WhatChanged - Release Notes

Version: 4.2.44

Bug Fixes

  • Results Summary Console fails to populate database from retained snapshots when the product is upgraded from builds prior to Build 42 to Build 42 or Build 43.

Functionality Changes

  • The change engine ignores file change if properties of a file (modification time, size etc) have changed and its checksum has not changed.

Feature Enhancements

  • Added a new configurable option to ignore the change in file properties (creation time, size etc) if the checksum of the file has not changed. This option is applicable only to the file items marked for checksum tracking.

Version: 4.2.43

Bug Fixes

  • Event type for event ids 3241 and 3242 is not getting written properly into the windows event log.
  • Incorrect time is displayed in Change Policy Dashboard when no snapshot details are available for a system.

Optimizations and UI enhancements

  • Improvement in policy comparison engine for file items not specified with absolute path. A file item without absolute path is first searched in the folder in which previous file of the policy was found. This change in logic will help when a policy contains files specified in the same folder but absolute path of the folder is not specified. So only for the first file item the engine will sequentially search the file in all drives, but for rest of the files it will be faster because we’ll first check for the file in the folder in which last policy file was found.

Functionality Changes

  • The change engine ignores file change if only the attributes of the file have changed.

Feature Enhancements

  • Added a new configurable option ignore file change if only the attributes of the file have changed.
  • Added support for generating events/traps to indicate the snapshot status.
  • Added support for generating events/traps to indicate the status of sending snapshots to the manager.
  • Added support for generating events/traps to indicate the status of scheduled policy comparison.
  • Added support for generating events/traps to indicate the status of policy comparison request.
  • Added new dialog to view changes grouped by path.

Version: 4.2.41

Bug Fixes

  • Incorrect results displayed when configuration assessment is performed on multiple systems.
  • Pressing space bar key does not change the Check State of a list item in Change Details dialog.
  • Windows 2008 R2 and windows 7 not detected correctly
  • Filters not getting loaded by the snapshot engine when working directory and store directory are different.
  • Change details of a registry item containing a double quote (“) not getting displayed properly.
  • Sometimes an ODBC error message for DB key violation is displayed when on-demand configuration policy comparison is performed for multiple systems.

Optimizations and UI Enhancements

  • The widths of list view columns are automatically adjusted to fit the screen.
  • In change details dialog, when only unauthorized items are displayed then Authorizing an item removes it from the list.
  • In change details dialog, added a new dialog to specify the comment while authorizing an item. This comment becomes the part of event id 3351 generated by the application.
  • A button to open Change Browser from Change Details dialog has been added.
  • Updated deviation details dialog to apply deviations based on system name and the assessment result.
  • In change details dialog, removed the button “Search Details” that used to launch ET Log Search.
  • In change details dialog, added a button “Access History” to show the Audit records for the selected object.

Functionality Changes

  • In Change Browser the IP address supplied in global configuration dialog is not resolved to FQDN and it used as it is.
  • When running on a 64-bit system, the snapshot engine now takes the snapshot of 64-bit view of the registry instead of 32-bit view.

Feature Enhancements

  • When generating assessment results, the configuration assessment engine considers the deviations marked by the user.
  • Integration with EventLogCentral.

Version: 4.2.34

Bug Fixes

  • Fixed the bug where registry item data type was being matched even if no data type is specified in policy. Due to this, registry policy created using Configuration Policy Editor was always getting compared incorrectly.
  • Fixed the issue in Change Details dialog where “Search Details” button was not getting enabled for registry items.
  • Fixed the issue in Results Summary Console, where 2 consecutive separator bars were getting displayed in Tools menu.
  • Fixed the issue in Results Summary Console where file size of 2 GB or larger was giving conversion failure.
  • Fixed the issue in Change Details dialog where a single quote (‘) in file name or path used to throw a database error.
  • In Change Details dialog, fixed the issue where “Filter” button was being displayed even when there are no items in the list control.
  • In Change Details dialog, fixed the issue where the AVI file was not stopping when applying remote configuration finishes.
  • Fixed the bug where filters applied directly to file items were not working.
  • Fixed the bug where duplicate filters were getting created.
  • Fixed the bug in Change Browser where changing customized filters was not showing message to apply changes to all systems.
  • Fix for the issue where ‘\’,’/’ and ‘^’ characters were not allowed in customized filter names.
  • Fixed the bug in logic of rotational deletion of old change details where an object deleted in past was being displayed as deleted in latest snapshot.
  • Fixed the bug where type of processor was not correctly obtained on 64-bit systems.
  • Fixed the bug where attempt to add duplicate policy items displays only one item in UI but creates a duplicate item in policy. Now the module is modified to update the information of the existing item.

