Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

Appendix G. Version Changes

This appendix describes changes between versions.

Organization of this section

(1) Changes in version 09-00

(2) Changes in version 08-50

(3) Changes in version 08-10

(4) Changes in version 08-00

(1) Changes in version 09-00

In a quarantine system linked to Job Management Partner 1/Network Monitor, MAC address and IP address is now a specifiable format for the permitted-devices list to be registered in JP1/Network Monitor.

A quarantine system linked to an authentication server that uses IEEE 802.1X or MAC authentication in a static VLAN environment can now be set up.

One-byte alphanumeric characters can now be used to specify the update number and article ID number of security updates in the Policy Management window.

The following message has been added to the JP1/CSC - Agent messages:
KDSL6043-I

(2) Changes in version 08-50

PC security settings can now be defined in judgment policies, to judge whether there are any settings on the client PC that may lead to a reduced security level.

Statistics representing trends in the status of security measures on a group-by-group basis can now be checked in the Client Security Management window.
The results of a search for statistics can be displayed as a graph or output to a CSV file.

The cscpatchupdate command for automatically updating patch information for judgment policies relating to security updates has been added.

For a user-defined judgment item with the judgment condition Do not match, you can now set more than one judgment condition relating to the same property, enabling judgment of such aspects as whether the client is running a power-saving CPU.

When using the feature to automatically update judgment policies relating to anti-virus products, a grace period can now be set to impose a delay between the acquisition of the latest information about the anti-virus product and the automatic update of the judgment policy definition.

Security level judgment can now be skipped for clients whose inventory information has not been updated since the last time their security level was judged.

Windows Server 2008 has been added as an operating system that supports JP1/CSC.Accordingly, Network Policy Server has been added as a required program for an authentication server using IEEE 802.1X authentication. Also, Windows Server Failover Cluster has been added as cluster software that can be used to run JP1/CSC in a cluster system.

Windows 2000 has been removed from the list of operating systems that support JP1/CSC - Manager and JP1/CSC - Agent.

Windows Vista has been added as an operating system that supports JP1/CSC - Manager Remote Option.

JP1/Software Distribution Manager (relay manager) has been added to the judgment items for mandatory software.

Products by F-Secure and Microsoft have been added to the antivirus products for which judgment policies can be updated to the latest definitions.

Version 08-51 has been added to the supported versions of JP1/Software Distribution Client.

The operation history of JP1/CSC can now be output as audit log information.

When including judgment results for PCs in a notification message, you can specify whether to display the judgment results at the beginning or end of the message.

The cscstorecount command for storing statistics in the management database about the status of security measures for groups has been added.

When the number of assets judged to be at a particular security level exceeds 3,000, the list of PCs at that security level is split over multiple emails.

Windows Server 2008 has been added as an operating system that can be subjected to judgment and action policies.

The cscexportcount command for outputting statistics for specified groups to a CSV file from a variety of perspectives has been added.

The following messages have been added to the JP1/CSC - Manager messages:
KDSL0118-W, KDSL0119-W, KDSL0120-W, KDSL0527-W, KDSL0614-W, KDSL0615-W, KDSL0800-E, KDSL0801-E, KDSL0802-E, KDSL1300-I, KDSL1301-E, KDSL1302-E, KDSL1303-E, KDSL1304-E, KDSL1305-E, KDSL1310-E, KDSL1350-I, KDSL1351-E, KDSL1352-E, KDSL1353-E, KDSL1354-E, KDSL1355-E, KDSL1356-W, KDSL1357-E, KDSL1358-W, KDSL1359-E, KDSL1370-E, KDSL1450-I, KDSL1451-E, KDSL1452-E, KDSL1453-E, KDSL1454-E, KDSL1455-E, KDSL1456-E, KDSL1457-E, KDSL1458-E, KDSL1459-E, KDSL1460-E, KDSL1461-E, KDSL1462-E, KDSL1463-E, KDSL1464-E, KDSL1465-I, KDSL1466-I, KDSL1467-E, KDSL1468-W, KDSL1469-E, KDSL3030-E, KDSL3031-E

The following messages have been added to the JP1/CSC - Manager Remote Option messages:
KDSL3224-I, KDSL3225-I, KDSL3226-E, KDSL3400-E, KDSL3401-E, KDSL3402-E

The following messages have been added to the JP1/CSC - Agent messages:
KDSL5300-E, KDSL5301-E, KDSL5302-E, KDSL5303-E, KDSL5304-E, KDSL6006-E, KDSL6146-E, KDSL6147-E, KDSL6148-E

The following message relating to JP1/CSC - Manager has been changed:
KDSL0611-W

The following message relating to JP1/CSC - Agent has been changed:
KDSL6137-E

A list of leading causes and solutions for problems that occur in the client security control system has been added.

