Windows 6.1 Kb3033929 X64

DPS MANAGEMENT SERVER

1. Windows 6.1 Kb3033929 X64 Iso
2. Windows 6.1 Kb3033929 X64 Activator

DPS MANAGEMENT SERVER UPGRADE

Windows6.1-KB2670838-x64 -x86 软件简介 软件截图 相关版本 猜你喜欢 精品推荐 用户评论 windows6.1-kb3033929补丁 是一款系统升级补丁，Windows6.1的意思即NT6.1，是Win7的核心开发代号，到了后期版本对于某些工具的支持会不足，需要此插件进行更新，快下载安装吧！. Security Update for Windows 7 for x64-based Systems (KB3033929) A security issue has been identified in a Microsoft software product that could affect your system. Windows6.1-KB3033929-x64.msu مسئولیت فایل آپلود شده بر عهده‌ی کاربر آپلودکننده می‌باشد، لطفا در صورتی که این فایل را ناقض قوانین می‌دانید به ما گزارش دهید. Operating System: Updates Replaced Windows 7 for 32-bit Systems Service Pack 1 (3033929) (1). 3035131 in MS15-025. Windows 7 for x64-based Systems Service Pack 1 (3033929) (1). 3035131 in MS15-025. Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3033929) (1). 3035131 in MS15-025. Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3033929) (1).

Upgrading the DPS Management Server

Before upgrading the Management Server always backup the following folders and files:

• SQL database
• System backup: Management Console > Tools > Administration > Maintenance
• Server snapshot if it is a VM
• DBInfo.xml: %Program Files% > Safend > Safend Protector > Management Server >Bin

Note: before backing up or upgrading the management server, read the System Requirements document for the version you are upgrading to.

Management Server Version Upgrade

The server is upgraded in an incremental process. For example, to upgrade to DPS 3.3 SP1-SP71 do the following:

1. Upgrade to DPS 3.3 SP7.2
2. Upgrade to DPS 3.4.6 SP1
3. Upgrade to DPS 3.4.6
4. Upgrade to DPS 3.4.9
5. Upgrade to DPS 3.4.9 SP2

Upgrading 3.4.4 Agents

To upgrade 3.4.4 agents, run the following Safend hotfix which is available as part of the DPS installation tools: SafendSupport_HotFix_3.4SP4_KB00000482.exe

Upgrading 3.4.5 Agents and Higher

To upgrade 3.4.5 agents and higher, use the last agent generated by the management console.

For more information see the Safend Installation Guide in the DPS installation kit.

ERROR MESSAGESKB3033929 ERROR MESSAGE

Alsong mac. DATA PROTECTION AGENT REQUIRES THE KB3033929 TO BE INSTALLED ON YOUR WINDOWS 7 PLATFORM. PLEASE INSTALL IT AND TRY AGAIN

This error message is displayed if the KB3033929 or KB3125574 security updates for SHA-2 code signing support are not previously installed when installing the DPS agent 3.4.9 SP1/SP2 on a Windows 7 / Windows Server 2008 R2.

Procedure

1. To check if the KB3033929 or KB3125574 security update is installed open: Control Panel > Uninstall or Change a Program > View Installed Update.
   • When the security update is installed, run the following command: Msiexec /i [path to MSI file] DISABLE_KB3033929_VALIDATION =1
   • When the security update is not installed, download KB3033929 and save locally.
   • Extract and run the Windows 6.1-KB3033929-x64.msu file and follow the installation instructions.
2. Restart the machine and install the DPS Agent.

GENERALTIPS FOR SUPPORT

Requests for help can be made either directly from the Contact Support form on the Support page or by emailing the Support Desk.

When describing an issue give as much information as possible. The following information will be of significant help to the Safend Support Team:

1. Information about the system's environment, for example: server and machine OS, server and agent build and whether the server has been upgraded recently.
2. Safend server logs. For instructions on exporting server logs see below.
3. Safend agent logs, if the issue is related to a specific client machine. For instructions on exporting agent logs see below.
4. Screenshots of the reported issue taken from the server and the agent.
5. Any other relevant information.

What does se mean on a maytag microwave. Exporting Safend Server and Agent Logs

Program Files > Safend > Safend Data Protection > Management Server > bin

1. Run SDTInit.
2. Replicate the issue (if possible).
3. Run SDTCollect.

A ZIP file is generated and saved in ProgramData > Safend > SDT > Results > [date created]–Agent > ServerResults-[date created]-[time created].ZIP

RECOMMENDED AV EXCLUSIONS

The following recommended AV exclusions are required for the Safend Agent to function:

