IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Patch (Version 2.3)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. This article documents changes between releases of Tanium Patch.

Tanium Patch 2.3.12.0008

Release Date: 6 February 2020

Feature Improvements

  • This release adds support for the 7.4 version of the Tanium Client, including updates to the python runtime version and supporting libraries.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.

Known Issues and Workarounds

  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.
  • Patch tools installation will fail on Tanium Client version 6.0.x.

Supported Tanium Platforms

Tanium Server 7.2, 7.3, 7.4

Tanium Patch 2.3.11.0007

Release Date: 28 January 2020

Bug Fixes

  • Fixes a bug that could cause deployments to get stuck in the Downloading status.
  • Fixes a bug that could cause the Patch workbench to respond very slowly.
  • Fixes a bug that required the operator to manually re-initialize each enforced scan configuration after upgrading Tanium Patch.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.

Known Issues and Workarounds

  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.
  • Patch tools required for Windows Tanium Scan will fail to install on Tanium Client version 6.0.x.

Supported Tanium Platforms

Tanium Server 7.2, 7.3

Tanium Patch 2.3.10.0002

Release Date: 17 December 2019

Security Update

This release includes security updates. For details, including affected versions and mitigation information, see the Tanium Support Portal, or contact your TAM.

Bug Fixes

  • Fixes an issue which was created by the November Microsoft Scripting Engine patch causing cscript.exe to consume a growing amount of system memory over time.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.

Known Issues and Workarounds

  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.
  • After upgrading to Tanium Patch 2.3.10.0002 the operator will need to manually re-initialize each enforced Scan Configuration.
  • Patch tools required for Windows Tanium Scan will fail to install on Tanium Client version 6.0.x.

Supported Tanium Platforms

Tanium Server 7.2, 7.3

Tanium Patch 2.3.9.0112

Release Date: 12 December 2019

Bug Fixes

  • Fixed a bug that could cause Tanium Scan syncs to fail.
  • Fixed a bug that could cause Tanium Scan scans to fail.
  • Fixed a bug that could cause Tanium Scan scans to report incorrect results.
  • Fixed a bug that could cause failure to restore endpoint registry after a Tanium Scan starts.
  • Fixed a bug that could cause the installation of endpoint tools to fail on RHEL and CentOS systems.
  • Fixed a bug that could cause Linux Patch scans to fail.
  • Fixed a bug that could cause an install loop for certain Windows patches.
  • Fixed a bug that caused files downloaded by the Airgap Downloader tool to have corrupt timestamps.
  • Fixed a bug that could cause systems to report Waiting For Maintenance Window when they were in a valid Maintenance Window.
  • Fixed a bug that caused the Deployments view to load very slowly.
  • Fixed a bug that could cause Tanium Patch Saved Questions to linger when they should be removed.
  • Fixed a bug that could cause blacklisted patches to be downloaded unnecessarily.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.

Known Issues and Workarounds

  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.
  • Patch tools required for Windows Tanium Scan will fail to install on Tanium Client version 6.0.x.

Supported Tanium Platforms

Tanium Server 7.2, 7.3

Tanium Patch 2.3.8.0333

Release Date: 30 July 2019

Prerequisites

  • Red Hat and CentOS endpoints now require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.

Feature Improvements

  • A new Windows scan technique is now available as a limited availability feature.
    • Tanium Scan for Windows leverages the Tanium Linear Chain Architecture for scanning, downloading, and updating patches. Based on target Windows Products and Classifications configured in the workbench, Tanium synchronizes metadata from a targeted upstream Tanium Scan Source. Windows endpoints request metadata and patch files to download. Tanium acts as a proxy and pulls the patch files from external locations, and distributes the files and metadata to endpoints via client API.
    • The Tanium Scan for Windows feature can be enabled in the Patch Settings.
    • Enabling the Tanium Scan for Windows feature should not be done without consulting with your Tanium Technical Account Manager.
    • Tanium Scan for Windows is not currently supported in airgap environments.
  • Package Version Enforcement is now available as a limited availability feature.
    • The Package Version Enforcement feature applies only to CentOS/RHEL Patch List deployments and Individual Patch deployments. The default CentOS/RHEL deployment behavior installs the latest available package version. When you enable this option, Patch List deployments and Individual Patch deployments install the package version listed on a patch.
    • Required package dependencies that do not specify a version are still installed at the latest available version.
    • The Package Version Enforcement feature can be enabled in the Operating Systems tab of the Patch Settings.
    • Enabling the Package Version Enforcement feature should not be done without consulting with your Tanium Technical Account Manager.
  • A new sensor is now available.
    • The Patch - Patch List Compliance sensor determines if an endpoint is compliant with respect to each Patch List defined in an environment.