Estimations of the disk capacity required for JP1/CSC - Manager, JP1/CSC - Manager Remote Option, and JP1/CSC - Agent have been changed.

(3) Changes in version 08-10

The cscexportpclist command that outputs PC list information (asset information and judgment results for clients) to a CSV file has been added.

The cscaction command that implements actions for specified clients has been added. An item (Action execution) that specifies whether or not to skip the action during security level judgment has been added in the JP1/CSC - Manager Setup window.

The description of using a quarantine system linked to JP1/Software Distribution (AMT Linkage facility) has been added.

The following products from McAfee have been added to the anti-virus products that can automatically update the judgment policies to the latest definitions.

McAfee VirusScan Enterprise 8.5i(32bit)

McAfee VirusScan Enterprise 8.5i(64bit)

Version 08-10 has been added to the versions of JP1/Software Distribution Client that support the functionality.

HTML format has been added as the format of a message to be sent to a client.

The method of setting up Asset Information Manager Subset Component of JP1/Software Distribution Manager has been changed.

The method of setting up Asset Information Manager has been changed.

An item (Customize judgment results) has been added in the Client Security Control - Manager Setup dialog box. This item specifies the security level that is used if the specified patch information is not found in the list of installed software or unapplied patch information during security update judgment.

An item (Message notification information) has been added in the Client Security Control - Manager Setup dialog box. This item specifies whether or not to include Safe and Not applicable in the judgment results displayed in the message.

Operability of the Policy Management window has been improved as follows:

Double-clicking an item in a list opens the window corresponding to the item.

Multiple items in a list can be selected and deleted.

During import of definition information, import is canceled if the file to be imported contains no information (empty file).

During export of definition information, the Export button is disabled if the definition has not been registered in the dialog box for setting the policies.

Scroll bars have been provided on the right of the Text of notification email and Body text of notification message list boxes for an action policy.

Samples of definition files for judgment policies and action policies have been provided.

Characters representing a product name can now be entered in the definition of security updates (patch information) for a judgment policy. An item (Comparison condition) has been added to the setting items.

Product name for mandatory security updates and Comparison condition have been added to the items in the definition file for mandatory security updates for the judgment policy definition file. 99 (Other products) has been added to the values that can be set in the list of products.

A product name definition file for registering a product name in the combo box has been added.

All has been added to the selection of service packs in the definition of security updates for a judgment policy.

100 (all) has been added to the list of service packs used for the judgment policy definition file.

An item for the comparison condition of software names has been added in the prohibited software definition for a judgment policy.

An item (Comparison condition) has been added to the judgment policy definition file.

The Import and Export buttons have been added in the Setting for mail address dialog box so that the email addresses of the administrator can be added from a CSV file.

A mail address definition file used for defining the email address of the administrator has been added.

Sample files of mail address definition files have been added.

The following OS types have been added in the setting values used in each judgment policy definition file.

Windows Vista Enterprise

Windows Vista Ultimate

Windows Vista

The following messages have been added to the JP1/CSC - Manage messages.
KDSL0117-W, KDSL0578-E, KDSL0750-I, KDSL0751-I, KDSL0752-I, KDSL0753-W, KDSL0754-E, KDSL0755-E, KDSL0756-W, KDSL0757-W, KDSL0758-W, KDSL0760-E, KDSL1200-I, KDSL1201-E, KDSL1202-E, KDSL1203-E, KDSL1204-E, KDSL1205-W, KDSL1206-E, KDSL1207-E, KDSL1208-E, KDSL1209-E, KDSL1210-E, KDSL1220-E, KDSL1250-I, KDSL1251-E, KDSL1252-E, KDSL1253-E, KDSL1254-E, KDSL1256-E, KDSL1257-E, KDSL1258-E, KDSL1259-W, KDSL1260-E, KDSL1261-E, KDSL1262-E, KDSL1270-E

The following messages have been changed to the JP1/CSC - Manage messages.
KDSL0045-W, KDSL0613-W

The following messages have been added to the JP1/CSC - Agent messages.
KDSL5110-E, KDSL5208-E, KDSL5209-E

Estimation of the disk capacity required for JP1/CSC - Manager and JP1/CSC - Agent has been changed.

