissions for the Archive and Index attributes The filewatch collector does not monitor file permissions for the Archive and Index attributes. Changes to these attributes do not trigger a file modification event. Resolved issues Policy importing and displaying issue - #2003545 You can now import prevention policies from 5.2 or later with custom program options into this 5.2.4.1 console. Importing is working in 5.2.4 without custom program options. Registry Driver Fix - #2018311 A registry driver error discovered in a Windows Server 2003 environment was resolved. Network Filter Driver Fix - #2040450 A synchronization issue on an SCSP network filter driver in a multiple processor Windows Server 2008 environment with heavy network traffic was resolved. Zeta-byte File System (ZFS) support on Solaris - #1826515 Symantec Critical System Protection now supports ZFS on the Solaris 10 Sparc and x86 platforms. Product documentation The following documents provide information on Symantec Critical System Protection: Symantec Critical System Protection Installation Guide Symantec Critical System Protection Administration Guide Symantec Critical System Protection Prevention Policy Reference Guide Symantec Critical System Protection Detection Policy Reference Guide Symantec Critical System Protection Policy Override Guide Symantec Critical System Protection Agent Event Viewer Guide Legal Notice The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 5.02.00.04.01 Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation350 Ellis StreetMountain View, CA 94043 http://www.symantec.com