The VSA 9.5.15 Feature Release (build 9.5.15.5231) includes enhancements and fixes described in the topics below. For minimum system and agent requirements, see these topics in the Kaseya R95 System Requirements Guide: Kaseya Server Minimum Requirements & Configuration and Agent Minimum Requirements.
Release Schedule
- Scaled SaaS deployment – Saturday, January 7th, 2023
- Full SaaS Deployment - Saturday, January 14th, 2023
- General Availability (on-prem customers) - Wednesday, February 1st, 2023 - available now
(last updated - February 1st, 2023)
Note: SaaS customers will be informed of their maintenance window via https://status.kaseya.net.
Dates are subject to change at short notice. On-prem customers are advised to check this page again prior to attempting an upgrade.
Important Security Updates
This release contains important security updates. We recommend that on-premises customers upgrade as soon as possible (No action is required for SaaS customers as updates are automatically applied).-
- Fixed a privilege escalation vulnerability.
- When disabling a user from the System > User Security > Users page, any active sessions will be immediately logged out, even if the Log Off button is not used.
- Hardened encryption methodology for server-side executables which authenticate to the database.
- Fixed an issue in the Discovery module where a user could view the connection gateway address of networks belonging to organizations outside of their assigned scope.
Dependencies
Agent | This release requires agent version 9.5.0.37. After upgrading from an earlier VSA version, you must update your Windows, macOS, and Linux agents using the Automatic or Manual update process from the Agent module. Agents updated to this version cannot be used to communicate with servers running VSA versions prior to 9.5.8. |
Live Connect Application | When starting a Live Connect or Remote-Control session for the first time after installing this release, you will be prompted with a link to download the latest Live Connect build. You must complete the installation before proceeding with the session. |
Software Management |
This release includes updates to Software Management client code. Each managed machine will download 100Mb of file updates during the first patch scan or deployment cycle after installing the VSA update. The files will be sourced from the VSA server or a peer endpoint machine on the local network which already has the files. Recommendations to mitigate the impact on network bandwidth: -
|
Deprecations
Kaseya Antivirus (KAV)
Kaseya terminated support for KAV in May 2022, following the FCC’s decision to add Kaspersky to its National Security Threat list, and similar actions by other governments. The end-of-life notice can be found here.
All customers with existing KAV subscriptions were contacted and offered an upgrade to an alternative endpoint protection solution powered by Bitdefender, at no additional cost. To ensure that customers had time to migrate to the new solution, we allowed a grace period when KAV would continue to operate.
This release removes most functionality from the KAV module, except for reporting and uninstallation of the Kaspersky client.
Kaseya Anti-Malware (KAM)
In July 2022, Kaseya and Malwarebytes ran a program to upgrade all customers using KAM to Malwarebytes Endpoint Protection, the latest generation of Malwarebytes products. Support for Malwarebytes 1.8, the protection engine used by KAM, was discontinued as announced here.
This release removes most functionality from the KAM module, except for reporting and uninstallation of the Malwarebytes client.
Language Packages
Non-English Language Packages are no longer supported. This release removes the ability to download legacy language packages. If you previously installed a legacy language package, that language can still be selected but the translation will be partially applied.
Enhancements
Support for macOS 13 (Ventura)
We have certified Agent and Live Connect application support for Ventura in this release, on both Intel and ARM-based processors, with the following exception:
- SSH connection cannot be established to an asset running Ventura using the Remote Services feature from Remote Control → Operations → Control Machine page. This will be addressed in a future release.
Agent VDI Support
- A new capability was added to support better management of Virtual Desktop Infrastructure (VDI) environments. An existing agent can now be flagged as a "Golden Image" which additional VDI images are spawned from. This enables you to have a single consistent agent that you can update with routine patch updates or new software installations which are then naturally part of any of its desktop clones. This is configured via the Agent module by selecting the Manage Agents button and "VDI Configuration", where you will be presented with a new modal where you select if you would like to use either a MAC address or the computer name to match when determining if a new agent record should be created or not.
- A new VDI column was added to the machine grid to identify agents that are flagged as Golden Images.
Live View
- Moved subcategories (Events, Processes, etc.) from tabs to the side menu.
- Added a new Alerting widget within the Overview section, showing the number of open Alerts and Alarms associated with the device.
- Added a new Asset Information section to the Overview page containing commonly used information.
Ransomware Detection
- Implemented four new Info Center reports for Ransomware Detection. These reports include Protected vs Total Agents, Ransomware Detection vs. Agents Protected, Endpoint Deployments Details, and Endpoint Detection Log Details.
Software Management
- We have added Scan Status and Deploy Status columns to the Machines page with ability see errors and filter machines list by specific error.
