This article contains a summary of the enhancements made in Patch Agent 7.0306 for Linux, Unix, and Mac, which is the agent used on Linux, Unix, and Macintosh endpoints in environments containing Lumension Patch and Remediation 7.0 and higher.
Beginning with LEMSS 7.3, Lumension added support for the LEMSS Application Server Console User Interface to display in languages other than English. For customers that want to continue to manage their LEMSS console in English, this article discusses how to change the language displayed for their LEMSS Application Server Console UI.
This article explains why a user may see multiple instances of EPUI, PDDM.exe or NotificationManager.exe running on an endpoint with the LEMSS Agent and/or Patch module installed.
This article covers the issue where repeated "Cleaned" event alerts are generated for a file despite it being held in AntiVirus Quarantine
Reflective memory injection (RMI) is a software coding technique whereby a DLL is injected into a process which is already running in memory. RMI injections can be malicious but occasionally can also be used by legitimate applications (such as Photoshop and Citrix client). Lumension Application Control has been designed to detect when an RMI injection occurs and an associated RMI log event is created.
RMI events associated with non-malicious RMI usage (such as Photoshop and Citrix client) can be excluded from memory protection policies so that you can continue using these applications productively while maintaining protection against malicious RMI for all other files.
An Audit mode is provided to test the environment for any applications with legitimate behavior before enforcing the policy. It is important to remain in Audit mode until all non-malicious executables have been excluded.
Installing applications on locked-down endpoints may require more than the initial installation executable to be added as a Trusted Updater for the installation to succeed. For example, Google Chrome on locked-down endpoints may require two files to be added as Trusted Updaters for the installation to succeed.
To ensure that files installed via an MSI-based install are added to the endpoint whitelist, MSI installers are blocked from executing on locked-down endpoints if they are not Trusted Updaters. This also means that an MSI file that is not a Trusted Updater cannot be authorized on a locked-down endpoint by Local Authorization, Trusted Publisher, or Trusted Path.
L.E.M.S.S. 7.3 introduced the Authorize/Deny from Logs feature for Application Control and also introduced a Windows Update protection feature whereby Windows Update files which are on the endpoint whitelist are blocked from executing if they are not Trusted Updaters. However, when these whitelisted Windows Update files are blocked, the associated log events only appear in the All Application Events log query and the files cannot be added as Trusted Updaters from the logs.
This article discusses the release of Lumension Endpoint Management and Security Suite (LEMSS) 7.3 and contains a list of enhancements and issues contained in this new release.
This article discusses an issue with the antivirus (AV) definition file released at approximately 3:22am EST / 8:22am GMT on Friday, May 10th.
This article discusses the recovery procedure to be used when LEMSS downloads an AntiVirus definition file containing a false positive that negatively affects the functionality of endpoints.
This article addresses the issue where shadow file content is not accesible on the Device Event Log Queries Results page.
This article discusses an issue where the file filtering feature provided in Device Control does not function when burning to an encrypted CD/DVD.
This article discusses an issue with the recently released MS13-036 (bulletin 2823324).
This article discusses what to do if you need to change your passwords for the ClientAdmin and ServiceAdmin accounts in LEMSS (or have already changed them and now have issues).
This article covers the recovery procedure for the case when the Lumension EMSS Server downloads a bad AntiVirus definition file containing a false positive that negatively affects the functionality of endpoints.
This article discusses an issue where MS10-001 Security Update for Windows Server 2003 (KB972270) and MS10-076 Security Update for Windows Server 2003 (KB982132) can both show 'not patched' after an apparently successful deployment.
RAR and ACE arhive files are detectable on endpoints running x86 systems but not x64.
This article covers the issue of archive files not opening on removable storage devices even though an endpoint has a Device Control policy assigned that provides permission to open them.
This article describes an issue where the Lumension Caching Proxy is not able to cache packages when LPR is configured to use SSL for package download.