(4) Changes in version 08-00

A remote management server (JP1/CSC - Manager Remote Option) has been added for linking JP1/CSC - Manager to another system.

Judgment policies about anti-virus products (from Trend Micro, Symantec, or McAfee) can be updated automatically to the latest definitions.

The cscnetctrl command for controlling network connections when using a quarantine system has been added.

JP1/CSC - Agent can now be used on a cluster system.

The network control product NetMonitor, linked to JP1/CSC when configuring and operating a quarantine system, has been changed to JP1/NM.

Asset Information Manager Subset Component of JP1/Software Distribution Manager can now be used to configure and operate a management server. The job categories in AIM that can be executed by a CSC administrator have also been changed.

Administrators can define user-specific asset information (user definitions) in a judgment policy.

Administrators can define user-defined actions (implemented by user-specified command) in an action policy.

Windows have been added for customizing the email sent to the administrator and the message sent to the client when an action execution condition is set and the client's security level is judged Safe.

An option (Execute the action when the security level changes) has been added to enable execution of a specified action only when the security level changes to Safe from another security level. Items for customizing Mail notification (execution conditions) and Message notification (execution conditions) have been added to the Edit Action Policy window.

When a client is removed from the network, its network connections can now be denied automatically.

A quarantine system can be configured and operated by linking JP1/CSC to a network control product (JP1/NM or an IEEE 802.1X authentication server).

WUA is now supported by JP1/Software Distribution Client as a tool for detecting unapplied Windows security updates. WUA has been added as an optional client product.

Administrators can now define multiple judgment policies and action policies.

Administrators can now specify a number of consecutive days or a number of consecutive times as an action execution condition in an action policy. An item for setting the consecutive days/times count method has been added to the Client Security Control - Manager Setup dialog box.

Judgment policies and action policies can now be assigned to clients.

A Manage Judgment Policy dialog box has been added for managing judgment policies.

Judgment item names are now displayed in the title bar of the Edit Judgment Policy window.

An item for determining whether JP1/Software Distribution SubManager is installed has been added to the judgment items for mandatory software.

A Manage Action Policy dialog box for managing action policies has been added.

Windows have been added for customizing the email sent to the administrator and the message sent to the client when an action execution condition has been set.

Display conditions can be set for the clients listed in the PC list tree view of the Policy Management main window.

The cscassign command for assigning judgment policies and action policies to clients has been added.

A new option (-k) option has been added to the security level judgment command (cscjudge) to enable clients in a particular group to be specified as judgment targets.

The cscrexport command for exporting a connection control list when using a quarantine system has been added.

The cscrdelete command for deleting specified client information from a connection control list when using a quarantine system has been added.

The cscrimport command for importing a connection control list when using a quarantine system has been added.

A chapter describing the definition files used in running a client security control system has been added.
The following definition files have been added:

Asset number file

Search condition file

Policy assignment definition file

Import file

MAC address list file

The following files have been added as definition files:

Policy import file for anti-virus products

Policy import execution file (manual)

The following JP1/CSC - Manager messages have been added:
KDSL0043-E, KDSL0047-W, KDSL0116-W, KDSL0157-E, KDSL0166-I, KDSL0167-I, KDSL0526-E, KDSL0562-W, KDSL0577-E, KDSL0611-W, KDSL0612-W, KDSL0613-W, KDSL0680-I, KDSL0681-I, KDSL0682-E, KDSL0683-E, KDSL0684-E, KDSL0685-E, KDSL0686-E, KDSL0687-E, KDSL0107-E, KDSL1057-E, KDSL1058-E, KDSL1059-W, KDSL1060-E, KDSL1080-I, KDSL1081-E, KDSL1082-E, KDSL1083-E, KDSL1084-E, KDSL1085-E, KDSL1086-E, KDSL1087-E, KDSL1088-W, KDSL1089-E, KDSL1090-E, KDSL1091-E, KDSL1110-I, KDSL1111-E, KDSL1112-E, KDSL1113-E, KDSL1114-E, KDSL1115-E, KDSL1116-E, KDSL1117-W, KDSL1118-W, KDSL1119-W, KDSL1120-E, KDSL2030-I, KDSL2031-E, KDSL2032-I, KDSL2033-E, KDSL2040-E, KDSL2042-I, KDSL2043-E, KDSL2044-E, KDSL2045-I, KDSL2046-I
KDSL3001-I, KDSL3002-E, KDSL3003-E, KDSL3004-E, KDSL3005-W, KDSL3006-E, KDSL3007-E, KDSL3008-W, KDSL3009-E, KDSL3010-E, KDSL3011-E, KDSL3012-W, KDSL3013-I, KDSL3014-W, KDSL3015-E, KDSL3016-E, KDSL3017-E, KDSL3018-I, KDSL3019-E, KDSL3020-E, KDSL3021-E, KDSL3022-W

