Parity 7.0.

0
Release Notes
Parity Build: 7.0.0.1228
Patch Number: 8
Document Version: 1.26
February 11, 2013

Bit9, Inc.
266 Second Ave, Waltham, MA 02451 USA
Tel: 617.393.7400 Fax: 617.393.7499
E-mail: support@bit9.com
Web: http://www.bit9.com

Copyright 2004-2013 Bit9, Inc. All rights reserved. This product may be covered under one or more patents pending. Bit9 and
Parity are trademarks of Bit9, Inc. in the United States and other countries. Any other trademarks and product names used herein
may be the trademarks of their respective owners.

Bit9 Communications Audit and Assessment

Introduction
Parity 7.0.0 Release Notes document provides information for users upgrading from previous
versions as well as users new to Parity. It consists of the following major sections:

Before you begin: This section describes preparations you should make before beginning
the installation process for Parity Server.
Parity 7.0: New and modified features: This section describes major changes since 6.0.2
and should be read by all users.
Corrective content: This section describes issues resolved by this release as well as more
general improvements in performance or behavior.
Known issues and limitations: This section describes known issues or anomalies in Parity
7.0.0 that you should be aware of.
Contacting Bit9 support: This section describes ways to contact Bit9 Technical Support
and the information to have prepared to troubleshoot a problem.

This document is a supplement to the main Parity documentation.

Important information
Versions of Parity at Patch 8 and above contain important changes to the handling of Bit9s
digital certificates. We strongly recommend that you upgrade the Parity Server and then
upgrade all Parity Agents from prior versions as soon as is practical. Please contact Bit9 Support
if you have additional questions.

About your shipment

Your Parity distribution includes the Parity Server installation program and documentation files.
Parity Server custom-generates custom agent installation packages at your site for each
protection policy you define, so no separate agent installer is needed in the original distribution.

Documentation
Your Parity documentation set consists of online PDF file included with the product distribution
and also available in the support area of the Bit9 web site.

Installing Parity: Provides instructions for installing and configuring the Parity Server and
Parity Agent.
Using Parity: Describes Parity operation, including step-by-step instructions for
administration and configuration tasks. Management topics for computer systems,
including agent installation, are also covered.
Parity Events: Integration Guide Describes the events that are generated, tracked,
stored, and accessible through the Parity system, and the ways you can access Parity
event data outside of the Parity Console user interface.

Parity 7.0 Release Notes

2013-02-11

Page 2

Before you begin

This section describes preparations you should make before beginning the installation process
for Parity Server. These include actions you should take before installing Parity Server,
preparations you should make for configuring the server after installation, and general
information you should know about server and agent. It contains information that applies to
upgrades and new installations.

System requirements
The most current Operating Environment Requirements for Parity 7.0 are provided in a separate
document which is readily available in the support area of the Bit9 web site.
Both upgrade and new customers should be sure to meet the requirements before proceeding.

Additional downloads
This section contains links to download additional software that may be required to install Parity
version 7.0. Consult the Installing Parity guide for more information.
Windows Installer 4.5:
http://www.microsoft.com/en-us/download/details.aspx?id=8483
SQL Server 2008 Express (R2 SP1):
http://www.microsoft.com/en-us/download/details.aspx?id=26729

Parity server upgrades

For more detailed instructions, please refer to the Installing Parity guide. It is available in the
support area of the Bit9 web site.
This section is for upgrades only. If you are not upgrading, see New Parity Installations (page 4).
Important: For build-to-build upgrades (e.g., 7.0.1.475 to 7.0.1.480), do not use the Parity
installer program (ParitySetup.exe) to upgrade Parity Server. Running the full installer in a buildto-build upgrade removes the current Parity instance instead of upgrading it. There is a separate
patch installation procedure for build-to-build upgrades. Apply the patch to the server
according to the instructions you received with it, and then update Parity Agents as described in
either the Using Parity guide or the Installing Parity Server guide. (If you inadvertently run the
full installer in this case, run it again, and, when prompted, select 'Use the existing database').

Support for the upgrade process

Parity Server and Agent upgrade support is covered under the Customer Parity Maintenance
Agreement. Bit9 recommends contacting Technical Support prior to performing the upgrade for
further details on the upgrade process and the latest information that supplements the
information contained in this document. Technical Support is available to assist with the
upgrade process to ensure a smooth and efficient upgrade installation.

Parity 7.0 Release Notes

2013-02-11

Page 3

Before running the server upgrade

The following tasks should be done before you run the Parity Server upgrade program.

Backup Parity server database: Backup your Parity Server database before you begin the
upgrade process. Backup is disabled during upgrade and must be re-enabled once you are
sure the upgrade was successful.
Backup certificates separately: Starting with 7.0 Certificates will be backed up in parity
Database. Further upgrades will not require backing up certificates.
Disable distribution systems: If you use third party deployment mechanisms (e.g. SCCM),
either disable the distribution of the Parity Agent using SCCM, and use Parity server for
upgrading agents. Or disable Parity Server from upgrading agents, and use your third party
deployment mechanism to upgrade the agents.

