CSA_6_0_1_138_readme.txt ReadMe file for CSA v6.0.1.138 Cisco Systems, Inc. Cisco Security Agent v6.0.1.138 for Cisco Security Agent April 2, 2010 Copyright (C) 2009, 2010 Cisco Systems, Inc. All rights reserved. Printed in the USA. Cisco, Cisco Systems, and the Cisco Systems logo are registered trademarks of Cisco Systems, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the properties of their registered owners. ================================================================================ Table of Contents ================================================================================ 1. 6.0.1 Update Details 1.1 Installation Notes 1.2 Resolved Issues in 6.0.1.106 (First official hotfix release - Jul 08, 2009) 1.3 Resolved Issues in 6.0.1.117 (Second official hotfix release - Oct 23, 2009) 1.4 Resolved Issues in 6.0.1.132 (Third official hotfix release - Feb 15, 2010) 1.5 Resolved Issues in 6.0.1.135 (Fourth official hotfix release - Mar 11, 2010) 1.6 Resolved Issues in 6.0.1.138 (Fifth official hotfix release - Apr 02, 2010) 1.5.1 Special notice regarding ClamAV scan engines older than 0.95 - upgrade to 6.0.1.138 or greater is necessary in order to continue ClamAV protection after April 15, 2010. 2. Cisco Security Agent Management Center (CSA MC) Update Instructions Upgrading 3. Port Usage Information =============================================================================== 1. 6.0.1 Update Details =============================================================================== 1.1 Installation Notes: 6.0.1.138: - Fifth official hotfix release - April 02, 2010 *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* Please note that every hotfix package is a full media release. Initial installation of the current hotfix on a clean CSAMC system does NOT require an instance of the 6.0 or 6.0.1 FCS version to be upgraded. Only an install of the latest package is required to establish a fully functional CSAMC. If an existing version of CSAMC is present on the system, the hotfix package will update that version. Please consult the CSA Installation Guide for further detail on upgrades. *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* *#*#*#*#* =============================================================================== 1.2 Resolved Issues in 6.0.1.106 (First official hotfix release - Jul 08, 2009) ------------------------------------------ 6.0.1.106: - First OFFICIAL Hotfix release ------------------------------------------ addressed the following issues: Defect Description ------ ----------- CSCsy74583 CSA - csauser cause outlook crash CSCta27974 Kernel panic on linux with mcafee installed CSCta49689 client falsely detects tcp chimney enabled, does not report to MC CSCtb19685 Scanner detection fails for Kaspersky AV causing digital sig spike CSCtb25610 CSA prevents svchost from running wuauclt, because svchost uses HTTP CSCtb60526 MC prohibits referencing @cs:\** in FACLs CSCtb73584 missing Winlogon\Shell registry keycauses csa not to display queries CSCsv90088 CSA officially does not support changing the CSA MC's hostname CSCsy39753 CSA 6.0 write operations show in event log as open CSCsz04194 CSA: Failed Upgrade Does Not Remove PendingFullVersion Registry Key CSCsz19780 machine hang after upgrade to 6.0.0.220 CSCsz60807 Reports not working with local DB in some instances CSCta06179 dcgate has issues with unicode characters CSCta23648 CSA: Upgrade from version 4.0.3 to version 6.0.1 fails CSCsy79491 Rule generation fail after import 5.2 migration data CSCta12016 CSA CTA plugin can crash, causing unresponsive APT 1.3 Resolved Issues in 6.0.1.117 (Second official hotfix release - October 23, 2009) ------------------------------------------ 6.0.1.117: - Second OFFICIAL Hotfix release ------------------------------------------ addressed the following issues: Defect Description ------ ----------- CSCtb98088 Vista SP2 - Failed to find system call: SendMessageCallbackA user32.dll CSCta18192 Failed attempts to create AV Key causes unnecessary log rotation CSCtc25731 CSA Upgrades from 4.0.3 could disable network completely CSCtc35263 Performance issues with clam AV with overlapped delayed CSCtc10218 CSA treaded the PGP virtual drive as removable