9.5.2 Feature Release - 25 November 2020

The VSA 9.5.2 release includes new features, enhancements and fixes described in the topics below. For minimum system and agent requirements, see these topics in the Kaseya R95 System Requirements Guide: Kaseya Server Minimum Requirements & Configuration and Agent Minimum Requirements. 

 Important!  

  • This release requires agent version 9.5.0.20. Be sure to update your Windows, Mac, and Linux agents after installing this release. 
  • Regarding automatic agent updates to SaaS customers, we will be temporarily suspending this process for MAC AGENTS ONLY. This means mac agents will not be automatically updated to agent version 9.5.0.20 as part of the VSA 9.5.2 update. This is to ensure that each customer can better manage their update process, based on the update paths outlined in the “Enhancement / Agent” section below. 
    We will restore the automatic agent update process for SaaS customers, for ALL agents, in the next release. This includes mac agents.  

New Features 

Remote Control: Remote Control File Transfer Log and Reporting 

We are continuing to enhance Remote Control File Transfer; we have added a logging feature for file transfers that are performed during Remote control sessions. The logs are accessible under Agent > Agents > Agent Logs > Technical Logs > Remote Control.  

As well as logging, we added new columns to get log information for File Transfer such as Admin IP (IP address of the device that initiated the file transfer), Endpoint IP (IP address of the device that receives the file), Activity (File Transfer), Message. The Message column has clickable text which will open a dialog that will contain the log information such as Session Id and Administrator as header and Time, File or Folder Name, Direction Of Transfer (currently, it is unidirectional meaning Download = file/folder transferred FROM the device) , and Result (Success /Fail) per transfer. 

For both Admin and Endpoint IP addresses, similar to "ConnectionGatewayIP" as represented in VSA Database Views, the source addresses are obtained by the VSA Server and will be different than the local IP address of each device if the computer is behind NAT for example.

We also provided a new Data Set in Info Center > Report Parts for Kaseya Remote Control File Transfer Log. This will contain a report with the data for file transfers that were performed during Remote Control sessions.

krclog_parts.png

Enhancements 

Agent Module 

  • For agent deletion, the existing confirmation message is now replaced with "You are about to delete x agents. Are you sure you want to delete x agents?", where "x" in the message represents the actual number of agents selected for deletion.

Agents  

MacOS 64-bit Agent

We are continuing work on re-architecting the Kaseya VSA agent to support both 64-bit and 32-bit platforms, including Catalina. This release contains a version of a macOS 64-bit agent that updates the 32-bit macOS agent, and also replaces the 64-bit agent introduced with VSA 9.5.0.26, which allows us to consolidate the VSA macOS agent into a single package for all supported macOS platforms. 

The following VSA functions are supported with this release - (note that any functionality not specifically listed below, is unsupported on macOS agents which are updated to the latest version): 

  • Agent Menu
  • Agent procedures
  • Audit
  • Live Connect
  • Remote Control
  • Screen recording
  • Reset password
  • Live Connect on Demand
  • Monitoring
    • Alerts 
    • Process Monitoring 
    • System Check 
    • SNMP Monitoring 
    • Log Parser 
      • Known issue with Re-arm period for macOS
  • Policy Management
  • User Portal
  • Cloud Backup
    • There is a known issue with macOS 10.15 (Catalina) - We will be working to support 10.15 and higher in a future VSA release 
    • Supported for 10.14 (Mojave) and 10.13 (High Sierra) 
  • Software Management
    • Supported on macOS 10.15 (Catalina) as a “Technical Preview" 
    • Supported for 10.14 (Mojave) and 10.13 (High Sierra) 
  • Data Backup
    • Known backup issue with macOS.

Additional functionality will be added in future releases. 

Multiple macOS agent support is not supported with the updated 64-bit agent. 

