Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
Security Configuration Management (SCM) for Unix Systems The Security and Compliance team at IBM has modified the content within the UNIX System checklists to add enhancements. ---- Site Versions ---- Self-Parameterizing Sites: DISA STIG Checklist for AIX 5.1 v9 DISA STIG Checklist for AIX 5.2 v8 DISA STIG Checklist for AIX 5.3 v8 DISA STIG Checklist for AIX 6.1 v8 DISA STIG Checklist for HPUX 11.00 v8 DISA STIG Checklist for HPUX 11.11 v8 DISA STIG Checklist for HPUX 11.23 v8 DISA STIG Checklist for RHEL 3 v8 DISA STIG Checklist for... [More]
Just wanted to give everyone a heads up that we are in the process of reviewing and updating our fixlets. The good news is that these changes will have a positive impact on your environments by reducing the size of the fixlets while maintaing all of the same function. As we progress I will post to the blog which fixlets are being updated each day. We will begin rolling out these changes next week, updating between 4-6 sites a day.
Just a quick post on some of the setup and configuration changes you can expect in version 8.2. On upgrade, all existing Console users will be migrated to local users. Console users will be asked to provide .pvk files on initial login for the purposes of verification only and will not be used for subsequent login attempts. Consoles in 8.2 connect to the Server through HTTPS 52313. This replaces the previous method of ODBC connections. This is configurable. Account provisioning is now handled by the Console, not the BESAdmin tool. However,... [More]
We just published the Fixlets for Patches for Windows sites for German, Japanese and Chinese (Simplified) languages. The Patch Tuesday content for the remaining language sites should be available by Wednesday evening PST.
Just wanted to let you guys know that our Patch Tuesday fixlets for November 2011 are live. They hit the world roughly forty minutes ago. We also published the re-release of MS11-037 as part of that push. We'll be working next on the non-English Patch Tuesday fixlets.
Just a heads up, our tenative delivery times for this upcoming Patch Tuesday are 2:00PM PST for all patches. We'll release non-English security patches shortly afterwards. You can find more information about the upcoming November Patch Tuesday here: http://technet.microsoft.com/en-us/security/bulletin/ms11-nov
There is a document created listing all the supported endpoint protection products for CMEP at this wiki page: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Client%20Manager%20for%20Endpoint%20Protection%20%E2%80%93%20Supported%20Products It will be updated once a support for a new product is published.
Security Configuration Management (SCM) for Unix Systems The Security and Compliance team at IBM has modified the content within the UNIX System checklists to add per user ignore for the following controls: AIX 5.3 & 6.1 GEN000800 GEN000540 GEN000620 GEN000600a GEN000580 GEN000680 GEN000700 RHEL 4 & 5 GEN000540 GEN000700 Solaris 8, 9 & 10 GEN000540 ---- Site Versions ---- Self-Parameterizing Sites: DISA STIG Checklist for AIX 5.1 v7 DISA STIG Checklist for AIX 5.2 v6 DISA STIG Checklist for AIX 5.3 v6 DISA STIG Checklist for AIX... [More]
We expect to publish Fixlets for the localized versions of the October 2011 security patches by Thursday (13 Oct 2011) evening Pacific Time. We will post an update on this blog once the content for non-English versions of Patches for Windows Fixlet sites is published.
The second set of Fixlets for October Patch Tuesday is now available in version 1530 of the EnterpriseSecurity site. This set covers the following security bulletins: * MS11-078: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution * MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution * MS11-082: Vulnerabilities in Host Integration Server Could Allow Denial of Service
Hi All, We are considering developing some content to support reporting and basic management of BitLocker deployments. If you use BitLocker, or are considering deploying it in the future, please share your thoughts on the below areas to help us build a more useful offering. If you'd like to provide input in a private forum, feel free to email me directly at email@example.com. (1) Do you currently use BitLocker, or plan to deploy it soon? If not, are you using another disk encryption technology? (2) If you are using BitLocker, on how many... [More]
We just released the first set of Patch Tuesday patches for October 2011. They should all be included in version 1529 of the Enterprise Security site. This first set includes content for: MS11-075 MS11-076 MS11-077 MS11-080 MS11-081 The rest of the patches are scheduled to be delivered around 9:30PM PST.
Just a heads up, our tenative delivery times for this upcoming Patch Tuesday are: 2:00PM PST for Kernel Patches 9:30PM PST for all Patch Tuesday Patches You can find more information about the upcoming October Patch Tuesday here: http://technet.microsoft.com/en-us/security/bulletin/ms11-oct
We have just published another set of updates to our Client
Manager for Endpoint Protection site to add support for the most recent versions
of supported vendor products: Symantec
Endpoint Protection 12 McAfee VirusScan
Enterprise 8.8 McAfee GroupShield 7.0 / McAfee
Security 7.6 for Microsoft Exchange Forefront
Client Security CA Anti-Virus / Total Defense
Hi All, Lately, we have seen an increased adoption of Microsoft Forefront, so we recently added support for Microsoft Forefront Endpoint Protection to our Client Manager for Endpoint Protection (CMEP) Fixlet site. Customers can now use CMEP to support the following Microsoft Forefront management tasks: - Report on agent health (running, stopped) - Report on client information (definition versions, engine version, client status, etc) - Deploy definition updates via the Microsoft Forefront Update Wizard - Enforce a policy that monitors the... [More]
The Inspector Search site been updated and enhanced. Try it out: http://support.bigfix.com/inspectorsearch/inspector_search.html (It can also be reached at the link at search.bigfix.com) New functionality includes enhanced descriptions of inspectors. For example: 1. In the Type field, enter substring. 2. Click the Find Inspectors button. 3. It should list 19 inspectors that match that criterion. Click on start of <substring>. The search result is displayed. Before this addition to the program, no type information was provided.... [More]
Hi everybody, We have been slowly transitioning our customer-facing documentation and technical info pages from our legacy BigFix sites to IBM systems. Here is a quick overview of some of the changes: New "Endpoint Management Community" -- This page basically links to all the pages discussed below. New "Endpoint Management" Blog -- (You are reading my first blog post.) We didn't have a blog at BigFix and instead used mailing list updates and forum posts. But... we think the blog is a better way to communicate and we... [More]
There is a new wiki for all IBM Tivoli Endpoint Manager (BigFix) best practices, and it can be found here: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager As with all Service Management Connect wikis,
you can expect to find a lot of information created by subject matter
experts, including but not limited to the following content: Best practices Customizations Fixlet authoring Lifecycle management Troubleshooting information Bookmark the new Tivoli Endpoint Manager wiki today.... [More]
Welcome to the Endpoint Management blog. This
blog is one of several within the Service Management Connect community,
and its purpose is to provide readers with ideas and perspectives about
the endpoint management solution directly from the
technical experts. Follow this blog, and you can get tips, tricks, and
perspectives on several endpoint management topics, including: Installation Integration Performance Customization Technical tips and tricks More... If you have specific topics for which you would like to see blog entries, don't... [More]
https://forum.bigfix.com/t/new-white-paper-bigfix-capacity-planning-performance-and-management-guide/15868 *********** https://forum.bigfix.com/ *********** Hello all, For my first post here, I am pleased to announce the publication of the "IBM BigFix Version 9.2: Capacity Planning, Performance, and Management Guide" white paper. It is available from the ISM Library at the following URL: ISM Library3 The white paper provides an overview of performance management and capacity planning for the IBM BigFix Version 9.2... [More]
IBM BigFix Customer Support Technical Information Newsletter - January, 2016 To subscribe to this mailing list, send an e-mail to firstname.lastname@example.org with the subject line: snl subscribe IBM Endpoint Manager
A Gentle Reminder on End of Support for BigFix version 8.2: We would like to remind you that the previously announced end of support date for Tivoli Endpoint Manager 8.2 is approaching. TEM 8.2 will officially reach end of support on April 30th 2016. Customers using version 8.x of the platform are encouraged to upgrade to the latest version as soon as possible in order to continue receiving product support. Please note that in addition to the many improvements in the 9.x platform releases, many of the BigFix... [More]
IBM BigFix Patch is pleased to announce the support for Maintenance or Technology Level packages and Service Packs for AIX 7.2. The BigFix Patch for AIX team released an upgrade Fixlet for AIX 7.2 Recommended Service Pack (7200-00-01). This release also includes inventory-only (audit) Fixlets for AIX Security Advisories, Critical Fixes, High Impact/Highly Pervasive Fixes and Program Temporary Fixes (PTFs) that are released since the last Maintenance Level Package update. Actions to take: Gather the updates for the Patches... [More]
It's almost time to say goodbye to the following non-Native Tools Red Hat Enterprise Linux and SUSE Linux Enterprise sites that will be deprecated on January 31, 2016 . To help you prepare for this migration, we have given you a head's up with this announcement a few months ago. Patches for RHEL 5 Patches for RHEL 5 Dependency Resolution Patches for RHEL 6 Dependency Resolution Patches for SLE11 BigFix Patch will no longer provide content and support for these sites and they will no longer be available on the License Overview Dashboard... [More]
IBM BigFix Compliance PCI Add-on Security Configuration Management (SCM) The IBM BigFix Compliance team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) DSS checklist for Red Hat Linux Enterprise 6 and 7. Updated Sites: PCI DSS Checklist for RHEL 6, version 2 PCI DSS Checklist for RHEL 7, version 2 *Site versions are provided for air-gap customers. Changelist: Additional service and policy-related checks are available in the PCI DSS Checklist for RHEL 6 and PCI DSS Checklist for... [More]
IBM BigFix Compliance PCI Add-on Security Configuration Management (SCM) IBM is pleased to announce the availability of the new security configuration management checklists for IBM BigFix Compliance PCI Add-on. The new checklists that are based on the guidance provided by the Payment Card Industry Data Security Standard (PCI DSS) is: Published site: PCI DSS Checklist for Windows Embedded POSReady 2009, version 2 *Site versions are provided for air-gap customers. This content contains security configuration checks... [More]
Content in the Patches for Windows Site has been released. New Fixlets: Fixlets for Microsoft Security Bulletins: MS16-001 MS16-002 MS16-003 MS16-004 MS16-005 MS16-006 MS16-007 MS16-008 MS16-010 [Major] 3109853: Security advisory: Update to improve TLS session resumption interoperability - Windows 8.1 Gold - KB3109853 (ID: 310985301) [Major] 3109853: Security... [More]
BigFix Patch for Windows is pleased to announce that it is extending support to include Office 365. BigFix supports fully installed Office 2013 applications for the PC version of the following Office 365 subscription plans: Office 365 ProPlus Office 365 Enterprise E3 Office 365 Enterprise E5 Highlights Fixlet ID 365001: Disable Office 365 Automatic Update - Office 2013 Fixlet ID 365003: Enable Office 365 Automatic Update - Office 2013 Fixlet ID 365005: Outdated Office 365 Version Detected - Office 2013 Fixlet ID 365007: Office 365 Version... [More]