Spider Software Services - October and November 2020 update

pseidel
Flexera
Flexera
1 11 759

The November 2020 update of the Spider Software Services is now available. All changes of the October 2020 update are included.

All components are available in our Product and License Center.

Highlights of the November update

  • Due to a security problem, the components of the Recognition Module and the Spider Data Collector responsible for data transfer have been replaced. Customers are strongly recommended to perform this update. It is important to update both Recognition and the SDC.
  • Columbus Inventory Agent and Columbus Inventory Scanner were made available as new versions. In addition to resolving the identified security problem, the performance of the inventory scanner has also been improved.
  • Under certain circumstances, the vCenter Connector did not return any data because the writing of the SWRD file could not be completed.
  • Due to an error in connection with the import prioritization, it could happen that devices were not updated.
  • Certain Windows 10 Professional signatures were classified as ignored, this has been fixed.
  • Since the September version, the vCenter Connector has also been delivering data from the running virtual systems and thus delivering more data to Spider. Accordingly, assets with some system data are visible, even if no additional inventory is made. If this functionality leads to problems, the extension of the guest details can be deactivated.
  • So far there have been no metering results for Microsoft Visual Studio. This was added with this release. Since the Visual Studio exe files are also contained in other Microsoft products, care was taken to ensure that the metering results are only taken into account for Visual Studio products.
  • Under certain circumstances, an error occurred while deleting devices.
  • Due to an error in the processing of metering data, certain results were not displayed in the Spider user interface. This has been fixed.
  • All products of manufacturer Filemaker moved under manufacturer Claris.

Recognition Catalog

The Recognition Catalog contains normalization and recognition capabilities for more than

  • 2.681.288 inventoried programs,
  • 96.413 software publisher,
  • and 6.254.913 inventoried files.

For more details please check the change notes.

Software and SKU Catalog

TheSoftware Catalog contains more than 1.008.651 relevant and normalized articles (SKUs) of software licenses and maintenances and more than 62.019 license relevant product versions. 
Summary of the supplemented catalog items:

  • Articles (SKUs): 18.940
  • Versions: 876

Spider Data Collector

The Spider Data Collector (SDC) provides a set of connectors to 3rd party inventory for an out-of-the-box collection of computers, software, users, virtualization, and many more.

Please check the Spider Data Collector User Manual for a full reference of all connectors.

11 Comments
ClaudiusPeter
Flexera beginner

After downloading the DC it still shows in the version 2009, should it not be 2011. Also once starting the .exe it shows version 2009. Not sure if this is right? Can you please confirm.

james_ellis
Moderator Moderator
Moderator

Hi Claudius, I have downloaded version 2011 this morning and the version in .exe is 1.2011.1.1291. Try accessing the PLC from Incognito mode and downloading again.

pseidel
Flexera
Flexera

Hi @ClaudiusPeter ,

I just checked again. I cannot confirm this.

When I download the SDC and check the EXE file I get the current version 1.2011.1 as expected.

Is it possible that this is some kind of caching problem? Are you using a proxy server?

Kind regards,

Philipp Seidel

ClaudiusPeter
Flexera beginner

Hi Flexera Team, yes we are using a proxy.

Anyway, tried with icgonito, other browser and other computer. Still file version 1.2009.1.1044

Any other idea?

pseidel
Flexera
Flexera

Hi @ClaudiusPeter,

I just sent you an email.

stefan_paulewe
Flexera beginner

Dear @pseidel 

  • Since the September version, the vCenter Connector has also been delivering data from the running virtual systems and thus delivering more data to Spider. Accordingly, assets with some system data are visible, even if no additional inventory is made. If this functionality leads to problems, the extension of the guest details can be deactivated.

Because of the well know vcenter problem, we still use SDC v1.2007. If there is a security issue, it is mandatory to update asap, but we also need to disable the new functionallity for several reasons temporally.
So... where to find the description of the connectors attribute to disable the functionallity? The manual of the SDC in the download portal isn't updated since a while ago (v1.2003).

If there is a security issue, where can I find basic information? CVSS, CVE, affected versions? If the Columbus Inventory Scanner is involved, I need detailed information about that issue!  The post is not very clear in that point.

Regards 
Stefan

pseidel
Flexera
Flexera

Hi @stefan_paulewe ,

all known vCenter connector issues should be fixed by now.

The new parameter of the vCenter connector that disables the export of virtual machines should not be used by default - only if it is confirmed that the customer experiences further problems with this functionality. This switch should only be used after consulting support.

The documentation will be updated accordingly.

The security issue does not affect the vCenter connector but the communication between the various components of the Recognition module and the Columbus Inventory components.

Customers will receive further information with details about the security issue via email.

stefan_paulewe
Flexera beginner

Dear @pseidel 

Maybe you got me wrong. If the VCenter connector, a PS Script, is extended and so the load of data from the VCenter, I need to inform the product lead of our infrastructure team about that differences of the interface in advance (easiest way is to send the new PS and a documentation). There are some more reasons, which I will not discuss here, why I can't simply deploy an inferface change yet. If the interface is not changing at all, but the information already saved in the *swrd is interpreted in a different way, the handling is easy.
Otherwise the switch may be on by design, I'll switch it off by default. As long as I have the approval of a number of people. That will take time. I would not deploy soon, but... Security Issue

So, if there is any change in the interface for getting data from the VCenter, you need to provide that switch proactive.

Please clarify "vCenter Connector has also been delivering data from the running virtual systems and thus delivering more data to Spider": is the export of the connector a change in the interface to the VCenter (getting more data) or is it a change in handling already exisiting data.

(If that switch is not enabling the former approved behaviour of the interface to the VCenter, please inform me too.)

It is also true for interfaces to AD, SCCM and so on. (btw. SCCM connector seems to be slow in general)  

I'm very waiting for the information of that Security Issue.

Regards Stefan

pseidel
Flexera
Flexera

Hi @stefan_paulewe,

I understand you had a conversation with @jborchers today and that he could answer your questions.

Kind regards,

Philipp

stefan_paulewe
Flexera beginner

Hi Philipp (@pseidel),

sure, I called him today. We figured out a way to fulfill both requirements. SecIssue and the no change order in the VCenter interface. 
To update the last component, I'll wait for the info and our internal approval then.

Kind regards,

Stefan

pseidel
Flexera
Flexera

Hi @stefan_paulewe ,

you will be contacted by a member of the Support team shortly.

Kind regards,

Philipp