IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Comply (Version 2.11)

From Tanium Knowledge Base
Jump to navigation Jump to search

Tanium Comply 2.11.799

Release Date: June 21, 2022

Prerequisites

  • Tanium Interact 2.11.58 or later
  • Tanium Client Management 1.7 or later
  • Tanium Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
  • Tanium Discover 3.0 or later required for remote vulnerability reports
  • Tanium Trends 3.6 or later
  • Tanium Reporting service 1.3.12 or later
  • Tanium API Gateway 1.1.13 or later
  • Tanium Blob service 1.0.6 or later
  • Tanium RDB service 1.0.84 or later
  • Tanium System User service 1.0.40 or later

Supported Tanium Platforms

  • Tanium Server 7.4.1.1939 or later

Bug Fixes

  • Fixed an issue with getting 504 errors when deleting assessments

Known Issues

  • Vulnerability assessments running on endpoints configured with low resource mode have a high rate of failure, can run indefinitely, and may prevent other scans from running.
  • Compliance assessments running on endpoints configured with low resource mode fail to run.
  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.

Security Updates

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.

Tanium Comply 2.11.796

Release Date: May 3, 2022

Important Note

With this release, we are no longer restricting upgrades to current 2.11 customers. Any customers who have not yet upgraded from 2.10 or older versions should upgrade to 2.11.796.

Prerequisites

  • Tanium Interact 2.11.58 or later
  • Tanium Client Management 1.7 or later
  • Tanium Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
  • Tanium Discover 3.0 or later required for remote vulnerability reports
  • Tanium Trends 3.6 or later
  • Tanium Reporting service 1.3.12 or later
  • Tanium API Gateway 1.1.13 or later
  • Tanium Blob service 1.0.6 or later
  • Tanium RDB service 1.0.84 or later
  • Tanium System User service 1.0.40 or later

Supported Tanium Platforms

  • Tanium Server 7.4.1.1939 or later

Bug Fixes

  • Fixed an issue with upgrades from 2.10 or older removing custom settings.

Security Updates

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.

Known Issues

  • Vulnerability assessments running on endpoints configured with low resource mode have a high rate of failure, can run indefinitely, and may prevent other scans from running.
  • Compliance assessments running on endpoints configured with low resource mode fail to run.
  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.

Tanium Comply 2.11.792

Release Date: April 26, 2022

Important Note

This release is intended for customers who have already upgraded to 2.11 and are experiencing one of the bugs listed below. Customers who have not yet upgraded to 2.11 should wait for a subsequent release to be announced in the coming weeks.

Bug Fixes

  • Fixed an issue with some low-resource-mode assessments never completing.

Known Issues

  • You get an error when creating an assessment from the Custom Profile page, but the assessment is actually created.
  • First Found and Last Found date format changed from YYYY-DD-MM in 2.10 to YYYYDDMM.
  • Environments updating from 2.10 or older may need to recreate Custom Settings.
  • Vulnerability assessments running on endpoints configured with low resource mode have a high rate of failure, can run indefinitely, and may prevent other scans from running.
  • Compliance assessments running on endpoints configured with low resource mode fail to run.
  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.

Tanium Comply 2.11.790

Release Date: April 7, 2022

Important Note

This release is intended for customers who have already upgraded to 2.11 and are experiencing one of the bugs listed below. Customers who have not yet upgraded to 2.11 should wait for a subsequent release to be announced in the coming weeks.

Enhancements

This release includes:

  • First Found and Last Found values now available for Remote Authenticated Scan results in Tanium Connect exports.
  • Changed the order of charts on the Overview page to be consistent with the order on the Findings page.
  • First Found value now resets if finding is resolved and then found again.