Bug Fixes

  • Fixed a bug that could cause an endpoint to incorrectly determine its last reboot time, leading to an endpoint continually rebooting.
  • Fixed a bug that caused incorrect targeting of Tanium Patch saved questions.
  • Fixed a bug that caused an incorrect date to be shown in the Microsoft Offline CAB File Information card on the Tanium Patch home page.
  • Fixed a bug that caused Tanium Scan RHEL/CentOS deployments to fail.
  • Fixed a bug that caused the Tanium Patch workbench to show multiple Linux sub tabs.

Known Issues and Workarounds

  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.
  • Patch tools required for Windows Tanium Scan will fail to install on Tanium Client version 6.0.x.

Supported Tanium Platforms

Tanium Server 7.2, 7.3

Tanium Patch 2.3.7.0218

Release Date: 09 April 2019

Feature Improvements

  • Airgap management is now available in the Tanium Patch module.
    • Configuration is managed in the Airgap Configuration top rail settings.
    • Users can configure an Alternate File Location where Patch files are staged.
    • The Airgap Download executable can be downloaded from the Airgap Configuration page.
    • A manifest of files to be staged can be exported from the Airgap Configuration page.
    • Please review Airgap Documentation for detailed instructions: https://docs.tanium.com/patch/patch/downloading_airgap.html
  • Improved the Repository selection widget in the Scan Configuration UI.
  • Improved cleanup of Tanium Patch managed repository data on endpoints.
    • The user can now search repositories by name and URL directly in the selection widget.
  • Improved accuracy of Tanium Patch Saved Question data gathering.
  • Updated the Service Account UI to match the standard Service Account UI established across Tanium product modules.

Bug Fixes

  • Fixed a bug that caused the deployment reissue button to fail.
  • Fixed a bug that caused failed Linux scans to retry immediately.
  • The Patch service will no longer write to the Windows default temp directory.
  • Linux Patch workbench URLs are now consistent regardless of Tanium or Repository Scan selection.
  • Fixed a bug that caused failed Linux scans to report incorrect status.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • Changes to the Patch Action Group are not persisted to the Patch Statistic saved question. The saved question must be manually deleted, then click Initialize Endpoints on the Tanium Patch home page.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.6.0021

Release Date: 05 February 2019

Feature Improvements

  • Improved Linux scanning, significantly reducing the number of HTTP requests to YUM repositories.

Bug Fixes

  • Fixed a bug that caused incorrect reporting when targeting Linux deployments by computer name.
  • Fixed a bug that caused Linux scan errors to persist.
  • Fixed a bug that caused Linux deployments to fail.
  • Fixed a bug that resulted in the type of CentOS patches to be incorrect.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause initialization to fail.
  • Changes to the Patch Action Group are not persisted to the Patch Statistic saved question. The saved question must be manually deleted, then click Initialize Endpoints on the Tanium Patch home page.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.5.0123

Release Date: 22 January 2019

Feature Improvements

  • Tanium Patch support for the Red Hat and CentOS operating systems is now generally available.
    • Tanium Patch support for the Red Hat/CentOS operating systems can be enabled in the Settings section of the Tanium Patch Workbench.
    • Enabling additional Operating Systems should not be done without consulting with your Tanium Technical Account Manager.
    • Enabling Tanium Patch for the Red Hat/CentOS operating systems requires a minimum Tanium Platform version of 7.2.314.3235.
    • Red Hat/CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
    • Red Hat/CentOS supported operating systems include: Red Hat 6, Red Hat 7, CentOS 6, CentOS 7
    • Two scan techniques are available to supported Linux Operating systems: Tanium Scan and Repo Scan.
      • Repo Scan leverages existing customer infrastructure for scanning, downloading, and updating patches. The "Repo Scan" configuration commands the endpoints to scan against the configured YUM Repository defined in the endpoint configuration files. Global YUM Repository configuration files are located in the /etc/yum.repos.d/ directory for CentOS and RHEL systems.
      • Tanium Scan leverages the Tanium Linear Chain Architecture for scanning, downloading, and updating patches. Based on target repositories defined in the Tanium workbench or defined locally in the endpoint's YUM configurations, Linux endpoints request patch files and metadata to download. Tanium acts as a proxy and pulls the requested metadata and patch files from external repositories, and distributes the files to endpoints via client API.

