Introduction

to
Bit9 Parity v6.0
Document Version: 1.0
July 8, 2010

Bit9, Inc.
266 Second Ave, Waltham, MA 02451 USA
Tel: 617.393.7400 Fax: 617.393.7499
E-mail: support@bit9.com
Web: http://www.bit9.com

Bit9 Communications Audit and Assessment

Contents
Document Purpose ................................................................................................................... 2
Functional and User Interface Changes .................................................................................... 3
Updated Server and Agent Platform Support ...................................................................... 3
New Windows Registry Protection....................................................................................... 3
Enhanced Custom (Path/Directory) Rules ........................................................................... 3
Enhanced Workflows for Typical Tasks ................................................................................ 4
Enhanced Approval and Ban Management.......................................................................... 4
Changes to the Left Navigation Menu.................................................................................. 5
New Console User Preferences Page.................................................................................... 5
Home Page Enhancements................................................................................................... 5
Dashboard Enhancements.................................................................................................... 6
Live Inventory SDK: Database Views .................................................................................... 6
New Agent/Computer Management Features..................................................................... 7
Enhanced Agent-Server Communications Security .............................................................. 7
Additional Feature Changes ................................................................................................. 7
Bit9 Support and the Upgrade Process..................................................................................... 8

Document Purpose
This document provides a brief introduction to Parity version 6.0 for users upgrading from
previous versions. It describes major changes since v5.1.
This document is a supplement to the main Parity documentation on the Parity v6.0 CD (or
download). See the Using Parity guide for complete details about features.
The most current Operating Environment Guidelines for Parity v6.0 are provided in a separate
document available from Bit9 Support. Hardware and software requirements, as well as
upgrade installation instructions, also are documented in the Installing Parity guide.

Introduction to Bit9 Parity v6.0

Page 2

Functional and User Interface Changes

Updated Server and Agent Platform Support

Server platform changes: The 64-bit versions of Windows 2008 Server are supported for
Parity Server v6.0.
Agent platform changes: The 64-bit versions Windows 7, Windows 2008 Server, and
Vista are supported for Parity Agent v6.0. Windows 2000 systems are no longer
supported, and v6.0 agents will not install on them.
SQL Server platform changes: Parity installation no longer includes a SQL Server Express
option. Bit9 Technical Support can advise you on replacing it with your own licensed
copy of a supported SQL Server version before installing Parity Server v6.0.

New Windows Registry Protection

Bit9 Parity v6.0 includes support of Registry Rules that enable you to monitor and control
changes to the Windows Registry on any computer running a Parity Agent.
The definition of a rule includes the following attributes:

Path in the registry to monitor and/or control.

Action to take when the write operation is attempted. Supported actions include
Prompt (user can choose block or allow), Report, and Allow changes to Registry entries.
Process matching criteria, including Any Process, Any Promoted Process (e.g., Installer),
Specific Processes, and Any Process Except.
User or Group matching criteria, including Any User, Specific User and Well-Known User
Group (i.e. Local System, Local Administrators, Local Service, etc.).

Enhanced Custom (Path/Directory) Rules

Bit9 Parity v6.0 includes support of Custom Rules that enable you to monitor and control both
file writing and execution actions based on user-specified criteria. While similar to the Directory
Policies available in prior versions of Bit9 Parity, Custom Rules are far more powerful. Custom
Rules are on the Custom tab of the Software Rules page.
The rule types include the following:

File Integrity Control Monitor, and if you choose, prevent modifications to specified
folders or files.
Trusted Path - Define folders or files for which file execution is always allowed.
Execution Control - Control behavior when an attempt is made to execute a file
matching the rule.
File Creation Control - Control behavior when an attempt is made to write a file
matching the rule.
Performance Optimization - Specify folders or files to avoid tracking (execution will still
be monitored).
Advanced - Define custom behavior for controlling file execution, creation, and/or
tracking.

Introduction to Bit9 Parity v6.0

Page 3

When you select a rule type, the page displays only those fields necessary to complete definition
of that type. Depending upon the selected rule type, the definition of the rule may include any
or all of the following attributes:

Operation The operation (Write, Execute or both) you want to control.