Prepare for post-upgrade tasks

You should be prepared to do the following tasks after you run the Parity Server upgrade
program.

Review external event settings: If you use External Events, review the settings to ensure
they are still enabled and correctly functioning. External event schema has been changed.
Review the user guide how to upgrade it.
Review updaters: New Updaters have been added. Review the Updaters tab on the
Software Rules page to make sure the correct updaters are enabled.
Update agent distribution points: If you use third party deployment mechanisms (e.g.
SCCM), re-enable or re-create them using new agent packages from the upgraded Parity
Server.
o

Use ParityHostAgent.msi to upgrade from a pre-7.0 agent.

Review the new Parity installations section: Although it is for new installations, this
section also includes information of possible interest to upgrade customers.

Rescanning of agents after server upgrade

Parity 7.0.0 includes enhanced file identification features, notably the ability to create and
customize the rules that identify scripts. Because of this, when Parity Server is upgraded to
7.0.0, it is necessary to rescan the fixed drives on Parity-managed computers to locate files
matching the new script rules and add them to the inventory of interesting files. This also
involves a new inventory of files in any trusted directories. As each agent is upgraded, it goes
through a new initialization process with considerable input/output activity; for a site, this can
require between minutes and many hours, depending upon the number of agents and the
number of files. Bit9 recommends a gradual upgrade of agents to avoid an unacceptable impact
on network and server performance. See Enabling Automatic Agent Upgrades in the Using
Parity guide for more details on agent upgrade rollout.

Parity 7.0 Release Notes

2013-02-11

Page 4

New Parity installations

For more detailed instructions, please refer to the Installing Parity guide. It is available in the
support area of the Bit9 web site
This section describes preparatory tasks and suggested post-installation tasks for new Parity
Server installations. Although targeted at new installations, it should be reviewed by new and
upgrade customers.

Prepare for Parity server installation

Choose account for Parity server installation: Bit9 recommends that you use a Domain
Service Account for Parity Server installation. If you plan to use Active Directory services
or use an authenticated proxy to access the Internet, a Domain Account is required for
Parity Server Service. This account must be assigned Local Administrator privileges on the
Parity Server.
Note: Do not change the permissions level of the account with which you install Parity
after installation.
Review .NET configuration: If Microsoft .NET 4 is installed on your Parity Server system
with Windows 2008 Server, ensure that the IIS DefaultAppPool is set to use .NET
Framework v2.0.50727 by default.
Prepare to enable Parity agent management access: The Parity Agent Management
screen in the new installation dialog allows you to designate a user or group, or a
password usable by anyone, to perform certain agent management activities assisted by
Bit9 Technical Support. Especially if you will have client computers that will never be
connected to Parity Server, it is best to set up a client access option before generating and
distributing agent installation packages. If you are unable to configure access during
installation, you can do it later on the Management Configuration page in Parity Console.
See the Using Parity manual (or online help) for more details.

Prepare for post-installation tasks

Enable Parity CLI management access: If you did not enable Parity Agent Management
access during installation, go to the General tab of the System Configuration page in Parity
Console to enable it, preferably before deploying agents. See Configuring Agent
Management Privileges in the Using Parity manual (or online help) for more details.
Confirm agent installation privileges: The Parity Agent installer must be run either by
Local System or a user account that has administrative rights and a loadable user profile.
Consider agent rollout impact: As soon as the Parity Agent is installed, it connects with
the server and begins initializing files. Because initialization can involve an increased flow
of data between the Parity Server and its new client, be sure your agent rollout plans take
your network capacity and number of files into account simultaneous agent installation
on all the computers on a large network is not recommended.
Review trusted updaters: Review Trusted Updaters to ensure the correct ones are
enabled for your environment before you begin large-scale Parity Agent deployment.
Note in particular these updater changes:
o

In Parity 6.0.2, there were separate updaters for Java Virtual Machine only and for Java and Bundled
Software. In Parity 7.0.0, there is a single updater called Java that replaces both of these, and when
enabled, allows updates to Java and related bundled software.