Bug Fixes

  • Fixed a bug that could cause deleted computer groups to be displayed in Tanium Patch computer group dropdown lists.
  • Fixed a bug that caused Linux scans to fail.
  • Fixed a bug that caused Linux deployments to fail.
  • Fixed a bug that caused Windows uninstalls of cumulative updates to fail.
  • Fixed a bug that resulted in incorrect maintenance windows summary text.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch limited availability feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause Initialization to fail.
  • On Linux endpoints if the error 'There are no enabled repositories' is detected, it will persist. The error file must be deleted manually after the error is resolved.
  • When targeting Linux deployments by computer name, results are reported for all computers in the limiting group.
  • Changes to the Patch Action Group are not persisted to the Patch Statistic Saved Question. The Saved Question must be manually deleted, then click Initialize Endpoints on the Tanium Patch Home page.
  • The derived type for CentOS patches may be incorrect.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.4.0268

Release Date: 8 January 2019

Security Update

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Known Issues and Workarounds

Tanium Patch 2.3.4.0266

Release Date: 11 December 2018

Linux Patch LA customers must complete the following action before upgrading

  • Delete any Whitelisted URL Regular Expressions containing the expression repomd.

Feature Improvements

  • Scan Windows feature is now available. Operators can restrict the starting of individual Patch Scans to specified windows.
  • The Patch CAB file can now be updated on demand via an Update CAB button on the Patch home page.
  • The editing of Scan Configurations, Blacklists and Maintenance Windows can now be disabled in the Patch settings.
  • Patch Initialization has been enhanced, solving many initialization problems and removing the need to click Initialize Endpoints after upgrade.

Bug Fixes

  • Fixed a bug in the creation of Whitelisted URL entries.
  • Downloaded RPM files are now cleaned up upon deployment completion.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Enabling the Red Hat/CentOS Patch limited availability feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause Initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.3.0010

Release Date: 13 November 2018

Bug Fixes

  • Fixed a bug that caused Patchlist Applicability saved questions to be missing.
  • Fixed a bug that caused saved questions to be recreated unnecessarily.
  • Fixed a bug that caused deployment targeting by source question to not function properly on Tanium platform version 7.3.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • After you import or upgrade to Patch 2.3, you must click Initialize Endpoints.
  • Enabling the Red Hat/CentOS Patch limited availability feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause Initialization to fail.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.2.0005

Release Date: 23 October 2018

Feature Improvements

  • Added support for the alternate "Yes/Cancel" confirmation dialog option, required for some SAML configurations.

Security Update

This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Additional Information

This release includes an update to the python interpreter that runs in the Tanium Client. It may take until the next Tanium Client reset (up to 4 hours) before the python interpreter is available after updating the Patch tools on an endpoint.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • After you import or upgrade to Patch 2.3, you must click Initialize Endpoints.
  • Enabling the Red Hat/CentOS Patch limited availability feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause Initialization to fail.
  • On Tanium platform version 7.3, deployment targeting by source question does not function properly.
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.1.0035

Release Date: 2 October 2018

Feature Improvements

  • Modified file download process to work optimally with WSUS and Microsoft Update Scan Techniques.
  • Default CentOS/RHEL YUM repositories are now immediately available for selection.
  • Improved the speed of CentOS/RHEL scanning.

