IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Patch (Version 3.3)

From Tanium Knowledge Base
Jump to navigation Jump to search

Tanium Patch 3.3.195.0000

Release Date: 15 June 2021

Resolved Issues

  • Fixed an issue that allowed enough time for group policy or some other tool to change required Windows Update related registry settings between when Tanium Patch configures the settings and a post-deployment scan.
  • Fixed an issue that could prevent some Patch module configurations from reaching non-English language endpoints.
  • Removed RPM database verification checks from the Tanium Patch process on RPM based Linux distributions to reduce the chance of RPMDB corruption.
  • Fixed an issue that could cause the "Sync Tanium Scan for Windows Databases" job to fail.
  • Fixed an issue that could prevent new Windows patches from getting scanned for or deployed.

Known Issues and Workarounds

Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+

Tanium Patch 3.3.190.0000

Release Date: 8 June 2021

Improvements

  • Miscellaneous Patch workbench and service performance improvements.

Resolved Issues

  • Fixed an issue that caused Windows 10 1809 and Windows Server 2019 endpoints to stop reporting new patches.
  • Fixed an issue that occasionally caused certain Patch activities to hang on the server side, thus preventing data from updating in the workbench.
  • Fixed an issue that prevented re-released patches from updating their release date.
  • Fixed an issue that prevented Tanium Scan for Windows from syncing with a WSUS server.  Note: Syncing against a WSUS server only produces the online download URLs and does not yet address air-gapped networks. 
  • Fixed a rare race condition that could lead to the TSW sync service not starting after a Patch module upgrade/installation. 

Known Issues and Workarounds

Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+

Tanium Patch 3.3.183.0000

Release Date: 20 April 2021

Improvements

  • Workbench performance improvements through more efficient job polling.
  • User interface improvements on the Deployment creation page.

Security Update

This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Resolved Issues

  • Fixed an issue that could cause validation errors after enabling RPM Linux Patch functionality.
  • Fixed an issue that could prevent stopping deployments to deleted computer groups.
  • Fixed an issue that caused deployments to some SUSE versions to throw an error when identifying packages to download.

Known Issues and Workarounds

Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+

Tanium Patch 3.3.176.0000

Release Date: 13 April 2021

Improvements

  • Added WSUS Server sensor.
  • Added Windows Automatic Update Status sensor.
  • Added Patch Installation History sensor (currently Windows Only).
  • Added Patch - Last Scan Duration sensor (currently Windows Only).
  • Added Operating System Full Build Number sensor (currently Windows Only).
  • Added Patch - Offline CAB Build Date sensor.
  • Added Patch - Offline CAB Days Old sensor.
  • Added Patch - Requires WSP Cleanup sensor and Patch - Clean Up WSP Files package to assist in endpoint cleanup from the legacy Windows Security Patch (WSP) solution.
  • Added Windows Update Reset package to assist with endpoints returning Windows Update-related errors.

Resolved Issues

  • Fixed an issue that could allow multiple TPython processes to launch during a Tanium Scan, resulting in scan errors.
  • Fixed an issue that could allow administrators to modify block lists that are enforced on groups that they did not have access to.
  • Fixed an issue that could cause direct downloaded patches to get into an install loop if the patch was uninstalled at some point after a Patch deployment first installed it.
  • Fixed an issue that caused individual patches to be selected when reissuing or cloning a deployment that uses a Patch List (Windows or Linux) or the All Updates/All Security Updates (Linux only) options.
  • Fixed an issue with Patch - Applicable Patches by Year, thus ensuring complete and accurate counts.
  • Fixed an issue that caused an error when a deployment was targeted to a computer group or targeting filter using a parameterized sensor.
  • Fixed an issue where the Patch home page could fail to load under rare circumstances.
  • Fixed an issue that allowed targeting expansion in deployments using Targeting Criteria when the Filter Builder was used to target an empty group.
  • Fixed an issue where patch lists could not be created unless the user had unnecessary permissions for the Patch Content Set.
  • Fixed an issue where the Patch database could become unexpectedly locked under rare circumstances, causing the workbench to become unusable.
  • Fixed an issue that led to excessive load, 504 errors, and occasionally noticeable workbench performance issues when editing patch lists, block lists, and deployments, and then opening the preview page.

