Change Guardian 5.2 Release Notes

December 2019

Change Guardian 5.2 includes new features, improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Change Guardian forum in the NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product, see the NetIQ Downloads website. To download patches for this product, see the Patch Finder website.

1.0 What’s New?

The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:

1.1 Change Guardian Dashboard

Change Guardian 5.2 introduces a dashboard that provides a quick overview about change events in your enterprise network. You can analyze change information based on specific applications. You can also view the top factors contributing to those change events such as users, policies, and assets. The dashboard helps you visualize change events in charts as well as analyze the event details in a grid view. You can click any of the data points in the visualization and get to the detailed and focused information in the grid view for further analysis. Thus, the dashboard helps you get the information of your interest in a single user interface without having to navigate through several user interfaces.

1.2 Monitoring Dell EMC

Change Guardian can now monitor the following Dell EMC platforms:

  • Isilon

  • Unity

1.3 Monitoring Microsoft Exchange

Change Guardian can now monitor the following in Microsoft Exchange:

  • Exchange settings

  • Mailbox accounts

  • Mailbox messages

  • Management role groups

1.4 Additional Azure Active Directory Objects Monitoring

Change Guardian can now monitor the following objects in Azure Active Directory:

  • Application

  • Administrative units

  • Directory events

  • Devices

  • Resources

  • Policies

1.5 Enhancements to Agent Manager

Agent Manager provides the following new capabilities:

  • You can upload agent packages and Policy Editor packages when Micro Focus provides bug fixes and improvements to Security Agent for Windows, Security Agent for UNIX, or Policy Editor.

  • You can collect logs from Security Agent for Windows and Security Agent for UNIX for debugging purposes.

1.6 Updates to Supported Platforms

There are several updates to the list of operating systems that Change Guardian supports.

For more information about supported platforms, see System Requirements for Change Guardian 5.2.

Support for New Operating Systems

Change Guardian traditional installation is now supported on the following platforms:

  • Red Hat Enterprise Linux Server 7.6

  • Red Hat Enterprise Linux Server 6.10

  • SUSE Linux Enterprise Server 12 SP4 64-bit

Support for New Event Sources

Change Guardian now supports the following versions of event sources:

  • Security Agent for UNIX 7.6.2

  • Windows Server 2019

  • Windows Active Directory in Windows Server 2019

  • Group Policy in Windows Server 2019

1.7 Software Fixes

Change Guardian 5.2 includes software fixes that resolve several previous issues.

Events Not Generating for Group Policy Administrative Templates

Issue: In Change Guardian 5.1 and 5.1.1, events are not generated when you enable or disable a Group Policy administrative template. (Bug 1144643)

Fix: Events on Group Policy administrative template are generating correctly in Change Guardian.

Policy Editor Crashes While Browsing File System

Issue: When you create a policy and browse to enter the path of a directory, Policy Editor crashes with the following error message: Unable to load DLL iqcdwrapper.dll. Attempt to access invalid address. (Bug 1132877)

Fix: You can now successfully browse to files or directories in Policy Editor while creating a policy.

Not Receiving Emails on Reports and Event Routing

Fix: While configuring email host settings, use --secure-connection option to configure SMTP to use STARTTLS protocol. (Bug 1134494)

Change Guardian Does Not Receive Events when the EPS is High

Issue: Monitoring large number of files and directories overloads the Change Guardian for Windows Agent, if the EPS is over 1500. (Bug 1129645)

Fix: Change Guardian is receiving events from Change Guardian for Windows Agent with a high EPS count.

Difficulty Identifying Delta Information

Issue: Interpreting the delta information for file integrity events is difficult due to its presentation. (Bug 1056716)

Fix: The file integrity events are well color-coded for better readability.

Mapping Events to Change Guardian Event IDs

Issue: The event IDs generated from Active Directory, Group Policy, and Microsoft Windows does not map to the Change Guardian event IDs. (Bug 1088767)

Fix: Change Guardian provides TargetEventIdentifier attribute in the event details to allow you to filter the event details by the event identifier.