Parity 7.0 Release Notes

2013-02-11

Page 5

Review root certificates for trusted publishers: Trusted Publishers are validated by
Windows. For proper validation to occur, the correct, up-to-date root certificates must be
installed for these publishers. You should ensure that Microsoft root certificate updates
are included in your Windows Updates. If you plan to use in-house certificates, ensure
that your in-house root certificates are installed on each endpoint on which you will install
Parity Agent.
Test user-supplied certificates: Parity Server allows you to use user-supplied certificates
for Parity Agent-Server communication. To validate this certificate, each agent system
must have up-to-date root certificates. Bit9 recommends that you test your new
certificates before large-scale Parity Agent deployment begins. See Securing AgentServer Communications in the Using Parity manual or online Help for more details.
Specify a custom notifier logo if necessary: You can specify a custom logo for the notifier
that appears when Parity blocks an action on an agent computer. See Specifying a
Custom Notifier Logo in Using Parity (or online Help).
Review content of trusted directories for distribution systems: If you use Windows
Software Update Services (WSUS) or other software distribution mechanisms (e.g. SCCM
or Altiris), pre-approving this content with a Trusted Directory before large-scale Parity
Agent deployment will ensure a more effective transition to Lockdown.
Java tracking: Support for tracking Java class and jar files is not enabled by default. If you
plan to track Java applications, please enable java files in Rules -> Software Rules Scripts.
Exclude Parity agent from AV scanning: Antivirus products should be configured to
exclude the following from on-access scanning:
o
o
o

The Parity process (Parity.exe)

The Parity program directory (Program Files\Bit9 on 32-bit systems and Program Files (x86)\Bit9 on 64bit systems)
The Parity data directory (ProgramData\Bit9\Parity Agent on Vista, Windows 7 and Windows 2008
systems and \Documents and Settings\All Users\Application Data\Bit9\Parity Agent on other
supported systems)

Consider other agent interactions: Certain other types of software may interact with
Parity Agent contact Bit9 Support for more information on each of these cases:
o

The SMS Software Approval updater has been removed because Microsoft SMS has reached its end of
life. The replacement product is Microsoft SCCM, for which there is an updater in Parity.

Disk encryption software may interact with the Parity Agent. In general, full disk or partition encryption
should minimize the chances of problems. However, some encryption products are compatible with
Parity with other types of encryption (file or folder) enabled.
Ghosting or imaging systems with Parity pre-installed requires additional steps on the master system.
Please consult Using Parity for more information.

Do not change SQL recovery model: Parity sets the Simple Recovery Model for the Parity
SQL Database. Do not change this.

Parity 7.0 Release Notes

2013-02-11

Page 6

Parity 7.0: New and modified features

The following section provides a quick reference to the feature changes made since 6.0.2.

Upgraded Console Look and Feel

Parity v7.0 has an updated color palette and has added additional features to improve the
consistency and aesthetics.

Console terminology
Parity v7.0 key terminology changed to make it clearer and more descriptive for users. These
changes are:
Previous Term
Seccon
Lockdown
Block & Ask
Monitor
Online
Offline
Pending

The New Term

Enforcement Level
High (Block Unapproved)
Medium (Prompt Unapproved)
Low (Monitor Unapproved)
Connected
Disconnected
Unapproved (Files, Publishers, Devices)

Cloud driven approvals

To help manage the flow of blocked files, Parity v7.0 introduces cloud driven file and publisher
approvals. Files and publishers are compared against the Bit9 Global Software Registry to
provide a trust level, and, at the administrators discretion, a policy can be set to automatically
approve based on a user-specified trust level.

Role based access control (RBAC)

In addition to the three predefined groups (administrators, power users and read-only),
Parity 7.0 provides the ability to create custom User Groups. The User Groups have more
granular permissions and they are configurable from the console. The custom groups also
provide view and action related permissions by role. Parity Console users can be mapped to the
new groups based on their Active Directory security group.

Instance-based device control

More granular device control has been added that shows individual device information at the
serial-number level on Device pages. Devices may also be searched by computer. Device bans
and approvals can be created based on serial number patterns.

IPv6 support
Parity v7.0 supports both IPv4 and IPv6. The server automatically detects the availability of each
protocol.
Parity 7.0 Release Notes

2013-02-11

Page 7

Approval request workflow

In a High Enforcement Level environment, end users may have a legitimate need to run
software. Parity v7.0 allows the end user to notify a Parity administrator of his or her reasons
for to have certain software approved, so that the administrator can more aptly respond to a
blocked application. This feature reduces the amount of time that IT spends figuring out which
software needs to be approved.

Custom script support

Parity v7.0 includes many common script processors pre-configured and allows users to enable
those they want to use in their environment. Administrators can also define additional script
support by registering the interpreter and the file type for any script type not pre-configured in
Parity.

Remote reboot capability

In Parity v7.0 an administrator can now complete a Force Reboot of a computer from the
console.

Enforcement ability during initialization

In Parity v7.0, policies are enforced during the initialization period.

250,000 agent computers per server

The Parity Server has been optimized to handle up to 250,000 connections in Parity v7.0.

Enhanced VDI handling

Parity v7.0 provides easy provisioning of virtual machines with the Parity Agent installed, faster
deployment of cloned images to a large number of users with optimized initialization, and quick
retirement of images once they are reverted back to snapshot or deleted from VM
infrastructure.

Enhanced agent health checks

Parity v7.0 includes an agent health check which provides granular information regarding the
health of each agent computer. An administrator can see the health status and all recent health
check events for each agent.