The following features have been deprecated for VSA macOS Agents, starting with this release: 

  • K-VNC [Remote Control tab]
  • FTP [Remote Control tab]
  • SSH [Remote Control tab]
  • Task Manager [Remote Control tab]

Update instructions for MacOS agents 

Note: We will be temporarily suspending the automatic version update of agents for SaaS customers, for MAC AGENTS ONLY. This is to ensure that each customer can manage their update process based on the update paths below. We will restore the automatic update process in the next VSA release. 

manage_agents_upd.png

There is a new agent version included with this release; 9.5.0.20 - (note that any macOS functionality not specifically listed as supported with 9.5.2 will not be supported on macOS agents which are updated to 9.5.0.20). 

Note: The agent update process will be different, based on four update paths outlined below. 

Use the update path that fits your situation. If you are uncertain which path to use, please contact support. 

1. A single, 64-bit VSA macOS agent is currently installed and active on a mac (10.15 or below). It represents only ONE agent record in VSA. No 32-bit agent is installed, and no 32-bit agent record exists for this device.

  • From the VSA UI, navigate to Agents / Manage Agents: Select the 64-bit agent record and perform an agent update 
  • The existing agent will deploy a new 64-bit agent and if successful, the previous 64-bit agent will be uninstalled. The new, updated agent will automatically reconcile itself against the existing VSA agent record, and will immediately perform an Audit 
  • The update will be immediate, ignoring the update schedule 
    • If the agent is offline, the update will occur immediately when the agent is next online
  • Accessibility permissions will be required for mac in order to Remote Control the updated agent

2. A single, 32-bit VSA macOS agent is currently installed on a mac (10.14 or below). It represents only ONE agent record in VSA. No 64-bit agent is installed, and no 64-bit agent record exists for this device. 

  • From the VSA UI, navigate to Agents / Manage Agents: Select the 32-bit agent record and perform an agent update 
  • The existing agent will update itself to a 64-bit version 
  • The update will honor the update schedule 
  • If the agent is offline, the update will occur when the agent is online, based on the time the update was scheduled for 
  • Accessibility permissions will be required for mac in order to Remote Control the updated agent 

3.Two VSA agent records exist for a single mac 10.15 (Catalina) device. The device previously had a 32-bit mac agent installed, and the mac OS was subsequently upgraded to Catalina. Now, the device has a 64-bit agent installed and active, and a second, offline agent record in VSA that represents the previous 32-bit agent. 

  • From the VSA UI, navigate to Agents / Manage Agents: Select the 64-bit agent record and perform an agent update 
  • Do not perform the update on the offline 32-bit agent record. Nothing will happen. 
  • The existing agent will update the 32-bit offline agent’s binaries if they exist or will deploy a new 64-bit agent. If successful, the previous 64-bit agent will be uninstalled, and the agent record matching the previous 64-bit agent will be removed. The updated, new 64-bit agent will automatically reconcile itself against the existing 32-bit VSA agent record that was previously offline. The agent will immediately perform an Audit. 
  • The update will be immediate, ignoring the update schedule 
    • If the agent is offline, the update will occur immediately when the agent is next online
  • Accessibility permissions will be required for mac in order to Remote Control the updated agent 

4. Two VSA agents are installed and active for a single mac 10.14 or below (NON-Catalina). One agent is the 32-bit macOS agent and the other is a 64-bit macOS agent with an agent version at 9.5.0.19 or lower. 