Bug Fixes

  • Fixed an issue with engine updates sometimes targeted to All Computers.
  • Fixed an issue with Comply incorrectly displaying a banner saying that the Comply license expires within the next two weeks.
  • Fixed an issue with default assessments not running or returning data.
  • Fixed an issue with the "Comply - Compliance Percentage" sensor returning values of type Text instead of Integer.
  • Fixed an issue with Comply sensors failing with "JSON parsing error" on AIX endpoints.
  • Fixed an issue with creating vulnerability assessments using custom sources and no operating system selected.
  • Fixed an issue with the Managed Endpoints with High Vulnerabilities chart not updating quickly enough.
  • Fixed an issue with the "Comply - Has High Vulnerabilities" sensor always returning "Vulnerabilities found."
  • Fixed an issue with endpoints not honoring the debug flag.
  • Fixed an issue with jar files incorrectly being written to /tmp.
  • Fixed an issue with assessments failing on MacOS with the error "Not a supported flavor of Unix: UNKNOWN."
  • Fixed an issue with errors deleting assessments.
  • Fixed an issue with Remote Unauthenticated Scan assessment results not being saved if "Comply - CVE Findings - First Found" and "Comply - CVE Findings - Last Found" sensors are not being harvested.
  • Fixed an issue with Connect jobs failing with "Connection Failed. Cleanup required for connectionId."
  • Fixed an issue with assessments failing with "Could not extract protected JRE."

Known Issues

  • Some low-resource mode assessment may never complete due to taking longer than the time between Tanium Client restarts.
  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.

Security Update

This release includes security updates. For details, including affected versions and mitigation information, see the Tanium Support Portal, or contact your TAM.

Tanium Comply 2.11.748

Release Date: March 21, 2022

Important Note

This release is intended for customers who have already upgraded to 2.11 and are experiencing one of the bugs listed below. Customers who have not yet upgraded to 2.11 should wait for a subsequent release to be announced in the coming weeks.

Enhancements

This release includes:

  • Removed unused "Distribute Downloads Over" custom setting.

Bug Fixes

  • Fixed an issue with loading the Findings page if the environment does not include the Tanium Discover module.
  • Fixed an issue with errors appearing on the Overview page if the environment does not include the Tanium Discover module.
  • Fixed an issue with scans failing to run boot::filesystem::create_directory.
  • Fixed an issue with CVE findings disappearing and reappearing.
  • Fixed an issue with running engines that contain dashes in the version number.
  • Fixed an issue with custom check results not being converted to lower case.
  • Fixed an issue with RAS scans failing to run due to settings not downloading to the satellite.
  • Fixed an issue with SCC scans failing with a COMPLY-FATAL result.
  • Fixed an issue with assessments failing to upgrade from the previous version.
  • Fixed an issue with the Delete button removing the wrong credentials.
  • Fixed an issue with the Tanium Scan Engine not updating to the new version.
  • Fixed an issue with the "Comply - Compliance Percentage" sensor returning an incorrect value on Linux endpoints.
  • Fixed an issue with assessment counts in flyout panels not showing correct values.
  • Fixed an issue with newer compliance scans overwriting results on endpoints with multiple assessments.
  • Fixed an issue with custom checks failing if they include the "get-localuser" command.
  • Fixed an issue with JRE failures on endpoints due to FailedToOpenZipFile error.
  • Fixed an issue with SCC scans failing after upgrade.
  • Fixed an issue with JREs targeting the wrong systems.

Known Issues

  • Comply incorrectly shows the license as expiring in the next two weeks.
  • Comply sensors fail on AIX with "JSON parsing error."
  • Default assessments do not return results after upgrading to 2.11.
  • Assessments do not run on some macOS endpoints after upgrading to 2.11.
  • Vulnerability assessments failing with Comply-Fatal message
  • Unable to delete some assessments
  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.