Parity 7.0 Release Notes

2013-02-11

Page 8

Corrective Content
If you are upgrading from Parity 6.0.2, note that this release of Parity 7.0 addresses all of the
relevant issues that have been addressed in 6.0.2 patch releases to date. Each release includes
general improvements in product quality, based on our on-going testing of Parity 7.0.

Corrective Content in Parity 7.0.0 GA Release (Build 1228, Patch 8)

Enhancements in Digital Certificate Processing [29483]

o

Stop Error 0x000000DF on Windows 2003 Server [28679, 28499]

o

Details: In some circumstances, a diagnostic file upload would prevent the reporting of other events to
the server. In this release, diagnostic upload is managed separately from event reporting, thus avoiding
this issue.

Delay in Reporting of Certain Events [28309]

o

Details: When a file was approved due to an Updater rule, the event report for this action incorrectly
identified it as a Custom Rule action. This release reports Updater-related events correctly.

Diagnostic Upload Prevents Event Reporting [28518]

o

Details: Deletion of file execution meters could cause a race condition that would deadlock the Bit9 agent
and cause a large number of threads to be created. The race condition is corrected in this release.

Inaccurate Events for Updaters [28933]

o

Details: In rare circumstances, the name of a network file would be incorrectly identified in a Bit9
notification. This release addresses the cause of this issue.

Agents Running with Large Numbers of Threads [29127, 29135]

o

Details: After a Bit9 agent had been installed for 128 days, it would report that its system time had
changed, even though no time change had occurred on the endpoint. This release eliminates the
erroneous time change report and the related health check failures for affected agents.

Incorrect Identification of Network Files [29240]

o

Details: An interoperability issue with Ultrabac would cause a system with both Bit9 and Ultrabac
installed to hang at boot time. In this release, Bit9 delays some operations early in the boot process,
allowing both products to function correctly.

Health Check Failure: Unexpected System Time Change [29139, 29154]

o

Details: On Windows 2003 Server systems, a Stop Error with the code 0x000000DF
(IMPERSONATING_WORKER_THREAD) would occur in certain circumstances, especially when Symantec
Antivirus is installed along with Bit9. This release ensures that the Parity driver correctly manages
internal system resources in a way that is compatible with older versions of Windows and that also works
correctly in conjunction with Symantec Antivirus.

Hang on Boot with Ultrabac Installed [27399, 29184]

o

The digital certificate used to sign prior releases has been revoked. In addition to using a newly issued
certificate, this release will explicitly unapprove any software that was previously signed by the revoked
certificate, even when Bit9 is a Trusted Publisher. This prevents any software signed by this certificate
from running in Medium or High Enforcement.

Details: When periodic event pruning of the event database occurred, it would temporarily delay the
sending of execution events from the Bit9 agent. In this release, events are sent in a timely fashion even
during event pruning.

Kernel Filtering Improvements [26039, 27965, 28902]

o

Details: This release adds the ability to exclude certain low-level kernel operations from processing by
Bit9. This provides the ability to handle interaction with certain other kernel drivers that require
unfettered access to particular files in order to operate correctly.

Parity 7.0 Release Notes

2013-02-11

Page 9

Deadlock Accessing SQL Database [28795]

o

Deadlock Marking Deleted Files [28773]

o

Details: Performance improvements were made in the processing of alerts and events in this release by
adjusting the SQL Server parallelism used.

Improvements in Console Security [28681, 28695, 28740, 28834]

o

Details: This release includes improvements in performance to the background processing of Files on
Computers data.

Performance Improvements in Alert and Event Processing [29083]

o

Details: In this release, improvements were made in scheduling the processing of data received from
Trusted Directories. This is particularly noticeable when there are several busy Trusted Directories.

Performance Improvements in Files on Computers Data Processing [28706]

o

Details: When a remote SQL Server database was used, the Bit9 console would display inappropriate
configuration fields, which would lead to errors when backups were enabled. This release corrects the
console to display the appropriate settings.

Improve Scheduling on Servers with Busy Trusted Directories [28702]

o

Details: When a new Saved View was created, the Bit9 console did not select this view as the current
choice. This problem is corrected in this release.

Incorrect Backup Settings for Remote Database [28698]

o

Details: If a Custom Rule was disabled and then immediately deleted, this change would not be sent to
agents. In this release, agents are correctly informed of the deletion of the rule.

Creating New Saved Views does not Update Saved View Choice [28990]
o

Details: In certain circumstances, data sent by a Trusted Directory on an agent to the server would cause
the server to encounter an exception, which would prevent the server from efficiently processing Trusted
Directory approvals. This release addresses the exception.

Disabled and Deleted Rule not Deleted from Agents [29124]

o

Details: In syslog events generated by Bit9, the ban_name field contained incorrect data. This release
correctly sends the name of the ban that appears in the Bit9 console or a blank field if there is no
associated ban name.

