Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection Windows Agents 11.5.0.437, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
| Product: | IBM Guardium |
|---|---|
| Release version: | Guardium 11.5 Windows GIM |
| Completion date: | 28 April 2025 |
Fix IDs
|
Guardium_11.5.0.437_GIM_Windows
|
Finding the patch
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 11.5
- Platform: Windows
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Database Agent (STAP, GIM and CAS). Then, enter the patch information in the Filter fix details field to locate the patch.
Attention
SHA256 GIM client certificates
After applying patch 11.0p530 or later, Guardium supports SHA256 GIM certificates. This has the following implications:
- The default certificates could be either SHA256 or SHA128, depending on the GIM server certificate setup. Custom certificates that use SHA256 are more secure and are recommended for GIM connections. Note that GIM connectivity is not interrupted after applying this patch.
- GIM only verifies bundles signed with SHA256 and requires installation of a transitional GIM bundle to support the GIM client upgrade from the SHA128 signed version to SHA256.
For more information, see Updating Guardium Data Protection GIM clients with SHA256 certificates.
Guardium GIM default self-signed SHA128 certificate
The Guardium GIM default self-signed certificates expired in May 2024. If the certificates were not renewed by the expiration date, the GIM client-server communication is affected. Please note that data monitoring activity through S-TAP is not disrupted.
- To renew the GIM server (appliance) certificate, install patch 11.0p1042.
- To renew the GIM clients (database server agent) certificate, upgrade to version 11.4.0.413 or later.
For more information, see https://www.ibm.com/support/pages/node/7115129
Deprecated support and functionality
Microsoft Windows Server 2012 and 2012 R2
Windows Server 2012 and 2012 R2 reached end of support by Microsoft on 10 October 2023 and no longer receive security updates. For this reason, as of 31 March 2024, Guardium no longer maintains support for these operating systems. For more information, see IBM Guardium support discontinuance notification for Microsoft Windows Server version 2012 and 2012 R2.
Windows Server 2012 and 2012 R2 reached end of support by Microsoft on 10 October 2023 and no longer receive security updates. For this reason, as of 31 March 2024, Guardium no longer maintains support for these operating systems. For more information, see IBM Guardium support discontinuance notification for Microsoft Windows Server version 2012 and 2012 R2.
Microsoft SQL Server 2012
Guardium no longer supports Microsoft SQL Server 2012 as of 12 July 2022. For more information, see IBM Guardium support discontinuance notification for Microsoft SQL Server version 2008 and 2012.
New support and functionality
Microsoft Windows Server 2025
Support added for Windows Server 2025.
Support added for Windows Server 2025.
New features and enhancements
Restricting traffic base on IE process name
S-TAP can now filter for Transmission Control Protocol (TCP) traffic directed to the database server processes specified in the inspection engines to reduce traffic noise.
The following parameters were added to control this new functionality.
The following parameters were added to control this new functionality.
WFP_PROCESS_RESOLVE_MODE
Description: this parameter dictates how S-TAP handles traffic from non-SQL Server sources on SQL Server ports.
Description: this parameter dictates how S-TAP handles traffic from non-SQL Server sources on SQL Server ports.
Default value: 0
Possible values:
0 - Traffic from non-SQL Server programs using SQL Server ports is sent to the S-TAP and the collector.
Possible values:
0 - Traffic from non-SQL Server programs using SQL Server ports is sent to the S-TAP and the collector.
1 - Traffic from non-SQL Server programs using SQL Server ports is ignored.
2 - Traffic from non-SQL Server programs using SQL Server ports is passed if it reaches one of the two resolve limits, otherwise it is ignored.
WFP_PROCESS_RESOLVE_LIMIT
Description: This is the limit in KB of how much traffic is buffered per connection while attempting to resolve the server process name. If the limit is reached, traffic is either dropped or passed depending on the mode.
Default value: 2048
Value range: 1 - 20480
Default value: 2048
Value range: 1 - 20480
WFP_PROCESS_RESOLVE_TOTAL_LIMIT
Description: This is the limit in MB of how much traffic is buffered system-wide while attempting to resolve server process.
Description: This is the limit in MB of how much traffic is buffered system-wide while attempting to resolve server process.
These new parameters can be modified by using Windows GIM 11.5.0.437 or later.
Allowing database sessions to make progress when all collectors are down
In protocol 8, when in a situation where all collectors for a S-TAP are down, and the firewall or query rewrite is active, S-TAP must immediately pass packets to keep database sessions active if the default verdict is pass, or drop sessions if the default verdict is Drop. The following parameter was added for S-TAP to allow database sessions to make progress when all collectors down.
VERDICT_RESUME_DELAY
Description: This parameter allows database sessions to make progress when all collectors down. The value is the number of seconds the S-TAP will delay sending verdict requests to the collector after a failover. During this time, S-TAP acknowledges the verdicts locally. After the time period expires, the S-TAP resumes sending verdict requests to the collector.
Default value: 30
Value range: 0-300
Resolved issues
Guardium Windows GIM 11.5.0.437
|
Patch
|
Issue key | Summary | Known issue (APAR) |
|---|---|---|---|
|
11.5.0.404
|
See release note for Windows GIM 11.5.0.404
|
||
|
11.5.0.437
|
GRD-89993
|
Removed a vulnerable Perl file subject to CVE-2023-7101 vulnerability.
|
|
|
GRD-97203
|
Removed openssl.exe binary version 1.1.1.17 subject to CVE-2023-0286 vulnerability.
|
DT435454
|
Guardium Windows GUC 11.5.0.290
No changes were made to Guardium Windows GUC since Guardium Windows GUC 11.5.0.290 (see release note).
Guardium Windows FAM Crawler 11.5.0.359
No changes were made to Guardium Windows FAM Crawler since Guardium Windows FAM Crawler 11.5.0.359 (see release note).
Installers with MD5Sums
| MD5Sum | File name |
|---|---|
|
98f124ba06c9fe84c19e32712e6d2689
|
GIM-Installer-11.5_r110500437_1.zip
|
|
8d360b619cc812c910082ab919c88a9a
|
guard-GIM-11.5_r110500437_1-x86_x64.gim
|
|
87045c0988a7c6004d9f7d2282054325
|
guard-GIM-guardium_11.5_r110500437_1-Windows-Server-Windows-x86_x64.exe.signed
|
|
5415585ea887097f70a9c10b43c4653d
|
guard-GIM_transitional-11.5_r110500437_1-x86_x64.gim
|
|
cc9843a6668aedb496abf4eed0349e90
|
conf.reload.FAM
|
|
1f952f8e6edfafbe415c01fd4775ca7c
|
guard-FAM-11.5_r110500359_1-x86_x64.gim
|
|
4c4a5e2c6ec48943a62b930e8efa5581
|
guard-FAM-guardium_11.5_r110500359_1-Windows-Server-Windows-x86_x64.exe.signed
|
|
dfe09dde5daf63f09269e047c2395772
|
guard-GUC-11.5_r110500290_1-x86_x64.gim
|
|
839a6cf77335dc2fe3ba0f22b23ae1f9
|
guard-GUC-guardium_11.5_r110500290_1-Windows-Server-Windows-x86_x64.exe.signed
|
Related Guardium updates
- Guardium Data Protection Windows FAM for NAS 11.5.0.437 (see release note)
- Guardium Data Protection Windows FAM for SharePoint 11.5.0.437 (see release note)
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0TAAS","label":"GIM"},{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"11.5.0"}]
Was this topic helpful?
Document Information
Modified date:
02 September 2025
UID
ibm17231562