Some big things are happening with Software Vulnerability Manager. We are both working to improve the admin console with an updated user interface while also working to eliminate the need for ActiveX to perform certain actions. A big effort, we are intending to iterate with continual improvements and enhancements with an eye on making the transition as smooth as possible.  Here’s what to expect: New User Interface A new user interface is coming along nicely and is currently scheduled to be generally available in October. We’d love to show it to you and get feedback sooner, so please reach out to schedule a session if you are interested! The new user interface is designed to work on all modern browsers and does away with the need for Internet Explorer and its ActiveX support. However, to do so means removing certain features from the admin console and supporting them instead in our SVM Patch Publisher tool.   Introducing SVM Patch Publisher The Patch Daemon is taking on enough new responsibilities that we’ve decided to rebrand it as the SVM Patch Publisher. With an eye on backward compatibility, the transition should be pretty seamless but there are some early improvements to highlight and more planned in the months ahead. The first thing you’ll notice is a completely revamped user interface. With the SVM Patch Publisher, you can specify connections to multiple distribution platforms and instances. For example, you could add a connection to both WSUS and Intune whereas previously such would have required two running instances of the Patch Daemon. When creating a connection, you can provide your own name and that name will appear in the web admin console as an option when publishing a patch.   Later this year we are planning to provide the ability to create and edit patches within the SVM Patch Publisher. Until then this and other ActiveX dependent functionality will continue to require the older admin console running Internet Explorer as has long been required. We will continue to focus on improving the SVM Patch Publisher by adding additional functionality with the goal of eliminating the need for ActiveX so we can fully retire the older admin console user interface entirely. Note: Microsoft support for ActiveX remains via the Edge browser’s IE Mode feature. On-Prem Customers We will be supporting the new user interface and SVM Patch Publisher for not just cloud customers but for our on-premises customers as well. As usual, we will release updates for on-prem following our cloud release. For now, on-prem customers must continue using the existing Patch Daemon but plan to update on-prem to support it in December. During this transition period, we’ll be offering two SVM Toolkit downloads for on-prem and cloud to reduce any confusion over which should be used. Flexera Software Vulnerability Manager Cloud Toolkit – this installer provides offline utilities such as the Multi-partition Reporting Tool, WSUS Management Tool, and Client Data Tool which are provided as helpful tools to add value to your SVM investment. Flexera Software Vulnerability Manager On-prem Toolkit – this installer provides everything above as well as the Patch Daemon.   Software Vulnerability Manager Patch Publisher – for cloud customers only, we are providing the SVM Patch Publisher as a stand-alone installer. Note: Once on-prem supports the SVM Patch Publisher, we’ll drop the “On Prem” download for the SVM Toolkit and will again offer a single download for the Toolkit (and another for SVM Publisher). Other updates include Windows environment variable support for scan paths and a new setting to control Java assessment. For details, please see Release Notes  ... View more

Welcome to our monthly vulnerability insights by Flexera. This comprehensive, monthly review is based upon data from the Secunia Research Team at Flexera who produces valuable advisories leveraged by users of Flexera’s Software Vulnerability Research and Software Vulnerability Manager solutions. The Secunia Research team is comprised of several security specialists who methodically test, verify, and validate disclosed vulnerabilities from hundreds of sources. Since the founding of the Secunia Research team in 2002, it has been our goal to provide the most accurate and reliable source of vulnerability intelligence. Please find the report attached below. ... View more

For our on-prem customers, a new update is now available. Most of this was originally called out as updates to our cloud update in June, but is now available to on-prem customers by downloading the latest version installation package, or virtual appliance.    Historical Trend Reporting We are now shipping a utility within the SVM Toolkit that can collect data from your SVM account into a local SQL database. Such will allow you to store as much historical data as you wish, for as long as you wish. To help capitalize on this data, we are also providing PowerBI templates to help explore this data so you can better analyze longer term details of your vulnerability status. We intend to improve upon this with your feedback, so please come to the community Forums or Ideas to share your thoughts!   After installing the SVM Toolkit, you’ll find the provided PowerBI templates at "C:\Program Files\Flexera Software\Client Toolkit\Client Data\Report Templates\Power BI\" Click here to read an article which provides more details along with a video on how to take advantage of this new capability.   Intune Integration Improvements We have enhanced our Intune integration to allow group assignment within the SVM Patch Daemon.     More Updates to this newly released version of SVM on-prem include, As previously announced, we are correcting a problem with the EOL status reported when assessing older Microsoft products. We are working to prioritize an update for SVM on-prem to address this as well. Some customers were experiencing problems with report generation. This has been resolved and we are now proactively monitoring for report failures to respond more quickly in the future. Additional back-end improvements are underway in an effort to further improve performance of smart group processing. Other bugs and fixes (see release notes for details) ... View more

