IT Security Search 11.4.1 - Release Notes

If you use a function in your search query but omit the closing parenthesis, you get an unclear "Unrecognized expression" error message.

On the Details page for any file, clicking the "Who has direct or indirect access permissions on this folder" action link in the left pane may cause an error.

A saved search doesn't work if its query contains an ampersand (&).

When you click a file or folder item to view its details, the details page takes a long time to open.

When you run searches on data provided by Enterprise Reporter, you get the following error message:

Ambiguous column name 'WhenCreated'.

This is caused by changes in the Enterprise Reporter database schema in version 3.2.1.

IT Security Search uses an unreliable account impersonation method for connection to SQL Server. As a result, the connection uses the computer account of the IT Security Search server, and this fails with an error like the following:

System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'domain_name\itss_server_name$'.

If the network link used by any of the enabled IT Security Search connectors is slow, then it takes a long time to show the details pages for items and may make the application unresponsive indefinitely. This happens even where no data from that connector is actually used.

If an IT Security Search operator's scope is limited by a query that contains the name of a specific field (for example, Source="Active Roles"), then that operator may not be able to view details pages when clicking the links in search results.

If the data store for the Warehouse component is in a network share that is not hosted on the IT Security Search server, then Active Roles events can be absent from search results.

Indexing of effective group membership data from Enterprise Reporter is slow and causes the "tempdb" database to exceed its size limit.

Indexing fails during calculation of group membership data from Enterprise Reporter if there is circular membership among the groups (meaning that groups are their own members through membership in other groups).

In InTrust connector settings, if you select a repository but then click Cancel, the repository is still there the next time you reopen the settings.

In some cases the Warehouse connector can produce huge error messages.

In some cases, if you pin an object type as a tab and the object type name is not all-lowercase, then you get duplicate tabs for it: one has your original spelling and the other is all-lowercase.

Sometimes if you copy a value from the search grid, garbage can be appended to the copied string.

For computer local users, "null" is shown on the Member Of tab.

For some types of object (particularly, objects that reference other objects through attributes), when you click the VIew Details link, you get the details for the wrong object.

If you expand or collapse the contents of a facet while a search is in progress, you may get an incomplete list of results.

The Warehouse store index may become corrupted if the Warehouse service is stopped while the index is being built.

If you use negative expressions in Warehouse searches, you may get incorrect search results for Enterprise Reporter data.

The web UI doesn't get dates from the IT Security Search server in a consistent format. It isn't always clear which number is the month and which is the day.

The details view for an Active Directory account shows the Last Logon field with a timestamp taken from Active Directory. However, it's possible that there are more recent logons by the account. Information about the last logons should be available in the events view instead of the details view.

When you try to click a facet to filter results, it can suddenly move away from the cursor.

If you use the Warehouse connector for working with Enterprise Reporter data in an environment with a large number of Active Directory objects, then data for container objects with a lot of members may fail to be saved in the Warehouse store.

Internet Explorer becomes unresponsive when IT Security Search shows a modal dialog box on top of the browser windows. You can work around this by minimizing all windows and clicking the close button in the modal window; Internet Explorer resumes working.

After an IT Security Search upgrade, the layout of the controls in the web interface can appear broken (missing blocks of data, misplaced elements and so on). You can correct this by refreshing the page, preferably with a cache cleanup (Ctrl+F5).

During the IT Security Search Warehouse installation step of IT Security Search setup, an unused service connection point is created in Active Directory. This operation is skipped if the user account used for installation doesn't have the required privileges. Whether or not the service connection point is created, this has no effect on the installation or operation of IT Security Search.

If you are upgrading IT Security Search from version 11.3 or later and you use data sending from Enterprise Reporter 3.0, you may need to go to Enterprise Reporter Configuration Manager and resend all data to IT Security Search. Otherwise, no pre-upgrade Enterprise Reporter data will be available to IT Security Search.

Search results from InTrust repositories and IT Security Search Warehouse may be incomplete. Eligible objects will be skipped if their names contain any of the following characters:

. @ "

This issue affects the following:

• Searches for InTrust-provided events
• Searches for data stored in IT Security Search Warehouse (Enterprise Reporter data and Active Roles events)
• Results from the Test query link in operator scope options (on the IT Security Search Settings page, on the Security tab)