• on install av task vulscan will stop ldav service and kill ldav.exe processes before downloading AV files. EP8 CF2 upgrade. Calls setup.exe instead of msi in order to upgrade to CF2 without uninstalling/rebooting the previous version.
We would like to show you a description here but the site won’t allow us.
Before running setup, Kaspersky add/remove program registry key will be restored (without it the setup will fail.) when setup fails, it checks for reboot pending property and sets vulsanreboot key. Removed refresh after install to avoid an explorer freeze problem. Wait parameter added to initialize so that during install we don't have to wait for 5 minutes before launching a product (this wait is needed for not bringing up UI after reboot.) ldav.exe version will be logged kaspersky add/remove program entry will be restored before reinstall/uninstall; owtherwise, it will fail. LANDesk AV service will be started after initial bases are applied and only the main AV service sends the install status if it's successful. • If avservice.exe exists in antivirus folder and service name “ldavservice” exists, ldavhlpr determinds that LANDesk AV 9.0 is installed.
(9.5 and later, LANDesk AV service name is “ldav”.) If LANDesk AV 9.0 is installed, windows defender is not detected. I tested it on my 9.0 SP3 machine and it worked. Note: 'ldavservice' needs to be started in order to turn on LANDesk AV 9.0, by running 'net start ldavservice' or rebooting a machine. When I tried to start it by clicking 'Enable' link from LANDesk AV UI, it failed.
• * KES10.2 can be installed with 9.5 SP2 agent or later. • * Kaspersky install files (files under avclient install) will be updated. • * ldav launches setup.exe to install KES10.2, so we no longer manually run Kaspersky's utility to remove the 3rd party AV.
(it is built into setup.exe.) • * ldavhlpr.dat is no longer needed and removed from downloading to the clients. • * Flag to skip incompatibility check (/pSKIPPRODUCTCHECK=1 /pSKIPPRODUCTUNINSTALL=1) in.kpd file will be checked by setup.exe. • * setup.exe will be launched every time install AV task is executed. (until now if a product was already installed, we didn't launch Kaspersky msi.) • * when LANDESK AV service starts, it checks to see if the images are re branded to LANDESK, if not, it will update the files to re brand. • * when applying AV behavior, start LANDESK AV service only if no other instances of vulscan is running.
If we start the service during install AV task, ldav.exe will not be updated. • Affected Files: KavClient.cab, ldav.exe, vulscan.dll, AVfilelist.txt • 88769 - AMT-Vpro - vPro Credentials are not being saved in the vPro General Configuration.
• This should not happen because this process is automatically added to the local trusted file list during service startup. But on the customer configuration, the file LSASS.EXE is certified on the core trusted file list, leading the EPS client to erroneously skip the certification of windows processes at startup.
Until a fix is available, I would suggest to just remove the LSASS.EXE file from the core trusted file list, and redeploy the configuration (no need to reinstall). The local certification list (local.db) file will be created in the EPS client folder, and the BSOD won’t occur anymore.• Affected Files: LdSecSvc.exe LdSecSvc64.exe • 92813 - App Control - Device control: devices cannot be blocked on Windows x64. • When coreSyncService saves an ETask, retain the old values for last start, last end, last status, and numTries when importing a task with coreSyncService.
Also, be willing to restart our task if the synced task is in a do_now or working state as well as pull available (if we were in pull_available and our start time was before his).• Affected Files: coreSyncService.exe, LANDESK.managementsuite.data.dll • 127065 - Core Synchronization - The SWD items and team/group/query cannot be synchronize to another core. • In my previous check-in for trusted file list more efficient updating, I changed the method 'BeforeExport' to be a static and to be called for non-exportable type objects in case the non-exportable object references any exportable objects that need to be notified of a pending export operation. I had made this change so trusted file lists could prepare their 'List' from their HashTable right before being exported. I missed the possibility of the non-exportable object really being derived from an IList (an array or list of sub-objects). So I added a check for an IList and just recursive call 'BeforeExport' for each object in the IList. • The method InheritRootSyncTaskState is responsible for inheriting the sync enabled state from the 'dummy groups' such as 'My tasks', 'Public tasks', and 'Team XYZ tasks'. However, the query didn't limit its results to only task groups without real parents (the groups that appear to be children of these dummy groups have a ParentGroup_Idn of null), so the SyncEnabled field was incorrectly bumped from 2 to 0, and then corrected back to 2 again within coresync as it was attempting to process sync enabled inheritance.
