ExBPA config/rules 1.6.0.1 are out


As Chris mentioned on his blog - there is an update out for ExBPA.Config.xml, bringing it to version 1.6.0.1.

Under most circumstances, ExBPA should auto-detect the new version of the rules file and prompt you to download. If this does not occur, you can download and apply the ExBPA Web Update Pack from:

http://www.microsoft.com/downloads/details.aspx?familyid=4f2f1339-cbcd-4d26-9174-f30c10d7ec4c&displaylang=en

Paul Bowden brought up a point about this release that I wanted to cover a bit more after discussing it with him.

As you might have noticed, the "major" config version has changed from "5" to "6". Meaning, it used to be 1.5.x.x and now it is 1.6.x.x.

The significance of this in "real life" is that the previous runs of ExBPA cannot be reanalyzed with this new set of rules.

Previous EXBPA reports will open just fine after you upgrade to this version of rules, but you can't use the new XML to re-analyze a previous (old) report.

For example, if you used 1.5.6.1 to do a scan and then upgraded to 1.5.7.1 of the XML, the next time you opened the previous scan, the 1.5.7.1 rules would be applied to the old run; and you may see some new problems show up. However, if you did a scan with 1.5.7.1 and then upgraded to 1.6.0.1 of the XML, then when you open the old run, you'll see the same issues as before. New issues that the new set of rules might trigger will not show up unless you re-run the scan completely.

Hope that helps,

- Nino Bilic

Skip to main content