/
SAM Agent Version History

SAM Agent Version History

Feb 17, 2025



Introduction

SummitAI Asset Management Agent (SAM) is a virtual agent that is installed on the client’s machine to systematically track, evaluate, and manage the Hardware and Software that are installed on the machine. The goal of SAM agent is to reduce IT expenditures, human resource overhead, and risks inherent in owning and managing the Hardware and Software Assets. The SAM Agent helps in reporting the online or offline status of the machine, establishing remote connection using stealth mode, and retrieving license keys and device information. The SAM Agent is written in dot net framework. The SAM Agent version is always prefixed by the number 2.x.x.x.

The VAPT Compliance requirements are vital to access SAM Agent Installation folder. To know more, refer to this document Security Permissions for VAPT Compliance.

To perform Auto Update on SAM Agent, refer to the below segment: 

Silent SAM Agent Upgrades: The Auto Upgrade feature seamlessly updates SAM Agent on endpoint machines from older versions to newer ones, silently implementing the configurations specified in the designated Upgrade Set.

The Auto Upgrade feature is essential for maintaining endpoint efficiency and security. By seamlessly updating endpoints according to designated configurations, it ensures optimal performance and minimizes the risk of vulnerabilities associated with outdated software.


Problem Statement
Occasionally, the Agent Auto Update process encounters failures due to changes in environment or various other reasons. In end machines, configuration files have .txt extensions, causing agents to be unable to read proxy URLs for data posting.


Solution

The solution involves addressing two scenarios:
1. How to configure Auto Update for the first time?
2. How to Resolve the incomplete Auto Upgrade for not contacted agents?


Scenario 1

How to configure Auto Update for the first time?
To configure Auto Update for the first time, perform the following steps:

  1. Admin must download the SAM Auto Update folder from the following link:
    https://summitbuild.blob.core.windows.net/sam-agent/SAMAutoUpdate.zip


  2. The downloaded file will be a zip file. Unzip the zip file.

  3. Copy the folder SAMAutoUpdate from unzipped file to \SUMMIT\Proxy Agent\ in Proxy Machine by replacing the existing folder.


  4. Launch AutoUpdateUI.exe application in administrator mode.


  5. Type in the version that you want to upgrade to in the Agent Upgrade To Version field. A folder will be created with this version name.


  6. Type in the location of the proxy server in the Summit Proxy Base URL field.


  7. Click Enable Auto Update to enable the settings for Auto Update.


    Figure: SAM Agent Auto-Update Configuration pop-up


  8. Auto Update confirmation success message is displayed.


    Figure: Auto Update configuration success message


  9. Click Validate Config


  10. The Agent Auto Update process can be completed by copying the latest files to the folder created in step 5.


Scenario 2

How to Resolve the incomplete Auto Upgrade for not contacted agents?

The agent is unable to establish a connection to the proxy server due to the absence of necessary configuration files. This issue arises during the auto-update process, where specific .txt files fail to be converted into .config files.
To resolve this issue, perform the following step:


1. Execute RenameTextFiles.bat on endpoint machine manually by following means:

  • With administrator privilege
                    OR

  • Through Summit Software Delivery feature of the Summit Application
                    OR

  • Any third party systems


Note

RenameTextFiles.bat batch file halts SAM Agent and associated processes and services, changes the extensions of files with the .config.txt extension to .config, and then restarts SAM Agent along with its related processes and services.

After completion, the configuration files will possess the correct extensions. Agents will then extract Proxy URLs from these configuration files and continue posting data to the Proxy.

Info

SAM Agent utilizes WMI queries, accesses the Windows Registry and other system resources to discover Hardware and Software details. This triggers events with ID 4703 when the Security Auditing is enabled in the machine. In environments like Windows Servers, these events can accumulate significantly. As SAM Agent runs continuously under the System Account, these events are expected due to regular authorization checks for accessing system resources.