Server Exception Processing Information from Trusted Directory [28614, 28811, 29069]
o

Details: In some circumstances, even though the Upgrade check box was selected for a particular policy,
the agents would take a long time to be scheduled for upgrades. This release schedules upgrades in a
more timely fashion.

Ban Name in Syslog Incorrect [28786, 28880]

o

Details: When a USB device reported its device descriptor as blank text, the device could not be approved
from the Bit9 console. This release now uses the vendor descriptor in those cases where the device
descriptor is blank, which allows the device to be approved.

Delays in Upgrade Scheduling [28686]

o

Details: In some circumstances, the SQL database would deadlock while Bit9 was marking files as deleted.
This release breaks the process into smaller chunks, thus ensuring that the database does not deadlock.

Issues Globally Approving Certain Devices (e.g. IronKey) [28849, 28962]

o

Details: In very rare circumstances, the Bit9 server would deadlock when accessing the SQL database.
This release corrects the known causes of these deadlocks.

Details: Several security issues affecting the security of the Parity console were addressed in this release.

Upgrade Performance Improvements [28046, 29029]

o

Details: This release improves the efficiency of upgrades from prior major releases of Bit9 (e.g. v6.0.2).

Parity 7.0 Release Notes

2013-02-11

Page 10

Corrective Content in Parity 7.0.0 GA Release (Build 1189, Patch 7)

Parity Agents not Connecting to Parity Server [27301]

o

Parity Agents Constantly Out of Date [27304]

o

Details: In some circumstances, a hard reset, power failure or system crash can corrupt the Parity agents
database. If this occurred more than once within a 12-hour period, the agent would reinitialize and need
to download information from the Parity server, which could lead to unexpected agent behavior,
including blocks. In this release, the agent is now more resilient to the failures that caused this condition.

Agent Debug State not Displayed on Computer Details [27689]

o

Details: After an upgrade, the Parity agent was reporting information to the Parity server on all approved
and banned files, causing an increase in network traffic. In this release, only changes in the state of the
files are reported to the server.

Agent Reinitializing After Database Corruption [27607]

o

Details: When an agent received a request for a cache consistency check during initialization, the
initialization process would be incorrectly terminated. This would later cause pre-existing files to block
when in High Enforcement. In this release, cache consistency checks are ignored until initialization is
complete.

Excessive Network Traffic from Parity Agent After Upgrade [26928]

o

Details: In some circumstances, when Parity was newly installed on Windows 2003 Server or Windows
XP, the Reboot required status would not be cleared, even after a reboot. In this release, the status is
correctly cleared.

Initialization Fails to Identify All Pre-existing Files [27328]

o

Details: For Policies assigned by Active Directory mapping, agents would occasionally move between
Enforcement levels unexpectedly. This release corrects issues in the mapping mechanism.

Agents Show Reboot Required After Reboot [28473]

o

Details: On systems running Windows 2008 R2 Server Code, the built-in Parity health check mechanism
would incorrectly check the certificate on a Windows system file that does not exist on Server Core,
producing an erroneous health check failure. For this release, the health check is performed using a
Windows system file that exists on all Windows platforms.

Agents Erroneously Moving Between Enforcement Levels [27609]

o

Details: When accessing files over a network, the Parity agent would cause a marked slowdown in the
performance of certain operations, such as copying files. By caching additional internal information, this
release improves the performance of operations on network files.

Health Check Fails on Windows 2008 R2 Server Core [27560]

o

Details: In some circumstances, the Parity server would not correctly propagate approvals and rules to
agents. This occurred when certain types of Custom Rules were to be sent. In this release, the server
correctly sends these rules, allowing agents to update.

Performance Issues with Network Files [27020]

o

Details: In some environments, Parity agents would not connect to the Parity server, and the server
would log errors for AcceptSecurityContext, referencing error code 0x80080321. This error indicated a
failure to properly negotiate the SSL connection between agents and the server. This release corrects the
underlying issue with SSL negotiation in the Parity Server.

Details: In previous releases, an agents debug state was not displayed in the Parity console. The
computer details page now contains agent debug level information and the Computers page now
provides a column for agent debug level.

Excessive Agent Log Files [27367, 28049]

o

Details: In previous releases, the Parity agent would not correctly clean and rotate its log files. This
release adjusts log rotation to account for both the total number of files and their overall size, reducing
the space consumed.

Parity 7.0 Release Notes

2013-02-11

Page 11

Hang When USB Storage Device Inserted [27751]

o

Agents Fail to Upgrade Until User Logon [28513]

o

Details: An internal Parity server task that tracks data for alerting was not functioning correctly, which
caused alerts not to be correctly triggered. In this release, the internal task is corrected and alerts now
trigger correctly.

