The VSA 9.5.14 Feature Release (build 9.5.14.4915) includes enhancements and fixes described in the topics below. For minimum system and agent requirements, see these topics in the Kaseya R95 System Requirements Guide: Kaseya Server Minimum Requirements & Configuration and Agent Minimum Requirements.
Release Schedule
- Scaled SaaS deployment – Saturday, September 17th
- Full SaaS Deployment - Saturday, September 24th
- General Availability (on-prem customers) - Friday, September 30th
Important Security Updates
This release contains important security updates. We recommend that on-premises customers upgrade as soon as possible (No action is required for SaaS customers as updates are automatically applied).
- Fixed an issue where a stored username and encrypted password were exposed in a web server response for an authenticated VSA user.
- Fixed a potential Javascript injection vulnerability.
- Fixed a privilege escalation vulnerability.
Dependencies
Agent | This release requires agent version 9.5.0.36. After upgrading from an earlier VSA version, you must update your Windows, macOS and Linux agents using the Automatic or Manual update process from the Agent module. Agents updated to this version cannot be used to communicate with servers running VSA versions prior to 9.5.8. |
Live Connect Application | When starting a Live Connect or Remote-Control session for the first time after installing this release, you will be prompted with a link to download the latest Live Connect build. You must complete the installation before proceeding with the session. |
New Features
- Ransomware Detection
- Datto BCDR Integration (IT Complete Workflow)
- LiveView Enhancements
- Software Management 2.0 Enhancements
BI Center
- Following deployment to our SaaS environment, we identified some enhancements to optimize the performance of the new BI Center module. To ensure the best possible user experience, we have temporarily withdrawn the module from this release while we implement the enhancements and will re-introduce it in a future patch. All data and configurations created by SaaS customers will be retained and made available again when the module is re-introduced.
Ransomware Detection
- We are enabling an additional layer of protection against Ransomware by introducing the Ransomware Detection module. This module will be available on a no-charge basis until January 1, 2023.
All windows based endpoints can now be monitored for the presence of crypto-ransomware using native Kaseya technology that performs the file-based behavioural analysis. If Ransomware is detected , VSA can optionally:-
- Create Alarms
- Create Tickets
- Send email notifications
- Isolate
-
Isolation is a new alert action added to the VSA for Anti-Ransomware. If initiated as a reaction to a Ransomware alert on an endpoint, any suspected ransomware processes will be stopped and the system will be isolated from the rest of the network while still allowing connectivity back to the VSA server for continued remote management and remediation.
To begin, visit the Anti-Ransomware > Machine page and configure alert actions by selecting the Alert Configuration button:
Next, deploy the Ransomware Detection engine by simply selecting the endpoints you wish to enable. Click the Install action:
Datto BCDR
-
Kaseya is introducing a native VSA module to support management of Datto’s backup processes.
Datto BCDR Appliances can be discovered through the VSA’s Discovery module by navigating to the “Discovery Services” page and selecting the Datto BCDR tab.
New organizations or existing organizations can be created here, where you’ll fill in Datto API and security credential information for your particular Datto BCDR device:
Datto appliances will then be routinely inventoried and available for management within the Datto BCDR module by selecting the “BCDR Devices” page. From here you can map appliances to specific clients and gain visibility into appliance details — hostname, model, client name, serial number, storage capacity, and more.
Seamless deployment and visibility into backup status of your Datto Backup agents is also facilitated by the BCDR module — simply navigate to the Protected Devices page and select the endpoints you wish to deploy the Datto Backup agent to. Once deployed, you’ll get a summary of your endpoint’s backup health including data on the last 10 backups and timestamps for the most recent local backups, screenshot verifications, and Datto Cloud syncs.
The Datto BCDR module also collects alerts that have been raised by your Datto BCDR appliances, allowing you to quickly react to potential interruptions in your client’s business continuity services.
Live View
- Live View has been enhanced to include the new Files sub-category. This newly introduced will allow you to navigate the file and folder structure of a target device, perform file changes and support downloading, uploading and automated zipping.
- Added Powershell support and enhanced Command Shell access:
- Added Select All and Copy to Clipboard button above the terminal window:
- The terminal will be working in the background.
- Added support for Powershell terminal.
- Added Select All and Copy to Clipboard button above the terminal window:
Software Management
- Added a function to copy and paste patch rules from one Scan and Analysis profile to another. Patch rules of the source profile will rewrite rules in the target profile. It may be useful for the ring-based patch deployment process.
- A start of scheduled reboot after deployment will be distributed in every 5 minutes period to optimize server performance.