  • FIRST, update the 32-bit agent (this record can typically be identified by the existence of audit information, such as applications and hardware info: 
    • From the VSA UI, navigate to Agents / Manage Agents: Select the 32-bit agent record and perform an agent update
    • The existing agent will update itself to a 64-bit version
    • The update will honor the update schedule
    • If the agent is offline, the update will occur when the agent is online, based on the time the update was scheduled for
  • SECOND, update the 64-bit agent 
    • Do not select “DELETE” - select “UPDATE”
      • If “DELETE” is used, the agent record will be removed from VSA but the agent will remain on the device 
    • From the VSA UI, navigate to Agents / Manage Agents: Select the 64-bit agent record and perform an agent update
    • The update process will uninstall the 64-bit agent and remove the record from the VSA
    • The update will be immediate, ignoring the update schedule
  • If the agent is offline, the update will occur immediately when the agent is next online 
  • Accessibility permissions will be required for mac in order to Remote Control the updated agent 

Mac Agent Packages  

  • In Agent Packages, the Mac Agent Types have been consolidated from two separate entries: “Mac – 32bit" and “Mac - 64bit” to a single entry: “Mac - Intel”:

choose_mac_agnt.png

new_agnt_pcg_mac.png

  • Existing packages will be automatically converted. For 64-bit packages, the “/E” parameter will be added, and “Group Settings” will be maintained.
  • If a previously downloaded 64-bit mac package is used to deploy a mac agent, the agent will check-in and can be updated from the UI using the relevant update path described above.

Agent Installation for MacOS

Fixed an issue which required Mac security permissions to be reset on mac devices running a VSA agent, after every VSA agent update. 

Permissions will still need to be configured after the initial deployment of a new macOS agent, and after an update of an existing macOS agent with an agent version prior to 9.5.0.20, which is provided with this VSA release. 

During subsequent agent updates, on agents running 9.5.0.20 or higher, if permissions were already configured, additional permission changes will no longer be required for remote control. 

For more information related to the required mac permissions, please see the following KB article. 

API Framework

  • Added three new APIs to support returning information about applied Service Based Monitor Sets, Performance Monitor Based Monitor Sets, and Event Sets.
  • Updated /automation/agentprocs API to support being given a callback URL to receive agent procedure execution results.
  • Updated API to log failed authentication attempts.
  • Updated REST API calls to GET /automation/agentprocs to support to support returning Script Prompt values if the API is called with "getScriptPrompts" parameter.
  • Added API to support suspending and un-suspending agents and alarms.

Authentication

Added support for the following TOTP authentication applications: 

  • Okta
  • Duo
  • Authy.

Classic Monitoring 

Monitor > Alarm Summary is now redesigned for better user experience. Users can directly navigate to Discovery Topology Map from the new Monitor > Alarm Summary page.

Database & Schema 

Added additional indexes to Script/Agent Procedure database tables to improve performance.

Discovery 

We enhanced Topology Map functionality and improved Quick Views: 

  • Discovery Topology Map shows badges with alarm counts on agent and non-agent devices that currently have open alarms.
  • Agent Quick View provides a link to new alarm summary page under Alarm Log if open alarms are present.
  • Asset Quick View in Discovery Topology Map shows a button to Alarm summary page.

Live Connect 

Live Connect now supports VSA native 2FA.

Remote Control

Enhanced using of the shared clipboard on multiple Remote Control sessions, now once any remote session is closed clipboards cleared.

Software Management 


  • Sixty second automatic refresh interval is set on the upper portion of Software Management Machines Page. This will allow real-time visibility into progress bar tasks such as scans and deployments.
  • Added Release Date Field to Advanced Over-ride Profile Criteria. Allows for the ability to manage vulnerabilities based on their release date.
  • Improvements to Software Management Reporting: SM Status By Agent, SM Pie Chart Counts and Unapplied Patches are new report parts which have been added to Info Center for expanded reporting capabilities.
  • Software Management Dashboards now have real-time drilldown capability. Each dashboard widget displays relevant data when ‘clicked thru’.
  • Policy Management: Additional logging added on Software Management compliance reasons.

TAP Integration 

We begin to support TAP developers in synchronizing the native VSA Machine Group filter drop-down selections with their own modules.

VSA UI 

Added the ability to disable Kaseya Product Notifications.

Bug Fixes

Agent Module

  • Fixed an issue where agent was deleted from endpoint but agent account was not deleted from VSA.
  • Fixed an issue where some VSA agent packages could not be edited.

