.Loading..Loading.
Readme Rev
Service Updates
When the downloaded patch is run, it will extract a .zip file to a folder. This file should be extracted and then the contained Setup.exe can be run. This table shows the name of the zip file.
Component | Core/Console |
---|
Installation Instructions
The following outlines instructions for installing this update.
This patch requires that Ivanti Endpoint Manager 2022 be installed. For more information about current service packs please see: Download the Latest Service Update for Ivanti Software Products
** For a list of Supported Platforms and Compatibility Matrix for this release of Ivanti Endpoint Manager please see this Community Atrticle: Supported Platforms and Compatibility Matrix for Ivanti Endpoint Manager
Prior to installing a patch on the Core Server it is recommended to make a backup of the Ivanti database.
Installing on the Core and Rollup Core
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Prior to installing a patch on the Core Server it is recommended to make a backup of the Ivanti database.
Steps
- Disable any services on other machines that interact with the Core Server
- Double-click on the self-extracting executable and extract it
- Extract the files for the Core patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
- After applying the patch, you may need to re-activate your Core Server using the Core Server Activation Utility
- Restart any services stopped in Step 1
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Installing on Remote Consoles
A Remote Console is any machine that is not the Core Server and has the Ivanti Endpoint Manager Console installed. Console Machines need to be updated to be able to connect to the updated Core Server and Database.
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Steps
- Close the Console
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Updating the Agent
The patch should be installed on the Core Server before updating Agents
Use one of the following methods to re-deploy the agent once the patch has been applied to the Core or to apply the patch manually.
Methods of agent deployment
-
New with 2022 SU3: The Engine Based Agent (EBA).
- The Engine Based Agent (EBA) is enabled along side the traditional agent install on Windows using wscfg32.
- Agent-push uses wscfg32 by default but is configurable using a registry key on the core server.
- For more information see this Community Article: Ivanti EPM Engine Based Agent Information
-
Manual: Map a drive to \\Coreserver\ldlogon and run 'wscfg32.exe -f'
This is used for single client installs and testing - Push: Schedule a push of the full agent
- Self-Contained EXE: Create an EXE that can be installed
- Advance Agent: This is a two stage process. The Advance Agent consists of a small MSI and a self-contained EXE. The MSI is deploy to the client and then the MSI downloads and installs the EXE. This allows for bandwidth friendly downloads.
For more information on agent configuration and deployment see Agent Deployment for Ivanti Endpoint Manager and Endpoint Security
Manual installation of the client patch
The client patch is no longer available. For more information see this Community Article: Ivanti Community Doc - EPM SU Client Patch
Updating the Agent With Patch Manager
Agent updates are no longer supported using Patch Manager. For more information see this Community Article: Ivanti Community Doc - EPM SU Client Patch
Release Information
Please review the following important information about this release BEFORE installing this update.
Feature Changes and Updates
The following features have been changed or updated
Agent
-
917218 Add environment variable for sdmcache for EBA.
- For engine-based agent, install MSI will create cache folder in ProgramData\Ivanti\EPM Agent\sdmcache and set environment variable TMC_CACHE_DIR point to it.
Agent Common
-
761534 EPM Self-Updating, Self Healing Agent after EPM Upgrades
-
Continuing to expand the "Beta" version of our new Engine Based Agent in SU2. This is designed to be self-healing and self-updating. It will include reports on each of the component engines on all clients in the console. To enable this feature, you must add this new registry key before starting your console. [HKEY_LOCAL_MACHINE\SOFTWARE\Ivanti\ManagementSuite] "EnableNewAgent"=dword:00000001
- Here is a link to a Community Article: Ivanti EPM Engine Based Agent Information
- EPMAgentinstaller has command-line to accept config name
- EPMAgentinstaller /config “Default Windows Configuration”
- EBA supports embedded OS push installs (deals with write filter)
- Custom Data Forms
- Power Management
- Alerting & Real-time Monitoring
- Easily deploy the Engine-Based Agent to existing agents via a new SWD package type.
- On upgrade from old agent type, EBA will keep the currently applied agent config unless an assignment has been made on the core.
- Full upgrade abilities have been enabled in this release.
- Any SU applied will cause the agent to be able to upgrade the installer, update service, and engines.
- EBA downloads (from core) and installs .Net 4.8 if not already installed.
- Right click option to “Force agent check in”.
- Individual engines don’t show up in add/remove programs
- Provisioning
- Endpoint Security
- Application Monitor
- Privilege Management
- Antivirus Engine
- Alerting
- Real-time Monitoring
- CBA
- BaseEngine (New to the Engine Based Engine)
- Patch
- Inventory
- Remote Control
- Software Distribution
- Shared Files
- Notifications Manager
- Bitdefender Antivirus
- AMT
-
-
979127 EPM Engine-Based, Self-updating
-
- Engine Based Installer should move existing sdmcache folder before uninstalling wscfg32 agent. The EBA copies files from the original "default" location to the new "default" location. If SDMCache is not in default location the files will not be moved.
- Contents of the following folder: C:\Program Files (x86)\LANDesk\LDClient\sdmcache
- Gets copied to with the upgrade of the agent: C:\ProgramData\Ivanti\EPM Agent\sdmcache
- Updated the columns shown for Agent Configurations and added the ability to choose the ones you want.
- Type
- OS Name
- Primary Owner
- Agent Version
- Current Configuration
- Current Engine Version
- Target Engine Version
- IP Address
- ID
- If an agent setting is updated, the EBA updates those on client when checking in
- EBA should be able to download everything it needs from a preferred server
- Preserve client certificate one upgrade from wscfg agent
- EBA uninstall cleans up completely
- Handle broken engines self-healing
- If there is an attempt to reinstall an engine and it is not present in the engine store, EBA needs to re-download it.
- When the agent can't uninstall an engine due to already uninstalled, the EBA will try to re-install it.
- Updater downloads new engine msi and verifies that it is correct, before uninstalling the old.
- Disable vulscan self-updating when EBA is used
- Vulscan should not update agent files when installed as EBA. Often the files in the engine are newer than the ones in ldlogon on the core since the engines always get the latest files and files that are not in the patch won't be updated in ldlogon.
- Retry getting the manifest if EBA has received an invalid one.
-
-
1032979 EBA - Change the Default Column config to include Marked for upgrade column
- Added a new column that shows if the agent is marked for upgrade. Update the agent config to use that column rather than EBA versions (target and current).
-
1043695 EBA - Set the LDMS_LOCAL_DIR environment variable
- The EBA agent did not set LDMS_LOCAL_DIR to the new client path it was still pointing to (C:\Program Files (x86)\Landesk\ldclient\data). It now points to the correct EBA path.
Autopilot
-
777040 Allow installing of Microsoft 365 apps on Autopilot devices
- Microsoft 365 Apps can now be configured and installed on Autopilot devices.
