IBM Support

Release of WinCollect stand-alone agent V10.1.4

Release Notes


Abstract

This release note contains upgrade instructions and new features in IBM® WinCollect Agent V10.1.4

Content

Quick links

About WinCollect V10.1.4

WinCollect 10.1.4 is available for stand-alone only deployments.

Important: Beginning in V10.1.4, WinCollect now uses a virtual account to increase application security.

With this change, aspects of the WinCollect agent that interact with the file system (file based sources, mTLS, and so on...) require extra privileges in order to continue to function properly.

To ensure WinCollect continues to function properly, the WinCollect virtual account can be added to the Administrators group.
Alternatively, if the WinCollect virtual account is not added to the Administrators group, access to the necessary directories need to be added manually. This decision must be made during the WinCollect V10.1.4 installation or upgrade and can be done using either of the following methods.
GUI installation or upgrade:
During a GUI installation or upgrade, you are presented with a new panel in the installation wizard to make this decision.
Silent installation or upgrade:
If the installation or upgrade is done in silent mode, the ADMIN_GROUP command line parameter must be specified with either a true or false value. A value of true adds the WinCollect virtual account to the Administrators group, whereas a value of false does not.
For example:
msiexec.exe /qn /i WinCollect-10.X.X-X.x64.msi QUICK_INSTALL="yes" WC_DEST="<qrhostname.domain.lab>" ADMIN_GROUP="true"
There is no default value for this parameter as the installation requires the user to make a decision.
The msi must be launched from an administrative command prompt, see WinCollect 10: Installation or upgrade displays, "WinCollect 10 Setup Wizard ended prematurely" error.
For more information, see WinCollect Virtual Accounts.

New features:

  • Added support for IIS Advanced logs collection.

Bug fixes and improvements including the following:

  • Fixed an issue where WinCollect can crash in BucketQ.next call (APAR IJ46177).
  • Fixed an issue where WinCollect can  crash when events on disk are added to the BucketQ (APAR IJ46689).
  • Fixed an issue where WCConsole.exe runs in high integrity context / runs as LocalSystem (CVE-2023-26277).
  • Fixed an issue with the WinCollect Service and WCConsole.exe privileges (CVE-2023-26278).
  • Fixed an issue with WinCollect x-csrf-token.
  • Fixed an issue where certificate fields incorrectly check max length.
  • Fixed memory corruption issues in and around the Logger/LogCapture.
  • Added new installer option to choose to add local virtual account to Administrators group.
  • Added ability to send an agent status message when the client certificate is going to expire.
  • Added mTLS support for a certificate/key from Windows Certificate Store.
  • Added mTLS support for PKCS#12 .pfx format.
  • Upgraded version of third party library.
Upgrade your existing WinCollect 7 stand-alone agents to WinCollect 10.1.4. See WinCollect 10 Upgrade instructions.
For more information about the agent and new features, see the WinCollect 10 documentation.
 
Supported Windows® operating systems
 
  • Windows® Server 2022 (including Core)
  • Windows® Server 2019 (including Core)
  • Windows® Server 2016 (including Core)
  • Windows® Server 2012 (including Core)
  • Windows® 10 (most recent)
  • Windows® 11 (most recent)

    NOTE: WinCollect is not supported on versions of Windows® that moved to End Of Support by Microsoft®. After software is used beyond the Extended Support End Date, the product might still function as expected; however, IBM® does not make code or vulnerability fixes to resolve WinCollect issues for older operating systems. For more information, see the WinCollect 10 documentation.

IBM® Statement for WinCollect supported versions
Supported software versions for IBM® WinCollect are the latest version (n) and latest minus one (n-1). Therefore, the two newest versions of WinCollect are the versions that QRadar® support suggests with any support tickets (cases) that are opened. To prevent issues, it is important that you, as an administrator, keep WinCollect deployments updated when new versions are posted to IBM® Fix Central. For questions related to this statement, ask in the WinCollect forum: http://ibm.biz/wincollectforums.
 

Prerequisites for the WinCollect V10.1.4 upgrade

Installation prerequisites

WinCollect 10.0.1 and WinCollect V7.3.0 or greater agents that are in stand-alone mode can be upgraded to WinCollect V10.1.4.

QRadar® version prerequisites
WinCollect V10.1.4 supports QRadar® V7.5.0 or later.

WinCollect version prerequisites

WinCollect V7.3.0 stand-alone is the minimum version required to upgrade to QRadar® V10.x (any patch level).

WinCollect upgrade procedure

For more information about installing or upgrading WinCollect 10, see IBM Documentation.

WinCollect Agent update links for 64-bit and 32-bit downloads:

For more information about stand-alone mode, see IBM Documentation.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
19 July 2023

UID

ibm16987783

Page Feedback