Altiris ITMS 8.7 released

Release 8.7 of Broadcom’s IT Management Suite (ITMS 8.7) was released at the end of February 2023. The release can be installed immediately via the Symantec Installation Manager (SIM).
We are happy to support you in updating to the new version, please contact us.

This release introduces the following new features:

New Symantec Management Platform Features

Modern Device Management – WindowsThis release introduces Modern Device Management (MDM) for Windows. This feature leverages capabilities built into the operating system to manage end user machines without the need to install an agent on each client. In this initial release, ITMS leverages MDM on Window 10 and 11 devices for device enrollment, the distribution of profiles containing system configuration elements, applications to be installed, and the ability to perform actions such as shutdown, restart, lock of even erase on MDM-managed devices.
For more information, see Setting up MDM for Windows.
MacOS patchingMacOS updates can be installed using MDM functionality. For more information, see Setting up MDM for macOS.

Discontinued support

ITMS has discontinued support for the following:
• Notification Server Support for Windows Server 2012/R2
• Support for SQL Server 2012
• Support for Linux Package Servers
• Support for x86 Linux (ULM, DS, Patch)
New Database SupportSQL Server 2022

New Symantec Management Agent Features

Symantec Management Agent now collects new Inventory information for endpoints joined to the Azure Active DirectoryA managed service provider who uses ITMS to manage devices from multiple customers that use Azure Active Directory can usea Basic Inventory to collect the Azure AD Tenant ID. This inventory lets the provider use an automation policy to quickly and easily assign the devices from each customer to a separate Altiris organizational group.
Basic InventoryBasic Inventory – Delta data files reduce the amount of data transmitted to the Notification Server when change in connection type (CEM/non-CEM), local IP address or network adapter (physical adapter/VPN)
Administrators can upgrade all installed plug-ins as part of the Symantec Management Agent upgrade process.The Upgrade Symantec Management Agent plug-ins option automatically upgrades all plug-ins found on a client (including Site Servers plug-ins) without waiting for a specific plug-in upgrade policy.
For more Information, consult the Release Notes directly.
Administrators can define the default set of plug-ins to install on client with “push” or “pull” installation.Adminstrators can define the default set of plug-ins to install on a client with a Symantec Management Agent without waiting of a specific plug-in installation policy to appear on a client. For more Information, consult the Release Notes directly.

Administrators can standardize the set of plug-ins installed on clients with a unified policy.
The new Unified Windows Agent Plug-in Rollout Policy can help  standardize the default set of plug-ins installed on clients.
For more Information, consult the Release Notes directly.
New OS SupportThe following operating systems are now supported for the installation of the Symantec Management Agent and solution plug-ins:
• macOS 13 (Ventura)
• Windows 10 22H2
• Windows 11 22H2
• Red Hat Enterprise Linux 8.6
• Red Hat Enterprise Linux 8.7
• Red Hat Enterprise Linux 9
• Red Hat Enterprise Linux 9.1
• Oracle Linux 8.6
• Oracle Linux 8.7
• Oracle Linux 9.0
• Oracle Linux 9.1
• SUSE Linux Enterprise 15 SP4
• WinPE 11 22H2
• Windows 10 and 11 Internet of Things (IOT)

Note: The links to the corresponding support statements can be found directly in the Release Notes.
New Hypervisor supportESXi 7.0

New Symantec Management Console Features

Organizational Views Filtering

You can now use filter Organizational Views in the Symantec Management Console to only show particular users, computers, or printers, helping to more-easily locate these them.
Filter Expression Values in Report Builder
You can now filter the list of Values when adding a filter expression to a custom report in the Report Builder, helping to more-easily find the required Value.

New Patch Management Solution Features

Compliance by CVE ID Limited to CISA Known Exploit List

Starting from ITMS 8.7, the CVE ID details page in the Resource Manager now contains a CISA known exploited vulnerability field to indicate whether a corresponding CVE ID is included in the CISA Known Exploit List.
The Windows Compliance by CVE ID (CISA) report displays compliance only with respect to CVE IDs associated with vulnerabilities on the CISA (U.S. Cybersecurity and Infrastructure Security Agency) Known Exploit List.
This report is not limited by a specific year. This report displays all vulnerabilities from the CISA Known Exploit List identified in the end user’s environment, along with information regarding their remediation status.
For more Information, consult the Release Notes directly.

New Software Management Features

An administrator can define the amount of time end users may defer the software installation.

An administrator can help ensure that software does not get automatically installed before end users can save their work by defining the amount of time end users may defer the software installation.
To do so, select a Managed Software Delivery policy, and then select the Run tab of the Advanced Options dialog. The administrator specifies the number of days, hours, and minutes that the installation can be deferred.

The software Inventory scan does not automatically gather .dll files.
The Full or Delta Software inventory scan does not, by default, gather information about .dll files using either Inventory scan policies or the Gather Inventory task. The main advantage of this change is that the scan excludes unneeded binary types from the software scan.For more information, see the Collects the software data item in the Tasks that Software Discovery Performs table in the Configuring the Software Discovery Policy topic
For more information, see the Inventory of file properties table item in the Methods for Gathering Software Inventory topic.
To gather all .dll files from either a Delta or Full software inventory scan, the administrator must add the SMFSoftwareScanFilesExeOnly core setting, and then set it to False.
To add the SMFSoftwareScanFilesExeOnly core setting, follow these steps:
1. In the Symantec Management Console, select Settings > Notification Server > Core Settings to display the Core Settings Console.
2. Select the [+] Add button to display the Add new Core Setting dialog.
3. In the Name field, enter SMFSoftwareScanFilesExeOnly, and then set the Value to False.
4. Select OK to confirm and exit this dialog.

Create conditional execution of tasks included in Managed Software Delivery policies

An administrator can create Managed Software Delivery policies that only execute tasks associated with an included software component, if the specified condition is satisfied.
For example, an admin could execute a script to clean up the Temp directory on computers before installing an application, but only execute that script if the application is not installed.
For more Information, consult the Release Notes directly.

New Automatically update related policies on software supersedence change option

f you enable the Automatically update related policies on software supersedence change option in the Global Managed Delivery Settings policy, then any supersedence changes between the software in an existing managed delivery policy automatically applies, and you do not need to manually re-save every Managed Delivery policy.
If you do NOT enable this option in the Global Managed Delivery Settings policy, and the supersedence for software changes, then the user can see the changes by selecting the Details link to display an informational dialog.
Further information and links on this topic can be optained directly from the Release Notes.

New Deployment Solution Features

You can now install and upgrade plug-ins using Deployment Solution tasksYou can now install or upgrade plug-ins to the Symantec Management Agent as part of the provisioning process using the Deployment Solution’s Deploy Image and Restore Backup Image tasks, as well as the SOI task (Install Windows OS, formerly known as the Scripted OS Install task).
DS Plug-in and SMA do not need to be part of an imageAdministrators can install the Deployment Solution plug-in and Symantec Management Agent as part of a deployment, and do not need to be a part of an image anymore.

New cloning options

New Shallow clone option allows administrators to reference existing Initial deployment jobs and tasks instead of cloning them when cloning the Initial Deployment policy.
A new option to create empty Initial Deployment settings was also introduced.

Release Notes and User Guides

The release notes and other useful documents for Altiris can be conveniently found at:

Altiris links & downloads

As with all updates, there are a few things to consider, especially if you are running multiple clients and servers. We have profound experience in this area and would be happy to advise you on updating to the latest version. Feel free to contact us.