Documente Academic
Documente Profesional
Documente Cultură
to
Bit9 Parity v6.0
Document Version: 1.0
July 8, 2010
Bit9, Inc.
266 Second Ave, Waltham, MA 02451 USA
Tel: 617.393.7400 Fax: 617.393.7499
E-mail: support@bit9.com
Web: http://www.bit9.com
Contents
Document Purpose ................................................................................................................... 2
Functional and User Interface Changes .................................................................................... 3
Updated Server and Agent Platform Support ...................................................................... 3
New Windows Registry Protection....................................................................................... 3
Enhanced Custom (Path/Directory) Rules ........................................................................... 3
Enhanced Workflows for Typical Tasks ................................................................................ 4
Enhanced Approval and Ban Management.......................................................................... 4
Changes to the Left Navigation Menu.................................................................................. 5
New Console User Preferences Page.................................................................................... 5
Home Page Enhancements................................................................................................... 5
Dashboard Enhancements.................................................................................................... 6
Live Inventory SDK: Database Views .................................................................................... 6
New Agent/Computer Management Features..................................................................... 7
Enhanced Agent-Server Communications Security .............................................................. 7
Additional Feature Changes ................................................................................................. 7
Bit9 Support and the Upgrade Process..................................................................................... 8
Document Purpose
This document provides a brief introduction to Parity version 6.0 for users upgrading from
previous versions. It describes major changes since v5.1.
This document is a supplement to the main Parity documentation on the Parity v6.0 CD (or
download). See the Using Parity guide for complete details about features.
The most current Operating Environment Guidelines for Parity v6.0 are provided in a separate
document available from Bit9 Support. Hardware and software requirements, as well as
upgrade installation instructions, also are documented in the Installing Parity guide.
Page 2
Server platform changes: The 64-bit versions of Windows 2008 Server are supported for
Parity Server v6.0.
Agent platform changes: The 64-bit versions Windows 7, Windows 2008 Server, and
Vista are supported for Parity Agent v6.0. Windows 2000 systems are no longer
supported, and v6.0 agents will not install on them.
SQL Server platform changes: Parity installation no longer includes a SQL Server Express
option. Bit9 Technical Support can advise you on replacing it with your own licensed
copy of a supported SQL Server version before installing Parity Server v6.0.
File Integrity Control Monitor, and if you choose, prevent modifications to specified
folders or files.
Trusted Path - Define folders or files for which file execution is always allowed.
Execution Control - Control behavior when an attempt is made to execute a file
matching the rule.
File Creation Control - Control behavior when an attempt is made to write a file
matching the rule.
Performance Optimization - Specify folders or files to avoid tracking (execution will still
be monitored).
Advanced - Define custom behavior for controlling file execution, creation, and/or
tracking.
Page 3
When you select a rule type, the page displays only those fields necessary to complete definition
of that type. Depending upon the selected rule type, the definition of the rule may include any
or all of the following attributes:
Action menu Actions that were on a variety of buttons spread across a Parity Console
page are now available on a single Action menu on many pages. The commands on this
menu vary by page, but include commands for approving or banning files, removing
bans or approvals, analyzing a file in Parity Knowledge and acknowledging a file.
Multi-selection checkboxes On many pages, actions that formerly could be applied
only to one item at a time can be applied to multiple items at once. These pages now
have checkboxes, and actions (such as those on the Action menu) apply to all visible
checked items.
Direct access to file actions from Events page The Events page now includes an Action
menu, and if an event description contains a file name or hash, you can act on that file
by checking the box on the Events page and choosing a command from the menu. For
example, if an event shows that a file was blocked and you want to approve the file, you
can check the box on the Events page and then Globally Approve from the Action menu.
Combined approval and ban page The Files tab on the Software Rules page lists all
explicitly approved files as well as explicitly banned files. You can add approvals and
bans on this page, and you can remove one or more of them in a single operation.
Policy-based approvals You can create files approvals on a per-policy basis using the
Approve (Custom) command, which is available on pages listing files, and also by editing
an approval on the Software Rules page Files tab.
Marking a file as an installer when approved The Approve (Custom) command also
allows you to mark a file as an installer at the same time that you approve it.
Page 4
Change Password Each Parity Console user can change their password. This is
especially useful for ReadOnly users, who cannot access the Login Accounts page.
Remember or dont remember page settings Each user can decide whether page
settings that is, the filters, columns, and other view parameters they choose on a page
are saved when they navigate away from a page (or logout) and come back to it.
Choose default starting page Each user can choose (from a menu) which Parity page
appears first upon login.
Top X Returns the most frequent occurrences of the most important events, including
Blocks By User, Blocks By Computer and Blocks by File.
Find Computer Provides quick search capability based on Computer Name, IP Address
or User Name.
Find Files or Events Provides ad hoc search capabilities based on any combination of
Computer, User and Filename over a specific time.
Change Policy Provides the ability to quickly change the policy of a selected computer.
You can save any dashboard as the default Home Page for new users, and you can revert to the
default from a modified Home Page, if you choose.
Page 5
Dashboard Enhancements
Parity v6.0 includes significant feature enhancements for the Dashboard.
You can change the display settings of the any dashboard, including the Home Page, via the
dashboard toolbar:
Dashboard Layout You can use the Layout menu to change the way portlets are
arranged on the dashboard.
Dashboard Width You can use the Width menu to change the width of the dashboard
(in pixels) to better fit your screen resolution and size.
Background Color You can use the Background Color selector to choose a different
color for the background between portlets.
Parity v6.0 includes a new Dashboards page that lists all dashboards available to the logged-in
user and provides access to both dashboard viewing and to management activities, such as
editing, copying, and deleting dashboards.
When you create a new portlet, menus for Portlet Types and in some cases Subtypes pre-select
parameters appropriate to the type and subtype you choose. Parity v6.0 also provides new
portlet options, including the ability to display data in a table only, or to add a small table to a
graphic portlet. You also can apply complex data filtering to some custom portlets.
Page 6
Prioritize Updates On the Computer Details page, you can now choose Prioritize
updates to this computer. As the link name suggests, this increases (temporarily) the
priority of this computer for receiving upgrades to configuration lists and to the agent
itself from Parity Server.
Delete Offline Computers On the System Configuration/Management Configuration
page, you can specify the period of time offline after which Parity automatically deletes
a disconnected computer from its list of managed computers.
Control Access to Agent Commands On the System Configuration/Management
Configuration page, you can control access to special commands for agent management
by specifying a user or group or creating a password usable on all agents connected to
your Parity Server. This is in addition to the agent-specific password that each agent has.
You can annotate the listing of any publisher with your own description. Publishers are
listed on the Publishers tab of the Software Rules page. You also can Acknowledge
pending publishers to indicate that you have seen them but have not approved them.
You can now use multiple snapshots as a baseline for a Baseline Drift Report.
On the Edit Policy page, there are now three different Information Links that allow you
to view all files on computers in the policy, view all pending files on computers in the
policy, and view all policy-specific bans and approvals that apply to the policy.
Event types and subtypes have been changed and re-grouped for improved clarity.
New email templates on the Alert Details page allow you to more easily configure email
to announce file prevalence or Parity Knowledge-related alerts.
For rules that can either block a file or prompt the user to choose to block or allow the
action, you can create a different agent notifier message for each case.
Tamper protection is improved for Parity Agent v6.0.
What was called Detailed Global State for files is now "Global Flags". In addition, some
of the states themselves have been eliminated or renamed.
Page 7
Page 8