Change Guardian 6.2 includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs.
The documentation for this product is available on the Micro Focus website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product and patches, see the Micro Focus Downloads website.
The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:
Introduces compliance policies to assess recommended standards and benchmarks like CIS on agents. This release supports the Microsoft Windows Server 2016 Benchmark v1.2.0 with the following templates:
CIS Microsoft Windows Server 2016 Benchmark v1.2.0 for Level 1 - Domain Controller
CIS Microsoft Windows Server 2016 Benchmark v1.2.0 for Level 1 - Domain Member Server
CIS Microsoft Windows Server 2016 Benchmark v1.2.0 for Level 2 - Domain Controller
CIS Microsoft Windows Server 2016 Benchmark v1.2.0 for Level 2 - Domain Member Server
CIS Microsoft Windows Server 2016 Benchmark v1.2.0 for Next Generation Windows Security
A standalone agentless service that performs compliance assessments using Windows Remote Management (WinRM) to remotely collect configuration data.
A web-based interface to assign and unassign compliance policies on Agents to perform compliance assessments and view security control details of policies like descriptions, associated risks, expected configurations, and remediation.
A dashboard that provides an overview of risk scores, risk status, and details of compliance policies assigned to all the agents in the environment. Change Guardian classifies agents as Critical, High, Medium, and Low based on risk scores and displays failed security checks on account of incorrect configurations along with recommendations for remediation.
Schedule hourly, daily or weekly agent scans and notify over email if any agents are out of compliance.
Some of the Policy Editor features have been integrated into Web Console:
The following options are available under the Configuration tab:
Policy Assignment is under Policies menu
Event Destination Configuration is a part of Events menu
Static groups from the Policy Editor has been deprecated. Asset groups are now available as View Default Groups and Manage Custom Groups under Agents in the Configuration tab
Reports related to Agents and Agents Health Status are available under Agent Health Dashboard
Reports related to Agents on Federated Servers are a part of Reports
NOTE:Ensure that Change Guardian and the Policy Editor are of the same version. Features that are migrated to Web Console are disabled in the Policy Editor.
Application Licenses Dashboard provides an overview of your licenses, their status, and validity. It also lets you import new licenses.
The Web Console views are reorganized for a better user experience.
Health Notification and Notification on Federated Servers options are a part of Agents menu under the Configuration tab
UNIX Agents that display warning status contain a diagnostic report that provides the cause of failure and helps you troubleshoot. The option is available in the Change Guardian Dashboard under Agent Health for UNIX Agents.
To avoid security vulnerabilities (CVE-2021-2161, CVE-2021-2163, CVE-2021-2341, CVE-2021-2432, CVE-2021-2369, CVE-2021-2388) and to use the security features of new JDK standards, JDK is upgraded from 1.8.0_update242 to 1.8.0_update302
Support of TLS 1.0 and TLS 1.1 has been removed.
The release includes software fixes that resolve several previous issues:
Issue: When you import a Certificate File Path of supported extension in the Change Guardian server, the file fails to import and shows an error stating that the file extension is invalid.(Defect 378002)
Fix: Certificate with the supported file format imports successfully.
Issue: Change Guardian CAF console produces RPC error while checking or registering for online update. (Defect 328737)
Fix: Fixed RPC communication errors in CG 6.2 appliance.
Issue: TRACE and TRACK HTTP Methods are allowed for TCP ports 80 and 9080 in the Change Guardian appliance. (Defect 353029)
Fix: Disable TRACE and TRACK HTTP methods for TCP ports 80 and 9080.
You can install Change Guardian 6.2 on supported platforms. For more information about the installation procedure, see Change Guardian Installation and Administration Guide.
You can upgrade to Change Guardian 6.2 from Change Guardian 6.0 or later. For information about the upgrade procedure, see Upgrading Change Guardian
in the Change Guardian Installation and Administration Guide.
Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: Upon launching, the CAF page fails to load and shows RemoteLookupFailureException error.(Defect 379090)
Workaround: Restart the datamodel service on the Change Guardian Appliance server with: rcvabase-datamodel restart. Ensure that it shows active (running) with: rcvabase-datamodel status and open the Change Guardian Appliance Management Console Page with: https://IPAddressOfServer:9443.
Issue: If a process is terminated within a second of its creation, the Change Guardian Agent for Windows cannot collect the command line details such as Command Line, Command Line Length, Command Line Parameter, and Command Line Parameter Length. Events that are generated for these processes do not display the command line details.(Defect 292163)
Workaround: None.
Issue: When you assign policies to Solaris UNIX Agent machine, the VigilEntAgent service may go down. (Defect 353077)
Workaround: When the server receives the next heartbeat, the Agent turns online and sends events normally.
Issue: When the Change Guardian appliance boots after installation, the appliance reports that some services have failed to start: (Defect 174273)
Failed to start LSB: NetIQ LDAP Expander. Failed to start LSB: Sentinel Server.
Workaround: The services start correctly. You can ignore such error messages.
Issue: After installing or upgrading Change Guardian in FIPS mode, when you launch Alerts Dashboard for the first time, a conflict error message is displayed. (Defect 302233)
Workaround: Refresh the page and ignore the conflict error message as there is no functionality impact.
Issue: The assembly path for certain Windows processes is not available to the Change Guardian Agent for Windows, due to which the agent cannot collect the Windows process description. Events that are generated as a result of such processes do not display the process description.(Defect 290154)
Workaround: None.
Issue: If you use certain versions of Internet Explorer 11, such as versions 11.0.10240.16384 and 11.1098.17763.0, to view and modify Events Dashboard settings, Internet Explorer does not display the saved settings.(Defect 155003)
Workaround: Use a different web browser that is supported.
Issue: If you click DASHBOARDS > EVENTS, the Events Dashboard is displayed. If you click on DASHBOARDS again, the Event Dashboard appears blank.(Defect 189391)
Workaround: Refresh the page to view the Events Dashboard.
For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/
Copyright © 2021 Micro Focus or one of its affiliates.