AdminStudio 2019 R2, released on August 13th 2019 features: Package Feed Module Package Feed Module PowerShell Cmdlets Support for Windows 10 - 1903   The Package Feed Module The Package Feed Module integrates details about thousands of vendor setups into AdminStudio to save you hours of research and testing.  You can now subscribe to up to date, tested, installation details for nearly 3,000 vendor setups. With the Package Feed Module, AdminStudio now provides: Awareness. Always up to date, you’ll have valuable details on the very latest version of thousands of vendor installers Integrated downloads. Download the latest setups directly into AdminStudio with a click (available for over half of listed products; limited by vendor policy) Validated silent command line options. Application version-specific silent installation commands, tested and ready for use (available for most entries; limited by vendor support) Detection rules. The primary file path and file name as well as version details to confirm the currently installed version for use as applicability rules in SCCM or to create a WSUS patch. For more detail, see this blog post which provides more specifics as well as a quick demo video. New PowerShell Cmdlets in support of Package Feed Module Take full advantage of the Package Feed Module in AdminStudio Enterprise with new PowerShell Cmdlets. Watch the community soon for a blog post where we will show how you can fully automate the package creation process and keep up with the latest new versions with these Package Feed Module PowerShell Cmdlets: Invoke-ASPackageFeedSync - Synchronizes the package feed data, so the entries in the Package Feed Module is always up to date Invoke-ASPackageFeedSearch - Searches for an application in the Package Feed Module based on Product Name and Version supplied Get-ASPackageFeedDetails - Fetches the details of an application like Silent command line switches, file name, etc. Invoke-ASPackageFeedDownload - Downloads the setup file to the configured download path Additionally, some existing PowerShell cmdlets were extended to support Package Feed Module Set-ASOptionProperty - Configures the download path for the setup file to be downloaded from the Package Feed Module Get-ASOptionProperty - Fetches the download path where the setup file is downloaded from the Package Feed Module Invoke-ASImportPackage - Imports the downloaded application to the application catalog Windows 10 Build 1903 Support for Application Compatibility We’ve also added the latest build of Windows 10 (1903) to AdminStudio’s continuous compatibility support so you can verify application compatibility against this, and the previous 5 builds, of Windows 10. ... View more

If you are like most desktop admins, you don’t repackage near as much as you once did. There was a time when it was a challenge to run a vendor silent installation silently, let alone inject any sort of customizations. With the popularity of MSI, that quickly changed—while at the same time software vendors generally came to understand and support the demand for automated deployment options. MSI or not, today, about 85% of applications can be deployed without a need to repackage the vendor setup. And that is a good thing! After all, reverse engineering an installer in order to create your own was something done out of necessity and such a path comes with some supportability risk when dealing with the vendor when things went wrong. This is exactly why for the last two years, AdminStudio has been heavily investing in helping to make leveraging native vendor setups easier, while lowering the risk of deployment. This week, I’m very pleased to announce our most significant move in that direction to date: the Package Feed Module. Available for AdminStudio’s Professional and Enterprise editions, you can now subscribe to up to date, tested, silent installation details for nearly 3,000 vendor setups. And that’s just the start. With the Package Feed Module, AdminStudio now provides: Awareness. Always up to date, you’ll have valuable details on the very latest version of thousands of vendor installers Integrated downloads. Download the latest setups directly into AdminStudio with a click (available for over half of listed products; limited by vendor policy) Validated silent command line options. Application version-specific silent installation commands, tested and ready for use (available for most entries; limited by vendor support) Detection rules. The primary file path and file name as well as version details to confirm the currently installed version for use as applicability rules in SCCM or to create a WSUS patch. With such a huge number of installers being tracked and tested, there can be as many as a hundred updates in a single day due to the addition of new versions and updates. This includes over 100 Mac packages. In just a couple of clicks you can add a vendor package to AdminStudio. With another click, you can wrap it in a PowerShell or EXE script wrapper, with another you can publish it to your deployment system of choice. Never has it been so easy to create new deployment packages! Saving you considerable time researching and experimenting, creating an initial deployment package goes from what may have been hours or days, to just a few minutes. But wait, there’s more! With AdminStudio Enterprise’s PowerShell support you can automate the entire process. Watch this blog soon for example scripts that will allow you to take a simple list of software titles and automatically create packages for them all. Imagine taking an inventory report and feeding it to a script to have AdminStudio automatically, download, wrap, and publish a deployment package for them all! View the list of supported applications and to learn more, visit https://www.flexera.com/adminstudio-pfm ... View more

