Lumension® KnowledgeBase

Article Number:
576

Date Created:
04/28/2011

Last Updated:
05/17/2017

Article Type:
How-To Procedures

Disabling the Lumension Endpoint Security client in an emergency

Description

Product:

Endpoint Security

Versions:

 All Lumension Endpoint Security (LES) versions

Summary:

This article describes how to disable the Lumension Endpoint Security client in case of issues.

Details

INTRODUCTION

When a BSOD occurs or applications no longer work with Lumension Endpoint Security installed, the best way to recover the machine is to follow the steps outlined below.

Prerequisites

  • Ensure client hardening is turned off.  If you cannot switch off hardening, use an Emergency Recovery Disk (ERD) to access the image offline
  • If the harddisk is encrypted, you will need to decrypt it first
  • If the harddisk is running off a special controller, create an ERD CD with this harddisk controller preinstalled on it

Disabling the LES Client

  • Modify the following values found in:
    • HKLM\System\CurrentControlSet\Services

scomc: Start = 4
sk: Start = 4
sk-ndis: Start = 4

  • IF PRESENT, delete the value 'sk' in:
    • HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\UpperFilters

This will NOT revive 16bit apps

  • For that you need to kill the sxd-vdd.dll first and remove it from the registry entry:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
  • Remove %SYSTEMROOT%\System32\sxd-vdd.dll

12345678910
Current rating: 3.4