Lumension® KnowledgeBase

Article Number:
846

Date Created:
09/18/2012

Last Updated:
04/22/2014

Article Type:
Release Notes

Lumension Endpoint Management and Security Suite (L.E.M.S.S.) agent support for Microsoft Windows 8 and Windows Server 2012

Description

Product:

L.E.M.S.S.

Versions:

Microsoft Windows 8
Microsoft Windows Server 2012
Lumension Endpoint Management and Security Suite (L.E.M.S.S.)

Summary:

Microsoft has released their latest operating systems, Windows 8 and Windows Server 2012. Lumension Endpoint Management and Security Suite (LEMSS) 7.2 Update 2, released on January 2nd, 2013, adds endpoint support for these operating systems.

Details

On October 26, 2012 and September 4, 2012, Microsoft released the Windows 8 and Windows Server 2012 operating systems. Lumension's new release, Lumension Endpoint Management and Security Suite 7.2 Update 2, includes support for installing the LEMSS 7.2 Update 2 Agent on these operating systems.
This knowledge base article includes frequently asked questions and known issues associated with LEMSS 7.2 Update 2 and these new operating systems. For additional information about the LEMSS 7.2 Update 2 release, refer to KB 900 (http://www.lumension.com/kb/900).

FAQ

Can I install the LEMSS server component on Windows Server 2012?

You cannot install LEMSS on Windows Server 2012 at this time. Only agent installation is currently supported for the Windows 8 and Windows Server 2012 platforms.

What editions of Windows 8 and Windows Server 2012 are supported for the LEMSS Agent?

The LEMSS Agent is supported on the following Windows 8 and Windows Server 2012 operating systems:

Operating

System

Version

Edition

Data

Width

Proc.

Family

Software

Prerequisites

Agent Version

Microsoft

Windows 8(1)

6.2

Windows 8

Professional

Enterprise(2)

32/64 bit

Intel

Microsoft .NET

Framework 4.0+

LEMSS 7.2

Update 2 Agent

Microsoft

Windows Server

2012(3)

6.2

Standard(2)(4)

Datacenter(2)(4)

Foundation

Essentials

64 bit

Intel

Microsoft .NET

Framework 4.0+

LEMSS 7.2

Update 2 Agent

Microsoft

Windows Storage

Server 2012

6.2

Standard

Workgroup

64 bit

Intel

Microsoft .NET

Framework 4.0+

LEMSS 7.2

Update 2 Agent

(1) The N editions of this family are supported. However, the RT edition of this family is not supported.

(2) The evaluation version of this edition is supported.

(3) The Hyper-V edition of this family is not supported.

(4) Server Core mode for this edition is supported.

Note: The Software Prerequisites column applies only to Patch and Remediation and Security

Configuration Management endpoints. Agents without these modules do not require the software prerequisites.

Microsoft .NET Framework 4.0 is installed on Windows 8 and Server 2012 by default.

What modules are supported for Windows 8 and Windows Server 2012 endpoints?

All currently supported product modules in LEMSS are supported in Windows 8 and Windows Server 2012. These modules include:

  • AntiVirus
  • Application Control
  • Device Control
  • Patch and Remediation
  • Power Management
  • Security Configuration Management
  • Wake on LAN

How does agent installation change with Windows 8 and Windows Server 2012?

The agent installation process is similar to prior releases. However, Windows 8 and Server 2012 introduces changes that slightly modify how the installer is downloaded.

  • When downloading the Agent installer from Modern interface, the Internet Explorer 10 App displays the LEMSS Web console differently. For additional information, refer to Lumension Knowledge Base Article 863 (http://www.lumension.com/kb/863).
  • Before logging into LEMSS, compatibility view must be enabled within Internet Explorer 10. For additional information, refer to Lumension KnowledgeBase Article 863 (http://www.lumension.com/kb/863).

Will Agent Notifications display in Modern interface?

No agent notifications, regardless of module, will display in Modern interface. Any agent notifications sent to the endpoint (such as deployment notifications, reboot notifications, or AntiVirus definition update notifications) display on Desktop. Any notifications sent to endpoints when Modern interface is in use will display on Desktop when it is opened.

What is the expected agent behavior on Windows Server 2012 when in Core mode?

When the agent is installed on a Windows Server 2012 endpoints that is in Core mode, the Lumension Agent Control Panel is unavailable and users have limited interaction with the agent. The following table lists each endpoint module behavior when the endpoint is in Core mode:

Module

Feature

Expected Behavior

Core

Lumension

EMSS Agent

Control Panel

Because Core mode disables the Windows Server 2012 GUI, the Lumension Agent Control Panel and its functions are not available.

Agent Version,

Endpoint, and

Server Details

The Agent Version details, Endpoint details, and Server details that

display on the Lumension Agent Control PanelSummary are unavailable and cannot be accessed from the command line.

Agent Restart

The Restart Agent button on Lumension Agent Control Panel Summary tab is unavailable. To start, stop, or restart the LMAgent.exe service, users must use command line.

Proxy Server

Definition

The fields and check boxes used to define Proxy Settings on the Lumension Agent Control Panel Proxy tab are unavailable and cannot be accessed from the command line.

AntiVirus

Lumension

EMSS Agent

Control Panel

When the AntiVirus endpoint module is installed, the Lumension Agent Control Panel includes the following AntiVirus panels, which are not available without the Windows Server 2012 GUI.

• The AntiVirus Panel, which includes AntiVirus policy information, AntiVirus version information, and virus and malware scan history.

• The Quarantine Panel, which includes quarantine information, and functionality to clean, delete, or save quaratine information to another location.

• The Scan Now and Scan Events Panel, which lists scan events and functionality to clear scan events and run an endpoint scan.

Much of this information and functionality can still be accessed using the command line.

