Myrja.Schumacher

Official release of Snow Inventory Agent for Windows 6.1.0

Blog Post created by Myrja.Schumacher Employee on Mar 14, 2019

Released on March 14, 2019

Release information

Product:                 Snow Inventory Agent for Windows
New version:          6.1.0
Release date:         March 14, 2019
Distribution:           SUS package
Current status:      Released
 

Updated technical documentation 

Updated technical documents in this release is: 

 

Features 

Browser extension for Microsoft Edge

Web-application metering for Microsoft Edge is now supported. When cloud-application metering is enabled in Snow Inventory Admin Console, the Windows agent monitors SaaS applications accessed through Microsoft Edge via a browser extension installed on the target machine. The agent gathers metering data for SaaS applications running in Microsoft Edge, as well as the name of the browser. This data is packed together with the normal inventory scan of the target machine and sent to Snow Inventory Server for storage and processing.

 

Enhancements 

Security hardening through compilation options

The agent has been security hardened through the application of Windows compilation flags that enable additional protection against buffer overflow and memory corruption

 

Reduced memory usage for web metering rules

Cloud metering rules created by Snow’s Data Intelligence Service enable web traffic data (URLs) gathered by a browser extension to be recognized as use of a SaaS application. Snow constantly creates new rules to expand the intelligence of the data extracted by the browser extension. The agent regularly downloads updates and stores them in a web-metering-rules file on the target machine. However, as the number of rules increases, the agent's memory requirements to process this information rises in a linear fashion. To limit agent memory usage, additional intelligence has been added to the way the agent stores and processes cloud metering rules. For example, only recentlyused rules are stored, faster lookup based on domains has replaced regular-expression matching, and the loading of web-metering files happens later in the process to prevent service timeouts when the agent starts.

 

Enhanced script-tampering protection

PowerShell scripts run by the agent are encrypted by default. To provide an additional layer of protection, the Windows agent can now run PowerShell scripts that are encrypted locally with a custom key.

 

Diagnostics enabler for cloud application metering

To provide cloud-application discovery-and-metering, Snow agents rely on browser extensions installed on the target machine. These extensions extract usage data for SaaS applications and information about the source web browser. Snow currently provides browser extensions for Google Chrome, Mozilla Firefox, Microsoft Internet Explorer 11, and now with this version of the Windows agent, Microsoft Edge. The source web browser name is used by Snow Inventory Server for diagnostic purposes. To, for example, assess whether extensions and software recognition rules for the different browsers are functioning correctly.

 

Hardening of dll search path.

Automated checks have been added to prevent the agent from sideloading dll files stored in shared file locations. The agent is now hardened against executing potentially harmful code in dll files that may arise if shared folders are not sifficiently protected by system-level access control.

 

Corrections 

  • When no value is set for encryption path in snowagent.config the default value now points to the correct folder.
  • Issues related to invalid metering data collected from computers that are locked at midnight or locked when the agent runs the scheduled scan have been resolved, ensuring that all data collected by the agent is processed. 
  • Logging of registry entry errors arising due to the 32-bit version of the agent looking in the 64-bit registry for install/uninstall data have been corrected. The agent now searches the correct registry based on its architecture.
  • Product keys for Windows 8 and higher are now correctly extracted from the target machine.
  • The number of monitors connected to a machine and their resolution is now correctly reported in inventory scans.

Outcomes