Release Notes
Abstract
This release note contains upgrade instructions and new features in IBM® WinCollect Agent V10.1.4
Content
Quick links
- About WinCollect V10.1.4
- Prerequisites for the WinCollect upgrade
- How to upgrade to WinCollect v10.1.4
About WinCollect V10.1.4
WinCollect 10.1.4 is available for stand-alone only deployments.
Important: Beginning in V10.1.4, WinCollect now uses a virtual account to increase application security.
With this change, aspects of the WinCollect agent that interact with the file system (file based sources, mTLS, and so on...) require extra privileges in order to continue to function properly.
Alternatively, if the WinCollect virtual account is not added to the Administrators group, access to the necessary directories need to be added manually. This decision must be made during the WinCollect V10.1.4 installation or upgrade and can be done using either of the following methods.
If the installation or upgrade is done in silent mode, the ADMIN_GROUP command line parameter must be specified with either a true or false value. A value of true adds the WinCollect virtual account to the Administrators group, whereas a value of false does not.
msiexec.exe /qn /i WinCollect-10.X.X-X.x64.msi QUICK_INSTALL="yes" WC_DEST="<qrhostname.domain.lab>" ADMIN_GROUP="true"
New features:
- Added support for IIS Advanced logs collection.
Bug fixes and improvements including the following:
- Fixed an issue where WinCollect can crash in BucketQ.next call (APAR IJ46177).
- Fixed an issue where WinCollect can crash when events on disk are added to the BucketQ (APAR IJ46689).
- Fixed an issue where WCConsole.exe runs in high integrity context / runs as LocalSystem (CVE-2023-26277).
- Fixed an issue with the WinCollect Service and WCConsole.exe privileges (CVE-2023-26278).
- Fixed an issue with WinCollect x-csrf-token.
- Fixed an issue where certificate fields incorrectly check max length.
- Fixed memory corruption issues in and around the Logger/LogCapture.
- Added new installer option to choose to add local virtual account to Administrators group.
- Added ability to send an agent status message when the client certificate is going to expire.
- Added mTLS support for a certificate/key from Windows Certificate Store.
- Added mTLS support for PKCS#12 .pfx format.
- Upgraded version of third party library.
- Windows® Server 2022 (including Core)
- Windows® Server 2019 (including Core)
- Windows® Server 2016 (including Core)
- Windows® Server 2012 (including Core)
- Windows® 10 (most recent)
- Windows® 11 (most recent)
NOTE: WinCollect is not supported on versions of Windows® that moved to End Of Support by Microsoft®. After software is used beyond the Extended Support End Date, the product might still function as expected; however, IBM® does not make code or vulnerability fixes to resolve WinCollect issues for older operating systems. For more information, see the WinCollect 10 documentation.
IBM® Statement for WinCollect supported versions
Supported software versions for IBM® WinCollect are the latest version (n) and latest minus one (n-1). Therefore, the two newest versions of WinCollect are the versions that QRadar® support suggests with any support tickets (cases) that are opened. To prevent issues, it is important that you, as an administrator, keep WinCollect deployments updated when new versions are posted to IBM® Fix Central. For questions related to this statement, ask in the WinCollect forum: http://ibm.biz/wincollectforums.
Prerequisites for the WinCollect V10.1.4 upgrade
Installation prerequisites
WinCollect 10.0.1 and WinCollect V7.3.0 or greater agents that are in stand-alone mode can be upgraded to WinCollect V10.1.4.
QRadar® version prerequisites
WinCollect V10.1.4 supports QRadar® V7.5.0 or later.
WinCollect version prerequisites
WinCollect V7.3.0 stand-alone is the minimum version required to upgrade to QRadar® V10.x (any patch level).
WinCollect upgrade procedure
For more information about installing or upgrading WinCollect 10, see IBM Documentation.
WinCollect Agent update links for 64-bit and 32-bit downloads:
- Download files for QRadar 7.5
Full URL: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.5.0&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-AGENT_x64_WINCOLLECT-10.1.4-44.msi,7.5.0-QRADAR-AGENT_x86_WINCOLLECT-10.1.4-44.msi&includeSupersedes=0&source=fc
For more information about stand-alone mode, see IBM Documentation.
Was this topic helpful?
Document Information
Modified date:
19 July 2023
UID
ibm16987783