KnowledgeBase Articles: Lumension® Endpoint Management and Security Suite

Displaying results 1-20 (of 145)
 |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8  >  >| 

Article: 1612  Multiple instances of EPUI, PDDM.exe or NotificationManager.exe running on an endpoint

This article explains why a user may see multiple instances of EPUI, PDDM.exe or NotificationManager.exe running on an endpoint with the LEMSS Agent and/or Patch module installed.

Article: 1611  Repeated "Cleaned" Event Alerts Due To the Handling of NTFS Alternate Data Streams (ADS) by the AutoRestore Quarantine Feature in Lumension AntiVirus

This article covers the issue where repeated "Cleaned" event alerts are generated for a file despite it being held in AntiVirus Quarantine

Article: 1610  Identifying Exceptions for Memory Injection Policies

Reflective memory injection (RMI) is a software coding technique whereby a DLL is injected into a process which is already running in memory.  RMI injections can be malicious but occasionally can also be used by legitimate applications (such as Photoshop and Citrix client).  Lumension Application Control has been designed to detect when an RMI injection occurs and an associated RMI log event is created.
 
RMI events associated with non-malicious RMI usage (such as Photoshop and Citrix client) can be excluded from memory protection policies so that you can continue using these applications productively while maintaining protection against malicious RMI for all other files.

An Audit mode is provided to test the environment for any applications with legitimate behavior before enforcing the policy.  It is important to remain in Audit mode until all non-malicious executables have been excluded.

Article: 1608  Applications may require multiple files to be added as Trusted Updaters for successful installation on endpoints locked down with L.E.M.S.S. Application Control

Installing applications on locked-down endpoints may require more than the initial installation executable to be added as a Trusted Updater for the installation to succeed.  For example, Google Chrome on locked-down endpoints may require two files to be added as Trusted Updaters for the installation to succeed.

Article: 1607  MSI files are blocked on endpoints locked down with L.E.M.S.S. Application Control unless they are Trusted Updaters

To ensure that files installed via an MSI-based install are added to the endpoint whitelist, MSI installers are blocked from executing on locked-down endpoints if they are not Trusted Updaters. This also means that an MSI file that is not a Trusted Updater cannot be authorized on a locked-down endpoint by Local Authorization, Trusted Publisher, or Trusted Path.

Article: 1606  Whitelisted Windows Update files blocked by L.E.M.S.S. Application Control cannot be added as Trusted Updaters from logs

L.E.M.S.S. 7.3 introduced the Authorize/Deny from Logs feature for Application Control and also introduced a Windows Update protection feature whereby Windows Update files which are on the endpoint whitelist are blocked from executing if they are not Trusted Updaters.  However, when these whitelisted Windows Update files are blocked, the associated log events only appear in the All Application Events log query and the files cannot be added as Trusted Updaters from the logs.

Article: 1605  L.E.M.S.S. 7.3

This article discusses the release of Lumension Endpoint Management and Security Suite (LEMSS) 7.3 and contains a list of enhancements and issues contained in this new release.

Article: 1604  Lumension AntiVirus Technical Notification

This article discusses an issue with the antivirus (AV) definition file released at approximately 3:22am EST / 8:22am GMT on Friday, May 10th.

Article: 969  Recovering from a Bad AntiVirus Definitions File Update (Lumension EMSS 7.3.x)

This article discusses the recovery procedure to be used when LEMSS downloads an AntiVirus definition file containing a false positive that negatively affects the functionality of endpoints.

Article: 1602  Device Control Shadow File Content Not Accessible

This article addresses the issue where shadow file content is not accesible on the Device Event Log Queries Results page.

Article: 1601  File Filtering is Not Applied When Burning an Encrypted CD/DVD

This article discusses an issue where the file filtering feature provided in Device Control does not function when burning to an encrypted CD/DVD.

Article: 966  Issues with Microsoft update MS13-036

This article discusses an issue with the recently released MS13-036 (bulletin 2823324).

Article: 965  Changing passwords for the ClientAdmin and ServiceAdmin accounts

This article discusses what to do if you need to change your passwords for the ClientAdmin and ServiceAdmin accounts in LEMSS (or have already changed them and now have issues).

Article: 964  Recovering from a Bad AntiVirus Definitions File Update (Lumension EMSS 7.2.x)

This article covers the recovery procedure for the case when the Lumension EMSS Server downloads a bad AntiVirus definition file containing a false positive that negatively affects the functionality of endpoints.


Article: 961  MS10-001 and MS10-076 show applicable after deployment

This article discusses an issue where MS10-001 Security Update for Windows Server 2003 (KB972270) and MS10-076 Security Update for Windows Server 2003 (KB982132) can both show 'not patched' after an apparently successful deployment.

Article: 960  Lumension EMSS Device Control: RAR and ACE Archive Files Not Supported on x64 Systems

RAR and ACE arhive files are detectable on endpoints running x86 systems but not x64.

Article: 959  Archive Files Not Opening on Removable Storage Devices Despite a Device Control Policy With Read/Write Permission Assigned

This article covers the issue of archive files not opening on removable storage devices even though an endpoint has a Device Control policy assigned that provides permission to open them.

Article: 957  How to manually update Lumension Anti-Virus definition files

This article describes how Administrators can manually update the Lumension Anti-Virus definition on an endpoint.

Article: 955  Deployments showing more packages than there are vulnerabilities

This article explains why a deployment can have more packages showing than there were vulnerabilities selected for deployment.

Article: 948  LMAgent unable to obtain SHA1 hash

This article discusses an error that can occur when registering the LEMSS Agent on a machine with a WMI corruption.

Displaying results 1-20 (of 145)
 |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8  >  >|