Summary By itself Visual Studio 2010 Shell (Isolated) is EOL. However if it is installed with SQL Server 2014 or SQL Server 2012 on the same machine, Microsoft has stated that the EOL date is 2024. We mark it as EOL, but technically it isn't in this situation. According to Microsoft lifecycle policy of Visual Studio 2010, the support ended on July 14, 2020. However, if Visual Studio 2010 Shell (Isolated) or Shell (Integrated) is installed with SQL Server 2014 or SQL Server 2012, Visual Studio 2010 Shell will be supported until the end of support for SQL Server 2014 (07/09/2024) or for SQL Server 2012 (07/12/2022). Description The bundled edition of the Isolated Shell is supported only when integrated with the main product, and its lifecycle extends to the lifecycle duration of the main product. As such, it is of opinion that the Visual Studio Shell 2010 is simply a dependency software. This splits the standalone and bundled versions very much apart in terms of general code management, implementation, and security reporting. Given that the vulnerable code is within a bundled component of the main server installation. The bundled version should automatically be covered by the advisories for SQL server given that this program in question is not supported outside this configuration. Much of the information is based on the decision we took for exactly the same metadata/file problems, case scenario, and general vendor approach to handling bundled VS standalone releases seen in the HitmanPro.Alert software before [1]. The following link leads to an article that explains our decision logic. [1] https://community.flexera.com/t5/Software-Vulnerability-Manager/Sophos-HitmanPro-Alert-3-x-detection/ta-p/179347   ... View more

Summary If your import of applications into the Application Manager catalog takes an extremely long time, there are a few adjustments to your environment that may be made. Description One large improvement sometimes comes from having a dedicated Drive for the Adminstudio Temp folder. This setting can be found under Options->General->Select Temporary Location. Another improvement can be made by increasing the RAM on the machine, beyond the minimum requirements. And many companies often have antivirus software that does real-time scanning of files during the import process. Adding rules\exclusions for Adminstudio Processes may also improve performance. It may also help to whitelist the Adminstudio Temp folder as well. An additional alternative to Live Scanning on Demand is to have the import files be saved to Shared Storage via other endpoints where virus scans are performed regularly for any new files entering the network and scanned on a routine scheduled basis. It is also recommended to have 16GB of RAM to help improve performance. ... View more

Summary Explanation of why the Package Feed Module doesn't include a Firefox .msi package.   Description The .msi offered by Mozilla for Firefox is just a wrapper for its .exe installer. Thus there is little to be gained as an option for the Package Feed Module to include.         ... View more

Summary Sophos HitmanPro.Alert is represented by two distinct (separately developed) versions. The version which Software Vulnerability Manager is programmed to detect is the HitmanPro.Alert (standalone).   Sophos has decided to port their “bundled” version into their other product  named  “Intercept X” . T he bundled  HitmanPro.Alert  has similar version metadata of its files as the standalone  HitmanPro.Alert, but the bundled  product   receives  security fixes while the public  version in the same ranges is vulnerable.           This situation leads to the problem that “bundled” release of HitmanPro.Alert is detected by the SVM as the actual “standalone” version.   Description This is because the SVM sees the same file names, same file version range as the standalone, and available in the same locations as the standalone on the physical drive.    SVM then flags the bundled version as Insecure (which is true for the standalone release), but as this bundled version has been silently patched by the vendor – this assessment status appears incorrect.    To drive continuous reporting on the standalone version, to which we have committed  to detect and assess continuously,  Flexera will continue to detect  the standalone product  without changing its detection assessment mechanism s .    This means that customers who run the bundled release that comes with “Intercept X” should ignore the security status displayed in the SVM product.  Instead, revert to emailing the vendor and requesting more information on whether their actual bundled release is  vulnerable, or it is secure .    Naturally,  Flexera is  looking to establish  a contact with the vendor in relation to this problem; but in the meanwhile, until a  good  solution is found, please follow the hereby mentioned suggestions  if you are running a bundled version of HitmanPro.Alert 3.x.   ... View more

Description:   The latest secure standalone installers of the Google Chrome product appear to fail on install for systems that have no prior installation. Currently, based on our research and quality assurance, the issue appears to show a problem on the vendor's end. This notion is also supported through a post by a third-party on the support pages of the vendor (See additional info: [1]).   As a result, we are currently unable to provide the SPS packages for the installer and instead provide generic links towards the vendor download pages.   We are still monitoring and are continuing to work hard towards bringing you the full extent and convenience our SPS packages provide in that regard. For example, should the vendor provide an installer which appears to work regardless of installation circumstances, then we will proceed with the creation and distribution of SPS packages to aid our customers.   UPDATE: Today, January 22nd, Flexera released SPS packages to the SVM for the latest 88.x release of Google Chrome. Although the released to SVM version of Chrome has specific build number of 88.0.4324.104 that is slightly higher than version 88.0.4324.96 that is recommended by SA100239 as the next secure version, the higher x.x.x. 104 release should be fully sufficient to patch the vulnerabilities reported through the aforementioned SAID, since this release builds on top of the code of 88.0.4324.96 and it only carries a technical hotfix for problems with the Google Chrome installers reported through the current KB. Flexera has included a double-reference for the secure version through the SPS system in SVM, where you will notice a recommendation under the "Patched Version" column to patch to 88.0.4324.96/104, thus indicating that the included SPS patch is of version 88.0.4324.104.   Additional Info: [1] https://support.google.com/chrome/a/thread/94282332?hl=en ... View more

Summary: Adminstudio Keeps Prompting for Activation Even After Activation Code was Entered.   Description: When activating, make sure the Activation Code for your Product matches the Version of the Product. Even if you have a perpetual license for Adminstudio 2019, it does not translate to a license for Adminstudio 2020. ... View more