Write Action The action to take when a write operation is attempted; supported
actions include Block, Approve, Prompt, Allow, Approve as Installer and Default.
Execute Action The action to take when an execute operation is attempted;
supported actions include Allow, Block, Default, Allow and Promote, and Prompt.
Path or File The path or file you want to monitor or control; you can use wildcards and
macros to include multiple paths or files.
Process Matching criteria include Any Process, Any Promoted Process (i.e. Installer),
Specific Processes, Any Process Except.
User or Group -- Matching criteria include Any User, Specific User or Well-Known User
Group (i.e. Local System, Local Administrators, Local Service, etc.)

Enhanced Workflows for Typical Tasks

Parity v6.0 includes user interface changes designed to streamline the workflow for certain
typical tasks. Among the key changes related to this are:

Action menu Actions that were on a variety of buttons spread across a Parity Console
page are now available on a single Action menu on many pages. The commands on this
menu vary by page, but include commands for approving or banning files, removing
bans or approvals, analyzing a file in Parity Knowledge and acknowledging a file.
Multi-selection checkboxes On many pages, actions that formerly could be applied
only to one item at a time can be applied to multiple items at once. These pages now
have checkboxes, and actions (such as those on the Action menu) apply to all visible
checked items.
Direct access to file actions from Events page The Events page now includes an Action
menu, and if an event description contains a file name or hash, you can act on that file
by checking the box on the Events page and choosing a command from the menu. For
example, if an event shows that a file was blocked and you want to approve the file, you
can check the box on the Events page and then Globally Approve from the Action menu.

Enhanced Approval and Ban Management

Parity v6.0 includes several features for improving management of explicitly approved or
banned files:

Combined approval and ban page The Files tab on the Software Rules page lists all
explicitly approved files as well as explicitly banned files. You can add approvals and
bans on this page, and you can remove one or more of them in a single operation.
Policy-based approvals You can create files approvals on a per-policy basis using the
Approve (Custom) command, which is available on pages listing files, and also by editing
an approval on the Software Rules page Files tab.
Marking a file as an installer when approved The Approve (Custom) command also
allows you to mark a file as an installer at the same time that you approve it.

Introduction to Bit9 Parity v6.0

Page 4

Changes to the Left Navigation Menu

The content of the Navigation bar has changed in v6.0:

A Dashboards link navigates to a new Dashboard Management Page.

Files and Computers links are now organized under Assets section.
The Policies section has been removed.
The Rules section includes management of policies, management of rules for software
approval and banning, registry protection, and USB device management.
The Software Rules link provides access to all of the options previously available on the
Software Approvals and Software Bans pages plus a new Custom tab that includes an
enhanced version of what were called "Directory Policies" in previous releases.
The Files tab in Software Rules includes both Approvals and Bans by file.
There is a new Preferences link that allows Parity Console users to change their
password and other preferences.
The Login Accounts link replaces the previous User Accounts link.
To better distinguish the Administrator role, Parity Console users with Power User
privileges no longer have access to the System Configuration pages.

New Console User Preferences Page

Preferences in the left navigation menu opens the new Preferences page, which provides the
following features:

Change Password Each Parity Console user can change their password. This is
especially useful for ReadOnly users, who cannot access the Login Accounts page.
Remember or dont remember page settings Each user can decide whether page
settings that is, the filters, columns, and other view parameters they choose on a page
are saved when they navigate away from a page (or logout) and come back to it.
Choose default starting page Each user can choose (from a menu) which Parity page
appears first upon login.

Home Page Enhancements

For Parity Server v6.0, the Home Page is a customizable Dashboard. In addition to key
capabilities from the previous Home page, the Home Page dashboard includes new portlets that
can assist in management of your deployment:

Top X Returns the most frequent occurrences of the most important events, including
Blocks By User, Blocks By Computer and Blocks by File.
Find Computer Provides quick search capability based on Computer Name, IP Address
or User Name.
Find Files or Events Provides ad hoc search capabilities based on any combination of
Computer, User and Filename over a specific time.
Change Policy Provides the ability to quickly change the policy of a selected computer.

You can save any dashboard as the default Home Page for new users, and you can revert to the
default from a modified Home Page, if you choose.

Introduction to Bit9 Parity v6.0

Page 5

Dashboard Enhancements
Parity v6.0 includes significant feature enhancements for the Dashboard.
You can change the display settings of the any dashboard, including the Home Page, via the
dashboard toolbar:

Dashboard Layout You can use the Layout menu to change the way portlets are
arranged on the dashboard.
Dashboard Width You can use the Width menu to change the width of the dashboard
(in pixels) to better fit your screen resolution and size.
Background Color You can use the Background Color selector to choose a different
color for the background between portlets.