• File Formats: .SES and .SLG
• Folders: Program FilesSafend and Program FilesWave
• Files in SystemRootSystem32: Sinadin.dll (for 3.3 clients) and Sesami.dll
• Files in C:Program FilesSafendData Protection Agent: AgentPolicyFormatter.dll, SProtectorWMI.dll, SProtectorWMI.dll and SimonPro.exe
• Files in SystemRootsystem32drivers: diego.sys , santa.sys, scarlet.sys, sidney.sys, salvador.sys, sofy.sys, sahara.sys, shandy.sys, shlos.sys , sphinx.sys, spfdbus.sys, spfdbusi.sys and Spfdi.sys
• Processes: Hderecoveryutility.exe, Sami.exe, Secret.exe, Simba.exe, Simonpro.exe, Splinter.exe, sdpagent.exe (for 3.4 clients) and SDPExtractor.exe (for 3.4 clients)

SAFEND DATA PROTECTION AGENTMANUALLY REMOVING THE SAFEND PROTECTOR AGENT

To remove the Safend Data Protection Agent before emergency cleanup, uninstall it via Add/Remove Programs or manually. If Safend Encryptor is installed on a device, the Recovery process must be implemented after manually removing the Safend Data Protection Agent.

SAFEND 3.3 AND LOWER

Before manually uninstalling the agent: If the computer does not boot up, run the SPEC on the PE option from a matching version and then do the following:

1. Run the SPEC command from the command line or directly from WindowsSystem32.
2. Send the token to support@safend.com to receive the cleanup key.
3. In the Operating System page select Clean Current Operating System.
4. Enter the cleanup key and click Cleanup Now.
5. Complete the process and reboot the computer.

SAFEND 3.4 AND HIGHER

Windows 6.1 Kb3033929 X64 Iso

Do not run the SPEC command from the command line. Do the following to run the Support Assisted Uninstall (SAU) option:

1. Use either of the following commands to receive the client uninstall token:
   msiexec/i [Safend Agent MSI path and file] SAU=1 (for example: msiexec /i C:safendinstallDataProtectionAgent.en-US.msi SAU=1)
   OR
   Msiexec /i '[SAFEND CLIENT GUID]' SAU=1 /l*v c:1.txt
2. Send the token you receive to support@safend.com. Safend will send a cleanup key.
3. Run either of the following commands to remove the client installation:
   msiexec /x [Safend Agent MSI path and file] SAU=1 SAU_KEY=[Cleanup_Key] /l*v c:uninstallSafend.txt
   OR
   msiexec /x '[SAFEND CLIENT GUID]' SAU=1 SAU_KEY=[Cleanup_Key] /l*v c:uninstallSafend.txt
4. If the process fails, send the MSI log (c:uninstallSafend.txt) to support@safend.com for analysis.

SAFEND DATA PROTECTION SERVER

Windows 6.1 Kb3033929 X64 Activator

GENERATING A NEW SHA2 CERTIFICATE

A new SHA2 certificate is required for Windows Server 2008 (IIS 7 and above) after the Safend server name is modified and when an organization needs their own trusted certificate.

Procedure:

1. Download the Makecert.zip and copy the makecert.exe to Windows / System32.
2. Run the following command:
   MakeCert -r -pe -n 'CN=FQDN' -b mm/dd/yyyy -e 07/07/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky Exchange -sp 'Microsoft RSA SChannel Cryptographic Provider' -sy 12 -a SHA256 -len 2048
3. Replace the MM/DD/YYYY with today's date in the same format.
4. Right click My computer and select Manage > Roles > Web Server (IIS) > Internet Information Service (IIS) Manager.
5. In IIS Snap-In in the Safend Data Protection Suite Web Site field right click and select:
   Edit Bindings > Site Bindings > https port 4443 > Edit > SSL Certificate field > New Certificate Name > View > Cancel and Close.
6. Return to IIS Snap-In in the ServerName field and remove the Safend Data Protection Suite Web Site's old certificate.
7. Return to In the IIS Snap-In in Sites > Safend Data Protection Suite WS, right click and select Edit Bindings > Site Bindings > https port 443 > Edit > new server name certificate > OK.
8. Return to IIS Snap-In > Web Sites > Safend Protector Web Site WS, and repeat the above.
9. Do the following:

• Safend Protector Server Version 3.2 – restart the Safend Broadcast Service.
• Safend Protector Server Version 3.3 or above – restart the Safend Local Service and wait for the Domain Service to start. Run the command: iisreset > Login to the Console and then republish your policies.

Note: Both websites now share the same certificate unlike during initialization where two certificates are used.

-->

Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2

Published: March 10, 2015

Version: 1.0

General Information

Executive Summary

Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some customers experienced after installation. As with the original release, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems. This update is not available for Windows Server 2003, Windows Vista, or Windows Server 2008.

GENERATING A NEW SHA2 CERTIFICATE

A new SHA2 certificate is required for Windows Server 2008 (IIS 7 and above) after the Safend server name is modified and when an organization needs their own trusted certificate.