-
923346 Allow PowerShell scripts to set the device name during Autopilot hybrid-join provisioning
- Allow device naming via a customer-supplied PowerShell script. Because Microsoft Autopilot does not allow us to customize device naming during AAD-join provisioning, this feature only applies to hybrid-join provision, control the process of naming the device during hybrid-join provisioning.
-
923395 Add Product Code detection rule support to Autopilot
- Admins can create a product code and is when the admin wants to create one, it auto-populates a single field with the product code it finds in the selected MSI file. The Application configuration UI now provides the ability to create an MSI (Product Code) Detection rule. The UI extracts the product code from an .msi file or .msi file wrapped in the .intunewin format The Detection rule indicates the app is installed if the product code is found in the registry or not installed if not found Do not display the msi product code option for non-msi applications The product code is saved in the azure application record so if a user wants to add an msi rule after initially creating the app they can When editing an app that was created in a prior version and therefore does NOT have it's product code saved, try to get the product code out of the file in the same filepath the original msi was in. Warn the user that if they changed the msi the product code won't be correct. If there isn't a file in the original filepath then just don't attempt to get a product code and let the user know.
-
1010495 Prename a specific device through Autopilot
- EPM Autopilot workflow will present similar device configuration options (such as display name and group tag) as found in native Azure device configuration.
-
1020846 Provide ability to edit download URL for M365 app for Autopilot UI
- Manually download the file and upload it into the Autopilot UI. Because this results in a file copy rather than a binary upload, the select upload has to occur on the core, not a remote console.
-
1023102 Make Autopilot UI running IntuneWinAppUtil.exe max execution time timeout adjustable
- Only added ability to adjust value via database. There is no UI at this time.
Console
-
985611 Add the serial number value in the device properties view
- Serial number available in the device properties view. Will get it from "System - Serial Number". Shows only if that value is populated in the database.
Core Sync
-
795471 Enable Core Sync to work with untrusted Domains
- Core Sync will now work with two core servers in different domains without any domain trust relationship between them using alternate credentials or an API key.
-
795611 Update Sync to Core to use the Alternate Credentials (or API Key)
- Enable Core Sync to work with untrusted Domains feature, the core sync service is updated to use alternate credentials that is configured in the Core Sync UI.
-
805866 Support in Core Sync for N-1 version
- Now able to sync objects from an older version of EPM to a newer version. Starting with EPM 2022 SU1 you can core sync the current version and one version back.
Data Analytics
-
797107 Remove Silverlight from Data Analytics (DA)
-
There are 5 Dashboard reports that were using a Silverlight wrapper to generate charts for each of the dashboard reports. These reports are now available in the new web console now without having to install Silverlight.
These include:
- Memory Dashboard
- Patch Dashboard
- Processor BarChart Dashboard
- Processor Dashboard
- Server Dashboard
-
There are 5 Dashboard reports that were using a Silverlight wrapper to generate charts for each of the dashboard reports. These reports are now available in the new web console now without having to install Silverlight.
These include:
-
977017 Move Data Analytics discovery service credentials to Credential Manager
- Move discovery services login creation to Credential Manager.Will still allow the customer's to view the logins in Discovery services so they can see what credentials they are using for configuration but creation or editing those credentials needs to take place in Credential Manager.
Inventory
-
767139 Add Azure AD support for EPM Inventory to get Primary Owner Related Info
- AAD joined devices will gather and report the same information as other EPM Inventoried devices. Inventory will show the user’s full name, login name, Azure Domain name, and group membership (if avaialable).
-
933414 Detection through Windows OS of Installed AntiVirus Software
- New inventory entry for Installed Antivirus products. A new BNF path, Computer / Security / Antivirus Software / Product, is used to report the presence of any Antivirus software products installed on Windows Work stations. The WMI data that is gathered for this DOES NOT EXIST ON WINDOWS SERVER OS'S.
Ivanti Antivirus
-
1043715 Chinese localization for Ivanti AV
- With Ivanti Anti-Virus version 7.8.4.270 and above, there is support added Chinese Traditional and Chinese Simplified. Customers using Ivanti Anti-Virus can download the latest version from content servers and push them on Agents, to get these new languages options.
Mac
-
771360 Mac Agent - Add ability to disable Remote Control on agent configuration level
- Added the ability to disable Remote Control in Windows configuration component install.
-
826444 Erase All Content and Settings for the Mac - (work with Bootstrap token)
- EraseDevice Command (now works with bootstrap token, but obliterates without) sending this command will erase all user data and reboot back to the setup assistant Supported on Apple Silicon and (Intel) the T2 security chip Reboots to the current system volume and all other volumes are erased On Apple Silicon systems all security settings will reset allowEraseContentAndSettings Restrictions
-
844485 No Last Policy Sync Date in Macs Inventory
- The Last Policy Sync date is now tracked consistently in Inventory for Mac devices.
-
860097 Support for new bootstrap token calls in check-in handler
- The MDM check-in protocol validates a device’s eligibility for MDM enrollment and informs the server that a device’s push token has been updated. When the MDM payload is installed, the device initiates communication with the check-in server. The device validates the TLS certificate of the server, then uses the identity specified in its MDM payload as the client authentication certificate for the connection. If a check-in server URL is provided in the MDM payload, the check-in protocol communicates with that check-in server. If no check-in server URL is provided, the main MDM server URL is used instead.
-
860101 Add support for managing kernel and system extensions through EPM for Intel and M1 Macs
- Currently grant Full Disk Access for the BitDefender extension in the "EPM Agent Authorization" profile,added IvantiAV System Extension Approval" profile to make that profile standalone capable of enabling the BitDefender system extension.
-
917631 Add Inventory Support for Mac Agent Behaviors
- Admins can now see what agent behaviors are set for each endpoint.
-
926684 Beta Version Add support for patching macOS via MDM
-
- Set the following registry key on the core to enable:
- HKEY_LOCAL_MACHINE\SOFTWARE\Ivanti\ManagementSuite\MDM
- "EnableMDMOsUpdate"=dword:00000001
- To enable the agent's side, run this command in Terminal on the device
- sudo defaults write /Library/Preferences/com.landesk.Idms.plist com.landesk.patch -dict-add mdmOSupdateEnabled -bool true
- New MDM commands utilized:
- ScheduleOSUpdateScan
- AvailableOSUpdate
- OSUpdateStatus
- ScheduleOSUpdate
- Added more Fields to our Mobile device table. ie bootstrap token settings
- Added status info for available macOS updates
- Available OS Updates appear in the device inventory
- All software updates that can be installed on a device are available in the UI, and no more.
- The Available OS Updates info is actionable (includes the product key needed to request an install on the device
-
-
926871 Add Inventory support for reporting on managed kernel and system extensions through EPM for Intel and M1 Macs
- Mac kernel and system extensions information has been added to inventory
-
980403 Beta Version Add support for Patching macOS through Vulscan
-
- Now that the core can send an MDM ScheduleOSUpdate command, patch has been enabled to call it.
