IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Comply (Version 1.7)

From Tanium Knowledge Base
Jump to navigation Jump to search

Tanium Comply 1.7.4.0002

Release Date: August 21, 2018

New Features

  • Joval 6.0.4 now ships with Tanium Comply. Version 6.0.4T will be present in the engine list and can be associated with deployments. This version of Joval does not include content.

Tanium Comply 1.7.3.0002

Release Date: July 31, 2018

Other Enhancements

  • Added support for SCC 5.0.2.

Bug Fixes

  • Fixed an issue where vulnerability scans would not run on Windows endpoints that have never had a compliance scan run on them.

Tanium Comply 1.7.2.0017

Release Date: July 20, 2018

Other Enhancements

  • Added support for CIS-CAT 3.0.50. Customers using CIS-CAT 3.0.48 are strongly encouraged to upgrade to 3.0.50.
  • Changed retention of vulnerability feed files and detailed results so they are stored in Tools/Comply rather than removed when action directories are pruned.

Bug Fixes

  • Fixed several issues related to retrieving saved question results.
  • Fixed an issue where logs were deleted before lock files were checked.
  • Fixed an issue where notifications on the home page could not be dismissed.
  • Fixed an issue where certain expandable UI areas did not feature carets.
  • Fixed an issue where deployment names would not be displayed in the appropriate section on the home page.
  • Fixed an issue where the file selection feature of engine upload was not working correctly on browsers other than Chrome.

Tanium Comply 1.7.1.0001

Release Date: July 3, 2018

Bug Fixes

  • Fixed an issue where vulnerability scan actions were not run in the background on 7.2 Tanium Clients as they should be.

Tanium Comply 1.7.0.0041

Release Date: June 19, 2018

New Features

  • Added the ability to report open ports and their corresponding processes for managed assets. Selecting the "Report Open Ports" option during vulnerability report creation will enable this feature.
  • Added a new report type to gather open ports on unmanaged assets. This report requires the use of Tanium Discover's NMap discovery method to gather results.
  • Implemented new Tanium UX color scheme across the Comply interface.

Other Enhancements

  • Added support for SCC 5.0.1.
  • Added support for JovalCM 6.0.3.
  • Added support for CIS-CAT 3.0.48.
  • Added the ability to specify engine runtime parameters during deployment creation. JVM heap size and CPU affinity can now be set on a deployment-wide basis.
  • Added the ability to search for benchmark rules by title on the Custom Profile creation screen.
  • Improved the functionality of the Report Export UI. Report exports can now be removed or downloaded in bulk.
  • Added the ability to persist vulnerability report parameters on a global or individual user level. A new Comply application setting determines which is used. After creating a vulnerability report, the parameters for the vulnerability definitions will be retained across report creations.
  • Added additional report metadata to the report list display: Report Issuer, Platform, Next Run Time, and Scan Engine.
  • Changed the chunk size options available when using the JovalCM scan engine to take advantage of engine specific features.
  • Added reporting of unscored vulnerability results to the report summary displays.

For more information on which versions of CIS-CAT, Joval, and SCC are supported, see Comply Supported Engines.

Bug Fixes

  • Fixed an issue where a report would indicate that a vulnerability scan was still in progress long after it had completed.
  • Fixed some issues with benchmark list performance.
  • Added some visual cues to custom profile creation screen to indicate that scrolling is required to see the remainder of the screen.
  • Fixed an issue where deployment status information was too slow to update.
  • Fixed an issue where user would be redirected to home page instead of settings page after creating a custom profile.
  • Fixed an issue where closing the upload progress dialog before the upload had finished would result in service errors.
  • Fixed an issue where links that a user did not have access to view were still visible on the home page. Clicking any of these links would result in permission denied errors.
  • Renamed the "supported" and "unsupported" tags on benchmarks to "verified", "unverified", and "unsupported" to provide better clarity around the state of these benchmarks.
  • Fixed an issue where errors would occur on report display when more than one custom check was used in the report.
  • Fixed an issue where the bar chart on report export would overrun the space allocated for it.
  • Fixed an issue where the Last Run date for a report gets cleared when a report is rebuilt (e.g. when new vulnerability definitions are available).
  • Fixed an issue where long benchmark rule titles would not be properly displayed with ellipses at the end.
  • Fixed an issue where republishing a report would move the start time forward by timezone offset.
  • Added additional checks on JRE uploads to prevent the use of Java 9 and Java 10.
  • Fixed an issue where corrupt or incomplete cached homepage data could prevent the entire home page from loading.
  • Corrected the format of next update times on the vulnerability sources screen.
  • Improved the report list filtering logic to be more intuitive.
  • Fixed an issue where macOS scans using an encrypted JRE would not run.
  • Fixed an issue where detailed report results sensor would return an error if the results file does not exist.
  • Fixed an issue where scan errors were no longer being displayed on the report list page.
  • Fixed an issue where the "donut" would not display on reports with no results.
  • Fixed an issue where long package file cache timings could cause Comply reports to not create all their associated Tanium objects.
  • Fixed an issue where tooltips would no longer display on the CVE list screens when scrolling through more than 100 elements.
  • Fixed an issue where .lock files deeply nested within the Comply client directory structure would prevent scans from occurring.
  • Fixed an issue where engine deployment intervals under 50 minutes would result in deployment creation failure.
  • Fixed an issue where a vulnerability report would indicate that the scan had finished and no results were found when the report had never been run.
  • Fixed an issue where the Java - Is Runnable sensor would return incorrect values from Linux endpoints with encrypted JREs.
  • Fixed an issue where NaN was listed as a result for some report counts.

Additional Release Information

Known Issues

  • Java 9 and 10 are not currently supported by Tanium Comply.
  • In RBAC-enabled environments, a report can can only be deleted by the owner of the report or a Tanium Administrator. Even with Report Administrator privileges, other users will encounter an error if they attempt to remove the report.
  • Tanium Comply does not support any benchmarks that require authentication.
  • Endpoint computers with less than 2GB of installed RAM may not have enough free memory to run the CIS-CAT engine when evaluating CIS checklists.
  • Endpoint computers with a single CPU may have their performance more noticeably impacted by Comply scans, even with lowered priority.
  • Deployment targeting checks for the presence of engines selected by the deployment. The engine runtime configuration feature added in 1.7 is not taken into consideration by this targeting. As a result, if a deployment is created or changed in a way that modifies the runtime configuration but not the version(s) of the engines being deployed, the targeting will cause machines that have already received the deployment to be skipped. In order to work around this, the deployment packages may need to be run manually.

Product Documentation and Resources