Procedure:

1. Download the Makecert.zip and copy the makecert.exe to Windows / System32.
2. Run the following command:
   MakeCert -r -pe -n 'CN=FQDN' -b mm/dd/yyyy -e 07/07/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky Exchange -sp 'Microsoft RSA SChannel Cryptographic Provider' -sy 12 -a SHA256 -len 2048
3. Replace the MM/DD/YYYY with today's date in the same format.
4. Right click My computer and select Manage > Roles > Web Server (IIS) > Internet Information Service (IIS) Manager.
5. In IIS Snap-In in the Safend Data Protection Suite Web Site field right click and select:
   Edit Bindings > Site Bindings > https port 4443 > Edit > SSL Certificate field > New Certificate Name > View > Cancel and Close.
6. Return to IIS Snap-In in the ServerName field and remove the Safend Data Protection Suite Web Site's old certificate.
7. Return to In the IIS Snap-In in Sites > Safend Data Protection Suite WS, right click and select Edit Bindings > Site Bindings > https port 443 > Edit > new server name certificate > OK.
8. Return to IIS Snap-In > Web Sites > Safend Protector Web Site WS, and repeat the above.
9. Do the following:

• Safend Protector Server Version 3.2 – restart the Safend Broadcast Service.
• Safend Protector Server Version 3.3 or above – restart the Safend Local Service and wait for the Domain Service to start. Run the command: iisreset > Login to the Console and then republish your policies.

Note: Both websites now share the same certificate unlike during initialization where two certificates are used.

-->

Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2

Published: March 10, 2015

Version: 1.0

General Information

Executive Summary

Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some customers experienced after installation. As with the original release, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems. This update is not available for Windows Server 2003, Windows Vista, or Windows Server 2008.

Recommendation. Customers who have automatic updating enabled and configured to check online for updates from Microsoft Update typically will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For customers who install updates manually (including customers who have not enabled automatic updating), Microsoft recommends applying the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service. The updates are also available via the download links in the Affected Software table in this advisory.

Advisory Details

Issue References

For more information about this issue, see the following references:

References	Identification
Microsoft Knowledge Base Article	3033929 (supersedes 2949927)

Affected Software ----------------- This advisory discusses the following software.

Operating System	Updates Replaced
Windows 7 for 32-bit Systems Service Pack 1 (3033929)(1)	3035131 in MS15-025
Windows 7 for x64-based Systems Service Pack 1 (3033929)(1)	3035131 in MS15-025
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3033929)(1)	3035131 in MS15-025
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3033929)(1)	3035131 in MS15-025
Server Core installation option	3035131 in MS15-025
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3033929)(1)	3035131 in MS15-025