Agent Procedures

  • Fixed an issue where the signature was removed after uploading the file thought the Agent Procedure editor and downloading it again.
  • Fixed an issue where the Schedule/Create page failed to load for users without role access to View Procedure.
  • Fixed an issue where running agent procedures with the alarmSuspend and alarmUnsuspendAll statements failed.

Agents

  • Fixed an issue where Lua extension error displayed in Agent Admin logs for macOS agents.
  • Fixed an issue where disk format value was blank for macOS agents.
  • Fixed an issue where KLinuxPortPing file was missing for Linux agents.
  • Fixed an issue where the KaseyaD.ini path was created even it already existed in /Library/Preferences/ or /Library/Kaseya/.
  • Fixed an issue where Agent Procedure scripts skipped first argument in parameter list.
  • Fixed an issue where ‘Lock Workstation’ procedure did not work on macOS agents.
  • Fixed an issue when the agent icon on macOS displayed in the menu bar only for the user who installed the agent.
  • Fixed an issue where Agent Procedure failed on agent machines with the ODBC SQL 2017 driver.

Alerting

  • Fixed Alarm Summary page design issues.

API Framework

  • Updated REST API GET /assetmgmt/assets/{agentId}/customfields to support returning empty custom fields when fed the returnEmpty=true parameter.
  • Fixed an issue with REST API /assetmgmt/agents/uptime/{since} where it incorrectly followed the calling user session Machine Group/View Selection.
  • Updated REST API /assetmgmt/agents to return correct ComputerName vlaue.
  • Fixed an issue with Update User API to not require full model schema for certain field updates.
  • Updated Add Machine Group to Scope API to support a Master/System user adding a machine group to a scope even if the calling user does not belong to the target scope.
  • Fixed an issue where user idle login timeout did not take effect.
  • Updated Add Org to Scope API to support adding organizations to a scope for a Master / System user in scenarios when the calling user is not a member of the target scope.
  • Fixed an issue with Create Organization API (POST /system/orgs) to prevent it from updating data for existing organizations.

Audit

  • Fixed an issue where Apple File System (APFS) was not supported for macOS.
  • Fixed an issue where Windows edition was not displayed in Agent Info for Windows 10 Professional and Home build.
  • Fixed an issue where the Latest Audit failed to populate the AuditRsltApps table.

AuthAnvil Integration

  • Fixed an issue where the list of agents for tenant partition did not display in AuthAnvil > Two Factor Auth > Define AuthAnvil Server(s).
  • Fixed an issue where users and tenants could not log in to the VSA after AuthAnvil integration.
  • Fixed an issue where Deploy AuthAnvil Windows Logon Agent did not work.
  • Fixed an issue where the Remote Control session did not prompt for 2FA passcode when authentication configured in AuthAnvil.

Classic Monitoring

  • Fixed an issue with Mib Tree import in Monitor > Edit > Add SNMP Object. Users can browse through MIB tree files as expected.

Discovery

  • Fixed an issue with Discovery Topology Map that network filter drop down matches with networks shown in Discovery > Discovered Devices.
  • Fixed an issue where the Discovery Domain watch could not filter large Active directory domains.
  • Fixed an issue with VSA Active Directory username and password credentials displaying in plain text in the agentmon.log file on the probe agent.
  • Fixed an issue where messages from Discovery > Domain Watch's alerting profile did not provide any details or useful information.

Info Center

  • Fixed an issue where Windows 7 and 2008 were counted as currently supported versions of Windows in the Executive Summary report.
  • Fixed an issue where the Bar Chart values in Info Center > Report Parts had inaccurate counts.

Installers

  • Fixed an issue where Classic ASP page failed.