Changing Time Zone Does Not Affect Event Timestamps [25160, 27134]
o

Details: When many agents in a large deployment were initializing, the Parity console would occasionally
give a fatal error. This required the Parity server to be restarted to regain access. This release resolves
the error.

Alerts Not Triggering Correctly [28078, 28475]

o

Details: If an agent was moved from a Policy that did not allow upgrades into a Policy which did, it would
fail to upgrade until a user logon caused the agent to re-register with the server. During this time, the
agent would remain in Not requested state in the Parity console. In this release, the server correctly
flags an agent for upgrade when it is moved into a Policy that has upgrades enabled.

Parity Console Fatal Error [27341]

o

Details: On systems where Symantec Anti-virus is installed, the system may hang when a USB storage
device is inserted. The Parity driver was waiting for information from the system that was not yet
available on initial insertion of the USB device. This release does not wait for this information.

Details: When the Parity server time zone was changed in the System Configuration section of the Parity
console, the timestamps of events displayed by the console was incorrect. In this release, the
timestamps correctly display in the chosen time zone.

Filters Reset on Find Files [28119]

o

Details: In the Parity console, the Find Files page would incorrectly reset filters when moving to and from
the page. This release correctly retains any filters in this case.

Corrective Content in Parity 7.0.0 GA Release (Build 1149, Patch 6)

Incorrect Syntax Error in Parity Console [27078]

o

Disconnected Parity Agent Clones not Removed on Schedule [26929]

o

Details: In previous releases, a permission issue caused the Parity Server to log a misleading message.
This permission issue has been eliminated so that the Parity Server can correctly communicate statistics
to the log files.

Error During ConfigList Processing [27052]

o

Details: In some cases, manually deleting a Parity Agent Clone inside the Parity Console would result in
the associated Parity Agent Template to also being removed. In this release, the Parity Agent Template is
retained when deleting clones associated with it.

Parity Server Error When Capturing Statistics [26826]

o

Details: Parity Agent Clones were not automatically pruned from the Parity Console as defined in the
associated Parity Agent Template. In this release, disconnected Parity Agent clones are removed from the
Computers list according to the schedule specified in their template.

Manual Deletion of Parity Agent Clones Also Deletes Template [26948]

o

Details: In some circumstances, the Parity Console Dashboard would display an Incorrect Syntax error
after logging into the console. This has been addressed in this release.

Details: In rare circumstances, the Parity Agent would encounter an issue processing the ConfigList. In
this release, the root cause for this issue has been addressed.

Incorrect Name for Requestor [27063]

o

Details: In previous releases, the name of the user making an approval request (Requestor) was
incorrectly displayed on the Approval Requests page in the Parity Console. In this release, the correct
Requestor names are shown.

Parity 7.0 Release Notes

2013-02-11

Page 12

Cannot Configure Trusted Publisher Per Policy [27270]

o

Misleading DEP Tamper Protection Alerts [26882]

o

Details: In previous releases, configuring a Trusted Publisher for only selected policies resulted in
approval of the publisher for all policies. In this release, approvals for Trusted Publishers are correctly
limited to specified policies if that option is chosen.
Details: In previous releases, certain classifications of Tamper Protection events were inappropriately
reported to the Parity Server. In this release, reporting of Tamper Protection events has been optimized.

Dashboard Error Access is Denied after Server Upgrade [26927]

o

Details: After a patch upgrade of a Parity Server that is running Parity Agent, the Parity Dashboard may
display an Access is Denied error. If you are experiencing this issue, please contact Bit9 Support.

Corrective Content in Parity 7.0.0 GA Release (Build 1120, Patch 5)

Stop Error on Attaching USB drive [26906]

o

Deadlock on High Volume Servers [26793]

o

Details: A Parity Server upgrade can reset the alerts for Malicious File and Potential Risk. In this release,
Parity Server alerts of this type are retained during upgrade.

Internet Explorer 8 Does Not Display Menu Options Correctly [26099]

o

Details: In previous releases, there was a character limit on the Parity Notifier Text field that could cause
the custom message to be truncated. In this release, the supported character length has been extended
to 1900 characters.

Parity Server Upgrade Did Not Preserve Alerts [26287]

o

Details: In the Parity Console, typing the < character when entering Custom or Memory Rules should
auto-complete with available Parity macros. In some circumstances, no auto-completion would occur.
This release auto-completes macros in all appropriate Parity Console fields.

Parity Notifier Text Truncates Custom Message [26666]

o

Details: If & was used in the Computer Tag or Description fields on the Computer Details page, it would
be replaced with &amp; when the details were saved. The & character is now correctly preserved in
these fields.

Macros are not Auto-completed in Custom or Memory Rules [26408]

o

Details: Reset Current Settings in a Parity Console users preferences did not reset the Saved View. In
this release, clicking the Reset Current Settings correctly clears the filter settings.

& replaced with &amp; on Computer Details [26749]

o

Details: When filters or groupings were added to a Saved View, these changes would be lost when
navigating away from the page and later returning to the same page. This release corrects this issue.