- Mac patch content that previously used the Softwareupdate command line tool now requests OS updates via EPM MDM if available.
-
-
948902 Zero Day Support for macOS 13 add support for login items added by apps
- macOS Ventura adds a new feature in the System Preferences (now called System Settings) that allows an admin user to manage, under the title of "login items", the launchdaemons and launchagents installed by some applications. This includes launchdaemons and launchagents installed with the Ivanti EPM macOS Agent as well as the Mobile & Work MI macOS Agent. In the case of both products, disabling such login items disables the agent. Changes were made to the EPM macOS Agent installer to make sure that all launchdaemons and launchagents installed with the Ivanti EPM macOS are represented in the new macOS System Settings login items UI by a single Ivanti, Inc. labeled item. Also, along with the new macOS System Settings login items UI, Apple created a new MDM payload type the allows device management vendors to disable user management of launchdaemons and launchagents with that new macOS System Settings login items UI. Created and include in core server installs and updates a new configuration profile: LoginItemsPayload_AllIvanti, that prevents users from disabling any Ivanti EPM macOS Agent launchdaemons or launchagents through the new macOS System Settings login items UI.
-
949502 Launch iVEMH on product install and schedule for regular checks
- The Mac agent now installs a scheduled health check task. This task will run on install and once a day (at midnight) to check the health and integrity of the Ivanti Mac agent. Issues, can be seen on the console either within inventory reports or via Tools->Administration->Agent Health
-
955952 Managing Apple content Caching with CSEP
- Provide a caching service for content the OS understands (OS updates, App Store Apps, etc.). It is controlled by mdm. Enabling control via CSEP, which means ne device on a subnet is the content caching server. macOS content caching gives peer-peer downloads for Apple content. It means that things like macOS updates (6GB downloads) can be cached by one device on the subnet and provided to the other devices automatically. This is good because it allows you to update macOS by just calling the software update utility. CCC service - vs lddownload What is Content Caching on Mac machines - Apple Support While the EPM lddownload capabilities are great for minimizing internet data usage, macOS Software Update does not support using it.
-
969334 Add Service Management - Managed Login Items payload to manage Ivanti Agent launch agents and daemons
- Along with the new macOS System Settings login items UI, Apple created a new MDM payload type the allows device management vendors to disable user management of launchdaemons and launchagents with that new macOS System Settings login items UI.Created and include in core server installs and updates a new configuration profile: LoginItemsPayload_AllIvanti, that prevents users from disabling any Ivanti EPM macOS Agent launchdaemons or launchagents through the new macOS System Settings login items UI.
-
1050517 Not storing a couple of fields from the response to the MDM SecurityInfo command
- For a Mac with FileVault enabled and a firmware password set FDE_HasInstitutionalRecoveryKey, FDE_HasPersonalRecoveryKey and FirmwarePasswordStatus are shown under Mobile Devices in inventory.
-
1058592 Remove OSX profiles from Macintosh agent configuration
- "OS X Profiles" are no longer shown in the list in the "Macintosh agent configuration" window.
MDM
-
983334 Update version map for Windows MDM for 22H2
- 22H2 Windows devices correctly show 22H2 in inventory under Mobile Devices
Patch Manager
-
874058 Add patching support for Oracle Linux OS
- EPM now supports patching of the Oracle Linux OS. All vulnerabilities are registered in Scan folder in Patch and Compliance menu: Vulnerability properties -> Package properties The Patch Repair tasks Log file is located here: C:\Program Files\LANDesk\ManagementSuite\log\WSVulnerabilityCore.dll.log
-
907145 Add ability to Create Custom Patch Campaigns
- Able to create a Patch Campaign for a custom patch group. Additional highlights include: Custom Patch Campaigns won’t repeat. Global Autofix can be set for the vulnerabilities included in that campaign, after the campaign has ended.
-
907146 Add patching for Microsoft Office LTSC 2021
- EPM is now able to patch Office LTSC 2021 with Multi-select configuration options.
-
914489 Patch Definition Filter Update
- If you select an entire product folder and set all the product versions within the folder to automatic. When a new version of the product is released, it will be automatically selected
-
956225 Remove Linux OS options from the Patch Campaign deployment wizard
- Removed the patch campaign option for Linux OS (CentOS, Rhinux, Sles9, & Ubuntu) from the Patch Campaign deployment wizard as EPM doesn't support Linux OS for Patch Campaigns
-
973786 Win Console Patch History Rework
- A new filter type 'Vulnerability Scan and Patch (all items)' has been added to patch history screen. Unlike other filters this excludes messages related to “Certificate-based authentication...”, there by eliminating unwanted clutter from the history screen. This allows easy navigation of important message in the history view.
-
988481 Option to disable auto-deployment in case Autofix is enabled for a vulnerability and new content changes have taken place
- An new option is given to users to automatically disable autofix (global and scope level) in vulnerabilities when content revision change is detected during download. This option allows the administrator to stop automatic repair/ patching of vulnerabilities on agent machines and gives them more flexibility. The new option 'Autofix settings for revision changed vulnerabilities' is available in Patch & Compliance's core settings window. The default behavior is to preserve the previous functionality and users have to explicitly select the new option to disable autofix for the vulnerability. This prevents auto-deployment of revision changed vulnerabilities in the agent machine.
-
1035398 Patch Campaigns Not Progressing
- Database table "PatchCampaignStepVulnerability" has now been modified to more than 255 char and below 2000 characters in the column "Notes" as some of the venerability notes have more than 156 characters.
-
1040350 Customize User-Agent Header Field for Patch Downloads
- The web-request that initiates the patch download currently uses Internet Explorer's user-agent string when making the request to the content server. Due to any reason if the customer environment blocks API requests with IE's user-agent string, the user can manually configure to use an user-agent string of choice which overrides the default internet explorer value.
-
1053344 Request to add additional languages to Office365 download list
- Two more languages are supported in Office365 download utility for patch and compliance. Now users can download office365 updates specific to Romanian and Macedonian languages.
Provisioning
-
487016 Support latest OSs in HII including Windows Server 2016+ & Windows 10+
- Provisioning support for Server 2016, Server 2019, Server 2022, latest Win 10 versions, Win 11 Enhance the provisioning workflow to display all supported OS Improved server and client logging. Added an EPM Console warning regarding “unsigned drivers” when performing HII Provisioning Template Actions. Namely, unsigned drivers will not load when Windows Secure Boot is enabled.
-
780438 Restart failed Provisioning job from last action
- Two workflows were added through the Failed Tasks->Provisioning right click menu and within the viewing of a Provisioning Task History to restart the template a designated actions, while skipping previous actions.
-
780440 Provisioning actions can drag and drop
- Drag-n-drop support was added within the same configuration section.