Scan Now

Scan Now functionality is not available. To run an immediate AntiVirus scan on an endpoint, use the Lumension EMSS Web console.

Quarantine

The quarantine will be scanned in the next file, and if the contents are cleaned, they are automatically removed from quarantine.

AntiVirus

Notifications

AntiVirus notifications are displayed on the endpoint. These notifications include AntiVirus engine and definition update notifications; scan start and stop notifications; and endpoint infection notifications. You can review notifications for Windows Server 2012 endpoint in Core mode using the Lumension EMSS Web console.

Application

Control

Local

Authorization

When Windows Server 2012 is in Core mode, the Local Authorization dialog is unavailable. Users who are assigned a Local Authorization policy need this dialog to authorize or deny applications locally. Therefore it is not possible to use Local Authorization in Core mode.

Device

Control

Lumension

Endpoint

Security Client

Management

Console

Because a Windows Server 2012 endpoint in Core mode has no GUI, the Lumension Endpoint Security Management Console is unavailable.

Permissions

Because Lumension Endpoint Security Management Console is unavailable, endpoint users cannot access their permissions list.

Lumension

Endpoint

Security

Notifications

Notifications are not available.

Device

and Media

Encryption

Without a GUI, Windows Server 2012 Core mode users cannot encrypt devices or media using the Lumension Endpoint Security client.

Encrypted

Device Data

Access

Without a GUI, users cannot access data on an encrypted device because they cannot access an interface to unlock it.

Centralized

Encryption

Without a GUI, use of centralized encryption to encrypt a volume in ReFS file format on a mirrored virtual disk is unavailable.

Secure

Volume

Browser

Secure Volume Browser cannot be accessed without a GUI.

 

Patch and

Remediation

Patch Agent

Control Panel

Windows Server 2012 has .NET Framework 4.0 installed by default to execute its GUI. Patch Agent also requires this software to execute AgentPanel.exe. However, when Windows Server 2012 has Core mode enabled, administrators can uninstall .NET Framework 4.0. When Windows Server 2012 is operating in Core mode without .NET Framework 4.0, you cannot execute AgentPanel.exe from command line.

Deployment

Notification

No deployment notification opens regardless of the Deployment Notification Options defined during completion of the Deployment Wizard.

The deployment installs immediately without prompting the user.

Reboot

Notification

No reboot notification opens regardless of the Reboot Notification Options defined during completion of the Deployment Wizard. The reboot begins immediately without prompting the user.

 

Can I install the LEMSS Agent using Modern interface?

You cannot install the agent using Modern interface with Lumension Endpoint Management and Security Suite 7.2 Update 2. You can download the installer using Modern interface, but any attempt to open the agent installer within Modern interface opens the agent installer on Desktop.

After installation, can I access the Lumension Agent Control Panel using Modern interface?

You cannot access the Lumension Agent Control Panel using Modern interface. Instead, you must open Windows Control Panel using Modern interface, click Programs, and then open Lumension Agent Control Panel.

KNOWN ISSUES

The following table identifies all known issues associated with the LEMSS Agent on Windows 8 and Windows Server 2012 endpoints. The table lists the LEMSS module affected, a description of the issue, and the ID number of the issue (if available):

ID

Component

Description

N/A

Core

When using the Microsoft Internet Explorer 10 App within Modern interface to download an agent or run an agent management job, the Download Agent Installer dialog, Install Agents Wizard, and Uninstall Agents Wizard open to full page in the Lumension EMSS Web console. These issues are by Microsoft design, and no action is planned to change this function.

N/A

AntiVirus

When using Windows 8 within Modern interface, no AntiVirus notifications display. These notifications include:

• Infected Files Detected

• New AntiVirus Engine and Definitions Files Downloaded

• Virus and Malware Scan Start

• Virus and Malware Scan End

• Virus and Malware Scan Summary Dialog

All listed notifications still display from Desktop.

N/A

Application

Control

Some Windows Store (formerly Metro) apps are developed with JavaScript and HTML. These applications do not contain executable files, so they are not scanned (detected) by Lumension Application Control. This means it is not possible to block them from running.

N/A

Application

Control

Windows 8 can run both Windows Store apps and conventional Windows applications. Windows Store apps are launched from the Modern interface but the Non-Authorized Application Detected dialog cannot be displayed there. If a user tries to launch a non-authorized application from the Modern interface, the display changes to the Desktop to show the dialog.

N/A

Application

Control

Windows 8 can run both Windows Store apps and conventional Windows applications. Windows Store apps are launched from the Modern interface, but the Local Authorization dialog cannot be displayed there. If users who are assigned a Local Authorization policy try to launch a non-authorized application from the Modern interface, they will not see the Non-Authorized Application Detected dialog unless they switch to Desktop.

N/A

Application

Control

Some Windows Store apps do not have signed executables. It is not possible to apply a Trusted Publisher policy to these applications.

10710

Device

Control

Use of centralized encryption to encrypt a volume in ReFS file format on a mirrored virtual disk is unsupported.

155042

Wake on LAN

Due to changes made by Microsoft, Windows 8 endpoints do not respond to Wake on LAN wake requests if their last shutdown was initiated using the Windows 8 GUI. Shutting down Windows 8 using this method closes sockets used by Wake on LAN to initiate wake requests. Workarounds include:

• Initiating Windows 8 endpoint shutdowns using the shutdown /s command from the command prompt. This shutdown method does not close the sockets used to initiate wake requests.

• Disabling the Turn on fast startup option within the endpoint power settings.

For additional information, refer to Lumension Endpoint Management and Security Suite: Wake on LAN User Guide (http://portal.lumension.com).

After applying one of these workarounds, wake requests will function.


 

 

12345678910
Current rating: 3.7