Optimizations and UI Enhancements

  • In data view of Configuration Policy Dashboard and Change Policy Dashboard, hyper links are displayed for viewing change details.
  • In Results Summary Console, added a toolbar button to open “Change Browser”.
  • In Change Details dialog, added a button to assign filters.
  • Renamed “WhatChanged Snapshot And Recovery Manager” to “WhatChanged – Change Browser”.
  • In Change Policy Dashboard, added a combo box to display results filtered according to the selected system group.
  • Added a new button called “More Info” in “Results Analysis Console” to start search for selected file on www.processlibrary.com. This button is only enabled if the selected object is a file with extension .exe, .dll or .ocx.
  • Added a new item “Delete Result” in the right click menu and toolbar dropdown menu of configuration policy dashboard to delete the policy comparison results for the selected policy name and system.

Functionality changes

  • The description of Events 3233-3240 has been appended with additional change type information.
  • The format of text based report files has been updated to display the change type information.
  • The text report for system changes now limits the registry value to 1024 characters.

Feature Enhancements

  • Added default monitoring for common file formats used by office suite applications. (*.doc, *.xls, *.docx, *.xlsx, *.pdf, *.dot, *.odt, *.pps, *.ppsx, *.ppt, *.pptx and *.dotx).
  • Change Type Association:
    • Added the ability to associate/assign a change type to a file system or registry system object.
    • In snapshot manager added new right click menu to assign/un-assign change type to the selected node.
    • Updated global configuration and system configuration dialogs to display the list of assigned change types.
    • A new view (graph and data) is added to change policy dashboard to display changes according to change types.
    • The user can switch between the old view (View By Object Type) and the new view (View By Change Type) using the radio button placed at the top of dashboard.
    • In “Change Details” dialog, added a button to update change type of an object from “Unauthorized” to “Authorized”.
    • An event with id 3351 is generated when change type of an object is modified from “Unauthorized” to “Authorized”
    • Default change type assignment rules:
      Business Knowledge: All files with extensions *.doc, *.xls, *.docx, *.xlsx, *.pdf, *.dot, *.odt, *.pps, *.ppsx, *.ppt, *.pptx and *.dotx.
      Unauthorized: All files with extensions *.dll, *.exe, *.ocx, *.sys, *.drv, *.msc, *.cpl and *.vxd.
      Configuration: All files with extensions *.ini, *.cfg, *.inf and *.nt.
    • The user can define complex change type assignment rules using regular expressions, wildcards, substring etc. This option is available in Global Configuration and System Configuration windows.

Version: 4.2.27

Bug Fixes

  • Fixed the issue in Configuration Policy Engine where sometimes the last chunk of policy file is not getting sent to client.
  • Fixed the issue where connection used to terminate unexpectedly while comparing a policy with a remote system.
  • Fixed the issue related to synchronization while transferring snapshot files to the manager.
  • Fixed the bug where configuration Policy export window allows multiple policy selection but exports only one policy.
  • Fixed the bug in Configuration Policy Import/Export module where existence of all policies in import file is not checked while importing a file containing multiple policies.
  • Fix for the issue where baseline snapshot is not getting created on some of the 64-bit operating systems.
  • Fix for the issue where client does not retry sending snapshot files to manager.
  • Fixed the bug where client service sends snap shot files to server every time the client service is restarted.
  • Fixed policy reading functions for the bug where invalid format of file causes the application to crash.
  • Fixed the issue where Configuration Policy Editor crashes when a file with no valid policies is imported.
  • Fix for the issue in Snapshot Manager where viewing details of a folder after applying a filter on it gives “Run-time error ’91′”.
  • Fixed the bug where an error message “Overflow” is displayed while comparing some large policies.
  • Fixed the issue in Configuration Policy Editor where default file/folder selected in controls was not displaying correctly.
  • Fixed the bug in Online Policy Comparison engine where comparison engine fails to recognize a path of file without file extension as an absolute path and hence searches for that file on the entire system.
  • Fixed the bug of excessive CPU consumption when on demand snapshot is taken and Snapshot Manager waits for user to provide the name of the snapshot.
  • Fixed the bug where snapshot thread was not getting assigned lower base priority.
  • Fixed the bug in list view of change policy dashboard where all the columns were displayed irrespective of the dashboard preferences.