Live Connect and Remote Control

  • Fixed an issue where users could not connect to the agent without restarting LiveConnect while temporary or permanent enabling of RDP or NLA and closing the dialog.
  • Fixed an issue where Remote Control users could not log in to a Macs after they had logged out or rebooted. The login screen would display, but users could not enter text.
  • Fixed an issue where multiple KRC windows spawned to the same endpoint when KRC reconnected after losing connection to an endpoint.
  • Fixed an issue where KLC Screen Recordings over 10 minutes were compressed and appeared grey and the image didn`t move in Windows agent.

Notifications

  • Fixed an issue where VSA sent password change notifications to security@kaseya.com every time as password changed.

Policy Management

  • Fixed an issue where the Compliance Check did not run when "Schedule will be based on the time zone of the agent (rather than server)" was selected.
  • Fixed an issue where policies assigned to a child node in an organization hierarchy did not take precedence over policies assigned to a parent node in the same organization hierarchy.
  • Fixed an issue where Audit schedule policies were flagged out of compliance after daylight savings time (DST) changes.
  • Fixed an issue where the Policy object for Windows Automatic Update did not check for actual compliance status.

Service Desk

  • Fixed an issue where opening tickets in the User Portal generated from alarm displayed the "Error getting ticket details" message and 404 error.
  • Fixed an issue where Service Desk failed to process emails formatted as Rich Text (RTF).

Software Management

  • Fixed an issue where the 'Third Party Software Updates + OS Update' patch strategy did not populate third party vulnerabilities.
  • Fixed an issue where Software Management Native OS feature applied configuration in an infinite loop and logging to the endpoint eventlog affected the endpoint's performance.
  • Fixed an issue where Windows Automatic Update re-enabled the endpoint while applying an override profile to a machine.
  • Updated macOS Software Management API engine.
  • Fixed an issue where deleting scan or deployment profiles caused duplicate logging within Application Logging option.
  • Refined and improved logging where assigning any profile to the machine under software management the Application logging page showed only the name of the machine but not profile information. Now the Application logging page will address all assign/un-assign profile actions in more detail to show the correct behavior.
  • Fixed an issue with Software Management pending reboots - added check to the ClearRebootStatus class to check agent procedures that may need be removed if the machine was rebooted after the assignment of agent procedure.
  • Fixed an issue where out of scope endpoints may be displayed on the Patch Approval page.
  • Corrected an issue with Software Management vulnerabilities count where inaccurate counts may be reflected in vulnerabilities due to orphaned rows.
  • Fixed an issue where filtering in Patch Approval was may not be respected in Patch Approval Page.

TAP Integration

  • Fixed an issue where TAP modules could not be installed if a custom role type was created within Tenant Management.
  • Fixed an issue with TAP module agent procedures that did not support the "Execute Procedure" step.

VSA Core

  • Updated strict-transport-security header max-age from 2592000 to 63072000 in alignment with industry-standard recommended best practices.
  • Fixed an issue where clicking “I want to select an agent to copy settings from” the org/machine group for the agent was not populated in the machine group drop down while Catalina agent installation.
  • Removed HTTP Options method support from IIS.
  • Removed TRACE method support from IIS.
  • Added Secure Flag to VSA portal and User portal cookies when HTTPS is used. HTTP is still allowed for use.

VSA UI

  • Fixed an issue where switching between old and new user interface did not work.
  • Fixed an issue where updating the logo for VSA Login Page through System > Customize > Site Customization did not work.

Known Issues

Classic Monitoring

  • Machine Group filter only shows machine groups, not organizations. Workaround: Type organization name in Machine Id filter and alarms will be filtered by organization.
  • Filters changed in Alarm summary won't be saved across VSA pages after 15 minute timeout. Workaround: Logout and log back in so that filters are saved.

Quickview

Quic buttons no longer work in Internet Explorer. Customers using “classic” Live Connect can launch Live Connect or Remote Control sessions this way:

  • Remote Control – left click on agent status icon from machine grid
  • Live Connect – hold down Ctrl key, and left click on agent status icon from machine grid

Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section