-
956430 Provisioning Action Improvements (Reorder actions & Restart failed jobs)
- Added the ability to drag/drop actions within the same section (and not use the buttons to move up/down) is supported as well as retrying the failed action WHERE it last failed.
-
975970 Add DISM as an available image type in both capture and deploy actions
- DISM has been added as supported image type
-
1030432 Provisioning Action Improvements: Disable Individual Tasks
- Provisioning template tasks will now have a right click option to disable selected tasks. These "disabled" actions will REMAIN disabled for that task until they are manually re-enabled through the right click menu. An entry in the PROV_RETRY_ACTION table will show the details of the disabled action and that row will remain until it's manually re-enabled (at which point the row is deleted). A disabled action will show up as "skipped" on the managed device.
-
1052418 MS KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932
- The baseline WIM file used for Provisioning has been updated with the Windows 11 patches (for x64 WIM) and Windows 10 patches (for x86) as recommended by Microsoft to resolve CVE-2023-24932. These patches were made available by Microsoft in May 2023 and added to the baseline WinPE wim file. The WIMs are also available for download separately with a help document on how to use the WIM on any core you're wanting to use the patches from Microsoft.
Remote Control
-
819871 Remote control - Allow Custom Message in Win Notifications
- Have a custom message displayed when remote controlling a device. Similar to the "custom" messages that are currently in reboot and Software Distirbution settings.
-
930219 Remote control - Add the ability to collapse the RC Message window
- The RC Message window now has a collapse button, so it doesn’t take up so much screen space.
-
945746 IPv6 Support for Remote Control
- Added support for IPv6 only networks for Remote Control, including when the tunnel is in use.
-
1023543 Allow FQDN for Remote Control Tunnel Core Configuration
- Inputing a FQDN is now allowed
Software Distribution
-
869356 SWD package location should default to use https
- Default to the more secure https for the "landesk/files". Can manually enter http if needed.
-
931285 Add a Default Package Timeout
- Now specify a global default for package installation timeout. (Applies only to new packages). Also, Windows Actions now supports installation timeout setting
-
769257 Preferred server now requires HTTPS
- Updates were made to the product to improve secure communication to require HTTPS for preferred servers.
-
1031428 Run PowerShell from Source as Part of Software Distribution Job
- PowerShell scripts now support "Run from source" if the source path is a UNC (not HTTP). UNC must be configured for the correct ACL rights to allow the current user or system to access and execute the script. If there is any error in running the script, the error now propagates back to the EPM console and managed agent logging will indicate what error was caught.
Web Console
-
907174 Web Console 2.0 - Pagination
- Now supports pagination of long lists
-
907176 Web Console 2.0 - Export
- Now able to export a list so that you can work on it offline and take advantage of the customization feature of Excel or other formats.
-
907178 Web Console 2.0 - Notification Panel
- Now able to see a list of recent notifications of actions initiated from the web console.
-
907180 Web Console 2.0 – UX Improvements
- Several UX updates made to the Web Console.
-
911065 Web Console 2.0 - Physical (NIC) Address information
- Added the information about MAC address in the Network Card of the Device Additional Details
-
933002 Web Console 2.0 - Reboot Device
- Now able to perform a Reboot device action from Device Details screen of the New WebConsole
-
947953 Web Console 2.0 - Search Results Guidelines
- While searching for a specific device, if there are no search results,offer suggestions to look in the Devices and People tabs including hyperlinks to those.
-
947954 Web Console 2.0 - People List View
- The new People tab provides a list view of all Users. RBA and Scopes apply.
-
947956 Web Console 2.0 - Device List View
- The new Devices tab provides a list view of all Devices. RBA and Scopes apply.
-
947958 Web Console 2.0 - Task History Tab
- The new Task History tab provides an overview of all the tasks initiated by the current logged in user.
-
952503 New Dashboards in Web Console 2.0
-
New Dashboards created from reports (Not dependent on DA)
- Days since last HW scan(inventory)
- Days since last SW scan(inventory
- Days since last Vulnerability scan (security)
- Operating system summary(general)
- HDD disk space(hardware)
- Devices with < X% disk space remaining, customers can specify what "X" is.
- AV(security)
- AV installed (yes/no)
- Which AV installed
- Pattern files older than X days
-
New Dashboards created from reports (Not dependent on DA)
-
952504 View/select query in Web Console 2.0
- Query that is created in the EPM console can now be selected and run successfully in the Webconsole.The new custom dashboard has an option to select queries to use as datapoints.
-
979577 Vulnerability dashboard drill down in webconsole 2.0
- Added the ability on the Vulnerability dashboard to be able to drill down on a specific vulnerability to see what machines are impacted by said vulnerability.
XDD-UDD
-
945721 IPv6 Support for Discovery (UDD)
- Added the ability to scan for IPv6 addresses in the unmanaged device discovery tool.
Defects Fixed
Adaptive Settings
-
854492 Adaptive Settings not working when "Verify core server existence on the network" option is checked.
- A recent change to improve the security prevented the full operation of the Adaptive Settings. This does not affect those customers with a third-party SSL cert on IIS. A change was made to both the core and client so that security is maintained, and the feature operates as required. Thus, to use this feature the client will need to be updated after updating the core.
Advanced File Download
-
994921 TMCSVC.exe Crashing on LDDWNLD.DLL
- Fixed an issue in debug logging for tmcsvc.exe that would cause a crash sometimes.
-
1014569 lddwnld causing Vulscan and SDclient to crash on Windows Domain Controller
- Resolved so lddwnld no longer causes crashes.
-
1029705 Downloader can sometimes mark a preferred server as successful when it failed.
- Return a failure code even if GetLastError did not return an error value.
Agent Common
-
937240 'Deploy Agent' task for Unmanaged Device is erroneously scheduled to repeat
- A deploy agent task is now set to run once.
-
952048 LANDeskAgentBoostrap.exe attempts to download non-existent DLLs
- Removed the missing DLL from the list of DLLs to download in LandeskAgentBootstrap.exe.
-
960485 BrokerConfig.exe request fails if the device has any adapter with multiple Connection-specific DNS suffixes
- Now handle multiple suffix strings, and each is added to the certificate request.
-
969732 Reboot/Shutdown function on the management console does not work for the EBA agent
- Fixed the right click reboot functionality in the console for EBA clients.
-
971210 The EBA agent installation fails installing the inventory engine on "Dutch" or "French" machines
- Fixed an issue where the engine based agent would not install properly on certain languages.
-
1022735 After upgrading the agent to 2021.1 SU4 LANDESKAgentBootStrap.exe crashes with exception code 0xc0000005
- Added a fix to the enumeration of the files list
-
1053339 EBA - UninstallWinClient sometimes leaves firewall exceptions
- Uninstallwinclient is now more effective in removing firewall exceptions that were required for the old agent.
-
1055865 "&" Symbol in Agent Configuration Name Creating Invalid EBA Manifests
- Can now use '&' character in naming agent configurations.