Optimizations and UI Enhancements

  • Changed default settings to display only file changes in change policy dashboard and snapshot viewer.
  • Changed the text “Configuration Changes” to “Integrity Violations” in user interfaces.
  • When applications like configuration policy editor, compare systems etc. are called from the main menu of Results Summary Console then values selected in list control of configuration policy dashboard are not passed to these applications so that no default values are selected.
  • Updated Results Analysis Console to display description of policy and policy items and updated tool tip text.
  • In Configuration Policy Editor added controls to view and update descriptions associated with configuration items of the policy.
  • Included the new Diagnostics tool.

 Feature Enhancements

  • Added a new optional right click menu in Snapshot Manager to search for audit events related to selected file/registry item by using EventTracker Log Search. NOTE: This menu is not visible by default and can be enabled explicitly using registry. Menu is displayed only if EventTracker is installed and EventTracker Log Search is available. Clicking this menu opens EventTracker Log Search and initiates a search with appropriate condition to search for audit events of selected item. Using this menu with builds prior to EventTracker 6.3 Build 79 will not initiate the search.
  • Added a new right click menu item in Snapshot Manager to enable Checksum tracking on a file system node and all its child items.
  • Updated WhatChanged service to wait for predefined interval before launching any scheduled thread (snapshot, compare systems or category analysis) if the system has just been started. This is done to reduce the system load on startup. The default interval is 10 minutes. This change is not applicable when the system resumes from hibernation or standby mode.

Functionality Changes

  • The behavior of Client Manager has been updated to fix commonly faced connectivity and user credential issues.
  • The configuration policy titled “WhatChanged Installation and configurations” is not distributed with the setup.
  • Added a sample configuration policy titled “Sample Critical File Policy” to demonstrate the functionality of Configuration Policy Engine.

Version: 4.2.16

Bug Fixes

  • Fixed the issue where snapshot files of manager were getting corrupt when the IP address instead of system name of manager is mentioned in its registry.
  • Fixed the issue where a message box saying “invalid key” used to pop up in Compare Systems GUI.
  • Fixed the bug in Client where start menu shortcut for Readme.txt file was pointing to incorrect file.
  • Fixed the bug in setup where “Back” button was enabled in license registration dialog.
  • Fixed the bug in Compare Systems GUI where a message box was getting displayed when no groups were found in the database.
  • Fixed the bug in snapshot manager where a message box was getting displayed in clicking cancel button on “Find Next” dialog.
  • Fixed the bug in Snapshot Manager where traversing through registry tree used to cause exception.
  • Fixed the bug in Snapshot Manager where pressing F1 was not opening online help.
  • Fixed the bug where an empty wcwservlog.txt file was getting created in installation directory.
  • Fixed the bug where values for items modified and items deleted were displayed incorrectly in the pie chart in Results Summary Console.
  • Fix the upgrade license dialog issue in Results Summary Console where incorrect license information was displayed.
  • Fixed the issue where WhatChanged shortcut icon was not getting removed from the desktop.
  • Fixed the issue in Snapshot Manager where help menu was not pointing to online help.
  • Fixed the issue in Snapshot Manager where addition of duplicate filters was allowed using customize filter option.
  • Fixed the issue in Results Summary Console where “VTChart error” message used to popup in auto refresh mode.
  • Fixed the bug in Configuration Policy Editor where truncated file checksum values were displayed.
  • Fixed the memory leak issue in configuration policy comparison engine.
  • Fixed the bug in snapshot engine where event 3235 did not contain file version value.
  • Fixed the issue where WhatChanged service used to continuously take snapshots due to failure in updating configuration file.
  • Fixed the issue where two instances of “View Report” menu item were displayed in Results Summary Console.

Optimizations and UI Enhancements

  • Changed setup to display WhatChanged version information in the title of the welcome screen.
  • Updated Snapshot engine to store detailed OS information including build, features, editions etc.
  • Modified setup so that start menu shortcuts for help files are not created.
  • The snapshot engine can now auto recover from corrupt wcw.ini file by creating new wcw.ini file with default values.
  • Added application manifest files for all executables for compatibility with Vista and Windows 2008.
  • In Configuration Policy Editor added validation and presence check of files while adding files to policy and while importing policies.
  • Updated input validations in customized filter and file extensions filter dialogs of Snapshot Manager.
  • Added support to customize the colors of pie chart segments in Change Policy Dashboard of Results Summary Console.
  • In Results Analysis Console changed configuration items are highlighted in blue color.
  • Added a new menu item in Results Summary Console to display and upgrade license details.