Microsoft recommends evaluating the need for Security Auditing for successful events and possibly disabling it for system performance optimization.

For more information, refer to the following links:



SAM Versions and Enhancements

The following table describes the various versions of the SAM Agent and the fixes and enhancements available in each of these versions:

Version#

Fixes and Enhancements

Application Version

2.5.6.25

Earlier versions of SAM Agent used WinSCPnet.dll. Starting from version 2.5.6.25, the dependency on WinSCPnet.dll has been removed. Instead, SAM Agent v2.5.6.25 uses WinSCP.exe with product version 6.3.6.0.



2.5.6.24

The update includes the Summit Security DLLs, specifically SummitSecurity32.dll and SummitSecurity64.dll, both updated to version 1.0.0.3. This update addresses an issue where earlier versions of these DLLs crashed on Windows Server OS machines. Additionally, all executables of the SAM Agent have been digitally signed with a new certificate as the previous certificate is expired.



2.5.6.23

The ability to download and install KB3154520 has been disabled as it was repeatedly being downloaded in customer environments.

Note

KB3154520 enables support for the system default versions of TLS in .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2.

Applicable to all available versions

2.5.6.22

SAM Agent previously encountered a System Overflow Exception when retrieving device details on 64-bit machines. The mentioned issue is addressed in this version.



2.5.6.21 

SAM Agent retrieves both the Active IP address and MAC address. 

What is active IP and MAC address?

When a machine has multiple NICs, it can have multiple IP addresses, but not all are active. At least one NIC is assigned a Default Gateway through which network traffic flows. The IP and MAC addresses associated with these active NICs are considered active.



2.5.6.19

Fixed defect of Summit Asset Management service is not getting created. Fixed defect of OneDrive pop-up is getting displayed, and applications are getting downloaded from OneDrive.



2.5.6.18

SAM Agent retrieves the Monitor details. Installer modifies the folder permissions.



2.5.6.17

Detect and display superseded patches.



2.5.6.16 

SAM Agent logs will grow a maximum of 5 MB and will recycle after 5 MB.

Denali SP3 HF14 onwards

2.5.6.15 

SFTP software deployment is implemented, and this feature is supported in “DENALI.SP3.HF14” onwards.

  • If Customer is using less than DENALI.SP3.HF14 and using higher version of SAM Agent which is v2.5.6.15 or above, then apply the below two SPs in customer instance to work with Agent based software deployment feature without any issues.

    • [USP_AM_GetPatchDetailsForExecution]

    • [USP_AM_GetPatchSessionDetails

Denali SP3 HF14 onwards

2.5.6.14

A connection timeout error is displayed on few environments, while downloading more than one approved patches at the same time using HTTP protocol. This is fixed for all HTTP connections.


DENALI SP3 HF02 Onwards

































2.5.6.13

While installing the patches, SAM Agent displayed an error, Error:11.
Error:11- You cannot service a running 64-bit operating system with a 32-bit version of DISM.
Please use the version of DISM that corresponds to your computer's architecture.

A connection timeout error is displayed on few environments, while downloading more than one approved patches at the same time using HTTP protocol.

2.5.6.12

The IP Addresses were not populated in the Agent online status report for a few machines when machines are connected using the dongle network. Whereas, IP Address was correctly displayed in the Hardware information discovery section.

Also, a TLS error occurred, and the auto KB installation was not getting removed post-installation.

The above issues are fixed in this version.

2.5.6.11

The following merges are taken care of in this version:

  • Merge from v2.0.4.34 App control crash on a bigger profile to TLS1.2 Window 10 upgrade v2.5.6.11.

  • Merge from v2.5.5.21 TLS1.2 agent changes are merged to TLS1.2 Window 10 upgrade v2.5.6.11.

2.5.6.10

This version is enriched with the windows 10 build upgrade support. The base code for this version is v2.5.5.19.

