Ivanti Endpoint Manager and Endpoint Security - Security and Compliance Frequently Asked Questions

Version 101

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.xEndpoint Manager 2018.x

    Ivanti Endpoint Manager and Endpoint Security - Security and Compliance

    Best Practices using LANDESK Patch Manager (On Demand Webinar)

    E-Learning - Patch Management

    About the New Patch Engine in Ivanti Endpoint Manager

    How to patch Office 365

      Introduction to Patch Manager - LANDESK Patch Manager 2016

    What's new for Patch Manager in Ivanti EPM 2018.3

    How to patch and manage Windows 10 using LANDESK Security and Patch Manager

    How to troubleshoot a Patch and Compliance (vulnerability) scan

    How to report LANDESK Patch Manager definition issues to technical support

    How To: Submit a feature request to add new Patch, Vendor or Product content

     

     

    Remember, the LANDESK Help site is a valuable source of information!

     

    Important Notices

     

    LANDESK support program for Windows XP and Server 2003 patch content

     

    How To'sIssues

    How to get started with Patch Manager in LDMS 9.6

    How to change the default Patch Location for Security and Patch Managerd

    How to change the Default Distribution and Patch Settings

    How to change the default Patch Location for Security and Patch Manager

    How to change the number of Security Scan logs kept on a managed device

    How to create a Custom Vulnerability Definition in Security and Compliance Manager

    How to create a Pre-Cached Repair / Staged Repair

    How to establish a Patch and Compliance Baseline Patch Group

    How to exclude a managed device from applying patches

    How to export patch definitions to a Dark Core (a core server with no internet access)

    How to leverage Linux vendor tools to remediate vulnerabilities

    How to manage superseded patches in Security and Compliance Manager

    How to patch and manage Windows 10 using LANDESK Security and Patch Manager

    How To: Repair Patches as a Specific User or "Run as Administrator"

    How to repair vulnerabilities using a pre-cache task (install from local cached file or peers instead of from the source…

    How to reset security scan local scheduler settings using a managed script

    How to retain more vulscan logs before they are overwritten

    How to Scan and/or Repair against a custom group

    How to Scan for Specific Patches

    How to schedule a Security Scan

    How to set autofix attempt times before giving up

    How to set up a Core Server to download patches for other cores with limited internet access (Dark Core)

    How to speed up patching by disabling creation of restore points per each single update

    How to start CBA8 with custom definition

    How to troubleshoot a Patch and Compliance (vulnerability) scan

    How to troubleshoot Core Server patch content download issues

    How to troubleshoot detection problems in LANDESK

    How to troubleshoot high CPU usage from the W3WP process for LDAppVulnerability

    How to troubleshoot IIS using Log Parser Studio from Microsoft

    How to troubleshoot Patch Manager detection and remediation issues

    How to troubleshoot the Patch and Compliance Manager client scan and repair process

    How to uninstall old Java versions with LDMS Patch and Compliance

    How to uninstall Patches through Patch Manager

    How to upgrade Software Using Patch Manager

    How to upgrade to Internet Explorer 11 using Patch Manager

    How to use Application Blocking in LDMS 9.6 Patch and Compliance Manager

    How to use autofix in Security and Compliance Manager

    How to use Custom Groups to repair groups of computers

    How To: Use the Patch Cleanup Option in the Download Updates Tool in Patch and Compliance Manager

    How to Use Manually Downloaded Patches

    How to use Patch Manager to deploy a LANDESK Service Pack

    How to use Security and Compliance Manager to deploy a Component Patch

    How to use VBScript in the detection rule of a Custom Vulnerability

    How to use VBScript in the Patch Installation & Removal (repair) section of a Custom Vulnerability

    How to utilize LANDESK to Disable/Enable Windows Automatic Updates

    How to view installed updates for Windows using WMIC

    Issue: "Create custom definition" icon is greyed out in the Patch and Compliance tool.

    Issue: Additional file in custom patch is not downloaded to same directory as the patch

    Issue: Affected Computers window doesn't display any results

    Issue: After upgrading to LDMS 9.6 the 'Download updates' screen still shows 9.5 content

    Issue: Agent Continually Prompts for Reboot

    Issue: Autofix no longer repairing vulnerabilities

    Issue: Cannot open vulscan logs folder from the command line using "vulscan e"

    Issue: Copied repair patch tasks will not delete

    Issue: Definition types missing from the download updates window.

    Issue: Download Updates options missing or show "Do Not Remove"

    Issue: Download updates settings revert back to original options

    Issue: Downloaded status next to a definition rule does not show correct status

    Issue: Gather Historical Information task is failing to run in Management Suite 9.6.