- Added control on Windows Delivery Optimization in Scan and Analysis profiles. Enabling the option will reduce bandwidth consumption by the peer-to-peer download of Windows patches.
- Added support for patching Microsoft products using Windows Update API. That means you can use the module to patch Microsoft software that does not exist in the VSA 3rd-Party Software catalog. There is a limitation regarding Microsoft Office: only Office 2016 Office 2013 Office 2010 Office 2007 are supported by that option.
- Added an option to specify the local WSUS server within a Scan and Analysis profile. WSUS server may be used to download Windows patches in isolated environments (offline mode). Configuration is available under Specify intranet Microsoft update service location section.
Enhancements
Agent Module
- Added Linux agent support for Ubuntu 21.04 and 22.04.
Discovery
- Removed the Discovery > Discovery Services > Credentials page and moved contents to Discovery > Discovery Services.
Live Connect App
- Custom Audit fields are now available in the Live Connect application under Assets > Asset Info > System Info. They are displayed in alphabetical order along with other System Info fields.
Known issue: In this release, custom fields with Date field type are displayed in Live Connect with date/time format. This will be corrected in a future patch.
Service Desk
- When creating a ticket or a ticket note with a file attachment, an email notification is sent, and the file will now be sent as an attachment. This allows the recipient to access the file without being authenticated to VSA.
Note: Attaching large files (>20Mb) may cause email sending to fail due to size limitations on mail platforms. Service Desk should not be used for sharing large files.Known Issue: In this release, the email body still contains a hyperlinked file name, but the link is not usable. This will be corrected in a future patch.
Software Management
- With this release, the patch impact value will match the MSRC Severity level. As a migration procedure, the Impact value will be changed from «Recommended» to «Important», your Scan and Analysis rules for «Recommended» patches will be migrated to match «Important» patches. Please, check your Scan and Analysis profiles.
Use the following table to understand possible Impact values after the change:
Critical — Windows, OS patches
Critical, Over 30 Days — Windows, OS patches
Important — Windows, macOS, both OS and 3rd-Party Software patches
Moderate — Windows, OS patches
Low — Windows, OS patches
Unspecified — Windows, OS patches
Bug Fixes
Agent App
- Fixed an issue which was causing macOS agent upgrades to fail in some environments.
Agent Procedures
- Fixed an issue where no email was sent by SendEmail() function if it had more than 12000 characters.
IT Glue Integrations
- Fixed an issue where a 1-click Remote Control session would log in to the target machine as a default user account instead of the selected IT Glue credentials.
Monitoring
- Fixed an issue where system alarms related to Azure Discovery could not be deleted from the Monitor > Status > Alarm Summary page (Legacy View).
Patch Management
- Fixed an issue where REST API call (PUT api/v1.0/assetmgmt/patch/{agentguid}/schedule) to schedule a patch installation in the legacy Patch Management module would fail.
Policy Management
- Fixed an issue where the Policy would not schedule an agent procedure if the same procedure had been scheduled before from the same policy.
Remote Control Module
- Fixed issue with Remote Control > Control Machines page where it would not display a complete list of agents and assets. Pagination has been implemented in place of infinite scroll.
Rest API
- Fixed an issue where REST API calls for Tenant Management endpoints that were authenticated against a Personal Access Token would return "Access Denied", even though Read and Manage rights were specified for the token.
- Fixed an issue where DELETE /system/users/session API call would log out the wrong user session under certain circumstances.
Software Management
- Fixed an issue where the notification for the custom installer was displayed without a 3PP Title.
- Fixed an issue in Software Management → Management → Patch Approval tab where several rows for one unique patch were observed.
- Fixed an issue where 3rd-Party Software 2.0 profiles were loaded twice.
- Fixed an issue with VSA API, where if an api call request failed 20 retries were performed.
- Fixed an issue where the processing of all 3PP items was broken if one item was broken.
- Fixed an issue where after each scan there was a new entry for each approved patch on the Application Logging page.
- Fixed an issue where the OS Native Settings were not getting applied to windows 11 during SM scan.
- Fixed an issue where the Executive Summary Report showed Suppressed Vulnerabilities although when “Exclude Suppressed Patches “were chosen in the General Settings of software management.
- Fixed a performance issue with VSA View with the field “Machine missing patch”.
- Fixed an issue where machines in software management were shown as out of compliance for deployment profile when machines have 0 vulnerabilities.
- Fixed an issue where alerts were not getting created when software management deployment failed.
System Module
- Fixed an issue where tenant System scope users could not see non-System scope users on System >Server Management > Logon Policy page.
- Corrected a spelling mistake on a warning dialogue that is shown while removing a 3rd-party (TAP) module using the System > Server Management > License Manager page.