2.5.5.27

A connection timeout error is displayed on few environments, while downloading more than one approved patches at the same time using HTTP protocol. This is fixed for all HTTP connections. 

DENALI SP3 HF01 Onwards

2.5.5.26

While installing the patches, SAM Agent displayed an error, Error:11.
Error: 11- You cannot service a running 64-bit operating system with a 32-bit version of DISM.
Please use the version of DISM that corresponds to your computer's architecture.

A connection timeout error is displayed on few environments, while downloading more than one approved patches at the same time using HTTP protocol.

2.5.5.23

The IP Addresses were not populated in the Agent online status report for a few machines when machines are connected using  the dongle network. Whereas, IP Address was correctly displayed in the Hardware information discovery section.

Also, a TLS error occurred, and the auto KB installation was not getting removed post-installation.

The above issues are fixed in this version.

2.5.5.22

The following issues are fixed in this version:

  • The SAM Agent now discovers additional network IP addresses with its properties, and displays them as an additional IP address option under the Hardware discovered tab or remote desktop.

  • When a large application control profile is applied, the SAM agent doesn’t crash during the profile encryption or decryption.

2.5.5.21

Earlier, the system was fetching a maximum of 15 characters of the computer hostname even though the hostname was containing more than 15 characters.

This issue is fixed in this version.

2.5.5.19

This version is enriched with the TLS1.2 support for .Net framework 2.0 or above. The base code for this version is v2.0.5.16.

2.2.4.40

System Type for 2-in-1 laptops was displayed as "Others". This issue is fixed.
Now the System Type for 2-in-1 laptops is displayed as "Laptop".

2.2.4.39

A connection timeout error is displayed on few environments, while downloading more than one approved patches at the same time using HTTP protocol. This is fixed for all HTTP connections.



Above SUMMIT v5.7 SP3 and below SUMMIT ALPS version





2.2.4.38

Patch offline .cab file information is fetched from Agent Machine and displayed in UI.

2.2.4.37

While installing patches, SAM Agent displayed an error, Error:11.

Error: 11- You cannot service a running 64-bit operating system with a 32-bit version of DISM.

Please use the version of DISM that corresponds to your computer's architecture.

2.2.4.35

Last logged on username was not getting derived from 64-bit machines in some scenarios.

2.2.4.34

In the earlier version, the patch management scan was happening due to code obfuscation.

This issue is fixed in this version.

2.2.4.33

This version is enriched with the TLS1.2 support for .Net framework 4.5 or above. The base code for this version is v2.0.4.33.

2.0.5.16

The last logged-in username was discovered as the SYSTEM account name even though some users logged in remotely. This issue occurred when the WMI query output for the remotely logged-in machines was empty for the username parameter.

This issue is now fixed by using different commands.






Above SUMMIT ALPS HF01 version





When software information is discovered, few of the software versions are picked from the MSI database as the original version (that is the version when it was installed). But later, the same software was upgraded to the latest version, and the summit was shown as the older version by comparing the MSI database version.

The issue is fixed in this version.

2.0.5.15

Includes the fixes of the various versions (2.0.4.26, 2.0.4.27, 2.0.4.28, 2.0.4.29, 2.0.4.30, and 2.0.4.31)

2.0.5.12, 2.0.5.11

In this version, the "Unquoted Service Path" and "Improper Permissions" vulnerability issues of the Agent are fixed. Also, the access to everyone permission to the SummitAI installation folder is removed if provided earlier.

2.0.5.10

This version is enriched with the Endpoint Automation script execution feature as part of SAM Agent.

2.0.4.34

 After adding more software in application profile mapping the application controller was not working. This issue is fixed in this version.



Above SUMMIT v5.7 SP3 and below SUMMIT ALPS version



2.0.4.33, 2.0.4.32

The last logged-in username was discovered as the SYSTEM account name even though some users logged in remotely. This issue occurred when the WMI query output for the remotely logged-in machines was empty for the username parameter. This issue is now fixed by using different commands.