-
1064339 Notifications are not working on 2022 SU3 for EBA
- Windows Notifications has been fixed to work with the engine-based agent (EBA).
-
1067038 Smartcard drivers are not installed with EBA RC engine
- Added missing smartcard drivers to EBA RC engine.
Agent Configuration
-
1010035 brokerconfig.exe is not able to show test results and in some instances shows a failure even if it can connect.
- Resolved issue
Antivirus
-
914057 Antivirus agent settings: Unable to configure process/file exclusions for "On-Access" and "ATC/IDS"
- Antivirus exclusion settings are now applied correctly to Ivanti AntiVirus agents.
-
934911 Third Party Antivirus Sophos Antivirus does not show in inventory.
- Display Sophos Endpoint Protection
-
966788 SentinelOne Antivirus version 22.1.217 does not show in Inventory
- Accurate reporting in the Security section of Inventory of a managed device for Sentinel One security solution.
Autopilot
-
945762 User with Autopilot permissions can't check credentials.
- If you have a user with Autopilot permissions in the console, that user can now check Autopilot credentials. However, if you upgraded from 2021, additional manual steps are needed to give that user permissions. If this applies to you, please contact Support for more details.
-
977900 Client unable to get list of apps to install from Autopilot service Deployment Profile is configured for All Devices
- Due to an unexpected change by Microsoft, the list of devices associated with a deployment profile is no longer available for "All Devices". Implemented a workaround such that the deployment profile is no longer used when determining the list of apps for "All Devices". Since apps may reference "All Devices", those apps will always be assigned to a device being provisioned.
Broker Service
-
1047227 Unable to download files via CSA when "Require SSL" option is checked for the IIS share.
- Fixed logic that could cause a large delay in broker service
Cloud Services Appliance
-
989492 Download failure via CSA with specific IIS configuration.
- Modified to try downloading using a different call if anything fails.
Console
-
922283 Auditing not properly capturing the Console user who initializes the command
- Audit logs enhanced to show the name of the console user who initiated a remote command to a managed device instead of "NT AUTHORITY\NETWORK SERVICE"
-
1002700 Drag and drop performs a copy/paste function with devices when moved between folders nested inside of the Public Devices folder
- The UI will now check if the User has the ManagedPublicDeviceGroupsEditPublic permission and they can drag computers from one public/personal group to another if that is enabled.
-
1031350 Remote Console - BitLocker recovery key cannot be exported for devices no longer present within the inventory
- Remote Console now supports exporting of BitLocker Data Recovery keys ONLY if done by an Administrator. The Role Based Administration for "Disk Encryption Recovery" only allows for viewing of the keys. You must be an Administrator to delete/export keys.
Core Sync
-
977802 Coresync not translating the %CoreName% variable in package paths properly when syncing packages
- Correctly handles core name that can be mixed with short name (host name) or long name (FQDN) when replace with %corename% for export.
Custom Data Forms
-
1041366 Custom Data Forms not included in Inventory Scan
- Allow restricted users to save custom data forms data.
Data Analytics
-
942304 Asset Control Column Set Display Name Modifications are not displayed
- The display names will now be reflected under Assets
-
1024737 DA Active Rules not working for Linux clients.
- Data Analytics Active Rules have been fixed to work with Linux clients.
-
1036664 False entries (Snagit, Autocad, etc.) showing under Software > Licensed Software if current user has a language other than ENG set as display language
- No longer see any licensed software that does not exist after running a full inventory scan on the agent regardless of the client language.
Device Control
-
972425 Device Control's Shadow Copy feature interferes with deploying Privilege Management
- This issue has been fixed, Shadow Copy can be enabled/disabled, and it will not interfere with the privilege management deployment.
Endpoint Security
-
785106 Endpoint Security UI Administrator Prompt on logon (when there is no network)
- If there is no network connection, the EPS service will still start.
-
859106 Files inside EPS Device Control shadow copy directory not accessible
- The folder 'ShadowCopy' is now read only. User can view the files/folders inside. No rights to delete/rename/execute.
-
861080 Windows 10 upgrade to Windows 11 fails if EPS is running on a client device
- Allowed windows upgrade specific upgrade files to execute and install even if the EPS is running in blocking mode.
-
934491 Application Blocking exception request granted by administrator on the management console never is reflected in the EPS GUI on the client machine as granted.
- The approval request status of an application blocked by EPS is now accurately reported
-
954163 EPS reportedly blocking emails from PowerShell scripts when PowerShell EXEs have rights to Send Emails
- Allow PowerShell scripts to have rights to send emails if EPS is running.
-
967545 Download Error “getting-processing” Ivanti Reputation Files from Download Servers
- Improve performance when downloading file reputations.
File Replication
-
920668 HTTP based Content Replication fails if a filename has an ampersand "&"
- Fixed an issue that prevented replication of files with "&" in the name.
-
971151 Replication will fail to identify the correct list of files to replicate and will always fail the first file that it tries to replicate in certain scenarios
- Fixed replication when failing to identify the correct list of files to replicate and would always fail the first file that it tried to replicate.
Firewall
-
926626 Agent installation fails if the Windows Defender Firewall Service "MPSSVC" is disabled.
- When the Windows Defender Firewall Service "MPSSVC" is disabled, the agent install will no longer attempt to modify the firewall and will continue installation as expected.
Inspector
-
1037421 Inventory - Inspect feature doesn't list "Ivanti*" services at the top of the services tab
- The UI filtering was augmented to show renamed services.
Inventory
-
929834 Inventory is flagging Azure virtual desktops as servers.
- Fixed Inventory to show Azure virtual desktop devices as workstation type.
-
957845 Faulting Application LDInv32.exe crashing
- Log an event and delete the file when a file gets into the decomp folder. The inventory scanner will continue to run.
-
967241 The inventory scanner process and child processes are causing CPU spikes on server/workstation devices
- Lowered the process priority for the inventory scanner and child processes when run with the /noui switch
-
979092 Mini Scans take 3 minutes to run after upgrade to 2021.1 SU2
- Miniscan now completes in a correct amount time
-
1014472 Monitored URLs are being deleted from the Manage software list after launching the Database maintenance.
- Fix to not remove monitored URL's when db maintenance runs.
-
1046411 ESXi scans failing - no credentials
- Fixed an issue with getting the credentials for doing the ESX server scan.
Mac
-
868275 Mac Profiles are not being collected in Inventory Scans
- The new inventory scanner properly reports configuration profiles
-
909463 DEP devices that are unassigned/released in ABM/ASM are not being removed from the Core's DEP Device list
- Following these steps, you should no longer see devices that are not part of the DEP token: 1. Login to ABM, 2. Unassign a device that is currently assigned to your core, 3. Restart the MDM Management Service to sync DEP devices, 4. Right click on Network View > Configuration > Automatic Enrollment Devices and select Add Devices. Additionally, if you look in your database, the DEP devices should no longer show up.