Known Issues and Workarounds

Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+

Tanium Patch 3.3.158.0000

Release Date: 16 March 2021

Improvements

Patch lists are now split into individual configurations that get delivered to endpoints individually instead of all getting delivered as one larger configuration.

Security Update

This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Resolved Issues

  • Fixed an issue that led to excessive load, 504 errors, and occasionally noticeable workbench performance issues when editing patch lists, block lists, and deployments, and then opening the preview page.
  • Fixed an issue that prevented Filter Groups from being selected when a Targeting Question is used.

Known Issues and Workarounds

  • Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.
  • Targeting a deployment by question and using a parameterized sensor can result in a user interface error when attempting to display the deployment preview. The deployment can still be created successfully.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+

Tanium Patch 3.3.153.0000

Release Date: 9 March 2021

Improvements

  • Removed Python 2.x as a module dependency. Users should ensure they have created security exclusions to allow Tanium processes to run with Python 3.x.
  • Removed deployment configurations for endpoints that fall out of targeting scope.
  • Removed deployment configurations from endpoints after deployments end or are stopped. This results in a performance improvement for the Patch process on endpoints.
  • Added logic to retry all failed post-deployment scans up to five times to ensure deployment status/results are accurate and that reboots are processed correctly.
  • Added new drill down reports to deployment details pages.
  • Improved performance while gathering patch list applicability data to reduce the likelihood of workbench performance problems leading to route timeouts and errors.
  • Added `Windows Update Error: -2147024894 ERROR_FILE_NOT_FOUND` to the list of retryable scan errors.
  • Added a 50 patch limit for manually selected patches that can be added to a deployment. Patch lists and rules should be used instead.
  • Added a 10 MB default log size parameter in the "Patch - Set Patch Process Options - Linux.”
  • Added an additional warning message on migrated Linux objects, notifying administrators that they are limited to the original target operating system.
  • Added the ability to select all products in any parent category in the Tanium Scan for Windows configuration.
  • Require Log Level to be defined when deploying the Patch - Set Patch Process packages.
  • Reduced noise in logs during Windows Tanium Applicability Scan.
  • Added a timezone offset to the timestamps in Patch endpoint logs.
  • The Update CAB Button now also checks for updates to the wsusscn2.json and tsw-timestamp.xml files.
  • Notify Patch users that the required prerequisite modules are missing if the minimum versions are not installed.
  • Added many user interface/usability enhancements and bug fixes.

Resolved Issues

  • Fixed an issue that prevented Filter Groups from being selected when a Targeting Question is used.
  • Fixed an issue that could prevent Patch direct downloads from failing back to download from Tanium in certain circumstances.
  • Fixed a user interface issue that caused superseded patches to display in a patch list preview even when superseded patches were not selected.
  • Fixed an issue that caused deployment preview counts to switch between targeted systems and all systems.
  • Fixed an issue that caused imported patch lists to be added to the Content Set ID from the source environment, instead of the expected Content Set in the destination.
  • Fixed an issue that caused sensor errors for some non-English language machines.
  • Fixed an issue that caused the maintenance window preview for "Next 5 Instances" to adjust for Daylight Savings time change even if "Use endpoint local time" was selected.
  • Fixed an issue that caused the Patch - Deployment Status sensor to return an error if deployment configurations were missing.
  • Fixed an issue that caused the Patch Tools to not install on certain non-English language endpoints.
  • Fixed an issue that could prevent deployment statuses and deployment results from returning if deployment configurations had been cleaned up on endpoint.
  • Fixed an issue that prevented Patch Operators and Patch Super Users from creating deployments using "Targeting Criteria."
  • Fixed an issue that prevented the Patch Operator role from initializing endpoints.
  • Fixed an issue that triggered errors when certain columns were removed in the patches grid.
  • Fixed an issue that could cause deployments to loop when patches were missing URLs (like from MS Online Scans).

Known Issues and Workarounds

  • Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.
  • When editing patch lists, block lists, and deployments, opening the preview section can lead to excessive API calls to the Patch service. Eventually, 504 errors may be displayed in the Patch workbench and workbench performance will be affected for all users. To avoid this issue, only open the preview section briefly to save the item you are editing instead of leaving the preview page open.
  • Targeting a deployment by question and using a parameterized sensor can result in a user interface error when attempting to display the deployment preview. The deployment can still be created successfully.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+