Messages about JP1/CSC - Manager Remote Option (messages 3200 to 3400) have been added.

The following JP1/CSC - Manager messages have been changed:
KDSL0112-W, KDSL0113-W, KDSL2033-E, and KDSL0510-I

Messages about using a quarantine system (messages 6000 to 6200) have been added to the JP1/CSC - Agent messages.

Error messages displayed in the User Definition Details window have been added to the messages displayed in the PC Security Level Details window.

The installation folder path for JP1/CSC - Manager and JP1/CSC - Agent has been added for Windows Server 2003 (x64).

An explanation about estimating the disk capacity required by JP1/CSC - Manager Remote Option has been added.

An explanation about estimating the disk capacity required by JP1/CSC - Manager and JP1/CSC - Agent has been added.

The manual has been reorganized as shown in the following table.

3020-3-G25-10(E) 3020-3-L31(E)

-- Part 1. Overview

1. Overview 1. Overview

-- Part 2. Functionality

-- 2. Client Security Control System Functionality

-- 3. Client Security Control System Configuration

-- Part 3. System Design and Setup

2. Considerations for Installing and Operating a Client Security Control System 4. Considerations for Installing and Operating a Client Security Control System

3. Installation and Setup 5. Installation and Setup

4. Managing Security Policies 6. Managing Security Policies

-- Part 4. System Operation

5. Managing Inventory Information 7. Managing Inventory Information

6. Monitoring Clients 8. Monitoring Clients

7. Dealing with Security Risks 9. Dealing with Security Risks

8. Auditing Security 10. Auditing Security

-- 11. Linking to JP1/IM^#

-- Part 5. Quarantine Systems

9. Linking to NetMonitor
10. Using the Quarantine System 12. Overview of Quarantine Systems
13. Setting Up a Quarantine System
14. Operating a Quarantine System

11. Linking to Other JP1 Products --

-- Part 6. Reference

12. Commands 15. Commands

-- 16. Definition Files

13. Messages 17. Messages

14. Troubleshooting 18. Troubleshooting

Appendixes Appendixes

Legend:

--: No corresponding part or chapter.

#

Chapter 11 in 3020-3-G25-10(E) was renamed as Chapter 9 in 3020-3-L31(E).

3020-3-G25-10(E)	3020-3-L31(E)
--	Part 1. Overview
1. Overview	1. Overview
--	Part 2. Functionality
--	2. Client Security Control System Functionality
--	3. Client Security Control System Configuration
--	Part 3. System Design and Setup
2. Considerations for Installing and Operating a Client Security Control System	4. Considerations for Installing and Operating a Client Security Control System
3. Installation and Setup	5. Installation and Setup
4. Managing Security Policies	6. Managing Security Policies
--	Part 4. System Operation
5. Managing Inventory Information	7. Managing Inventory Information
6. Monitoring Clients	8. Monitoring Clients
7. Dealing with Security Risks	9. Dealing with Security Risks
8. Auditing Security	10. Auditing Security
--	11. Linking to JP1/IM^#
--	Part 5. Quarantine Systems
9. Linking to NetMonitor 10. Using the Quarantine System	12. Overview of Quarantine Systems 13. Setting Up a Quarantine System 14. Operating a Quarantine System
11. Linking to Other JP1 Products	--
--	Part 6. Reference
12. Commands	15. Commands
--	16. Definition Files
13. Messages	17. Messages
14. Troubleshooting	18. Troubleshooting
Appendixes	Appendixes

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated