Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
Just wanted to let you guys know that our Patch Tuesday fixlets for November 2011 are live. They hit the world roughly forty minutes ago. We also published the re-release of MS11-037 as part of that push. We'll be working next on the non-English Patch Tuesday fixlets.
Just a heads up, our tenative delivery times for this upcoming Patch Tuesday are 2:00PM PST for all patches. We'll release non-English security patches shortly afterwards. You can find more information about the upcoming November Patch Tuesday here: http://technet.microsoft.com/en-us/security/bulletin/ms11-nov
There is a document created listing all the supported endpoint protection products for CMEP at this wiki page: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Client%20Manager%20for%20Endpoint%20Protection%20%E2%80%93%20Supported%20Products It will be updated once a support for a new product is published.
Security Configuration Management (SCM) for Unix Systems The Security and Compliance team at IBM has modified the content within the UNIX System checklists to add per user ignore for the following controls: AIX 5.3 & 6.1 GEN000800 GEN000540 GEN000620 GEN000600a GEN000580 GEN000680 GEN000700 RHEL 4 & 5 GEN000540 GEN000700 Solaris 8, 9 & 10 GEN000540 ---- Site Versions ---- Self-Parameterizing Sites: DISA STIG Checklist for AIX 5.1 v7 DISA STIG Checklist for AIX 5.2 v6 DISA STIG Checklist for AIX 5.3 v6 DISA STIG Checklist for AIX... [More]
We expect to publish Fixlets for the localized versions of the October 2011 security patches by Thursday (13 Oct 2011) evening Pacific Time. We will post an update on this blog once the content for non-English versions of Patches for Windows Fixlet sites is published.
The second set of Fixlets for October Patch Tuesday is now available in version 1530 of the EnterpriseSecurity site. This set covers the following security bulletins: * MS11-078: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution * MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution * MS11-082: Vulnerabilities in Host Integration Server Could Allow Denial of Service
Hi All, We are considering developing some content to support reporting and basic management of BitLocker deployments. If you use BitLocker, or are considering deploying it in the future, please share your thoughts on the below areas to help us build a more useful offering. If you'd like to provide input in a private forum, feel free to email me directly at firstname.lastname@example.org. (1) Do you currently use BitLocker, or plan to deploy it soon? If not, are you using another disk encryption technology? (2) If you are using BitLocker, on how many... [More]
We just released the first set of Patch Tuesday patches for October 2011. They should all be included in version 1529 of the Enterprise Security site. This first set includes content for: MS11-075 MS11-076 MS11-077 MS11-080 MS11-081 The rest of the patches are scheduled to be delivered around 9:30PM PST.
Just a heads up, our tenative delivery times for this upcoming Patch Tuesday are: 2:00PM PST for Kernel Patches 9:30PM PST for all Patch Tuesday Patches You can find more information about the upcoming October Patch Tuesday here: http://technet.microsoft.com/en-us/security/bulletin/ms11-oct
We have just published another set of updates to our Client
Manager for Endpoint Protection site to add support for the most recent versions
of supported vendor products: Symantec
Endpoint Protection 12 McAfee VirusScan
Enterprise 8.8 McAfee GroupShield 7.0 / McAfee
Security 7.6 for Microsoft Exchange Forefront
Client Security CA Anti-Virus / Total Defense
Hi All, Lately, we have seen an increased adoption of Microsoft Forefront, so we recently added support for Microsoft Forefront Endpoint Protection to our Client Manager for Endpoint Protection (CMEP) Fixlet site. Customers can now use CMEP to support the following Microsoft Forefront management tasks: - Report on agent health (running, stopped) - Report on client information (definition versions, engine version, client status, etc) - Deploy definition updates via the Microsoft Forefront Update Wizard - Enforce a policy that monitors the... [More]
Hi everybody, We have been slowly transitioning our customer-facing documentation and technical info pages from our legacy BigFix sites to IBM systems. Here is a quick overview of some of the changes: New "Endpoint Management Community" -- This page basically links to all the pages discussed below. New "Endpoint Management" Blog -- (You are reading my first blog post.) We didn't have a blog at BigFix and instead used mailing list updates and forum posts. But... we think the blog is a better way to communicate and we... [More]
Product: IBM BigFix Compliance Title: Updated DISA STIG Checklist for Windows 10 to support a more recent version of benchmark Security Benchmark: Windows 10 STIG, V1, R11 Published Sites: DISA STIG Checklist for Windows 10, site version 7 (The site version is provided for air-gap customers.) Details: · DISA STIG Checklist for Windows 10 supports OS version <= 1709 · Both analysis and remediation checks are included ... [More]
IBM BigFix Patches for Windows has modified update Fixlets for Google Chrome. Google does not provide a way to detect if the application has a 32-bit or 64-bit architecture. The only other way to confirm architecture is to examine its uninstaller executable, which BigFix does not currently support. With the modified Fixlets, it is assumed that only a 64-bit version of the application is installed on a 64-bit operating system. Note that if a 32-bit application is installed on 64-bit OS, it will be converted to 64-bit version. Currently, the... [More]