Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection Windows Agents 12.2.0.158, including any new features or enhancements, resolved or known issues, or notices associated with the patch.
Content
Patch information
| Product: | IBM Guardium |
|---|---|
| Release version: | Guardium 12.2 Windows Guardium Installation Manager (GIM) |
| Completion date: | 23 September 2025 |
Fix IDs
|
Guardium_12.2.0.158_GIM_Windows
|
Finding the patch
- Select the following options to download this patch on the IBM Fix Central website and click Continue.
- Product selector: IBM Security Guardium
- Installed Version: 12.2
- Platform: Windows
- On the "Identify fixes" page, select Browse for fixes and click Continue.
- On the "Select fixes" page, select Database Agent (STAP, GIM and CAS). Then, enter the patch information in the Filter fix details field to locate the patch.
Attention
SHA256 GIM client certificates
Guardium 12.2 supports both SHA256 and SHA128 GIM certificates. This has the following implications:
- The default certificates could be either SHA256 or SHA128, depending on the GIM server certificate setup. Custom certificates that use SHA256 are more secure and are recommended for GIM connections.
- If your existing GIM clients have the latest GIM bundle installed, you can switch the GIM server certificate between default SHA256 and SHA128 by using the CLI command if needed. GIM connectivity is not interrupted by this switch.
- Guardium 12.2 GIM only verifies bundles signed with SHA256 and requires installation of a transitional GIM bundle to support the GIM client upgrade from the SHA128 signed version to 12.2.
For more information, see Updating Guardium Data Protection GIM clients with SHA256 certificates.
GIM client to connect with default certificates if custom certificates fail
In the event that a connection between GIM and the Guardium server cannot be established by using custom certificates, GIM will use default certificates.
New support and functionality
Microsoft Windows Server 2025
Support added for Windows Server 2025.
Support added for Windows Server 2025.
New features and enhancements
Restricting traffic based on IE process name
S-TAP can now filter for Transmission Control Protocol (TCP) traffic directed to the database server processes specified in the inspection engines to reduce traffic noise.
S-TAP can now filter for Transmission Control Protocol (TCP) traffic directed to the database server processes specified in the inspection engines to reduce traffic noise.
The following parameters were added to control this new functionality.
WFP_PROCESS_RESOLVE_MODE
Description: this parameter dictates how S-TAP handles traffic from non-SQL Server sources on SQL Server ports.
Default value: 0
Possible values:
0 - Traffic from non-SQL Server programs using SQL Server ports is sent to the S-TAP and the collector.
1 - Traffic from non-SQL Server programs using SQL Server ports is ignored.
2 - Traffic from non-SQL Server programs using SQL Server ports is passed if it reaches one of the two resolve limits, otherwise it is ignored.
Description: this parameter dictates how S-TAP handles traffic from non-SQL Server sources on SQL Server ports.
Default value: 0
Possible values:
0 - Traffic from non-SQL Server programs using SQL Server ports is sent to the S-TAP and the collector.
1 - Traffic from non-SQL Server programs using SQL Server ports is ignored.
2 - Traffic from non-SQL Server programs using SQL Server ports is passed if it reaches one of the two resolve limits, otherwise it is ignored.
WFP_PROCESS_RESOLVE_LIMIT
Description: This is the limit in KB of how much traffic is buffered per connection while attempting to resolve the server process name. If the limit is reached, traffic is either dropped or passed depending on the mode.
Default value: 2048
Value range: 1 - 20480
Description: This is the limit in KB of how much traffic is buffered per connection while attempting to resolve the server process name. If the limit is reached, traffic is either dropped or passed depending on the mode.
Default value: 2048
Value range: 1 - 20480
WFP_PROCESS_RESOLVE_TOTAL_LIMIT
Description: This is the limit in MB of how much traffic is buffered system-wide while attempting to resolve server process.
Description: This is the limit in MB of how much traffic is buffered system-wide while attempting to resolve server process.
These new parameters can be modified by using Windows GIM 12.2.0.158 or later.
Known issues and workarounds
|
Issue key
|
Description
|
|---|---|
|
GRD-74281
|
GIM transitional bundles (SHA1) cannot be uploaded to Guardium 12.2 when FIPS mode is on.
Workaround: Turn off FIPS mode to upload SHA 1 GIM bundles. |
|
GRD-103379
|
When upgrading a GIM client from a major version that supports GIM bundle changes to a major version that does not support GIM bundle changes (versions earlier than 12.2), the GIM Client Status report may display outdated values in the Active Certificate-related columns.
Workaround: To avoid seeing outdated certificate values in the report, you can perform a GIM connection reset. This action clears the stale data and refreshes the client status.
|
| GRD-109036 | If your GIM agent is not connected after you upgrade your Guardium appliance to 12.2 (and assuming GIM service port 8446 is open), restart tomcat manually from the command-line interface with the restart gui command. |
Resolved issues
Guardium Windows GIM 12.2.0.0.158
| Issue key | Summary | Known issue (APAR) |
|---|---|---|
|
GRD-89993
|
Removed vulnerable Perl scripts from GIM installer
|
DT437925
|
|
GRD-96808
|
GIM Client Install Date set to the correct date
|
DT437876
|
|
GRD-97203
|
High severity CVEs resolved by removing %GIM%\sppNew\c\bin\openssl.exe
|
DT435454
|
Guardium Windows GUC 12.2.0.0.158
No changes were made to Guardium Windows GUC 12.2.0.0.158 since Guardium Windows GUC 12.1.0.112 (see release note). If Guardium Windows GUC 12.1.0.112 is currently installed, upgrading to Guardium Windows GUC 12.2.0.0.158 is optional.
Installers with MD5Sums
| MD5Sum | File name |
|---|---|
|
1b2ac4f0f83d39f1ef08d7332be0f642
|
GIM-Installer-12.2_r120200158_1.zip
|
|
b7004539290fdb2cd6c260bad66d32cd
|
guard-GIM-12.2_r120200158_1-x86_x64.gim
|
|
e66238fb9be22f9c25802a642968fbde
|
guard-GIM-guardium_12.2_r120200158_1-Windows-Server-Windows-x86_x64.exe.signed
|
|
fbf019a05897a03b8ad333b6ec51d68d
|
guard-GIM_transitional-12.2_r120200158_1-x86_x64.gim
|
|
9a3b15ab6a787b71110d29048c7b43c6
|
guard-GUC-12.2_r120200158_1-x86_x64.gim
|
|
f5ec5614d270a18151808ccc39ad1da3
|
guard-GUC-guardium_12.2_r120200158_1-Windows-Server-Windows-x86_x64.exe.signed
|
Related Guardium updates
- Guardium Data Protection 12.2 (see release note)
- Guardium Data Protection Windows CAS 12.2.0.158 (see release note)
- Guardium Data Protection Windows FamMonitor 12.2.0.158 (see release note)
- Guardium Data Protection Windows S-TAP 12.2.0.158 (see release note)
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0TAAS","label":"GIM"},{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"12.2.0"}]
Was this topic helpful?
Document Information
Modified date:
26 September 2025
UID
ibm17245500