Feature Enhancements

  • Added support to calculate and store SHA1 checksum of file items in snapshot files. By default the checksum is calculated only for windows system files.
  • Changed the checksum algorithm from MD5 to SHA1 in configuration policy comparison engine.
  • Changes in Snapshot Manager and change reports to incorporate checksum value of file items.
  • Included checksum values of file items in description of change event ids 3233, 3234 and 3235.
  • Added support to configure Event Tracker collection point to which change events are sent as traps.
  • Changed global configuration dialog of Snapshot Manager to include ET collection point configuration.

Version: 4.2.07

Bug Fixes

  • Added application manifest files for all executable for compatibility with Vista and Windows 2008.

Version: 4.2.06

Bug Fixes

  • Fixed the issue where an application crash dialog for wcwservice.exe used to come.
  • Fixed OS display bug in Snapshot Manager.
  • Fixed the bug in which extra files were getting installed on client system.
  • Fixed the help menu in Client Manager.
  • Fixed the issue where registry keys for old components were getting created.
  • Fixed the bug in Client Manager where support tool was not getting invoked from help menu.
  • Functionality Changes
  • Removed help files from the installation.
  • Removed links for help files from GUIs and added direct links to Online Help of WhatChanged.

Version: 4.2.05

Bug Fixes

  • Fixed the issue where a sql syntax error used to come while On Demand Comparison of configuration policies.
  • Fixed the handle leak issue in configuration policy comparison engine.
  • Fixed the issue where client installation used to fail when using IP address of manager.
  • Fix for multiple instances of policy editor and compare systems GUIs.
  • Fix for OS detection bug in Client Manager.
  • Fixed the post installation screen to display default settings.
  • Fixed the redundant splash screen display when calling one GUI from another.
  • Added status display while loading policies in policy editor.

Feature Enhancements

  • Added a new menu item in Snapshot Manager to open Results Summary Console.
  • Added keyboard shortcut keys for menu items in Results Summary Console.

Functionality Changes

  • Changed the default configuration policies distributed with setup.
  • Increased the default number of snapshots to 64.

Version: 4.2.04

Bug Fixes

  • Fixed the issue where schedules with incorrect system name were getting added by default.
  • Fixed bugs related to event message dll related registry entries when installing on clients.
  • Fixed the select applications dialog during installation.

Version: 4.2.02

Bug Fixes

  • Fixed the issue where a message box saying “Invalid parameter” used to come when no data is available in change policy dashboard for drawing graph.
  • Fixed the date time (am, pm) bug in Policy Scheduler.
  • Fixed the issue where setup used to overwrite support tool installed by EventTracker.
  • Fixed the issue where an error message box used to come during On Demand Comparison.
  • Fixed the check box display bug in policy editor.

Feature Enhancements

  • Added a new menu option and dialog for dashboard preferences. This will allow the user to
    • Select whether to enable auto refresh or not.
    • Choose which view (data or graph) to display as default view in change policy dashboard.
    • Select the segments (files changed, files deleted etc.) to view in graph.
  • Added two default schedules during installation.
  • Included new support tool.
  • Added description in Install type selection dialog.
  • Added close button in policy scheduler.
  • Any changes made in schedules are immediately reflected in configuration policy dashboard.
  • Policy editor keeps the current policy selection whenever a policy is edited.

Functionality Changes

  • Not displaying about dialog when Change Summary Console is launched.
  • Displaying the schedules that are not executed along with other configuration policy comparison results in configuration policy dashboard of Results Summary Console.
  • On double-clicking a system in the Change Policy Dashboard, the Snapshot Manager is loaded and displayed with the selected system’s change details. Earlier if an instance of Snapshot Manager is already up and running, it was unable to open a new Snapshot Manager console. Now the Snapshot Manager can be loaded and displayed with the change details of as many systems as possible in the same instance.
  • Removed issExplorer and tools menu from program files menu.
  • Removed the dialog to ask for location of database.
  • Changed the end user license agreement.

Version: 4.2.01

Bug Fixes

  • Fixed the issue where policy editor used to crash for large policies.
  • Fixed the issue where Result Analysis console used to crash when saving a large policy.
  • Fixed the issue where an error message box used to pop up when Compare Systems GUI was invoked from Results Summary Console.

Optimizations and UI Enhancements

  • Optimized the logic for fetching data and populating the list controls in Results Summary Console.
  • In Results Summary Console, added capability to remember the sorting order and current selection in list controls even after refreshing the data.