Vimeo Link to demo : https://vimeo.com/769424803/57a8041387
- The CVE codes and CVSS scores are shown in VSA for corresponding 3rd-Party Software Patches. CVE codes can be used in Override profiles.
- With this release, VSA starts to support upgrades to Windows 11. To enable it, check the «Accept EULA during patch deployment» option in the Configuration → Settings → Application Settings.
- The GPO settings remain unchanged with the SM profile assignments with this release. During the SM profile assignments only the following registry settings will be adjusted:
-
- Configure Automatic Updates
- Delivery optimization
- WSUS configuration
-
- Machines can be filtered now by Pending Actions. The filter is a multi-select with the following possible values: Scanning, Deploying a patch, Uninstalling, Rebooting or waiting for a reboot inside the blackout window, Warning, or Error.
- We have added an action button to remove Override Profiles for a group of machines on the Machines page.
- We have added an action to schedule an Ad-Hoc deployment of a group of machines on the Machines page.
- We have added an action to schedule an Ad-Hocscan for a group of machines on the Machines page.
- We refined the structure of menu actions on the Machines page.
- We added data from the Software Management 2.0 module to the Executive Summary report.
- Deployment’s distribution window algorithm now supports blackout windows.
Bug Fixes
Agent
- Fixed an issue in Agent → Configure Agents → Copy Settings where Select Machine IDhyperlink was failing to load the machine selector.
- Fixed an issue where Agent logs were not being archived as configured on the Agent → Agents → Log History page.
Agent Procedures
- Fixed an issue where agent procedures signed with Passly (Authanvil) would fail if they contained an IF/THEN statement.
- Fixed an issue where Active Directory domain-linked users were unable to upload files to the VSA server using the Managed Files button on the Agent Procedures → Manage Procedures → Schedule / Create page.
- Fixed an issue where the admin name was recorded incorrectly when executing a procedure from another procedure using executeProcedure() or scheduleProcedure() statements. This would prevent emails from being sent to the admin from within the sub-procedure using sendEmail() with the #adminDefaults.adminEmail# variable.
Database & Schema
- Fixed a database performance issue that could occur when agent status or check-in details frequently changes.
- Fixed a database performance issue with the processing of Monitor Set performance counters.
- Enhanced some database cleanup routines to ensure that orphaned procedure logs and audit data are successfully removed.
Discovery
- Fixed an issue that could cause network scans to fail with an “Errored” status.
Live Connect
- Fixed an issue where Date custom fields would be displayed as Date/Time in Live Connect →Asset Info.
- Fixed an issue where Date and Date/Time custom fields were displayed without the correct time zone offset in Live Connect → Asset Info.
Monitoring
- Fixed an issue where the Select Agent Procedure hyperlink in Monitor Set and Alert configuration areas was failing to load the agent procedure selector.
Patch Management
- Fixed an issue where the Select Agent Procedure hyperlinks on the Patch Management → Manage Machines → Pre/Post Procedure page was failing to load the agent procedure selector.
Remote Control Application
- Fixed an issue where symbolic links to files/folders could not be transferred between admin and endpoint machines.
- Improved error handling when a user without the "Create symbolic links" privilege tries to copy a symbolic link from the endpoint to the admin machine.
- Fixed an issue where the 1-click floating dialogue in RC sessions would not send passwords for IT Glue credentials.
- Fixed an issue where screen recordings were not stored for remote sessions to macOS agents if the auto recording was enabled by Remote Control Policy.
Remote Control Module
- Fixed an issue where no agents were shown for limited-scope users when trying to select a Manual Proxy in the Remote Services configuration. It will now display agents within the user’s scope.
Rest API
- Fixed an issue where the legacy Patch Management API method GET/assetmgmt/patch/{agentId}/machineupdate/{hideDeniedPatches} was not returning correct data.
- Fixed an issue with the Agent Procedures API method PUT /automation/agentprocs/{agentGuid}/{scriptId}/runnow where incorrect results could be sent to the callback URL when executing concurrent requests.
Service Desk
- Fixed an issue where newly added ticket notes were not displayed until the Edit Ticket dialogue was closed and reopened.
- Removed the “Allow non-authenticated users to download attachments from ticket notifications” checkbox from the System → Server Management → Configure page. VSA no longer provides access to ticket attachments for non-authenticated users, but the Service Desk was recently enhanced to attach files to outbound emails instead of using links.
Software Management
- Fixed an issue with the ambiguous "software installed" field in the "Executive Summary" report.
- Fixed an issue in Software Management → Machines → Policies where Software Management profiles were applied incorrectly.
- Fixed an issue where the Software Management patch hyperlink was pointing to a non-existent target.
System Module
- Fixed an issue on the System → User Security → Users page where it was possible to create users with unsupported Unicode symbols in their email addresses.