Issue: Blue screen with Ivanti Endpoint Security installed

Version 19

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    Issue

     

    Occasionally it is possible to experience a blue screen error when using the Ivanti Endpoint Security product.

     

    A blue screen typically occurs when a virtual device driver is reporting an error to the user.  To ensure optimal security, Ivanti Endpoint security uses a Virtual Device Driver called LDSECDRV.SYS.  This virtual device driver works at the kernel level to intercept malware and malicious activity.

     

    Cause

     

    Occasionally conflicts with third-party drivers and/or applications can cause a conflict with Ivanti Endpoint security.  Considering the current installed base of Ivanti Endpoint Security, blue screen incidents have been limited.

     

    This often can occur when a virtual device driver from another program is updated, or when the third party program behaves in such a way that causes an unexpected exception.

     

    Ivanti can at times make code changes to our product to accommodate these issues, however, it is always advisable to contact the software vendor causing a conflict and seek resolution.

     

    Resolution

     

    Ivanti understands the level of impact that these sort of errors have and therefore treats incidents regarding a Blue Screen at the highest priority.

     

    It is important to follow these steps to ensure optimal support:

     

    Prior to contacting IIvanti Support, please be sure to check the following:

     

    1. Do you have the latest patches for Ivanti Endpoint Security installed?  This would be included in the latest version of the product and/or the latest service update.
      Often installing the latest patch will resolve known bluescreen issues. 
      Note: It is imperative to ensure that the client has been installed and is up to date.  Often the core server is found to be up to date with the latest patch, but the clients have not been updated to the same patch level.
    2. Do you have the latest version of hardware drivers installed?
    3. Are third-party antivirus or other software products up to date with the latest patches or service packs?
    4. Does the computer have the latest BIOS installed?
    5. Gather Endpoint Security Debug Logs.  https://community.ivanti.com/docs/DOC-40681#jive_content_id_Debug_Log_Files
    6. Gather a Kernel Memory Dump.  (A minidump is insufficient, it must be a full kernel dump)
    7. Provide the following information:

      - Operating System the client is running.
      - Computer model affected.
      - Service Update installed (please verify on the client).  Give the version # of LDSECSVC.EXE (In the LDCLIENT\HIPS folder) and LDSECDRV.SYS in the C:\Windows\System32\Drivers folder.
      - STOP code for the Bluescreen error.  If possible, a picture of the blue screen is helpful.

    8. Contact Ivanti Support and let them know the business impact of your issue.

     

    Upon receipt of the support ticket, the issue will be given the highest priority, the memory dump and debug logs analyzed and contact will be made to the customer regarding what they can expect for a fix.

     

    For more information about gathering Endpoint Security Debug Logs and a Kernel Memory dump, please see the following article under the heading "Items to gather for the Ivanti technician":

     

    How to troubleshoot bluescreen issues

    How to troubleshoot Ivanti Endpoint Security Device Control