What's New in Endpoint Security 2022.2
End of Life Notice
Note that Ivanti Endpoint Security 8.5 Update 4 and earlier versions are now in self-support. Any customers on 8.5 Update 4 (220.127.116.11) or earlier versions should upgrade now to a supported release.
For more information, refer to the Ivanti Endpoint Security Lifecycle policy.
Enhancements and Improvements
We’ve made some significant additions to the set of REST APIs available for Ivanti Endpoint Security.
Version 2.0 of the REST API Framework adds a number of APIs focused on Patch Automation and Policy Export scenarios, including the following:
- Initiate DAU Scan via REST API
- Add selected patches to a Custom Patch List via REST API
- Create patch deployment using Custom Patch List via REST API
- Retrieve deployment summary information via REST API
- Retrieve deployment details information via REST API
- Add patches to Mandatory Baseline via REST API
- Remove patches from Mandatory Baseline via REST API
- Discover Assets and Install Agents via REST API
- Discover Assets and Uninstall Agents via REST API
- Export Agent Policies via REST API
- Import Agent Policies via REST API
- Export Application Control Policies via REST API
- Import Application Control Policies via REST API
With all of these additional capabilities, we’ve also enhanced the security capabilities around the API calls to ensure that these calls can only be initiated by authorized parties. For more details, refer to the REST API Getting Started Guide.
Improved audit logging is one of the top requests submitted via Ivanti Ideas. In this release we’ve enhanced our audit logs to include the following information:
- Add patch deployment details to the logs
- Add patch deployment changes (edit/delete) to the logs
- Add user creation details to the logs
- Add user role changes to the logs
- Add user password change attempts to the logs
The Package Editor has been a feature of Ivanti Endpoint Security for many years and is used by many customers to create custom packages. Packages can run tasks, scripts, install software applications, send files to a specified location, and change the configuration of an application or service. However, the Package Editor requires Internet Explorer to edit or create packages. As Internet Explorer is now end-of-life, customers can continue to use the Package Editor using the Microsoft Edge Browser running in Internet Explorer mode.
As part of the investigation and testing for this feature, we have also addressed a bug whereby package uploads were failing in certain circumstances, with the result that it wasn’t possible to create new packages via the Package Editor.
We’ve updated the following components to improve the overall security posture of the product.
- OpenSSL library updated from 1.1.1l to 1.1.1n
- Libexpat libraries updated from 2.2.10 to 2.4.4
We’ve also updated our TLS 1.2 implementation to remove weaker ciphers. These weaker ciphers weren’t being used but their presence was being detected and flagged by vulnerability management solutions, so this update will address that issue.
The 2022.2 release has been updated to adopt the latest version (03.22) of the Ivanti End User License Agreement (EULA).