Article ID: 955123 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
An update is available for Microsoft e-Gap Appliance 3.6 and for Microsoft Intelligent Application Gateway (IAG) 2007 (version 3.7). The update functionality is the same for e-Gap Appliance 3.6 and for Intelligent Application Gateway 2007. However, this update is released in the following two kits.
Collapse this tableExpand this table
Fixes and improvements that are included in this update
An IAG Detection Center feature is added that supports WMI detectionThis update introduces a Detection Center feature that enables Windows Management Instrumentation (WMI) detection on client computers. After you apply this update, IAG can detect client security applications by using the WMI interface in addition to the existing detection mechanism. This feature makes the following changes:
A registry entry is added to control the maximum size of a downloadable fileThe maximum size of a downloadable file is currently hardcoded to 10 megabytes. After you apply this hotfix, you can use a registry entry to set the maximum size of a downloadable file. For more information, see the "Registry information" section.
Fixes for SharePoint applicationsAfter you apply this update, you can use the following new features:
Support for additional applicationsAfter you apply this update, IAG supports the following third-party products:
Update informationA supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that this article describes. Apply it only to systems that are experiencing this specific problem.
To resolve this problem, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
PrerequisitesTo apply this update for e-Gap Appliance 3.6, you must have e-Gap Appliance 3.6 Service Pack 1 (version 3.6.1) installed on the computer.
To apply this update for Intelligent Application Gateway 2007, you must have Intelligent Application Gateway 2007 Service Pack 1 (version 3.7.1) installed on the computer.
Restart requirementYou do not have to restart the computer after you apply this update.
Update replacement informationThis update is cumulative. It replaces the following updates that were released for e-Gap Appliance 3.6 and for IAG 2007:
Known issues in this update
Known issues in previous updates
Registry informationImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756To configure the maximum size of downloadable files, follow these steps:
(https://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
MaxBodyBufferSizeregistry entry. If the value is too large, the system is likely to run out of memory.
Detection Center overviewWhen IAG client components are installed and enabled, Detection Center extends the existing IAG client detection capabilities by adding a WMI detection mechanism. For certain operating systems, Detection Center can retrieve all data that is stored in the WMI Security store.
On Windows XP Service Pack 2-based client computers, Detection Center can detect the antivirus applications and personal firewall applications that are installed on the system. On Windows Vista-based computers, Detection Center can also detect antispyware programs that are installed. This is because of the new WMI functionality that is introduced in Windows Vista. Future versions of Detection Center may detect additional applications or services.
The data that is collected from the WMI store, together with other data that is collected by the Endpoint Detection client component, is reported back to IAG. On the server that hosts IAG, IAG processes this data, and then it calculates the detection results. Then, the IAG policy engine checks for policy compliance against the detection results. During this process, users do not experience any changes in the existing policy enforcement behavior. Additionally, in the Policy Editor, an administrator will not notice significant changes when they are creating or managing policies. Administrators will notice only that some WMI detection-specific expressions were added. Administrators who use the Advanced Policy Editor may notice several new detection strings and some modifications to some default policies.
The following are the details about Detection Center.
The detection script
The policy template
The policy definitionThe policy definition file is updated to accommodate changes in the Policy Editor user interfaces if you add or edit a policy by using the Policy Editor instead of the Advanced Policy Editor. A list entry is added for the following expressions:
Note The Version field of the expressions is irrelevant. The Last Updated field of the Any WMI Anti-Virus entry contains an UptoDate value. If the UptoDate value is removed from the Last Updated field, the "Up To Date" WMI parameter is removed from the evaluation policy.
Translation from WMI variables to IAG legacy variablesWhen the client variables are sent to IAG, the WMI detection variables are translated into detection variables that are recognized by IAG. The translation process is performed by translation rules. In this process, all known vendors, versions, and editions that are retrieved from WMI are translated into detection variables that are recognized by IAG. For each retrieved WMI security variable, a WMI_NAME field is parsed to find matching text according to predefined translation rules. Currently, the most popular manufacturers and editions are translated by the built-in rules. You can easily expand the translation rules by adding new rules in the WmiTranslate.inc file in the following folder:
e-Gap\von\InternalSite\incNote The e-Gap placeholder represents the folder in which IAG or e-Gap Appliance is installed.
The System Information windowThe System Information window is updated. Green text that reads Up to Date appears next to the existing Update: Date/Time text if the following conditions are true:
If a product is detected by WMI and if no translation exists, no Update: Date/Time text is displayed. However, the Up to Date text is still displayed if the product is up to date.
For more information about previous updates that were released for e-Gap Appliance 3.6 and for IAG 2007, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/948280/ )Description of Update 1 for e-Gap Appliance 3.6 and for Microsoft Intelligent Application Gateway 2007
(https://support.microsoft.com/kb/953442/ )Availability of Update 2 for e-Gap 3.6.1 and Update 2 for IAG 2007
(https://support.microsoft.com/kb/953623/ )Update 3 is available for Intelligent Application Gateway 2007 Service Pack 1
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/824684/LN/ )Description of the standard terminology that is used to describe Microsoft software updates