A common question that is seen among the IT Operations and Security teams is – "How am I doing with the security vulnerabilities in my environment?" or put differently, "what is the trend of vulnerable applications and/or devices in my environment? Is it going upwards or downwards? Am I getting better at addressing software vulnerabilities?" We have heard interest in being able to answer questions like these customers, who were very keen in having a capability to build their own trend reports beyond the reports available in SVM. To help address this need, we have made some improvements to the APIs that gather such data and are leveraging these using the tool described as part of the SVM Client Toolkit. This new tool was released as part of our June 2021 update of SVM. Upon installing the new version of SVM Client Toolkit, a shortcut will be created on the desktop which allows you to pull data from SVM and store it on your local SQL server. It provides an option to establish a connection to a local SQL Server and to SVM. These steps are shown in an attached video, but the steps are pretty straight forward: When connecting to a SQL Server for the first time, select the option to create a database. The tool will create a database on the SQL Server with the required schema to store data from SVM. Upon successful connection to SQL Server and creating a database, click ‘Sync Data’ to collect SVM data for this point in time The first time you do so, the sync may take few minutes, depending on how many hosts and applications you may have in your environment. You may then choose to schedule future data syncs. To support this, the tool supports a command line switch that may be leveraged along with the Windows Task Sequencer to automatically run all the future data syncs at your desired frequency. We also provide four Power BI templates for trend reporting as a strong starting point, which you may choose to customize to your specific needs. With PowerBI Desktop installed, you may import the provided templates and change the database connection to your local database where you synced SVM data. The four provided Power BI templates represent the following sample trend reports: Applications by Criticality: Displays the trend representing the unique number of applications by their criticality (Extreme Critical, Highly Critical, Moderately Critical, Less Critical and Not Critical) . Applications by Status: Displays the trend representing the  unique number of applications by their status (Secure, Insecure and End of Life). Devices by Criticality: Displays the trend representing the unique number of devices by their criticality. If a vulnerable application is found on a device, then the device will be categorized under that application’s criticality level, for example if an Extremely Critical application is found on a device, then that device will be categorized as Extremely Critical. Devices by System Score: Displays the trend representing unique devices by their system score. System Score represents the percentage of secure vs insecure applications on a device. In this report we have color-coded the values to show red is for system score less than 80%, yellow for system score between 80% and 95%, and green for system score above 95%. Each report has a line graph on the left showing the trend and a detailed tabular report on the right. For instance: in the Applications by Criticality report, the line graph on the left shows the trend of of unique applications by their criticality across years, months, weeks, and days and the detailed report on the right shows a table with the list of all the applications. Therefore, by way of example, if Adobe AIR 3.x appears as an Extremely Critical application 4 times each in Q1, Q2 and Q4 and 5 times in Q3 for the year 2020, this would be a total of 17 occurrences for the year 2020. In the line graph Adobe AIR 3.x will be counted only once (unique) for year 2020. Similarly, it will be counted only once for each of the four quarters at the quarter level. The detailed report in the table shows all the 17 occurrences along with the quarter, week, and day on which this app was found in a scan. If you’d like to work with such data outside of PowerBI, the tabular report can be exported into an excel document if you wish you see each occurrence of an application and build your own report there.  Attached here is a video demonstrates how to use the new tool to connect to SVM and a SQL Server and pull data from SVM into SQL Server database. The video also shows how to import the in-built Power BI templates and generate a trend report. This is a starting point, and one that we intend to enhance with your feedback. Based on your input, we can extend our APIs to collect additional data and this tool to make use of them. Please leverage our Ideas portal to make specific requests for data and when possible state the purpose of the report and how you intend to action it.  ... View more