Index

Apr 28, 2021

This release includes a better custom vulnerability check loading process, policy updates, and several fixes.

New

Customer Requested

New custom vulnerability check functionality: The Security Console will now automatically load custom vulnerability checks on whichever Scan Engine is in use when the scan starts.

Updated Center for Internet Security (CIS) policies: We updated the following CIS policies:
- Ubuntu Linux 16.04 LTS, version 2.0.0
- Kubernetes, version 1.6.1
Improved policy assessment performance: Our Windows privilege enumeration process for policy assessments is now more efficient.

Our Java fingerprinting process now better handles version numbers that contain dashes (-) or underscores (_). This change reduces the likelihood of false positives associated with Java versions that contain these characters.
We fixed an issue that prevented AWS assets which required pre-scan verification from being scanned when a blackout was overridden.
We fixed an issue that prevented asset detail pages from consistently displaying all discovered services from the last scan.
We fixed an issue that prevented scans from starting if the site scope included any assets that had an alternate MAC address that was not associated with an IP address.
We fixed an issue that prevented Nexpose from retrieving CyberArk credentials when a scan was paused and then resumed.
We fixed an issue that caused vulnerability scans to utilize excessive memory when scanning Windows Domain Controllers.
We fixed an issue with CIS Windows benchmarks where the rule “Ensure ‘Network access: Allow anonymous SID/Name translation’ is set to ‘Disabled’” could give incorrect results due to case sensitivity.
We updated our fingerprinting for SolarWinds DameWare Mini Remote Control to reduce false negatives.

The log-time-zone set <timezone> console command now only accepts time zones in GMT formats.