The team at Flexera continues to deliver on the promise of providing a better way to mitigate security risk for organizations that simply can't afford to keep throwing people at the challenge of addressing software vulnerabilities.    Proper software vulnerability management means effectively identifying and  prioritiz ing the work of patch management, leveraging insights  based on t hreat and  v ulnerability  intelligence . With over 20,000 new vulnerabilities every year, businesses  simply  can't patch all applications and  so must  spend their time and effort only on those that represent a  significant  risk to their IT infrastructure . This can be achieved  with Software  Vulnerability  Manager thanks to  four key attributes necessary for success.    Reliable  Research   Effective Assessment   Intelligent  Prioritization   Rapid Remediation   Improving the power of SVM, we’ve had significant new advances in the areas of both prioritization and  remediation . But  let’s quickly address each to better appreciate the context of these recent enhancements …   Reliable Research . Acquired by Flexera in 2015, Secunia is well known  for quality security research. The Secunia Research team has written over 3,300 insightful security advisories  so far this year and it is this valuable research on which SVM is built.  Advisories are product-version focused and may contain multiple CVE references. This  makes understanding and ranking the importance of updates much e asier by focusing on the product  version's  collective vulnerabilities, versus on specific individual vulnerabilities.  Vulnerabilities  are  validated, documented and rescored based on very specific criteria, providing a normalized view  as compared to the wild inconsistencies you’ll observe in a raw resource like the National Vulnerability Database (NVD).    Effective Assessment . File signatures are leveraged to quickly and accurately identify vulnerable versions of software.  In many cases, a simple inventory does not provide the granularity necessary to accurately identify the existence of a vulnerable software version . SVM detects over 50k vulnerable software versions.   Intelligent Prioritization .  SVM shows you how many vulnerable software instances exist and where they are. Not all assets represent the same risk so you may wish to focus on one group of devices over another. Naturally, with the research attached , you can prioritize based on criticality rating or CVSS score, leveraging our vulnerability intelligence. Further, you can now  consider which vulnerabilities have exploits in the wild,  leveraging our threat intelligence.  Most organizations have more to patch than they have resources to do so, with more popping up regularly.  Ensuring you are focusing on those that represent the most risk to your organization is crucial.    Rapid Remediation .  With the new SVM Vendor Patch Module, you can now leverage over a thousand out-of-the- box patches (as well as get help with an additional thousand others) .  Over 50% of time  spent on patching is typically focused on researching  and testing how to create a patch . Get that time back with integrated access to the largest set of patch  information available on the market.    SVM keeps getting better. The recent addition of threat intelligence , and now a gigantic set of out-of- the-box patches  is just the beginning. SVM has also just recently released a documented API for SVM 2019, so that you can integrate  with other systems and automate custom reporting. Stay tuned for more  great  enhancements  to the best way to protect your organization from the dangers of unpatched software .    ... View more

Today marks the release of SVM 2019 R3 (for cloud, the on-prem edition will be updated next week) which has some new capabilities I think you’ll really appreciate! It includes the new Vendor Patch Module, documented APIs, as well as agent and smart group enhancements. The Vendor Patch Module is a new optional feature of SVM 2019 that provides over a thousand out-of-the-box patches as well as details to help you easily create over a thousand others. API Support is now documented allowing you to integrate SVM 2019 with other systems and processes as well as to pull data for the creation of custom reports.  A signed version of the SVM agent is now available. The standard agent downloads are still available which inject a token to match the agent to your account. This is simple to use but breaks our ability to sign the agent. For those that wish to use a signed version of the agent, a separate download is now provided for which you can specify your account token via an INI file or registry entry (see documentation for details). CVSS scores have been added as available criteria when creating new Product or Advisory based smart groups. This way, you can focus on specific ranges of products and advisories based on criticality. You’ll also notice the SVM login screen looks different—this was introduced for some consistency between products. For more details on SVM 2019 R3, please see the release notes. For more details on the Vendor Patch Module, see this blog post.  ... View more

As you see what this is and what’s gone into it, I think you’ll quickly appreciate that this is the result of a very large effort by a lot of people. It took a very long time to bring it to you—I am appropriately excited to finally unveil it to you! SVM takes software patch management far beyond that of a simple patch catalog. It provides integrated vulnerability research by our Secunia Research team, assesses where vulnerable software is found and provides you with easy-to-leverage insights for prioritizing remediation efforts. It also provides patches so you can more quickly remediate popular applications by publishing updates via WSUS or SCCM. Our patches are wrapped in scripts that provide consistency and customization options. They can also handle edge cases where the vendor update may not behave as expected. To offer such patches, many criteria needed to be met, including the need for the set up to be freely distributable, silently installable and to behave as reliably as expected. Additionally, SVM is all about addressing software vulnerabilities, so we only created patches when a known security vulnerability would be addressed. Organizations spend way too much time creating deployment packages to update software, and see a patch catalog as a way to offset some percentage of that effort. SVM offers far more patch management capabilities than any patch catalog ever could. However, choosing SVM for all its insights and capabilities should not mean compromising on accessing a large number of time-saving patches. Today, with the release of the Vendor Patch Module, SVM can now provide over a thousand patches out of the box, as well as details on more than a thousand others to help you create even more patches faster. With awareness of so many vulnerabilities (thanks to Software Vulnerability Manager) and so many patches at your disposal (thanks to the Vendor Patch Module) you are likely to quickly appreciate the need for intelligent prioritization. Some environment-specific testing is still required, and so you must resist just publishing huge numbers of patches, and prioritize appropriately to patch responsibly. SVM helps you to prioritize by prevalence (how many affected devices are out there), by criticality (the seriousness of a vulnerability), by affected assets (it is common to prioritize some groups of devices over others), and finally, by our new threat score. A threat score is a 0-99 value illustrating the likelihood the vulnerability is being exploited. Threat Intelligence introduces a new level of insight in prioritization. Most exploited vulnerabilities see a CVSS score between 4 and 7 which would make them outside a typical prioritization that focused on criticality alone. In fact, if you look at the top 20 biggest software vendors, they only represent about 20% of last year's exploited vulnerabilities. SVM with the Threat Intelligence Module and the new Vendor Patch Module work great together by helping you to better prioritize the many patches now at your disposal. And to that end, there is a promotion on now for the first 100 customers who purchase the Vendor Patch Module: We will provide a free year of the Threat Intelligence Module. Contact your customer support manager or sales representative today to take advantage or contact us here . Resources Webinar Registration Datasheet List of Patches Included Documentation ... View more