^[1]The 3033929 update has affected binaries in common with the 3035131 update being released simultaneously via [MS15-025](http://go.microsoft.com/fwlink/?linkid=526462). Customers who download and install updates manually and who are planning to install both updates should install the 3035131 update before installing the 3033929 update. See the Advisory FAQ for more information. Advisory FAQ ------------ **What is the scope of the advisory?** The purpose of this advisory is to inform customers of an update that adds functionality for the SHA-2 hashing algorithm to all supported editions of Windows 7 and Windows Server 2008 R2. **Is this a security vulnerability that requires Microsoft to issue a security update? ** No. A signing mechanism alternative to SHA-1 has been available for some time, and the use of SHA-1 as a hashing algorithm for signing purposes has been discouraged and is no longer a best practice. Microsoft recommends using the SHA-2 hashing algorithm instead and is releasing this update to enable customers to migrate digital certificate keys to the more secure SHA-2 hashing algorithm. **What is the cause of the problem with the SHA-1 hashing algorithm? **The root cause of the problem is a known weakness of the SHA-1 hashing algorithm that exposes it to collision attacks. Such attacks could allow an attacker to generate additional certificates that have the same digital signature as an original. These issues are well understood and the use of SHA-1 certificates for specific purposes that require resistance against these attacks has been discouraged. At Microsoft, the Security Development Lifecycle has required Microsoft to no longer use the SHA-1 hashing algorithm as a default functionality in Microsoft software. For more information, see [Microsoft Security Advisory 2880823](https://technet.microsoft.com/security/advisory/2880823) and the Windows PKI blog entry, [SHA1 Deprecation Policy](http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx). **What does the update do?** The update adds SHA-2 hashing algorithm signing and verification support to affected operating systems, which includes the following: - Support for multiple signatures on [Cabinet files](http://msdn.microsoft.com/en-us/library/aa367841(v=vs.85).aspx) - Support for multiple signatures for [Windows PE files](http://msdn.microsoft.com/en-us/library/ms940812(v=winembedded.5).aspx) - UI changes that enable the viewing multiple digital signatures - The ability to verify RFC3161 timestamps to the Code Integrity component that verifies signatures in the kernel - Support for various APIs, including [CertIsStrongHashToSign](http://msdn.microsoft.com/en-us/library/windows/desktop/hh870260(v=vs.85).aspx), [CryptCATAdminAcquireContext2](http://msdn.microsoft.com/en-us/library/windows/desktop/aa379889(v=vs.85).aspx) and [CryptCATAdminCalcHashFromFileHandle2](http://msdn.microsoft.com/en-us/library/windows/desktop/hh968151(v=vs.85).aspx) **What is Secure Hash Algorithm (SHA-1)?** The Secure Hash Algorithm (SHA) was developed for use with the Digital Signature Algorithm (DSA) or the Digital Signature Standard (DSS) and generates a 160-bit hash value. SHA-1 has known weaknesses that exposes it to collision attacks. Such attacks could allow an attacker to generate additional certificates that have the same digital signature as an original. For more information about SHA-1, see [Hash and Signature Algorithms](http://msdn.microsoft.com/en-us/library/windows/desktop/aa382459(v=vs.85).aspx). **What is RFC3161?** RFC3161 defines the Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) describing the format of requests and responses to a Time Stamping Authority (TSA). The TSA is can be used to prove that a digital signature was generated during the validity period of a public key certificate, see [X.509 Public Key Infrastructure](http://www.ietf.org/rfc/rfc3161.txt). **What is a digital certificate?** In public key cryptography, one of the keys, known as the private key, must be kept secret. The other key, known as the public key, is intended to be shared with the world. However, there must be a way for the owner of the key to tell the world to whom the key belongs. Digital certificates provide a way to do this. A digital certificate is an electronic credential used to certify the online identities of individuals, organizations, and computers. Digital certificates contain a public key packaged together with information about it (who owns it, what it can be used for, when it expires, and so forth). For more information, see [Understanding Public Key Cryptography](http://technet.microsoft.com/library/aa998077) and [Digital Certificates](http://technet.microsoft.com/en-us/library/cc962029.aspx). **What is the purpose of a digital certificate?** Digital certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. Normally, there is no need to think about certificates at all, aside from the occasional message stating that a certificate is expired or invalid. In such cases, one should follow the instructions provided in the message. **How is this update (3033929) related to the 3035131 update discussed in MS15-025?** This update (3033929) shares affected binaries with the 3035131 update being released simultaneously via [MS15-025](http://go.microsoft.com/fwlink/?linkid=526462). This overlap necessitates that one update supersede the other and, in this case, advisory update 3033929 supersedes update 3035131. Customers with automatic updating enabled should experience no unusual installation behavior; both updates should install automatically and both should appear in the list of installed updates. However, for customers who download and install updates manually, the order in which the updates are installed will determine the observed behavior as follows: Scenario 1 (preferred): Customer first installs update 3035131 and then installs advisory update 3033929. Result: Both updates should install normally and both updates should appear in the list of installed updates. Scenario 2: Customer first installs advisory update 3033929 and then attempts to install update 3035131. Result: The installer notifies the user that the 3035131 update is already installed on the system; and the 3035131 update is NOT added to the list of installed updates. Suggested Actions ----------------- - **Apply the update for supported releases of Microsoft Windows** The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see [Microsoft Knowledge Base Article 294871](https://support.microsoft.com/kb/294871). For administrators and enterprise installations, or end users who want to install this security update manually (including customers who have not enabled automatic updating), Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the [Microsoft Update](http://go.microsoft.com/fwlink/?linkid=40747) service. The updates are also available via the download links in the **Affected Software** table in this advisory. ### Additional Suggested Actions - **Protect your PC** We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see [Microsoft Safety & Security Center](http://www.microsoft.com/security/default.aspx). - **Keep Microsoft Software Updated** Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit [Microsoft Update](http://go.microsoft.com/fwlink/?linkid=40747), scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed. Other Information ----------------- ### Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in [Microsoft Active Protections Program (MAPP) Partners](http://go.microsoft.com/fwlink/?linkid=215201). ### Feedback - You can provide feedback by completing the Microsoft Help and Support form, [Customer Service Contact Us](http://support.microsoft.com/kb/?scid=sw;en;1257&showpage=1&ws=technet&sd=tech). ### Support - Customers in the United States and Canada can receive technical support from [Security Support](http://go.microsoft.com/fwlink/?linkid=21131). For more information, see [Microsoft Help and Support](http://support.microsoft.com/). - International customers can receive support from their local Microsoft subsidiaries. For more information, see [International Support](http://go.microsoft.com/fwlink/?linkid=21155). - [Microsoft TechNet Security](http://go.microsoft.com/fwlink/?linkid=21132) provides additional information about security in Microsoft products. ### Disclaimer The information provided in this advisory is provided 'as is' without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. ### Revisions - V1.0 (March 10, 2015): Advisory published. *Page generated 2015-03-04 14:52Z-08:00.*