Digital Signature Error Reported in Agent Log

Issue: Installing Change Guardian Agent for SecureBoot enabled Windows fails with a digital signature error. On the other hand, Change Guardian Agent for Windows does not generate events and Change Guardian agent logs reports that the digital signature for cgwmf.sys file cannot be verified. (Bug 1149862, Bug 1137005)

Fix: This issue is resolved by replacing a Microsoft attested copy of cgwmf.sys file.

1.8 Documentation Updates

Based on issues reported by customers, the following sections have been updated in the documentation for better clarity.

2.0 System Requirements

For information about hardware requirements, supported operating systems, and browsers, see Change Guardian 5.2 System Requirements.

3.0 Installing Change Guardian 5.2

You can perform traditional installation of Change Guardian 5.2 on supported platforms. For more information about the installation procedure, see Traditional Installation.

IMPORTANT:To create a new instance of Change Guardian 5.2 appliance, you must first install the Change Guardian 5.1 appliance base image available in the Change Guardian 5.2 downloads page and then apply the latest product and operating system updates from the appliance channel.

4.0 Upgrading to Change Guardian 5.2

You can upgrade to Change Guardian 5.2 from Change Guardian versions 5.1 and 5.1.1. For information about the upgrade procedure, see Upgrading Change Guardian in the Change Guardian Installation and Administration Guide.

5.0 Known Issues

Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

5.1 Issues with Azure Active Directory For Change Guardian

Change Guardian is unable to generate events from Azure Active Directory for the following events and attributes:

  • Groups

    • Create Group Settings

    • Update Group Settings

    • Delete Group Settings

    • Set group managed by

  • Group Attributes

    • Is Membership Rule Locked

NOTE:Change Guardian does not support the following:

  • Consolidating multiple events into a single event for Update user and Update group events.

  • Monitoring the managed groups.

5.2 Issues with DRA Coexisting with Change Guardian

Following are few issues with the DRA coexisting with Change Guardian:

  • Change Guardian events does not display the actual user name in the following scenarios:

    • When you define the computer account enabled or disabled, User account unlock policies.

    • When you make any modifications in the Group scope or Group Type.

    • When you make changes to the remote access permission in Dial In tab in DRA, two modification events are populated.The event shows User-Parameters in the delta.

  • Change Guardian events do not display the actual user name, when you make changes in the following tabs in DRA:

    • Account tab

    • Password tab

    • Member of tab

    • Terminal Services tab

    • Dial in tab

    • Call back tab

5.3 Internal Audit Events Go Only to Primary Event Destination in FIPS Mode

If you run Change Guardian in FIPS mode, internal audit events go only to the primary event destination. They do not go to any additional event destinations in your environment. (Bug 956881)

5.4 Change Guardian Server Cannot Connect to Data Sources in FIPS Mode

Issue: If the Change Guardian Server is running in FIPS mode, when you browse data source objects while creating a policy, you will receive a Could not connect to Windows Data Source error. (Bug 956886)

Workaround: You can avoid this error by manually entering the file paths in the policy. To find the file paths, log on to the computer you want to monitor, and then use the cd and dir commands.

5.5 Deleting an Asset with Agent Manager Does Not Delete All Components

Issue: If you use Agent Manager to delete an asset, Agent Manager does not delete the Change Guardian Agent component from the Installed Programs list in Windows. To remove all asset components completely, uninstall the Change Guardian Agent component from the computer, and then use Agent Manager to delete the asset from Change Guardian. (Bug 940340)

5.6 Manually Uninstalling an Agent Does Not Remove the Agent's Version Details from Agent Manager

Issue: If you manually uninstall an agent, Agent Manager continues to display version details for the agent. (Bug 946582)

Workaround: In Agent Manager, select the agent in the 'All Assets' group and delete it.

