Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection Windows Agents 12.2.0.158, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
| Product: | IBM Guardium |
|---|---|
| Release version: | Guardium 12.2 Windows Software TAP (S-TAP) |
| Completion date: | 23 September 2025 |
Fix IDs
|
Guardium_12.2.0.158_S-TAP_Windows
|
Finding the patch
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 12.2
- Platform: Windows
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Database Agent (STAP, GIM and CAS). Then, enter the patch information in the Filter fix details field to locate the patch.
Notes
- A fresh install of Guardium 12.2 does not require a reboot.
- IBM strongly recommends that you do not use the following builds as they contain instabilities that can lead to system failure. Uninstall these builds and reboot before you install S-TAP 12.2. For all other builds, you can upgrade as usual.
- 11.4.0.168 through 11.4.0.204
- 11.3.0.257 through 11.3.0.287
Attention
Database instance stop and server reboot required for patch upgrade
When you upgrade to Windows S-TAP 12.2.0.158, you must reboot the database server to update the NmpProxy driver. To successfully install this patch, you must complete the following steps:
- Stop all database instances.
- Upgrade Windows S-TAP to version 12.2.0.158.
- Reboot your database server immediately after you upgrade Windows S-TAP.
- Start your database instances.
New database and platform support
Databases
- Couchbase 7.6.3
- CouchDB 3.4.2
- EDB Postgres 17.4
- Elasticsearch 8.15.3
- IBM Db2 12.1
- Informix 15.0
- MaridDB 11.5.2
- MongoDB 8.0.5
- MySQL 8.4.2
- Neo4j 2025.04
- Oracle 23ai Free
- PostgreSQL 17.2
- Sybase ASE 16.1
Platforms
Support added for Windows Server 2025.
Support added for Windows Server 2025.
New features and enhancements
Restricting traffic based on IE process name
S-TAP can now filter for Transmission Control Protocol (TCP) traffic directed to the database server processes specified in the inspection engines to reduce traffic noise. The following parameters were added to control this new functionality.
S-TAP can now filter for Transmission Control Protocol (TCP) traffic directed to the database server processes specified in the inspection engines to reduce traffic noise. The following parameters were added to control this new functionality.
WFP_PROCESS_RESOLVE_MODE
Description: This parameter dictates how S-TAP handles traffic from non-SQL Server sources on SQL Server ports.
Default value: 0
Description: This parameter dictates how S-TAP handles traffic from non-SQL Server sources on SQL Server ports.
Default value: 0
Possible values:
0 - Traffic from non-SQL Server programs using SQL Server ports is sent to the S-TAP and the collector.
1 - Traffic from non-SQL Server programs using SQL Server ports is ignored.
2 - Traffic from non-SQL Server programs using SQL Server ports is passed if it reaches one of the two resolve limits, otherwise it is ignored.
0 - Traffic from non-SQL Server programs using SQL Server ports is sent to the S-TAP and the collector.
1 - Traffic from non-SQL Server programs using SQL Server ports is ignored.
2 - Traffic from non-SQL Server programs using SQL Server ports is passed if it reaches one of the two resolve limits, otherwise it is ignored.
WFP_PROCESS_RESOLVE_LIMIT
Description: This is the limit in KB of how much traffic is buffered per connection while attempting to resolve the server process name. If the limit is reached, traffic is either dropped or passed depending on the mode.
Default value: 2048
Value range: 1 - 20480
Description: This is the limit in KB of how much traffic is buffered per connection while attempting to resolve the server process name. If the limit is reached, traffic is either dropped or passed depending on the mode.
Default value: 2048
Value range: 1 - 20480
WFP_PROCESS_RESOLVE_TOTAL_LIMIT
Description: This is the limit in MB of how much traffic is buffered system-wide while attempting to resolve server process.
Description: This is the limit in MB of how much traffic is buffered system-wide while attempting to resolve server process.
These new parameters can be modified by using Windows GIM 12.2.0.158 or later (see release note).
Allowing database sessions to make progress when all collectors are down
In protocol 8, when in a situation where all collectors for a S-TAP are down, and the firewall or query rewrite is active, S-TAP must immediately pass packets to keep database sessions active if the default verdict is pass, or drop sessions if the default verdict is Drop. The following parameter was added for S-TAP to allow database sessions to make progress when all collectors down.
VERDICT_RESUME_DELAY
Description: This parameter allows database sessions to make progress when all collectors down. The value is the number of seconds the S-TAP will delay sending verdict requests to the collector after a failover. During this time, S-TAP acknowledges the verdicts locally. After the time period expires, the S-TAP resumes sending verdict requests to the collector.
Default value: 30
Value range: 0-300
Description: This parameter allows database sessions to make progress when all collectors down. The value is the number of seconds the S-TAP will delay sending verdict requests to the collector after a failover. During this time, S-TAP acknowledges the verdicts locally. After the time period expires, the S-TAP resumes sending verdict requests to the collector.
Default value: 30
Value range: 0-300
Disabled Query Rewrite verdicts to fully encrypted database instances
Query Rewrite verdicts are not applied to fully encrypted Microsoft SQL Server sessions.
Internal load balancer enhancement
The internal load balancer (ILB), introduced in version 12.1, helps prevent data loss by monitoring collector load and dynamically redirecting traffic to balance it in near real time. In version 12.2, enhancements to this feature provide customers with a more complete experience. A new failover mechanism improves data integrity as it is rebalanced while the improved load balancing mechanism ensuring data is not lost due to overflow. Additionally, S-TAP has the capability to request additional managed units (MUs) when all assigned sniffers reach capacity. This is controlled using a new parameter, initial_load_balancer_num_mus, alongside the existing load_balancer_num_mus. At startup, both parameters are set to the same value, but when more capacity is needed, load_balancer_num_mus is incremented to request additional MUs from the load balancer.
Support for PCRE as a regular expression
Windows S-TAP parameter for Windows PCRE regular expressions: PCRE_REGEX_ENABLED.
IBM Db2 Exit firewall support
Windows S-TAP firewall functionality is now supported when the IBM Db2 Exit protocol is enabled.
Resolved issues
| Issue key | Summary | Known issue (APAR) |
|---|---|---|
| GRD-82303 |
Access to shared data structures were synchronized, and data items that were allocated and retained during session execution were deallocated when the session ended.
|
DT419137 |
| GRD-85678 |
Added GUARDIUM_CA_PATH and SQLGUARD_CERT_CN parameters to guard_tap.ini and GIM setup by client.
|
DT416618 |
| GRD-88033 |
Added separate event handles to notify S-TAP when 64-bit and 32-bit database processes start.
|
DT416655 |
| GRD-88200 |
Fixed an instability in Microsoft SQL Server instance due to the Correlator Proxy dynamic-link library (DLL). You must reboot the database server to update the Correlator Proxy DLL.
|
DT398828 |
| GRD-89175 |
Fixed session correlation and Kerberos delivery timeouts.
|
DT438267 |
| GRD-89330 |
Added check for out-of-bound memory violations when reading and writing the failoverinfo.dtx file, containing session failover information.
|
DT416535 |
| GRD-89466 |
Prevent S-TAP instability by ignoring empty traffic messages.
|
DT417031 |
| GRD-92349 |
Fixed an issue related to possible termination of sessions when Firewall S-Gate is enabled.
|
DT426053 |
| GRD-94302 |
Fixed instability in Microsoft SQL Server caused by Correlator DLL of Windows S-TAP.
|
DT437922 |
| GRD-97837 |
Windows S-TAP now uses OpenSSL 3.5.
|
|
| GRD-101002 |
Fixed instability in Microsoft SQL Server caused by S-TAP when connecting to Microsoft SQL Server though IP. For more information, see Guardium Windows S-TAP 12.1.0.195, 12.0.1.295, and 11.5.1.437 might cause Microsoft SQL Server instability when using Kerberos authentication.
|
DT442106 |
| GRD-101025 |
Fixed instability in Windows S-TAP caused by data packets exceeding 64K.
|
DT442121 |
| GRD-101938 |
Fixed instability in Windows OS caused by Windows S-TAP WFP driver. For more information, see Guardium Windows S-TAP 12.1 might cause Windows OS server instability with non-database traffic using duplicate IPs and ports.
|
DT443493 |
| GRD-103773 | Removed old registry entries after upgrading from Windows S-TAP 9 |
Installers with MD5Sums
| MD5Sum | File Name |
|---|---|
|
ce4287ed48a44f30728612bd64cca8a0
|
Windows-STAP-120200158.zip
|
|
d36d3e3252aff89043cedc97ed3bd233
|
conf.reload.WINSTAP
|
|
125a685cc2b7c42773577dd202717c8b
|
guard-WINSTAP-12.2_r120200158_1-x86_x64.gim
|
|
153583d059254e4b85ac29e69f2065dd
|
guard-WINSTAP-guardium_12.2_r120200158_1-Windows-Server-Windows-x86_x64.exe.signed
|
Related Guardium updates
- Guardium Data Protection 12.2 (see release note)
- Guardium Data Protection Windows CAS 12.2.0.158 (see release note)
- Guardium Data Protection Windows FamMonitor 12.2.0.158 (see release note)
- Guardium Data Protection Windows GIM 12.2.0.158 (see release note)
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"},{"code":"a8m0z000000Gp0IAAS","label":"STAP"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"12.2.0"}]
Was this topic helpful?
Document Information
Modified date:
23 September 2025
UID
ibm17245477