Resetting Filters does not Reset Saved Views [26624]

o

Details: A Windows kernel deadlock was identified when the Parity Agent was running on high-volume
servers. In this this release, the identified deadlock condition has been eliminated.

Filter Changes to Saved Views are Lost [26625]

o

Details: In previous releases, attaching a USB device to a host with more than one security solution would
sometimes cause a stop error. This release improves interoperability with removable devices when other
security products are installed on the same host.

Details: When using the Parity Console in Internet Explorer 8, certain drop down menu options would not
show the entire text of the command. In this release, drop down menus now expand to show the entire
text.

Out-of-Date Agents Do Not Update Policy [26525]

o

Details: In some cases, the Parity Agent would not process ConfigList updates properly. In this release,
the issue is resolved.

Parity 7.0 Release Notes

2013-02-11

Page 13

Unicode Characters Displayed Incorrectly for Active Directory Users [26326]

o

Unicode Characters not Supported by Active Directory Policy Mappings [26326]

o

Details: Health check could fail when attempting to gather information on volumes that had already been
removed. In this release, information is correctly processed.

Alert for Parity Knowledge is Unavailable Does Not Reset [26689]

o

Details: Parity Agent incorrectly identified some Dynamic Disks as removable devices. This issue has been
resolved.

Parity Agent Health Check Failure On Disconnected Volumes [26590]

o

Details: In some cases, events indicating a file was approved due to Trusted User were not generated.
Events are now generated as expected.

Parity Agent Incorrectly Identifies Dynamic Disks as Removable Devices [26201]

o

Details: Parity Server upgrades would sometimes fail due to the length of custom rules. In this release,
custom rules are properly migrated.

Missing Execution Events for Trusted User [25813]

o

Details: An issue in the Parity Reporter occasionally caused it to stop processing periodic tasks. These
include the processing of Files on Computers information, backups and other low priority tasks. This
release fixes the underlying issue that was preventing the Parity Reporter from correctly scheduling and
processing these tasks.

Long Custom Rules Cause Parity Server Upgrade Failure [26757]

o

Details: In previous releases, the SSL thread count was not configurable. In this release, this value can be
adjusted per the guidance of Bit9 Support.

Parity Reporter Stops Processing Tasks [26451]

o

Details: When browsing the Active Directory to create Policy Mappings, certain Unicode characters could
not be selected in the Active Directory browser. This release allows mappings to be created from Active
Directory objects that contain any Unicode character.

SSL Thread Count Not Configurable [26518]

o

Details: When an Active Directory user logged into the Parity Console, certain Unicode characters in the
users name were displayed incorrectly. In this release, the characters are now displayed as they appear
in the Active Directory.

Details: The alert to confirm connectivity to Parity Knowledge after an outage was not properly cleared.
This alert now reflects correct connection status.

Parity Agent Does not Hash Some MSI Files [26731]

o

Details: The Parity Agent would not hash a MSI file that it determined was not crawlable. The Parity
Agent now reports the hash regardless if it can crawl the contents of the installer.

Corrective Content in Parity 7.0 GA Release (Build 1084, Patch 4)

Changes in Memory or Registry Rules not Propagated

o

Details: Changes in memory or registry rules were not propagating correctly to agents, which could result
in blocks even when rules had been changed to report only. This release correctly propagates the
changes.

Windows File Names May not be Searchable

o

Details: Although Windows uses case-insensitive file names, in some circumstances the names of files
discovered on Parity agents were recorded as mixed case, leading to inconsistent results when Parity
Console users searched for these files. In this release, all Windows file names are converted to lower
case, allowing for easy searching using lower case names.

Parity 7.0 Release Notes

2013-02-11

Page 14

Notifier Crashes when Link Selected

o

Details: Due to interactions with Parity tamper protection, clicking on the link in the Notifier dialog would
cause the Notifier to crash in some circumstances. In this release, tamper protection does not interfere
with the Notifier link.

Updated Live SDK Documentation

o

Details: The documentation for the Live SDK now includes details of the differences between the Live SDK
API in 6.0.2 and 7.0.0 releases.

Corrective Content in Parity 7.0 LA Release (Build 1041, Patch 3)

Issues with SQL Collation Settings

o

Parity Server not Starting after Upgrade

o

Details: In some cases, upgrade would fail with a schema error, even though there were no schema
issues. This release eliminates the false error report that interfered with upgrades.

Upgrade Fails with Large Databases or Low Disk Space on SQL Server
o

Details: In certain circumstances, upgrade would fail when the Parity Server had certain Custom Rules in
place. This release allows these rules and Parity Server to be upgraded successfully.

Upgrade Fails with Schema Error

o

Details: After upgrade, the Parity Server would log a database exception about ExternalDBGetEvents.
This release eliminates the exception.