Bug Fixes

  • Fixed a bug where removing an existing custom severity file from the Custom Field tab in the Patch settings without uploading a new custom severity file caused scans on the endpoint to fail.
  • Fixed a bug that caused endpoints to scan against an old CAB file.
  • Fixed a bug that caused the Patch process to fail on the endpoint when a patch list assigned to a stopped deployment was deleted by the user.
  • Fixed a bug in CentOS/RHEL deployment statuses where machines were incorrectly placed in Pre-Deployment Scan.
  • Fixed an error where the Tanium Patch home page showed the loading spinner forever when there are no patches in the All Patches patch list.
  • Fixed a Bug where Stopped deployment saved actions did not have the proper end time. The saved action end time is now set to the stopped time + 14 days.
  • Patch - Scan Priorities saved actions are now created when scan configurations are enforced and/or re-prioritized.
  • Improved the accuracy of CentOS/RHEL scanning.
  • Improved error reporting for CentOS/RHEL scan failures.
  • CentOS/RHEL Tanium Scans now only download necessary metadata files.
  • Users can no longer choose duplicate repositories when creating a CentOS/RHEL scan configuration.
  • The Downloading status for scan configurations is now correctly reported by the Patch - Enforcement Status sensor.
  • The Patch - Yum Repositories sensor now only returns enabled repos configured with a valid baseurl.
  • An Initialization activity could get stuck while syncing packages due to a bad timeout setting. The timeout is now 5 minutes and 30 seconds.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • After you import or upgrade to Patch 2.3, you must click Initialize Endpoints.
  • Enabling the Red Hat/CentOS Patch limited availability feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause Initialization to fail.
  • On Tanium platform version 7.3, deployment targeting by source question does not function properly.
  • Does not support SAML based authentication
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Tanium Patch 2.3.0.0028

Release Date: 18 September 2018

Feature Improvements

  • Improved return values for the Applicable Patches and Patch - Installation State sensors. These sensors now return "No Scan Results Found" when the endpoint does not have scan results.
  • Adding endpoint caching for patch list applicability calculations to RHEL/CentOS endpoints.
  • Moved configuration of YUM repositories from within the Scan configuration to the YUM Repositories tab in the Patch Settings.
  • Implemented the Patch - Deployment Errors sensor for CentOS/RHEL.

Bug Fixes

  • Fixed a bug that caused creation of Tanium Patch packages to fail on 7.3 platform versions.
  • Fixed a bug that caused service logs to not correctly follow log rotation.
  • Fixed a bug where the Default Bin Count setting was not displayed in the UI.
  • Fixed a bug in CentOS/RHEL scan that resulted in incorrectly reporting patch applicability for packages with epoch greater than 1.
  • Fixed a bug in CentOS/RHEL that could result in deployment errors when using blacklists.
  • Fixed UI bugs when using deployment templates.
  • Fixed a bug that caused Initialize Endpoints to time out while ensuring packages. The timeout was increased from 1 minute to ~3 minutes to wait for packages to cache.
  • Fix a bug that caused the Patch List Applicability sensor to not account for blacklisted patches for CentOS/RHEL.

Known Issues and Workarounds

  • This release is available only on Tanium platform versions 7.0 and higher.
  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using an air-gapped environment with an offline CAB file, you must upload the wsusscn2.cab and MS-CVEs.dat files to the Patch - External File References package. Optionally, use the WSUS scanning method.
  • If you are using Windows XP or Windows XPx64, you might need to run a Windows Agent upgrade for reliable scanning and patch deployment.
  • Removing an existing custom severity file from the Custom Field tab in the Patch settings without uploading a new custom severity file causes scans on the endpoint to fail.
  • After you import or upgrade to Patch 2.3, you must click Initialize Endpoints.
  • Enabling the Red Hat/CentOS Patch limited availability feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Red Hat and CentOS endpoints require a minimum Tanium Client Version of 6.0.314.1554 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from Patchlist and Blacklist rule expressions on save.
  • Creating a Patchlist or Blacklist with an empty rule expression will cause Initialization to fail.
  • On Tanium platform version 7.3, deployment targeting by source question does not function properly.
  • Does not support SAML based authentication
  • When configuring Computer Groups for Visibility, there is a known issue that can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance Windows configured to repeat monthly in the operator's browser time may display incorrect summary and upcoming maintenance windows.

Supported Tanium Platforms

Tanium Server 7.0, 7.1, 7.2

Product Documentation and Resources