The VSA 9.5.21 feature release (build 9.5.21.6632) includes enhancements and fixes described in the following sections. For minimum system and agent requirements, refer to Kaseya Server Minimum Requirements & Configuration and Agent Minimum Requirements.
Release schedule
- SaaS deployment started: Saturday, November 23rd, 2024
- SaaS deployment completed: Saturday, January 4th, 2025
- General Availability (on-premises customers): Thursday, January 9th, 2025
Note: SaaS customers will be informed of their maintenance window via status.kaseya.com.
Dates are subject to change at short notice. On-premises customers are advised to check this page again before attempting an upgrade.
Last Update: December 6th, 2024
Important security update
This release includes important security updates. We recommend that on-premises customers upgrade as soon as possible after the General Availability (GA) release date. (No action is required for SaaS customers, as updates are automatically applied).
Dependencies
Agent | This release requires agent version 9.5.0.46. After upgrading from an earlier VSA version, you must update your Windows, macOS, and Linux agents using the automatic or manual update process from the agent module. |
Live Connect Application | When starting a Live Connect or Remote Control session for the first time after installing this release, you will be prompted with a link to download the latest Live Connect build. You must complete the installation before proceeding with the session. |
Software Management |
This release includes updates to the Software Management client code. Each managed machine will download 120 MB of file updates during the first patch scan or deployment cycle after installing the VSA update. The files will be sourced from the VSA server or a peer endpoint machine on the local network that already has the files. Recommendations to mitigate the impact on network bandwidth:
|
Support policy for prior releases
Kaseya recommends that customers update their environments to the latest patch release as soon as possible after the GA release date.
Our policy is to provide support for the current GA release, one prior Feature Release, and any interim Maintenance Releases. After the 9.5.21 GA date stated in the release schedule, the minimum supported version will be the 9.5.20 Feature Release.
Product lifecycle updates
Updates to macOS and Linux agent supported versions
Refer to Agent Minimum Requirements.
Based on the latest macOS and Linux distribution releases and end-of-life announcements by vendors, the following versions are now supported.
macOS
- Ventura (v13)
- Sonoma (v14)
- Sequoia (v15)
Monterey (v12) and earlier versions are no longer supported.
Linux
- CentOS 8.x (see note below)
- AlmaLinux 8.x, 9.x
- Rocky Linux 8.x, 9.x
- Red Hat Enterprise Linux 8.x, 9.x
- SUSE Linux Enterprise Server 12.5, 15 SP3+
- SUSE Linux Enterprise Desktop 15 SP5+
- openSUSE Leap 15.5+
- Ubuntu 20.04 - 24.04 LTS
- Debian 10+
Older versions of the distributions listed above are no longer supported.
Note: CentOS Stream is not supported, but we have now added support for the latest open source RHEL derivatives - AlmaLinux and Rocky Linux.
Release feature
Unified Endpoint Security with Datto EDR and VSA 9
Refer to Datto EDR Integration.
We are pleased to announce that VSA can now be integrated with the Datto EDR management platform, in order to quickly deploy its agent and monitor protection status from within VSA:
- The Ransomware Detection navigation menu has been renamed to Endpoint Protection and enhanced to support integration with Datto EDR.
- Datto EDR integration can be enabled via a new Configuration > Settings menu item using a URL and API key from a Datto EDR management platform. Enabling the integration exposes a new EDR tab on the Operations > Dashboards and Operations > Machines pages so that Datto EDR clients can be deployed and monitored using VSA.
- Only Master or System role users can update the EDR configuration. Once integration is activated, all user roles who already had permission to manage Ransomware Detection will also have access to the EDR functionality.
- From the Operations > Machines > EDR tab, you can bulk deploy the Datto EDR client application to VSA agents and view their protection status:
- Data from the EDR management platform is updated every 15 minutes (EDR Licenses, Isolated, EDR Agent Status, EDR Alert Count, EDR Agent Version). The Last Update column shows the time of the last refresh.
- Alert actions can be configured for when the EDR agent service stops running or when isolation is applied by EDR in response to a security event.
- EDR status is also visible from the Asset Summary page in Live Connect.
- The Operations > Dashboards > EDR tab provides an aggregate view of EDR protection status, threat detections, and alerts across the environment.
Limitations
- As with Ransomware Detection, bulk agent deployments of the EDR Agent are limited by pagination on the Operations > Machines page (maximum 100 machines at a time). For larger selections, it is necessary to initiate the install for each page of machines. Column filters can be used to narrow selection to machines that are not already installed. A policy object will be added in the next release to enable automated deployment based on standard targeting criteria.
- The EDR Agent cannot be installed to machines which have a stand-alone Ransomware Detection client managed by VSA. The Ransomware Detection client must be uninstalled using the Operations > Machines > Ransomware Detection tab prior to installation of the EDR Agent. Once the EDR Agent is deployed, Ransomware Detection can be installed and managed using the Datto EDR management platform.
- In this release, VSA will monitor the running status of the Datto EDR service (HUNTAgent) on machines where the EDR Agent is deployed. This will be extended to include the Datto AV service (EndpointProtectionService), on machines where its used, in the next release.
- When deploying the EDR Agent from VSA, its Organization and top-level Machine Group will be automatically matched to an Organization and Location in the Datto EDR management platform (new entities will be created if there is no name match). If the VSA agent is subsequently moved to a different organization or machine group, the change will not automatically be sync'd to EDR. This will be addressed in the next release.
Feature overview video
Other enhancements
Software Management: Improved management of ad-hoc task scheduling
The ability to cancel or reschedule forced updates, ad-hoc scans, and ad-hoc deployments through Software Management provides administrators more control over ad-hoc scheduled patching tasks.
- This update introduces a new Cancel Action control to the upper panel of the Software Management > Management > Machines page, which can be used to cancel ad-hoc Scans, Deployments or Force Update tasks that were scheduled using the Schedule Action control. This action will not affect scans or deployments that are scheduled by profiles.
- The Next Deploy Date and Next Scan Date columns in the machine grid will show the next ad-hoc or profile scheduled task, whichever is sooner.
- When an ad-hoc task is scheduled, any existing ad-hoc task of the same type is removed, and a new job is created for the selected time.
Agent support for Azure Virtual Desktop
Administrators can now successfully deploy an agent to Azure virtualized desktop environments running a multi-session Windows edition, to manage each desktop instance as if it was a distinct machine. With this enhancement, the agent reports the OS version of virtual devices correctly, Agent Procedures are executed on virtual devices, and VSA 9 functionality is supported on virtual devices.
Bug fixes
Content
- Content folders (Agent Procedures, Monitor Sets, and so forth) can no longer be shared with a user assigned to a role that is different from the role assigned to the user performing the share.
Info Center
- The Machine Group list is now alphabetized.
REST API
- Users without access to certain modules can no longer use the API to make responses to corresponding endpoints.
Software Management 2.0
- URLs containing space characters no longer cause installer download failures.
- Software applications now appear as vulnerabilities if the language title in the profile is revoked.
- When users have a certain scope that restricts visibility of users, they are no longer able to see all users when performing certain Software Management actions.
-
If Filezilla is installed manually outside of VSA 9, the language is now successfully detected to allow patching through the Software Management module.
- Reboot alerts are no longer sent from the wrong sender email address (vsa@kaseya.com).
TAP Integration
- Third-party integration (TAP) modules no longer fail to load the contents of a page while displaying an Authorization token not found error.