IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Patch (Version 2.5)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. This article documents changes between releases of Tanium Patch.

Tanium Patch 2.5.1.0015

Release Date: 31 March 2020

Feature Improvements

  • Tanium Patch integrates with Tanium Trends to show Patch charts through the Trends initial gallery (Requires Tanium Trends 2.4.4 or later).
  • If you imported the Patch board in a previous release, and reimport the initial gallery after installing Patch 2.5.1, you might see a duplicate board for Patch. You can manually delete the following board after you reimport the initial gallery:
    • Patch Assessment (replaced with Patch)
  • The Patch board displays information about missing patches, SLA-based compliance reports, endpoint status, and scan errors.
  • The board also includes data leveraging new reporting capabilities for Patch, including Mean Time to Patch for workstations and servers.
  • The Mean Time To Patch board takes up to a day after initial import to display aggregated data.
  • Mean Time to Patch data is collected only for deployments created in Patch 2.5.1.0015 and later.
  • The Tanium Patch service account requires the Patch Service Account role for the Tanium Trends integration to work properly.
  • Adds several new sensors for enhanced reporting capability:
    • "Patch - Mean Time to Patch" returns the average number of days between patch release and patch installation.
    • "Patch - Has Aged Applicable Patches" returns whether an endpoint has applicable patches beyond a specified release date age.
    • "Patch - Has Recent Scan Results" returns whether an endpoint has successfully scanned within the specified number of days.
  • Update Tanium Client extension to 2.2.0.1114
    • Introduces a new binary for Windows endpoints, TaniumCX.exe that requires A/V exclusions. This new binary extends the features of the Tanium Client and enables dynamic loading of Tanium components.
      • This will require new anti-virus exclusions. Work with your TAM to ensure these are set up properly.
      • These changes were made to make the client extensions more robust, supportable, and allow more functionality than previously possible.
      • If you upgrade Patch or Reveal before upgrading Threat Response the ability of the Recorder to filter out Tanium Processes can perform incorrectly and scan cause them to be unexpectedly stored in the recorder.db. To ensure the Tanium Recorder's event filtering stays intact, please upgrade Threat Response at the same time or before Patch or Reveal.
      • Note: Installing this version of Tanium Client Extensions on an endpoint running Threat Response 2.2 or lower may cause issues with process exclusions. Please work with your TAM if you think this may impact you.

Bug Fixes

  • Fixes an issue causing the scan configuration priorities to contain duplicate scan configuration ids.
  • Fixes an issue where the "Patch Read Only User" role did not grant the appropriate Trends permission.
  • Fixes an issue and reduces the file sizes of the "Patch - Tools [Windows]" and "Patch - Tools [Linux]" packages.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.

Known Issues and Workarounds

  • If the ServerName value in the Tanium Server registry key has been changed from the default of 0.0.0.0, the Tanium Client might fail to download patches and experience higher than normal CPU usage.
  • If you are using Windows XP or Windows XP x64, you might need to run a Windows agent upgrade for reliable scanning and patch deployment.
  • Enabling the Linux Patch feature requires a minimum Tanium Platform version of 7.2.314.3235.
  • Linux endpoints require a minimum Tanium Client Version of 7.2.314.3476 to engage in Tanium Patch.
  • Leading and trailing whitespace is stripped from patch list and blacklist rule expressions on save.
  • Creating a patch list or blacklist with an empty rule expression will cause initialization to fail.
  • When configuring Computer Groups for Visibility, a known issue can prevent all available computer groups from being listed. The workaround is to use grid filtering to search for computer groups.
  • Maintenance windows configured to repeat monthly in the operator's browser time might display incorrect summary and upcoming maintenance windows.
  • Patch tools required for Windows Tanium Scan will fail to install on Tanium Client version 6.0.x.
  • Planned end-of-support for Windows versions in Tanium Patch: Tanium Patch version 3 is planned for release in 2020. Version 3.x will not support Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 (non-R2). Earlier versions of Tanium Patch will continue to function with older Windows versions; however, when version 3 is available, no new releases of Tanium Patch 2.x will be made.

Supported Tanium Platforms

Tanium Server 7.2, 7.3, 7.4

Support for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 (non-R2) in Tanium Patch will end with Tanium Patch version 3. Pre-3.0 versions of Tanium Patch will continue to function with these older operating systems, but no new releases with be made for Tanium Patch 2.x after Tanium Patch 3 is released. Tanium Patch 3 is expected to be released in May 2020 or later.