CSCtc56937 Vista machine BSOD reference to csacenter 1.4 Resolved Issues in 6.0.1.132 (Third official hotfix release - February 15, 2010) ------------------------------------------ 6.0.1.132: - Third OFFICIAL Hotfix release ------------------------------------------ addressed the following issues: Defect Description ------ ----------- CSCte10902 Solaris kernel panic - BAD TRAP: type=31 CSCtc91377 CSA MC the save "popup" gets stuck on IE 6.0 with KB974455 CSCte35703 100% cpu usage on khubd during IMM reset with CSA enabled CSCtb33655 Fix release notes on CSA driver loading in safe mode 1.5 Resolved Issues in 6.0.1.135 (Fourth official hotfix release - February 15, 2010) ------------------------------------------ 6.0.1.135: - Fourth OFFICIAL Hotfix release ------------------------------------------ CSCtd92606 CSA: User Group Mapping forgotten CSCte52954 Application usage reports sometimes contain erroneous values 1.6 Resolved Issues in 6.0.1.135 (Fourth official hotfix release - February 15, 2010) ------------------------------------------ 6.0.1.135: - Fourth OFFICIAL Hotfix release ------------------------------------------ CSCtf77856 Agent fails to send events to MC CSCte54161 Errors logging into Windows after CSA installed on CVP reporting server CSCtf00674 complexity related output (parsed by webadmin) is incorrect CSCtf01185 Misidentifed local drive as removable 1.6.1 Special notice regarding ClamAV scan engines older than 0.95 - upgrade to 6.0.1.138 or greater is necessary in order to continue ClamAV protection after April 15, 2010 Effective April 15, 2010, ClamAV will no longer be producing new virus definition files for versions of the ClamAV scan engine older than 0.95. In order to continue receiving ClamAV virus protection after April 15, 2010, CSA customers who have ClamAV signature-based AntiVirus enabled must upgrade to a version of CSA (6.0.1.138 or greater) that contains ClamAV scan engine version 0.95. Users upgrading from previous versions of CSA should not upgrade to 6.0.1.132 or 6.0.1.135, as they may encounter bug CSCtf77856. New (non-upgrade) installations of CSA versions 6.0.1.132 or 6.0.1.135, or customers who have previously upgraded to 6.0.1.132 or 6.0.1.135 and have not encountered but CSCtf77856, will also have ClamAV scan engine 0.95 and will continue to receive ClamAV protection after April 15, 2010. Further information about ClamAV's decision to no longer support ClamAV releases older than 0.95, which results from a bug in older versions of ClamAV which prevents incremental updates from working with signatures longer than 980 bytes, can be found at http://www.clamav.net/2009/10/05/eol-clamav-094/ ================================================================================ 2. Cisco Security Agent Management Center (CSA MC) Update Instructions Upgrading: Applying v6.0.1.138 to an existing supported 6.0 or 6.0.1 installation: To apply the hotfix to an existing 6.0 CSA MC installation, net stop the csagent and csamc60 services via a CMD shell (or stop the Cisco Security Agent and Management Console for Cisco Security Agents v6.0 via the services applet). Then run the setup.exe file on the CSA MC system. When you run the setup file, follow the instructions that appear on screen. NOTE: The CSA MC upgrade process creates a backup of your previous database files. The upgrade calculates the size of your existing database and then checks to see if there is enough disk space to create the backup. If there is not enough space, you are prompted to abort the upgrade or to continue without creating a backup. After upgrading the CSA MC with the hotfix, a software update should be created and deployed to upgrade hosts running the previous version of software. ================================================================================ 3. Port Usage Information This section explains which ports are used for communication by the product. Web Browser to CSA MC communication uses port 443 (https). Cisco Security Agent to Management Center communication occurs over port 5401 Port 443 is used by default if port 5401 is not available. Port 80 is also required for agent kit caching. Analysis Jobs to CSA MC communication occurs over port 5401.