Tanium Comply 2.11.733

Release Date: February 22, 2022

Prerequisites

  • Tanium Interact 2.9.83 or later
  • Tanium Client Management 1.7 or later
  • Tanium Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
  • Tanium Discover 3.0 or later required for remote vulnerability reports
  • Tanium Trends 3.6 or later
  • Tanium Reporting service 1.3.12 or later
  • Tanium API Gateway 1.1.13 or later
  • Tanium Blob service 1.0.6 or later
  • Tanium RDB service 1.0.84 or later
  • Tanium System User service 1.0.40 or later

Supported Tanium Platforms

  • Tanium Server 7.4.1.1939 or later

Enhancements

This release includes:

  • New default report for all compliance findings.
  • The ability to filter on "% compliant" for unmanaged assets.
  • A progress bar when deleting assessments.
  • A change of labels from "Credentials" to "Credentials List."
  • More flexible status if only some endpoints fail in a remote assessment.
  • Clearer indication of steps needed to update engines.
  • New "Run On-Demand Scan" option for Assessments

Bug Fixes

  • Fixed an issue with the export of findings from unmanaged assets that are missing data.
  • Fixed an issue with invalid values in "Endpoints with High Vulnerabilities" chart.
  • Fixed an issue with "Comply Viewers" users getting errors when viewing remote assessment flyout panels.
  • Fixed an issue with creating remote assessments with no filters.
  • Fixed an issue with improper capitalization of values from the "Comply - Hygiene - Vulnerability Results" sensor.
  • Fixed an issue with assessments not retaining their schedule when "Distribute Over Time" is selected.
  • Fixed an issue with "Comply - Hygiene - Product Vulnerability Results" returning values for all CVEs instead of only applicable CVEs.
  • Fixed an issue with Tanium Connect not properly filtering by Type.
  • Fixed an issue with unscored CVEs not being included in assessments.
  • Fixed an issue with high CPU on TMS and unresponsive console for customers on Platform 7.5.2.x and with many assessments

Known Issues

  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.

Tanium Comply 2.11.686.0000

Release Date: January 25, 2022

Prerequisites

  • Tanium Interact 2.9.83 or later
  • Tanium Client Management 1.7 or later
  • Tanium Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
  • Tanium Discover 3.0 or later required for remote vulnerability reports
  • Tanium Trends 3.6 or later
  • Tanium Reporting service 1.3.12 or later
  • Tanium API Gateway 1.1.13 or later
  • Tanium Blob service 1.0.6 or later
  • Tanium RDB service 1.0.84 or later
  • Tanium System User service 1.0.40 or later

Supported Tanium Platforms

  • Tanium Server 7.4.1.1939 or later

Enhancements

This release includes:

  • The ability to run remote authenticated scans for both compliance and vulnerability assessments. Remote authenticated scans allow users to obtain information from unmanaged and unmanageable endpoints. Remote authenticated scans take advantage of satellites. [1] Satellites are Tanium Clients that have been promoted, allowing them to run special workloads, including securely handling credentials and scanning remote networks.
  • Endpoint now uses Tanium's client extension (CX) architecture.
  • Added support for scanning Cisco (IOS, IOS-Xe, ASA) devices.
  • Added support for scanning VMware ESX and ESXi servers.
  • Added support for scanning Microsoft Windows Server 2022.
  • Added support for scanning Microsoft Windows 11.
  • Added support for MacOS 12.

Other Tanium solutions required for remote authenticated scanning

  • Tanium Direct Connect 2.1 or later
  • Tanium Discover 4.5 or later
  • Tanium Interact 2.9.87 or later

Important Notes

  • Due to the change to use CX, any endpoints that have not yet updated their tools to 2.11.* will not be able to run scans and their results will not show in the workbench until they have been updated.

Known Issues

  • Remote authenticated scans do not support assessment-age-based scheduling at this time.
  • After upgrade, while tools are deploying and data is migrating, it may take time for Findings to be complete.
  • System Vulnerability and System Compliance vectors in Tanium Risk may not align with Comply Findings for some endpoints until the next assessment targeting those endpoints is complete.
  • The "First Found" and "Last Found" sensors do not yet return values for RAS results.
  • RAS findings for some device types (including Cisco IOS) are not processed by the Comply service. Devices that return their IP address with a "/subnetmask" identifier cause the service to error when processing the RAS results. The scan may complete successfully, but findings never appear in the Comply UI.