BigFix 11.0 Patch 6 is now available!

The BigFix Team is pleased to announce the release of Version 11 Patch 6 (11.0.6.137) of the BigFix Platform. The main features in this release are as follows:

Security and Authentication improvements!

• REST API Token Authentication: BigFix Platform now supports authentication using tokens for the BigFix Server REST APIs, the IEM CLI, and the BigFix Explorer REST APIs. This provides a modern and secure approach to automation and integrations, leveraging bearer tokens and avoiding the need to share/store credentials. For details, see Configuring bearer token authentication.

• Client Certificate Max Validity is now configurable: With the setClientCertificatePolicy BESAdmin command, you can now customize the maximum validity period for newly issued client certificates - this will help you comply with company policies and changing industry standards. You can also define how long before expiration a BigFix Client should attempt the renewal. For details, see Client certificate, BESAdmin Windows Command Line and BESAdmin Linux Command Line.

• Forcing Prefetch commands to use HTTPS on Relays: You can now use the _BESRelay_Download_UseHttps configuration setting on Relays to force the use of HTTPS in prefetch statements. This capability was already available on the BigFix Root Server. For details, see Managing Downloads.

PeerNest enhancements!

• Site Content can now be shared among peers: further leverage Peer-to-Peer benefits by sharing site content among peers, in addition to files, minimizing network traffic through Relays. For details, see Working with PeerNest and Peer to peer mode.

• PeerNest Statistics: BigFix now allows you to collect PeerNest statistics across your entire environment and export them for analysis. You can now measure effectiveness and efficiency of PeerNest and identify issues. In addition, a session relevance inspector and a WebReports page have been added to allow monitoring key PeerNest metrics. For details, see PeerNest statistics: Exporting a JSON file with aggregated data, PeerNest, PeerNest API and bes peer download.

64-bit BigFix Relay for Windows!

• On Windows, the BigFix Relay is now available as a 64-bit executable. This adds improved encryption and memory address space capabilities. The 32-bit Relay remains available for 32-bit operating systems. When performing a Relay upgrade on a Windows 64-bit OS, the 64-bit version of the Relay will automatically be installed.

Cloud Plugins new features!

• Discovery on Demand: You can now manually trigger the discovery process for Cloud Plugins. This feature forces an immediate update of the discovered assets, avoiding the need to wait for the scheduled discovery interval. For details, see Discovery on Demand.

• GCP Agent Installation: You can now install the BigFix Client on virtual machines on Google Cloud faster via Google APIs, instead of using the Client Deploy Tool. For details, see BigFix Agent installation on cloud resources.

• Cloud Tags generation using action commands: The BigFix cloud plugins now have the capability to set or delete a tag on AWS, Azure, Google Cloud Platform, and VMware via action commands. For details, see Amazon Web Services Plugin Commands, Microsoft Azure Plugin Commands, Google Cloud Platform Plugin Commands and VMware Plugin Commands.

Expired or stopped actions automatic cleanup:

• You can now define a policy to automatically mark actions as deleted in a given number of days after they are stopped or they expire. You can configure this option either from the Clean Up tab of the BESAdmin Windows GUI or using the BESAdmin CLI option named healthcleanup. For details, see Health and Cleanup, BESAdmin Windows Command Line and BESAdmin Linux Command Line.

Toggle Fixlet visibility via API:

• Added new REST APIs under the Fixlet family to toggle and retrieve Fixlet global visibility status. For details, see Fixlet Rest API

Management of the MS-SQL reindex job across platform upgrades:

• MS-SQL reindex job is no longer overwritten during a platform upgrade. In this way, modifications that were applied to it are not lost at every upgrade.

BigFix Scanner is now removed with the BigFix Agent:

• When removing the BigFix Client with the BigFix Removal Utility (BESRemove), the BigFix Scanner is also removed, if present.

Serviceability enhancements:

• Analysis 5990 “Pending Restart information for Windows” was added to BES Support to help identify causes for “Pending Restart” status on clients

• The maximum allowable value for the _BESClient_Resource_InterruptSeconds setting was increased to 20 minutes

• Detailed logging was added in Root Server log for client re-registration failures, to expedite troubleshooting.

Removal of obsolete Fixlets and Tasks from BES Support

To streamline the publishing and gathering process and reduce the amount of content that agents must evaluate, obsolete Fixlets and Tasks were removed from the BES Support content:

• Deprecation of Dynamic Bandwidth Throttling: The Dynamic Bandwidth Throttling feature has been officially deprecated. In complex modern networking environments, dynamic bandwidth calculations are not always reliable or predictable. The use of Dynamic Throttling has been discouraged for a long time in favor of Static Throttling and modern features like PeerNest, which manage bandwidth far more efficiently. Consequently, the following configuration Fixlets have been permanently removed:

  • 457 BES Client Setting: Dynamic Download Throttling

  • 458 BES Relay Setting: Dynamic Download Throttling

  • 459 BES Relay Setting: Dynamically Throttle Outgoing Traffic

  • 462 BES Server Setting: Dynamically Throttle Outgoing Traffic

  • 605 BES Client Setting: Enable/Disable Dynamic Throttling

  • 702 BES Relay/Server Setting: Enable/Disable Dynamic Throttling

• BigFix 9.5 Content Cleanup: Content used to deploy and manage older patch versions of BigFix 9.5 has been removed. BigFix v9.5 reached End of Support on June 30th, 2024. BES Support will only retain the content to deploy and manage the final patch of BigFix 9.5 (version 9.5.25).