When software information is discovered, few of the software versions are picked from the MSI database as the original version (that is the version when it was installed). But later, the same software was upgraded to the latest version, and the summit was shown as the older version by comparing the MSI database version. The issue is fixed in this version.

2.0.4.31

1. The last logged on username was discovered as the SYSTEM account name even though some users logged in remotely. This issue occurred when the WMI query output for the remotely logged in machines was empty for the username parameter. This issue is fixed by using different commands.

Above SUMMIT v5.7 SP3 and below SUMMIT ALPS version

2. When secure Boot is enabled, then the unsigned system drivers (i.e., the drivers for which the Microsoft digital certificate is not available) are prevented by the Windows operating system to executing/starting the booting operation.

3. Earlier, while discovering the software details, different versions of the same software were captured in the registry and MSI folder. Due to this, the SummitAI application was considering the software version in the MSI database as the latest version. Now, the SummitAI application considers the registry version as the priority version.

2.0.4.30

Earlier, in the specific environment/machine, if the machine is required to install more than one patches, then at a time only one patch was getting downloaded. Now, multiple patches are downloaded by completely clearing the previous download request before the next download starts.

2.0.4.29

In some machines, the Windows OS build number was not discovered earlier properly, could be discovered in this version.

2.0.4.28

Earlier, the users were able to run an application from a shared folder even though the respective application was configured as blocked for execution. In this version, the issue is fixed.

2.0.4.27

Earlier, the Software installation and uninstallation are not getting triggered correctly. The issue is fixed in this version.

2.0.4.26

For Patch Management, if Patches are downloaded from an HTTP path, the path was not framed correctly. The issue is fixed in this version.

2.0.4.25, 2.0.4.24

In this version, the "Unquoted Service Path" and "Improper Permissions" vulnerability issues of the Agent are fixed. Also, the access to everyone permission to the SummitAI installation folder is removed if provided earlier.

2.0.4.23

This version is enriched with Orchestration Script execution at the agent level via Service request feature.

2.0.3.25

Earlier, while discovering the software details, different versions of the same software were captured in the registry and MSI folder. Due to this, the SummitAI application was considering the software version in the MSI database as the latest version. Now, the SummitAI application considers the registry version as the priority version.

Above SUMMIT v5.6 and below SUMMIT v5.7 SP3

2.0.3.23, 2.0.3.22

In this version, the "Unquoted Service Path" and "Improper Permissions" vulnerability issues of the Agent are fixed. Also, the access to everyone permission to the SummitAI installation folder is removed if provided earlier.

2.0.3.20

Now, Admin can disable the desired data that must not be captured from the end point machine by adding the "DISABLE_SCAN" key in the SAMAgent.exe.config file. By default, all the required information is captured from the endpoint machine.

add key="DISABLE_SCAN" value="USAGE|LOGON|ADDTIONAL|DEVMGR|LIC" /

2.0.3.19

In the previous versions of the SummitAI application, when the SAM Agent was in idle state, it was utilizing some amount of CPU and RAM. This was causing Application performance issues.

Now, the SAM Agent is optimized to utilize very less memory and CPU even though it is in idle state. While scanning an Asset, CPU utilization spikes a little and then comes down.

2.0.3.17

Using stealth mode option, earlier the "SymRemote" was installed as an application. So, when any UAC prompt appeared on the user machine, the Analyst was not able to control the user machine. From this version, the "SymRemote" is installed as a Service, which enables the Analysts to control the user machine in case of UAC prompts.

2.0.2.17

In the previous versions of the SummitAI application, when the SAM Agent was in idle state, it was utilizing some amount of CPU and RAM. This was causing Application performance issues.

Below SUMMIT v5.6

Now, the SAM Agent is optimized to utilize very less memory and CPU even though it is in idle state. While scanning an Asset, CPU utilization spikes a little and then comes down.