    Issue: Google Chrome not detected as an installed application on Windows Server in Security and Compliance Manager

    Issue: High CPU load and slow patch deployment using LANDESK Patch Manager

    Issue: Java Update Leaves Old Build Installed

    Issue: KB# is showing up in Windows Update but not in LANDESK Patch Manager

    Issue: Last Vulnerability (or other type) scan date is not updated in Inventory

    Issue: Message "No Patches Available" in Scheduled Task status after scheduling repair task

    Issue: Microsoft Hotfixes aren't included by default in LANDESK Security and Patch Manager

    Issue: Patch Manager Configuration loses settings inside the Download Updates window

    Issue: Patch Manager is not installing all of the patches that show up in Windows Update

    Issue: Patch severity mismatch between Microsoft and LANDESK

    Issue: Patches are downloaded in different languages

    Issue: Patches failing to download with the message "Skipping old or disabled patch"

    Issue: Patches show as both detected and installed

    Issue: PatchHistory database table is very large and causing a strain on SQL resources

    Issue: Reboot prompt shows hours until Automatic Reboot

    Issue: Repair tasks not showing after Portal refreshes

    Issue: Scanned and Detected numbers are not updating or are incorrect in Patch Manager

    Issue: Security and Compliance Manager (Vulscan) window blank

    Issue: Skype updates are not installing depending on the version

    Issue: Special characters not working in unique filename path for Patch Information section of Custom Definitions

    Issue: Unable to Download More Than 100 Vulnerabilities at a Time

    Issue: Unable to download or install .MSU patches through Patch Manager

    Issue: Unable to log in to Windows after applying Blocked Applications

    Issue: Unable to schedule and start a patch content download

    Issue: Very few patches are detected for Windows 2012 server managed nodes

    Issue: Vulnerability Scans are not updating on the core

    Issue: Vulscan cannot connect to the vulcore.asmx service on the Core Server

    Issue: Vulscan is not applying agent setting changes or is using an incorrect agent setting

    Issue: Vulscan stuck in a loop following deployment of SP1 for LDMS 9.5

    Issue: Windows 7 and 2008 clients are blue screening when using Application Blocking

    IIssue: Windows Devices in another AD domain do not get Patches applied

     

     

    InformationErrors

    About an update & improvement to the LANDeskScan.DLL notification

    About Autofix and Scan by Scope changes in LDMS 9.6

    About content verification in LANDESK Patch Manager

    About IIS Virtual Directories and File Permissions for Security and Patch Manager

    About LANDESK Distribution and Patch settings

    About LANDESK Patch Content severity levels

    About LANDESK Patch Manager and Antivirus return codes

    About LANDESK Security and Compliance Manager content

    About manually downloaded patch definitions

    About Patch and Compliance content vulnerability definition title suffixes

    About Patch Codes for Inventory

    About Patch Manager 9.6 new permissions options for editing and importing definitions

    About Patch Manager Auto Update

    About Patch Manager vulnerability information and the processes that affect it

    About Patching: 101 - A simple, effective method of patching

    About the "Gather Historical Information" task in Ivanti EPM Patch and Compliance Manager

    About the "Patch-only settings" inside "Distribution and Patch Settings"

    About the "Use 64-bit registry view on 64-bit windows" setting within Patch and Compliance definition rules

    About the Checksum and Hash types used in Patch Manager definitions

    About the Compliance group in Security and Compliance Manager

    About the icons in the Security and Compliance tool

    About the LANDESK support program for Windows XP and Server 2003 patch content

    About the LDMS 9.5 and 9.6 Patch Manager database schema

    About the Patch Manager definition rules processing order

    About the Registry Keys that are checked to see if a reboot is needed

    About the security and compliance scan (vulscan) log files

    About the Vulnerability scan and repair logs

    Error "Unable to get the setting from core" when running security scan (Vulscan.exe)

    Error: "0x8db30194" (404) from vulscan

    Error: "0x8db3019c All Patches Failed" in Vulscan log file

    Error: "1314" when installing a patch or application through Patch Manager

    Error: "8004005" when patching Microsoft Office installs

    Error: "Cannot complete the requested action. The device must be rebooted first." when running vulnerability repair job

    Error: "Client user does not have administrator rights" when running Vulnerability Scan

    Error: "Core could not find a file" when running vulscan on clients

    Error: "Could not establish trust relationship for the SSL/TLS secure channel error" when downloading patch definitions

    Error: "Error writing scripting file. Please verify access privilege" when running vulnerability repair job

    Error: "Failed to apply compliance settings" during vulnerability scan

    Error: "Failed to download all additional files" when repairing a vulnerability using a Policy method

    Error: "Failed. Cannot Interpret Data" when running a Security and Compliance scan

    Error: "Hash for patch does not match with host. Discarding" when downloading Patch Content

    Error: "HTTP Error 403" / Vulscan Return Code 433

    Error: "Invalid column name 'scan' when downloading content after Service Pack installation

    Error: "Invalid XML file 951_updates.xml. There is an error in XML document (2, 2)" when downloading Antivirus definitio…

    Error: "Length of LOB data (XXXXXX) to be replicated exceeds configured maximum 500000" when downloading updates

    Error: "No uninstall instructions. Patch is not installed." when uninstalling a patch

    Error: "Node's reported ID is not in the database"

    Error: "RunPatches ERROR: Download failed (80072f76)" when repairing vulnerability

    Error: "Server Busy" when running a Vulnerability Scan

    Error: "Unable to find string with ID message" in Vulscan UI

    Error: "Unable to get custom variable overrides"

    Error: "You have not specified a site from which to download updates" when downloading updates in Patch Manager