Inspector changes

• New property named “metered connection of” was added to the “network adapter” client inspector. This returns information about the network adapter configuration as it relates to metered network connections. For details, see network adapter.

• New session inspector type named “bes peer download” was added to return information about files that were shared or downloaded using the PeerNest feature. For details, see bes peer download.

• New property named “evaluation period of” was added to the “bes fixlet” session inspector. This returns information about the frequency with which clients re-evaluate a Fixlet. For details, see bes fixlet.

• New properties were added to “bes user” session inspector. These properties return information about the explicit and effective permissions of a BigFix Operator. List of added properties:

  • effective can create actions flag of

  • effective can lock flag of

  • effective can send multiple refresh flag of

  • effective can submit queries flag of

  • effective custom content flag of

  • effective master flag of

  • effective restartandshutdown actionscript privilege allowboth flag of

  • effective restartandshutdown actionscript privilege allowrestartonly flag of

  • effective restartandshutdown actionscript privilege none flag of

  • effective restartandshutdown postaction privilege allowboth flag of

  • effective restartandshutdown postaction privilege allowrestartonly flag of

  • effective restartandshutdown postaction privilege none flag of

  • effective show other action flag of

  • effective stop other actions flag of

  • effective unmanagedasset privilege scanpoint flag of

  • effective unmanagedasset privilege showall flag of

  • effective unmanagedasset privilege shownone flag of

  • explicit can create actions flag of

  • explicit can lock flag of

  • explicit can send multiple refresh flag of

  • explicit can submit queries flag of

  • explicit custom content flag of

  • explicit master flag of

  • explicit restartandshutdown actionscript privilege allowboth flag of

  • explicit restartandshutdown actionscript privilege allowrestartonly flag of

  • explicit restartandshutdown actionscript privilege none flag of

  • explicit restartandshutdown postaction privilege allowboth flag of

  • explicit restartandshutdown postaction privilege allowrestartonly flag of

  • explicit restartandshutdown postaction privilege none flag of

  • explicit show other action flag of

  • explicit stop other actions flag of

  • explicit unmanagedasset privilege scanpoint flag of

  • explicit unmanagedasset privilege showall flag of

  • explicit unmanagedasset privilege shownone flag of

    For details, see bes user

Added Support for Operating Systems and Databases

• Added support for BigFix Server running on:

  • Windows Server (2019 or later) with Microsoft SQL Server 2025 database

  • Red Hat Enterprise Linux 10 x86 64-bit with Microsoft SQL Server 2025 database

• Added support for BigFix Agent running on :

  • Debian 13 x86-64

  • SUSE Linux Enterprise Server (SLES) Version 16 x86-64.

Upgraded libraries, binaries and 3rd party tools

• The Codejock library was upgraded to Version 24.2.0.

• The InstallShield was upgraded to Version 2025 R2.

• The libcURL library was upgraded to Version 8.18.0.

• The Microsoft ODBC Driver was upgraded to Version 18.5.2.1.

• The OpenLDAP library was upgraded to Version 2.6.10.

• The OpenSSL library (including FIPS module) was upgraded to Version 3.5.5.

• The SQLite library was upgraded to Version 3.51.0.

• The zlib library was upgraded to Version 1.3.2.

• The Microsoft Visual C++ Redistributable was upgraded to Version 14.44.35211.0.

Additional information about this release

• The standalone BigFix tools are published under the 11.0 Utilities section in the BigFix Enterprise Suite Download Center.

• A Non-Functional Requirements checklist, covering both performance and security management of your BigFix deployment, is available at BigFix Performance & Capacity Planning Resources.

References

• See the full technical changelist.

Pre-Upgrade Considerations

Important considerations to keep into account before upgrading to BigFix Platform Version 11 are:

• BigFix Version 10.0.7 is the minimum version supporting the upgrade of the BigFix server components to Version 11.

• You must enable the “Enhanced Security” in the BESAdmin tool before upgrading BigFix Platform to Version 11.

• The minimum TLS supported protocol in BigFix v11 is TLS 1.2.

• The SHA1 hashing algorithm for content and action signature will no longer be supported. SHA1 is still supported for file download in actionscript. For details, see the BigFix Platform V11 Overview Page.

• The msodbcsql18 RPM package is a prerequisite for the Server components on Linux systems. This applies to installations with an MSSQL database.

• For detailed information on the specific changes to minimum supported versions of operating systems and databases for BigFix 11, see Detailed system requirements.

• Before getting started with the upgrade process, stop any active application that is connected to the BigFix database (such as Web Reports, WebUI, BigFix Inventory, or BigFix Compliance).

Useful links

• BigFix downloads and release information

• BigFix 11 Platform Documentation

• Upgrade considerations

• Detailed system requirements

Upgrade Fixlets are available in BES Support version 1509 (or later).

Note: developer.bigifx.com site is not updated with the latest info for this release, due to a technical problem. We arfe working to solve the issue,

Amazing updates! Wait for trying out the new features

A lot of improvements and capabilities that I have been waiting for!

Excited to try this new version out.

GREAT Feature enhancements in this release!