Version: 4.1.15

Feature Enhancements

  • In Results Summary Console, a graphical view has been added in Change Policy Dashboard in addition to the existing list view.
  • In Results Summary Console, added two separate menus for Change Policy and Configuration Policy.
  • In Results Summary Console added a new toolbar dropdown menu in configuration policy dashboard.
  • In Results Summary console added separate right click menus for each dashboard.
  • In Result Analysis console added the display for number of changes and comparison time.
  • In Configuration Policy Editor added a button to open Compare Systems GUI for the currently selected policy.
  • Added two default policies called “Windows System Files” and “Windows System Services”.
  • In policy editor added two checkboxes to clear or select all file or registry items.
  • In Results Summary Console added support to generate reports for both change policy results and configuration policy results.
  • Added support to log the results of manual comparison of configuration policy
  • Added command line support to “Policy Editor” and “Compare Systems” GUIs to interlink them without the redundant screens.

Bug Fixes

  • Resolved the issue where all the managed systems were not getting displayed in Compare Systems GUI. This used to happen if the user chooses to manually add groups and systems from WhatChanged Client Manager.
  • Fixed date format problem in Results Summary Console.
  • Fixed the issue where a message box saying “Object variable or with block variable not set” used to pop up while opening Configuration Policy Editor from Results Summary Console.
  • Fixed sub folder search bug in policy editor.

Functionality Changes

  • From Result Analysis console if user clicks on “Run” button then instead of comparing at the backend, compare systems GUI is displayed with the relevant policy and system selected by default.
  • In Compare Systems GUI opening Result Analysis Console instead of report when the comparison completes.
  • From Result Analysis console, if an action is taken on an item then focus automatically moves to the next item.
  • Removed the reports console application.

Version: 4.1.11

Feature Enhancements

Two new consoles have been added

1. Results Summary Console

This console becomes the main console of the application. It has two views for displaying summary of results of change policies and configuration policies.

2. Result Analysis Console

This console will enable the user to fine tune configuration policies. This GUI will be used for analyzing the results of all the recently executed scheduled policies. The GUI will allow the user to view the results of executed policies and analyze/reconcile the policies. The user should be able to perform the following actions while viewing the results:

  • View the summarized result of all the executed scheduled policies for all the systems.
  • View every change detected by the system one at a time.
  • Accept a detected change that will modify the policy with new values for that item.
  • Reject and remove a detected change that will remove the item from the policy.
  • Ignore a detected change.

Bug Fixes

  • Fixed version comparison bug in agent installer.
  • Fixed bug in policy scheduler. The correct policy name was not getting selected when a schedule was edited.
  • Fix for issue with transferring snapshot files over the server.

Functionality Changes

  • Changed the WhatChanged service to send only the required snap files to the server.

Version: 4.1.10

Features

  • Scheduling policy comparisons
  • Issue with reading whatchanged events 3236, 3240
  • Issue in installing remote agents (missing event message dll)

Version: 4.1.6

Features

  • Optional Event loggging/forwarding for snapshot results to EventTracker.
  • Event Description changes to provide formated data.

Version: 4.1.3

Features

  • WhatChanged will generate and send change events that will be forwarded to EventTracker. The event source will be set to “WhatChanged”. It is assumed that the eventtracker console is installed on the same system as whatchanged server. The events being generated are as follows:
    Event id 3233: File Added
    Event id 3234: File Modified
    Event id 3235: File Deleted
    Event id 3236: Summary of file changes on the client
    Event id 3237: Registry Key Added
    Event id 3238: Registry Key Modified
    Event id 3239: Registry Key Deleted
    Event id 3240: Summary of registry changes on the client
  • Install will not install the Reporter component as it has been discontinued.
  • Supported report formats are Text and XLS.

Version: 4.0.15

Features

  • Compare system policy editor, which will be used to create and delete compare system policies.
    • Using compare system policy editor we can create new file items to the existing policies.
    • Using compare system policy editor we can create new registry items to the existing policies.
    • Using compare systems policy user can remove existing file items
    • Using compare systems policy user can remove existing registry items

Hence a compare system policy can have file, registry or both the items in it

  • Compare system application used to compare the configuration (compare system policies) which was created by Compare system policy editor.
    • At a time user is allowed to compare only one policy.
    • Report will be generated, if there is any discrepancies.

List of Big Fixes

  • Fix for issue – WhatChanged Service crash.
  • Fix for issue – EventTracker and WhatChanged cannot exist on the same system.

Known Issues

      • WhatChanged scheduled report has been removed.