Parity v6.0 includes a new Dashboards page that lists all dashboards available to the logged-in
user and provides access to both dashboard viewing and to management activities, such as
editing, copying, and deleting dashboards.
When you create a new portlet, menus for Portlet Types and in some cases Subtypes pre-select
parameters appropriate to the type and subtype you choose. Parity v6.0 also provides new
portlet options, including the ability to display data in a table only, or to add a small table to a
graphic portlet. You also can apply complex data filtering to some custom portlets.

Live Inventory SDK: Database Views

Parity Server v6.0 includes public views into the "live inventory" database of files on your Paritymanaged computers. With these, you can create your own reporting and data analysis solutions.
Creating your own custom reports using the external database views may be useful when you
want to perform complex analysis of file and computer inventory data. It also can be a solution
when you have inquiries that perform better through direct database access, you want to run
reports on a particular schedule, or you want to output reports to third-party tools.
The database views include:

Public properties of servers and schema in the Parity environment.

All events shown on the Events page
All executions of metered files
Metadata of all computers
Metadata for all unique hashes
Metadata of all file instances on all computers
Metadata of all file instance groups

Introduction to Bit9 Parity v6.0

Page 6

New Agent/Computer Management Features

Several new features in Parity Server v6.0 enhance your ability to manage computers running
Parity Agent:

Prioritize Updates On the Computer Details page, you can now choose Prioritize
updates to this computer. As the link name suggests, this increases (temporarily) the
priority of this computer for receiving upgrades to configuration lists and to the agent
itself from Parity Server.
Delete Offline Computers On the System Configuration/Management Configuration
page, you can specify the period of time offline after which Parity automatically deletes
a disconnected computer from its list of managed computers.
Control Access to Agent Commands On the System Configuration/Management
Configuration page, you can control access to special commands for agent management
by specifying a user or group or creating a password usable on all agents connected to
your Parity Server. This is in addition to the agent-specific password that each agent has.

Enhanced Agent-Server Communications Security

Parity uses SSL security to authenticate and encrypt all communications between its server and
its agents. By default, this is based on a self-signed Bit9 security certificate generated when
Parity Server is started for the first time.
On the System Configuration/Secure Communications page, you can make one or more of the
following changes:

You can edit the details of a self-signed certificate.

You can import another certificate, either your own self-signed certificate or from a
certificate authority.
You can increase security by enabling certificate validation so that computers running
Parity Agent always verify that the correct certificate is present on the Parity Server.

Additional Feature Changes

You can annotate the listing of any publisher with your own description. Publishers are
listed on the Publishers tab of the Software Rules page. You also can Acknowledge
pending publishers to indicate that you have seen them but have not approved them.
You can now use multiple snapshots as a baseline for a Baseline Drift Report.
On the Edit Policy page, there are now three different Information Links that allow you
to view all files on computers in the policy, view all pending files on computers in the
policy, and view all policy-specific bans and approvals that apply to the policy.
Event types and subtypes have been changed and re-grouped for improved clarity.
New email templates on the Alert Details page allow you to more easily configure email
to announce file prevalence or Parity Knowledge-related alerts.
For rules that can either block a file or prompt the user to choose to block or allow the
action, you can create a different agent notifier message for each case.
Tamper protection is improved for Parity Agent v6.0.
What was called Detailed Global State for files is now "Global Flags". In addition, some
of the states themselves have been eliminated or renamed.

Introduction to Bit9 Parity v6.0

Page 7

Bit9 Support and the Upgrade Process

Parity Server and Agent upgrade support is covered under the Customer Parity Maintenance
Agreement. Bit9 recommends contacting Technical Support prior to performing the upgrade for
further details on the upgrade process and the latest information that supplements the
information contained in this document. Technical Support is available to assist with the
upgrade process to ensure a smooth and efficient upgrade installation.
Bit9 Technical Support offers several channels for resolving support questions:
Technical Support Contact Options
Web: www.bit9.com
E-mail: support@bit9.com
Phone: 877.248.9098 (877.BIT9.098)
Fax: 617.393.7499
Hours: 9 a.m. to 6 p.m. EST

Introduction to Bit9 Parity v6.0

Page 8