This caused the revision for any task sub-groups to increment twice for each pass in the coreSyncService pusher.• Affected Files: LANDESK.managementsuite.data.dll • 132711 - Core Synchronization - Core sync not restarting tasks on target cores. • The HP ThinClient maintenance window had a 1 hour threshold before the end of the window that previously would prevent the window from starting. The assumption was that if the user set the maintenance window to 3 or 4 hours in length and the computer powered up during the last hour of the maintenance window then there would not be enough time to complete the expected tasks. The new logic behaves the same if the maintenance window is larger than 1 hour in duration.
The new logic ignores this 1 hour threshold if the duration of the maintenance window is 1 hour or less.• Affected Files: WFMaintenanceWindow.exe • 125825 - HP - HP: RSE blue screen and failure to work. • Debugging the code with sleeps so that I could check memory size at various points I found the growth in this sequence of events: scheduler:main sits in its while loop calling fetch_message every second. The purpose is to watch for changed directories, the directory being watched for change is the jobs directory.
When a change occurs fetch_message will obtain a message. Fetch_message is defined in map/common/msg_queue.cpp. In fetch_message there is a line of code: mqueue_msg *msg1 = q->m_queue->get(); If the get routine returns a NULL we do not grow. If the get routine returns an address to a place in our circular buffer, and we enter the if (msg1) block in fetch_message, as soon as we begin to populate variables from the message that we obtained a pointer for we will grow by 4 bytes. It does not matter what value gets populated first (you can change the order in the routine), as soon as we begin to populate variables from the pointer we grow by 4 bytes. I found this by putting sleeps before and after lines of code and then switching around the lines of code.• Affected Files: • 79781 - Linux-Unix - Patch 2013-0813 During pulling agent to client, an error '/opt/LANDESK/common/pds2dis missing, unable to validate core address for Pcore03.qa.LANDESK.com' displays in the log. • We modified install.sh and added a command to create 2 files that connector expects to exist.
• mkdir -p '/Library/Application Support/Kaspersky Lab/klnagent/Data/1103/188.8.131.52/Statistics/AVState/' • touch '/Library/Application Support/Kaspersky Lab/klnagent/Data/1103/184.108.40.206/Statistics/AVState/Protection_AdmServer' • touch '/Library/Application Support/Kaspersky Lab/klnagent/Data/1103/220.127.116.11/Statistics/AVState/Protection_LastConnected' • Affected Files: KavMacClient.cab • 152642 - Agent-Mac - 9.6 FT - vulscan is crashing on mac. • I made the following changes to reduce the occurrence of queries that match empty strings to empty strings, causing tons of useless results:Add action codes 23 and 24 to the list of chart codes to look for in 'most active computers' and 'most active definitions'. Stop using 'NOT in' and instead list exactly the codes I want. After download blocked apps at the core, set the patch's 'UniqueFilename' column from the vulnerability description so that action history will match up properly in the charts. This value used to be null or empty for type 5 definitions. When saving a custom blocked app definition, set the rule name and UniqueFilename to the filename from the 'path' in the file entry rule as well. When vulscan reports a recently blocked app, use the filename from the path instead of UniqueFilename and rule name since a custom definition when edited didn't update the rule name properly in the past (it would still be the old filename).
Fix softmon to report only the filename of the blocked app (placing the value in the 'patch' element). This will allow proper matching with the definition when viewing charts regarding block activity. Note that previously reported blocked app action history won't ever show up in the charts because the patch name has a full path and doesn't match the vulnerability's patch name. I could write an update utility to fix this. Otherwise, after 90 days (or you recent activity threshold) it won't matter anymore. I updated the action history details string to display the full path of the application that was blocked so the information could still be viewed by the administrator.