Upgrade Fails due to Custom Rules

o

Details: In rare circumstances, when the Parity Server upgrade process encountered an issue, the Parity
Server would fail to start. This release corrects this, allowing the Parity Server to start correctly after
upgrade.

Database Exception after Upgrade

o

Details: The use of a SQL Server default collation setting other than US English caused problems with
Parity tasks, including agent upgrade. In this release, Parity Server can run with a non-default SQL
collation setting.

Details: Attemps to upgrade large databases or those on SQL Servers with low disk space would fail. This
release includes a mechanism that, with the assistance of Bit9 Support, allows successful upgrades in
these situations.

Stop Error at Boot on Windows XP

o

Details: Due to an underlying Windows issue, a stop error would occur at boot time. This release includes
a work-around for the underlying issue.

Corrective Content in Parity 7.0 LA Release (Build 986, Patch 2)

Webex Trusted Updater

o

Details: Due to changes in the way that Webex updates itself, the Webex Trusted Updater was not
approving all files. This release includes additional logic to account for these changes.

Parity Server Upgrade Fails with Complex Custom Rules

o

Details: In rare circumstances, an upgrade from Parity 6.0.x would fail due to a complex Custom Rule. In
this release, complex rules are correctly processed and the upgrade succeeds.

Corrective Content in Parity 7.0 LA Release (Build 965, Patch 1)

Installation Failure when .NET 3.5 was not Installed

o

Details: In previous releases, attempts to install Parity Server on systems without .NET 3.5 produced an
installer error. In this release, the installer provides a warning that .NET 3.5 is required and exits.

Parity 7.0 Release Notes

2013-02-11

Page 15

Unexpected Shutdown Caused Blocks on Approved Files

o

Details: In some circumstances, blocks occurred on approved files following an abrupt shutdown (such as
a power loss or crash). This was due to a client database integrity check following the shutdown. This
issue is addressed in this release.

Corrective Content in Parity 7.0 LA Release (Build 918)

Parity 7.0 has addressed many issues and enhancements from customers, some of which are
highlighted in the list below.

Enhancements and Improvements

Alerts now include a list of computers that have potential risks.

Improved bulk activities, such as importing bulk ban lists.
Improved protection of Parity and its data on agents.
Many installer improvements, especially on error conditions.

Back to Table of Contents

Parity 7.0 Release Notes

2013-02-11

Page 16

Known Issues and Limitations

If you use the Export to CSV File feature in a Parity table (such as the Computers page),
there is a limit of 25,000 on the number of rows that can be exported.

Some or all memory rules are not supported on certain operating systems:
o
o
o

Memory rules are not supported on Windows Server 2003 64-bit.

Kernel Memory Access rules are supported only on computers running Windows XP or Windows Server
2003 without SP1.
Dynamic Code Execution rules are supported only on computers running 32-bit operating systems. On
Windows XP SP2, if the system-wide DEP Policy is set to "AlwaysOff", dynamic code execution memory
rules cannot be enforced, but Parity will report as though they were enforced. If the policy is set to
OptIn (the default) or OptOut, then these rules will be enforced on systems running XP SP2.

In Memory Rules: Do not use Prompt as the action for Dynamic Code Execution rules. This
could cause a deadlock situation.

If a Registry Rule is configured to block writing to a full path (no wildcard on the left), the
rule will block attempts to rename and delete a key or value, but it will not block creation
of a new key. However, no values can be created under this key.

By default, computers running Microsoft Vista or Windows 7 operating systems have User
Access Control (UAC) enabled. With UAC, users are not actually members of a built-in,
privileged group unless they have been given "elevated privilege". Because of this, a Parity
rule that relies on a pre-defined group to identify a user may not work for computers
running Vista or Windows 7. If a group definition is necessary for a rule, consider using
security groups you have defined rather than the pre-defined groups.

Parity 7.0 Release Notes

2013-02-11

Page 17

Contacting Bit9 Support

For your convenience, Bit9 Technical Support offers several channels for resolving support
questions:
Technical Support Contact Options
Web: www.bit9.com
E-mail: support@bit9.com
Phone: 877.248.9098 (877.BIT9.098)
Fax: 617.393.7499
Hours: 8 a.m. to 8 p.m. EST

Reporting Problems
When you call or e-mail Bit9 technical support, please provide the following information to the
support representative:
Required
Information

Description

Contact

Your name, company name, telephone number, and e-mail address

Product version

Product name (Parity Server, Parity Agent, or Parity Knowledge) and version
number

Hardware
configuration

Hardware configuration of the Parity Server or computer (processor,

memory, and RAM)

Document
version

For documentation issues, specify the version of the manual you are using.
The date and version of the document appear after the copyright section of
each manual.

Problem

Action causing the problem, error message returned, and event log output
(as appropriate)

Problem severity Critical, serious, minor, or enhancement

Parity 7.0 Release Notes

2013-02-11

Page 18