-
912271 com.landesk.ldms.plist file reverts inventory upon agent install
- Agent install now updates the plist to the correct parameters.
-
917217 EPM Mac Agent installer doesn't delete agent settings hash files when upgrading.
- Delete the old settings hash files before upgrading.
-
917631 Installing new Mac agent does not pull new settings
- The old hash files used to track changes to the agent behavior files are deleted as part of the new agent install, so that agent settings are properly used to update the various agent components
-
919116 Mac RC "permission required" checkbox is unchecked in Ivanti agent UI even though it is checked on Core.
- The new Ivanti Agent Tool properly displays the settings downloaded from the core server
-
919118 RC shows version "z" in Ivanti agent UI on mac client
- The the correct version is displayed.
-
919119 RC shows status: "Stopped" in Ivanti agent UI on mac even though RC is actively being used on the mac client
- The correct state is displayed
-
919120 Inventory scan last run is not being updated on Ivanti agent UI on the mac client
- Inventory Scanner now updates Last Run info correctly.
-
919124 EPM Mac Agent user interface is not being updated in real time.
- The agent user interface now updates in real time.
-
930674 HTML5 RC icon in Console Network view should no longer be showing up for Mac machines
- Removed the old RC5 icons and all files associated with the Legacy RC and HTML5 RC.
-
932802 Detection of direct core connection sometimes blocks infinitely
- This fix is intended to check for data and make sure it is there before trying to read it to prevent blocking.
-
944414 Mac "Full Disk Access" Profile Whitelisting Not Being Recognized - "Full Disk Access" rights for IVRemoteControl"
- The whitelisting has been updated to support Apple's newer operating systems.
-
952427 Mac Agent not showing Tenant Information
- Tenant information is now showing in inventory. It can be viewed by double clicking on the device and then double clicking on Tenant. Ability to add the name and unique id columns of the Tenant for sorting and management of Tenants again.
-
960469 M1 Macs report Battery Info when they shouldn't
- M1 devices without a battery no longer report battery information. Additionally, some devices, both M1 and Intel, reported battery info incorrectly are now report battery info correctly
-
986477 Unable to deploy Mac agent to Mac devices using EPM 2022 SU1
- Fixed an issue where in some cases deploying the Mac EPM agent using UDD (Unmanaged Device Discovery) would fail.
-
1020097 VPP Apps with App IDs larger then 4294967296 cause an error trying to create a distribution package.
- If a VPP app with an app ID larger then 4294967296 is added to a VPP token, you are now able to create iOS or macOS distribution packages.
-
1023078 Mac devices are not being properly identified in the Diagnostics window.
- Appropriate toolbar buttons will be shown in the Diagnostics window.
-
1030394 On a Macs, the proxyhost launchdaemon refuses to load on startup.
- Updated the launchdaemon plist files consistent (matching label and filename) with the info.plist embedded in the binary.
-
1041908 Safari missing from inventory on macOS Ventura Macs
- Safari has moved to a secure volume on Ventura. Now include the secure volume in our Applications inventory.
-
1050521 iOS device enrollments fails
- Macs and iOS devices can successfully enroll
MBSDK
-
861566 MBSDK Add Device to scheduled task writes data into DB without validating
- Validate numeric input to see if the input number is a valid computer id in computer table.
-
873886 /distributionapi/api/v1/RebootSettings returns Distribution and Patch info instead
- When enumerate reboot settings from database, use already created object that is initialized with reboot setting behavior, not creating default agent behavior object without specific agent behavior type.
-
879607 Postman tasks via DistributionAPI Swagger API fails with 403 when the account credentials used is non-admin
- When the tokens are created for the API, please ensure that User used for token creation has the rights in EPM corresponding the API action. For example, when querying the API for reboot settings, make sure the user has EPM Console rights under Agent Set
MDM
-
882137 Android Enterprise CPE setting "Enable installation of apps from unknown sources" is not working
- Updated Google API libraries were incorporated in EPM, the UI was updated to reflect the new options for enabling developer mode and handling launching apps from unknown sources. Once the fields are properly set in the Config Profile Editor save and sync devices.
-
906649 Not Able to Add Groups when Creating a QR code for Apple Enrollment
- Groups now show up in the dropdown in the enrollment code section when multiple custom groups exist.
-
960959 Error when adding WNS secret to MDM Configuration
- The WNS secret field now accepts any non-zero length of SID without generating an error. Recently Microsoft changed the default WNS secret size that they generate to be greater than the previous length of 32 characters.
-
1020203 Error when adding WNS Package SID to MDM Configuration
- The SID field now accepts any non-zero length of SID without generating an error. Recently Microsoft changed the default SID size that they generate to be greater than the previous length of 32 characters.
Patch Manager
-
890756 Repair task that is set to ignore maintenance window will grab next continue task and run even if no continuation is selected in agent settings
- Repair task that is set to ignore maintenance window will not grab the next continue task, if no continuation is selected in agent settings.
-
906825 Reboot dialog window on German Windows clients is cutting off "Reboot Now" button
- Fixed an issue causing the "Reboot Now" button to be truncated in the reboot dialog in German.
-
912477 Agent Service Update via patch manager repair task returns a failure message when the remote control component is not installed
- Agents are correctly updated and repair task is successful, using Ivanti SU definitions.
-
923221 Cannot see all the parameters under Distribution/Patch settings -> Patch only settings due to Screen \ Display Resolution Size
- For resolution set to 1280 x 800 (around 720p) in Distribution and Patch > Patch Only agent settings options: all settings are now visible.
-
923340 Patch campaign not updating
- In Patch Automation feature Patch Campaigns are updated without errors.
-
929394 Patch Tuesday campaigns say they are started and nothing more. No progress.
- In Patch Automation feature - Patch Tuesday campaigns were fixed to work as expected.
-
935234 AHS: VLC-220419_INTL patch downloads failing
- In Patch and Compliance - Patch download is extended to work also for URLs that are using mirror sites.
-
942570 Filter Definitions- OS versions do not display in 2022
- For EPM 2022 when going to Download updates>Filter Definitions, OS tab filters are now correctly populated.
-
947548 Patch Automation LDAP query does not place machines in campaign steps
- LDAP query now adds machines in patch campaign steps.
-
975160 Patch Campaign did not create any tasks for Linux patches.
- Linux patching is not supported in patch automation. Linux filters have been removed from Patch Automation.
-
985889 HP HII drivers are extracted in the wrong location
- Drivers are now getting downloaded into C:\Program Files\LANDesk\ManagementSuite\LANDesk\files\drivers\HIIHP and extracted under the device manufacturer folder.
-
1003536 Vulscan times out when using the CSA
- When Vulscan runs communicating via CSA to download files, in certain scenarios the connected session times out and fails to download the files. Changes are made to help ensure timeouts no longer occur.