• We addressed the problem in the vulnerability property form when there are a lot of action history items for a given vulnerability. We now limit the result set to the query for patch install records to 5000 entries. We updated the UI to say that only the most recent 5000 entries are returned. We also only load the history when that tab page is selected or if it's the current page when doing the 'prev' or 'next' buttons in a property list.
• Affected Files: patchbiz.dll, patchmanagement.dll • 88211 - Patch Manager - Vulscan patch repair task get stuck in deferral loop if scan and repair settings are set to defer automatically. • if the default action on 'user-didn't-respond' timeout is to defer until the machine is locked, and we're already locked, then change default action to start.
Still bring up the prompt even though we think we're locked in case we miscalculated (which is possible on servers with multiple users logged in). When the timeout is exceeded, whether the machine gets unlocked or not during the countdown, the default behavior will be to begin the repair. The user will still be able to click defer again, though (if allowed). • We used to go through two unique code paths when creating a new device control behavior, depending on how that action was initiated in the console. Now they both use the path that calls 'LoadDefaults'. In LoadDefaults we load the device and interface table with default values.
We need to NOT do this when loading an entry from the database because that will cause duplicate device and interface entries to be added to those tables in the device control setting. When I fixed that previous problem with the duplicate entries, I inadvertently broke one of the two paths taken to create a new device control behavior. • Affected Files: patchbiz.dll • 91559 - Patch Manager - Vulscan ignoring 'Scan and Repair' settings. • Changed LD-Dev and 9.5 sp1. Right before bringing up the reboot prompt dialog, I added a method called 'WaitForUserToLogIn'.
It'll wait up to the specified timeout, deducting the amount of time the UI will appear based on how much of the timeout was used waiting for the user to log in. This check is after the 'reboot immediately if no one is logged in' check, so that still reboots immediately.
For LD-Dev only, I added a status message saying 'Waiting for user to log in'. I only LOG this message in the sustaining branch so no translation will be needed.
• Changed in both ld-dev and 9.5 sustaining.When adding a new trusted file entry and finding a match by filename/size/version, don't overwrite the matching entry unless we verify that either it or our new entry doesn't have a hash or that the hashes match. Technically, the hashes should never match because we just failed to find the matching entry by hash. I was previously assuming that if I didn't find the file by hash but then found it by name/size/version, then the entry I found must not have had a hash (typical for inventory scanned files). But I was not handling the case where the file was there with a different hash. • When checking if reboot needed, if 'SuppressWuRebootMsg' is set to true, then vulscan will wipe out the Windows Update RebootRequired registry key and restart the wuauserv service.
On Right after repairing something (when writing a status record to send to the core), call SuppressWURebootMsgIfNecessary. The new implementation stops the service then wipes out the 'reboot required' registry key. It returns true if it can successfully call RecurseDeleteKey. I updated the unit test to verify this behavior. • Write the time we last asked to reboot in the volatile 'vulscanreboot' key. Don't prompt again for 10 minutes by checking the timestamp and returning cancel if it hasn't been long enough -- unless the new prompt doesn't allow the user to defer or cancel.
Vulscan's return value when running within the 10 minute window (and therefore not prompting) is the same as if the user had clicked 'cancel'. Like any repair task, the task itself is queued in the CONTINUE registry key to be attempted again once reboot has occurred. Rebooting erases the 'lastPromptTick' and 'lastPromptTime' values that I wrote because the key is volatile.
On 7/15/2013 - I re-record the last prompted time after the reboot dialog returns so I can ensure it'll be at least 10 minutes (from when the dialog closed) before I bother the user again. • Revamped the scheduler form (and the list view) to show a 'time zone' property. If using the console's time zone, then the time will be a constant time, offset by appropriate time zone. In other words, a central time console operator will see a 12:00 pm start time, while the Mountain time operator would see 11:00am.
If the time zone is set to 'replicator time zone' then the time will always be whatever is specified in the UI, no matter what timezone the replicator is in, will be when the job is scheduled.
