This article contains a summary of the enhancements and issues addressed in Lumension Endpoint Management and Security Suite (LEMSS) 7.3 Service Pack 1.
This article lists the known issues for the Mobile Device Management 8.0 server module and app.
An IIS web server on a locked-down endpoint can run ASP.NET applications only if an appropriate Trusted Path policy is applied.
In network environments, the agent can fail to communicate with the server when using a Squid proxy server.
This article covers an issue where slow Real-time monitoring scan performance is experienced by users downloading files in iTunes.
Lumension Technical Support may request debug level logging to troubleshoot Endpoint Distribution Service problems. The steps presented below will show you how to set this type of logging.
This article discusses an issue where Replication Service is restarted during the middle of the upgrade, which causes the upgrade to fail.
This article contains a summary of the enhancements made in Patch Agent 7.0306 for Linux, Unix, and Mac, which is the agent used on Linux, Unix, and Macintosh endpoints in environments containing Lumension Patch and Remediation 7.0 and higher.
Beginning with LEMSS 7.3, Lumension added support for the LEMSS Application Server Console User Interface to display in languages other than English. For customers that want to continue to manage their LEMSS console in English, this article discusses how to change the language displayed for their LEMSS Application Server Console UI.
This article explains why a user may see multiple instances of EPUI, PDDM.exe or NotificationManager.exe running on an endpoint with the LEMSS Agent and/or Patch module installed.
This article covers the issue where repeated "Cleaned" event alerts are generated for a file despite it being held in AntiVirus Quarantine
Reflective memory injection (RMI) is a software coding technique whereby a DLL is injected into a process which is already running in memory. RMI injections can be malicious but occasionally can also be used by legitimate applications (such as Photoshop and Citrix client). Lumension Application Control has been designed to detect when an RMI injection occurs and an associated RMI log event is created.
RMI events associated with non-malicious RMI usage (such as Photoshop and Citrix client) can be excluded from memory protection policies so that you can continue using these applications productively while maintaining protection against malicious RMI for all other files.
An Audit mode is provided to test the environment for any applications with legitimate behavior before enforcing the policy. It is important to remain in Audit mode until all non-malicious executables have been excluded.
Installing applications on locked-down endpoints may require more than the initial installation executable to be added as a Trusted Updater for the installation to succeed. For example, Google Chrome on locked-down endpoints may require two files to be added as Trusted Updaters for the installation to succeed.
To ensure that files installed via an MSI-based install are added to the endpoint whitelist, MSI installers are blocked from executing on locked-down endpoints if they are not Trusted Updaters. This also means that an MSI file that is not a Trusted Updater cannot be authorized on a locked-down endpoint by Local Authorization, Trusted Publisher, or Trusted Path.
L.E.M.S.S. 7.3 introduced the Authorize/Deny from Logs feature for Application Control and also introduced a Windows Update protection feature whereby Windows Update files which are on the endpoint whitelist are blocked from executing if they are not Trusted Updaters. However, when these whitelisted Windows Update files are blocked, the associated log events only appear in the All Application Events log query and the files cannot be added as Trusted Updaters from the logs.
This article discusses the release of Lumension Endpoint Management and Security Suite (LEMSS) 7.3 and contains a list of enhancements and issues contained in this new release.
This article discusses an issue with the antivirus (AV) definition file released at approximately 3:22am EST / 8:22am GMT on Friday, May 10th.
This article discusses the recovery procedure to be used when LEMSS downloads an AntiVirus definition file containing a false positive that negatively affects the functionality of endpoints.
This article addresses the issue where shadow file content is not accesible on the Device Event Log Queries Results page.
This article discusses an issue where the file filtering feature provided in Device Control does not function when burning to an encrypted CD/DVD.