-
1006085 Ivanti2022_SU2-client shows it failed because it cannot start the service ISSUSER which has been removed from EPM 2022
- Fixed an issue with the SU client patch not starting RC service.
-
1017764 Vulscan using 9 percent cpu and hangs
- Fixed issue
-
1033052 Maintenance Windows no longer "work" because Vulscan automatically deletes local-scheduler task to continue
- If a repair job is ran outside the maintenance window, repair job will not be executed. Vulscan creates the local scheduler task to re-run inside the maintenance window. Vulscan will automatically be launched inside the maintenance window and begin remediating the patches in the repair task.
-
1058617 Patch Campaign only runs for 1 year then stops scheduling new Patch Tuesday task
- Allow the campaign to be created for the same month if the year is different.
Portal Manager
-
952069 Packages within a bundle package show "Installing" in the task history in portal manager.
- The product status workflow was changed to correctly show the status of each of the "tasks" under a bundle as well as the bundle status at the end. NOTE: If the task is set to "continue on failure", the Task History will show as a "success" even if the action truly did fail behind the scenes. Logs will indicate a failure, but the "continue on failure" allowed the task to go on in the bundle.
-
1039517 Software Distribution: Software distribution package categories image is not showing in client side portal manager
- The buttons "preview window" and "test" related to Category images have been removed as they were artifacts from a deprecated function call.
Power Management
-
902515 Restarting the WMI service could cause Process Trigger and/or Power Management services to spike in CPU to 100%
- Resolved high CPU usage caused by WMI service on Power Management services.
Provisioning
-
849805 Disconnected Provisioning Template Takes a Long Time to Start
- When using a disconnected template, no longer retry obtaining the client cert if the first attempt fails. Sensitive variables and other secrets will not be accessible in this case.
-
874217 The Delete File action in OS Provisioning templates doesn't delete files over 2147483647 bytes
- Changed to use a 64 bit file structure (instead of 32 bit) to allow reading of large file sizes.
-
882474 PXE Services do not restart after shutting down because of loss of communication with core server
- Using PXE_SVC_WIN registry key will force the node to win the election and stay elected even when unable to contact the core. It will resume reporting when connectivity is re-established.
-
908092 L14 Gen2 Lenovo HII drivers fail to download
- L14 Gen2 Lenovo HII drivers download works as expected.
-
947303 Provisioning Action template to update registry in client machines is not working as expected
- Made the option to use the 64-bit registry view available on the Import File option of the Update Registry Provisioning action.
-
954090 CTOS Action in Disconnected Template Fails Because of Missing DLL's
- This has been correct and Disconnected Templates are created correctly
-
954711 Intel DCH Graphics Driver Causing HII Build Error: Failed to process repository drivers with error Index and length must refer to a location within the string. Parameter name: length
- The INF parsing workflow now handles exceptions to errors found in the INF. This defect was found to have a root cause of formatting differences used in some INFs (technically not correct but should be handled and ignored). Now handles this as well as generically handling other errors that may be found. If the INF has an error, it will be noted in the log file, but processing will continue for other valid INFs. A warning message will indicate IF an error has been handled and the INF ignored. The user will be directed to the log file with those details. In the HII.log, failing INF files will have a line that reads "INF file: '{0}' had an error in processing. This INF and corresponding driver(s) will be skipped and not applied to devices until the error is resolved." where {0} will be replaced with the failing INF file path/name.
-
967534 Provisioning maintenance fails with a "too many parameters" SQL exception.
- Fixed SQL queries for the cases when parameters exceeded SQL limit of 2100. Log files update and status statements fixed in log files as well for logs\Provisioning\prov_maintenance.log
-
986474 Prov_schedule.exe crashes with SQL errors when starting multiple provisioning templates in quick succession through MBSDK
- prov_schedule.exe no longer crashes and throws Windows Application Event errors. However, the MBSDK action does NOT successfully complete as the lower-level calls fail. The EPM console will show the tasks failed and then the Admin and retry the action at their discretion.
-
1031003 Allow Provisioning Disconnected/Offline template to format USB in NTFS
- Options for selecting FAT32 or NTFS for the formatting tool were added. There is a warning for NTFS as it requires special workflow on the targeted device for UEFI machines (which may not recognize NTFS Removable Storage Devices (RSD) by default.
-
1060255 Inject script handler fails on devices updated from WSCFG32 agent to EBA.
- This action is now fully supported with Engine-Based Agent managed devices.
RBA
-
942270 When a Group's Assigned Scope is Deleted in User Management, the Group is Reassigned to 'All Devices'
- No longer assign Default Template User's scope to a user whose last scope was deleted.
Remote Control
-
919715 EPM 2022 RCViewer isn't Getting Upgraded when Upgrading from Older Version
- The issue with the RCViewer not being upgraded with the rest of the suite is fixed and should update as expected.
-
919971 USB smart card reader not recognized by RCviewer
- Modified the RCViewer smart card logic to detect that power had been removed from the smart card. And then apply a 're-connect' message to re-power on the card. After that whatever command that had failed was resent.
-
924934 Remote Control Floating Desktop icon/notification does not show the username of the user who initiated RC when the session is launched from Web Console 2.0
- The username of the session initiator is now passed to the Remote Control session when using Web Console 2.0 and appears on the floating notification as expected.
-
968861 RC Tunnel cannot find certificates in the same folder as itself
- RC tunnel can now find certificates using relative paths to itself.
-
974530 RC Service does not restart when VPN adapter is turned off
- Added a delay for checking for communication with a core to work better with certain VPN solutions.
-
1013042 RCViewer.exe - EPM 2021 - not saving core name and username and combo box
- Fixed RCViewer login dialog's core name, user name, and security model combox being reset or cleared.
-
1017958 Unable to copy files that are being updated in RC WS (Legacy allowed it)
- Fixed an issue in remote control file transfer that would not allow the transfer of a file being actively written to.
-
1019231 RCservice does not remove the green border when settings are disabled.
- Fixed so that unchecking the option to show the floater in the Remote Control indicators in Remote Control Settings also disables the green border.
Reporting
-
944818 Health Dashboard "Unable to contact the core server" error.
- Changed the request to support HTTPS since the HTTP is now redirected to HTTPS
Software Distribution
-
804514 A standard EPM user with read-only rights on public packages is able to move a public package from public folder to their own folder then able to modify the said package inside their folder.
- If the user logged into the CORE console does NOT have "public edit" rights for Software Distribution (SWD) Packages, then they will NOT be able to "move" a SWD package to a Team or "MY" folder. They can only make a copy of it.
-
840664 Replication - vulscan.exe /replicate /settingsindex=0 remains running which causes the next scheduled Replication to fail immediately with Another instance of this file replication task is already running (Teleperformance)
- Fixed the downloader code so that in case of an exception in any of the processing threads, it will cleanup and return rather than wait for unfinished files indefinitely.