You can integrate third-party systems with in many ways. The method you select will depend on business requirements, architectural and security constraints as well as the characteristics specific to each third-party application or service. This document describes an integration process that has already been implemented in a customer context. To find out more about this integration (e.g. Scripts to be used), please contact the Consulting & Professional Services team, the Support team, or your service provider and integrator. Integration summary This gateway is used to integrate the LANDESK Equipment/Software/Attribute tables in the / catalogs. • The gateway is automatically managed through the creation and update of catalog entries that indicate the LANDESK data to be extracted and normalized, if required.
• LANDESK tables and are mapped using two unique IDs: • Brand name/Model for equipment • Software for software In this way, all LANDESK gateway processes are used to synchronize catalogs with third-party inventory tools using only the desired references based on the corporate strategy adopted. The catalogs must then be updated daily to integrate new LANDESK references. Supported Versions. Landesk Management Solutions 9.0 Landesk Management and Security Suite 9.5 Landesk Management and Security Suite 9.6 Landesk Management and Security Suite 2016 Operating principle The process is made up of 3 phases: • Enter the / catalog entries for LANDESK references to be monitored in. • Run a task using the tool to: • Extract and store information from LANDESK tables in work tables by using a filter to retrieve only the data corresponding to the catalog entries to be monitored in.
• Normalize data by grouping LANDESK names together. • Run various processing to normalize and standardize data. • Store all data in the final tables. • Integrate data in the final tables using Equipment/Software/Attribute. Example • LANDESK software table. • You can create a single catalog entry that groups together the three LANDESK names, FastStone.
• You can create one catalog entry for each major version, FastStone 5, FastStone 6. • You can create one catalog entry for each version, FastStone 5.1, FastStone 5.5, FastStone 6.1. Notes • The following data is not automatically processed by the LANDESK gateway: • Allocation of users to workstations: third-party data is loaded to user-defined fields containing information in Equipment forms.
• Allocation of sites and departments to workstations: not loaded by the LANDESK gateway. •: not performed by the LANDESK gateway. • Management of the status of Equipment/Software forms: not performed by the LANDESK gateway. • Equipment/Software/Attribute are shipped with the LANDESK gateway. Only those that are enabled at integration are taken into account.
• For SaaS customers, LANDESK tables are read using a VPN connection to ensure restricted and encrypted access to data. • Depending on the type of third-party database, LANDESK data may be case-sensitive. See Best practice • To ensure optimal performance of the platform, you should integrate only data that is new or modified since the previous processing. LANDESK gateway rules • The LANDESK Reference field of each equipment/software catalog entry is used to indicate the LANDESK data to be extracted and filtered, and if required, to group LANDESK names together.
It must comply with certain rules: • LANDESK references must be separated using the sequence of characters /+-+/ • The joker% can replace any string of characters • Rules for equipment: LANDESK and are mapped using the Manufacturer/Model unique ID. • Rules for software: LANDESK and are mapped using the Software unique ID. • Rules for attributes: The LANDESK table is integrated as it is in, without normalization. Procedure: How to monitor LANDESK references in catalogs 1. In, create or modify the equipment/software catalog entries you want to monitor.
• Enter the unique ID of the catalog entry: • For equipment, enter the fields outlined in red, Model and Brand Name. • For software, enter the field outlined in red, Software.
• In the field outlined in blue, LANDESK Reference, indicate the LANDESK names to be monitored via the catalog entry. See • Separate each reference using the sequence of characters /+-+/ • Use the joker% to replace any string of characters 2. In the menu, select Integration > Integration Models.
Enable and schedule the Equipment/Software/Attribute for the data you want to integrate in.
Attention, Internet Explorer User Announcement: Jive has discontinued support for Internet Explorer 7 and below. In order to provide the best platform for continued innovation, Jive no longer supports Internet Explorer 7. Jive will not function with this version of Internet Explorer. Please consider upgrading to a more recent version of Internet Explorer, or trying another browser such as Firefox, Safari, or Google Chrome. (Please remember to honor your company's IT policies before installing new software!) • • • •.