5.7 Active Directory Does Not Synchronize New User if the Account Name is the Same as a Deleted User

Issue: If you delete a user from Active Directory, and then create a new user with same account name, Active Directory does not synchronize the new user. (Bug 940781)

Workaround: None.

5.8 Default Database Service Port Must Be Used for Change Guardian Server

To successfully install Change Guardian 4.2 or later, you cannot modify the default Database Service port. (Bug 1049199)

5.9 AD Authentication Fails when ‘LDAP Require Signing’ Is Enabled for an Asset Supporting SSL Protocol

Issue: AD Authentication on SSL supported asset fails when you use the Agent Manager to add asset that has LDAP Require signing enabled.(Bug 983410)

Workaround: Perform the following steps:

  1. Enable TLS 1.1 or TLS 1.2 on your SSL enabled AD machine by adding the appropriate registry keys.

  2. Add the client certificate of your SSL enabled AD machine to the root keystore in the Change Guardian server.

  3. To add client certificate to root keystore, go to /opt/novell/sentinel/jdk/jre/lib/security and perform the following steps

    1. Copy the client certificate.

    2. Run the command - /opt/novell/sentinel/jdk/jre/bin/keytool -import -alias ourCA -file <client certificate> -keystore cacerts.

  4. When prompted, specify the default password.

  5. When prompted, specify yes for Trust this certificate?.

5.10 Exception After Changing Keystore Password With Specific Special Characters

Issue: When you upgrade Change Guardian to 5.2 and change the keystore database password with special characters, the following exception are displayed: Failed to initialize Communicator (Bug 1055428)

Workaround: None.

5.11 Cannot Filter Managed and Unmanaged Events Generated on Dell EMC Unity Storage

Issue: The Change Guardian dashboard does not display local user names in Dell EMC Unity storage. Change Guardian is not able to map the SIDs with the local user names of Unity storage. As a result, you cannot filter by managed or unmanaged events because the user names cannot be distinguished.(Bug 1157859)

Workaround: None.

5.12 NetApp Users Not Listed in Top Users

Issue: The Change Guardian dashboard does not list top NetApp users when you select All Application. (Bug 1157621)

Workaround: Find the top NetApp users by selecting NetApp as the application.

5.13 Event Diagnostics Not Supported for Security Agent for UNIX

Issue: The Assets Monitoring Failures report contains Windows assets only. It does not contain data related to UNIX assets. (Bug 906282).

Workaround: None.

5.14 The Change Guardian Dashboard Chart View Displays Incorrect Values

Issue: The chart view in the Change Guardian dashboard shows percentage beyond 100. (Bug 1157855)

Workaround: Refresh the dashboard to load correct values, and ensure that the Change Guardian dashboard computer and the agent computer have current time at the respective time zones.

5.15 Cannot View Alerts with IPv6 Data in Alert Views

Issue: Change Guardian alert views do not display alerts that have IPv6 addresses in IP address fields. (Bug 1153848)

Workaround: To view alerts with IPV6 addresses, perform the steps mentioned in NetIQ Knowledge base Article 7016555.

5.16 Cannot Expand Grouped Events If Event Name Contains Filter

Issue: In the Change Guardian dashboard, expanding grouped events fails with the following error message: Data Loading Error. The error occurs when the event name contains filter. (Bug 1154566)

Workaround: Search events by name if it contains filter.

5.17 Policy not Assigned After Restarting the Agent

Issue: After assigning a policy in Policy Editor, restarting the agent does not assign the policy successfully. The following error is logged in Change Guardian: TID:276 ERROR cgsmartprovider_task_teardown - Destroyed (CGSmartProvider_Consumer, 21-5): //C=2 (Bug 1152418)

Workaround: Restart the agent again.

5.18 Dell EMC File Events are not Generated if the Directory Name has .

Issue: If directory name has ., events are not generating for the directory or the files within. (Bug 1155067)

Workaround: None.

6.0 Legal Notice

Copyright © 2019 Micro Focus or one of its affiliates.

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.