-
895548 Wrong message showing on toast notifications when certain options are selected
- Fixed to show correct timeout action.
-
899434 Error when adding a folder to additional files on Windows Action packages - SWD
- Now check for null/empty primary file when getting a file list so that handles the folders structure properly.
-
920692 S3 bucket download failure of large file when in a subfolder of the share.
- Updated the path to be correct in all cases.
-
921061 SDMCache file retention issue. If the "Number of days files stay in cache" is over a certain amount of days the files are deleted daily.
- The value processed was changed to a larger variable type to handle much large retention values in days (which are converted to seconds). This means the files will be kept according to the settings in Client Connectivity Settings and correctly displayed
-
934186 Issue with task status when multicast and "Always reboot" setting is used.
- For reboot reconnect, do not try to download files that were already downloaded before reboot.
-
942864 When restarting a task that previously had an LDAP query targeted, the task still targets the query.
- When removing a LDAP query from properties target panel, clear already resolved targets from the removed LDAP query.
-
959785 Windows Action Packages fail when set to run as current user, the user is a non-admin user and the powershell version is 5
- The fix allows the registry to be read and thus allow the path to be generated properly.
-
980299 ResetHash in DistributionApi not working
- 204 status will now return when the call is successful and the DB will be updated every time the ResetHash() method is called with the local file HASH value.
-
982594 API tasks do not start when using DistributionApi
- Tasks started through the API have the "RunNow" element and filename generated so the client will process the tasks to run in the task schedule.
-
1001567 Sdclient.exe interprets 16395 as a failure and writes Status 5 in .stat file causing the task to re-run on the policysync retry schedule.
- In case of already installed (16395 failure error code), update task status in local to success to prevent re-run the task from policy enforcement.
-
1003753 Ivanti Package Studio Fails With Error No Return Code Templates Available.
- Access was only granted to the original EPM admin only that user could see the templates. Now allow any EPM user with correct rights to see and use the templates.
-
1023166 EBA Agent- Software distribution package fails if a non-admin user is logged in and the package account is set to current user
- Updated the Software Distribution MSI that is ran by the EBA installer to set permissions to allow the creation of log files when running as limited users.
-
1028526 Distribution API - Package - some of the parameters being ignored during API call
- The API did not contain these SWD options for MSI's and EXE's. These include: Additional Files, TimeoutEnabled, TimeoutPeriod, CommandLine, ArchitectureOptions, CategoryId. Syntax for them is as follows: To set AddtionalFiles (string array with URL on CORE), CommandLine (string), TimeoutEnable (1 means Boolean "true" for enabled, 0 (or other integer) means false), TimeoutPeriod (integer in hours), ArchitectureOptions (this is a string and not an integer where: "0" is "Not applicable", "1" is 32-bit, "2" is 64-bit, and "3" is "System architecture" ), and CategoryId (integer)
-
1054588 EBA - %TMC_CACHE_DIR% variable pointing to \ProgramData\ivanti\EPM Agent\SDMCache
- The environment variable was not being set correctly by the EBA installer for Software Distribution. This path should now be working correctly
-
1057227 EBA- LocalSch.exe points to the wrong location for Inventory scan after installing software.
- For EBA in the case where the configuration is set to enable "Run inventory scanner automatically after software package install" the path used to run the inventory scanner was incorrect and so it would not run. This has been corrected to point to the correct path.
-
1068448 Hashes are re-calculated every time the package is deployed.
- The hash value will only be calculated if a change has occurred that merits the recalculation.
User Management (RBA)
-
971907 Unable to Delete a User that Owns a Task Template
- When a user is deleted, the product checks for task templates (and other things) that the "to-be-deleted" user owned. It will then prompt to assign those items to a new user. Once the new user is selected, the database is updated to reflect the newly chosen "to-be-owner" user. When the EPM console is refreshed, then the UI will show the new owner.
-
998263 Scope assigned to given user doesn't apply to Client Data Storage.
- Fixed scope access permissions for the active console user. A log statement was also added to the console.exe.log when a computer was filtered out of the Client Data Storage panel view. The log statement is similar to: "ClientDataStoreUI filtering out Computer_Idn: 505 as the console user's scope does not have access to this device."
Web Console
-
908867 Web Console 2.0 Result column not accurate for some SWD task return codes
- Made a modification in the Web Console to display the Return Code and Result columns like in the desktop console
-
951547 Web Console 2.0: Software Distribution Tasks with Return Code 0 Are Not Showing Correct Task History Information
- Show correct task history information for software distribution tasks.
-
962563 EPM 2022 Legacy Web Console attempts legacy remote control in the "Remote Access - Remote Control" window instead of RCViewer.
- KVM Remote Control is no longer supported. The suggested method for remote control is to download the RCViewer.exe from the remote-control downloads page, or to navigate to the device in devices list and right click for the remote-control option.
-
1046010 Get 'No Data' message when executing certain queries in the new Web-Console 2.0
- Modified the Web Console to make all query column headings unique. The second occurrence of a column heading becomes a "2" , for example 'Network Adapter Description' becomes 'Network Adapter Description 2'.
Win Console
-
806923 When accessing user management or AD in the Win Console, the Windows Security dialogue prompt (i.e. SmartCard) is displayed
- The console code would perform a login when requesting LDAP data causing the smartcard PIN popup. This was fixed by using pass-through authentication instead which eliminates the need for repeated smartcard PINs. Important: The feature is disabled by default. To enable it you must enter a specific registry entry under ManagementSuite. Please see release notes.
-
967828 EPM MacOS enrolled via DEP can remove profile by end user due to the option "allow MDM profile removal" is grayed out
- When adding a DEP token, all options are now selectable.
-
972735 Devices with older agents view does not work as expected
- Changed the query for "Devices with older agents" to use "Agent Version" to determine if agents are old.
-
1028006 Reboot window on 4k screens shows some text really small.
- The fix required adding appropriate font scaling to the text that could not be read.
XDD-UDD
-
912897 UDD Wireless Access Points "Mark as Allowed" does not do anything
- Fix the right click allow and not allow for WAPs. Also fix UDD scans putting APs in the right group.
-
981739 UDD scan from a 2022 EPM Core Server fails to detect devices with a 2021.1.x EPM agent installed on them.
- Added additional logging for UDD scans to help troubleshoot issues.
Known Issues
Inspector
-
1039333 EPM Console "Inspect" tool does not work on EBA managed devices
- Our recommendation is to use the Diagostics tool.
LDAPS
-
In SU3 it is now required to use LDAPS for an active directory source
-
- For security reasons only supporting LDAPS in 2022 SU3 and newer.
- For more information see this Community Article: Unable to Add Active Directory Source or update LDAP credentials on SU3
-
Patch Manager
-
1094589 Vulscan does not use preferred server settings during patch remediation
- The workaround is to use source or peer for downloading patches.