About EPS - Frequently asked questions

Version 5

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.x


    Q: What makes the USB encryption that LANDesk uses different than the USB encryption that other vendors use.  And why do you have to use the encryption utility once you have encrypted the USB drive?

    A: LANDesk Management Suite does not encrypt the file system.  The short answer is that LANDesk's USB encryption is geared toward portability and mobility while keeping the data secure.  We use the AES 256 algorithm to encrypt the files inside of zip files.  The reason for this is 1) more data can fit on the USB drive and 2)we can control the portability and encryption of each file better.  On machines with the LANDesk Management Suite client installed when you enable read only on USB drives and force encryption for the full drive, LDMS allows the encryption utility to write to the drive in the compressed files and nothing else, thereby forcing encryption of sensitive data in the workplace.

     

    Q:Host Intrusion Prevention (HIPS) Tool missing from Management Suite Console

    A:The core is not properly licensed.   Either reactivate the core, or contact your Sales Representative to check your licensing options.   HIPS is available to users with a full LDSS (LANDesk Security Suite) license or greater.   A lesser license does not have LANDesk HIPS.

     

    Q. Can run EPS without the epsui.exe?

    A You can run EPS without having the system tray icon show up in the system tray, and also have it not show up in the

    LANDESK program group on the client.

     

    Q How frequently is the list updated?

    A The list is updated every two minutes by the Softmon process on the client, and/or every time vulscan runs. Evidence of

    the activity will show up in the Security activity.

     

    Q If the agent is deployed without the UI is epsui.exe not installed or is it installed and disabled?

    A The If the Agent is deployed without the UI, EPSUI goes down, but it is disabled.

     

    Q Is there a way [outside of LANDesk File Reputation] to scan your Trusted lists [md5 hash for example] for malicious content??

    A You can take the MD5 hash from your trusted file list and input it into http://www.virustotal.com

     

    Q Is EPS provided as part of the standard LDMS license or Security Suite, or is it a separate license that must be purchased?

    A EPS is provided as part of the Security Suite license.

     

    Q Does it learn it to the trusted file list or to a learn mode list?

    A You can set the learning to go to a main globally used list, or you can have it learned to the learning list.

     

    Q Where does it store the shadow copied files?

    A It is configurable by default I believe it is under System32\ShadowCopy

     

    Q Is there a faster way to have devices send their "user requested apps" in Security Activity to report back to the core [to add an

    app to the whitelist]

    A The user can run the security scan manually and this will send back the information to the core with the patch data

     

    Q Will items on the trusted vendors list be exempted from the rules if you are in HIPS mode?

    A Specific rules per file will be enforced regardless of the Trusted Vendor setting.

     

    Q Should the Trusted File list be purged of older entries? Is there is size/performance concern to be aware of?

    A You shouldn’t worry about purging older entries. You will want to set a threshold on the length of information you

    want to keep in the security activity.

     

    Q What prevents malware from using a Trust Vendor name such as Microsoft or LANDESK?

    A The Trusted Vendor list is based on Digital Signatures in the files. It is very difficult for malware to spoof a digital

    signature. There have been a few instances, but it is very rare.

     

    Q So what does the trusted vendor list allow?

    A The trusted vendor list allows for any vendors that are digitally assigned with that vendor name to be given full control.

    This can be overwritten by manually set permissions per file. All LANDESK files are automatically trusted.

     

    Q Does LANDESK Endpoint protection integrate with Symantec EPP and TrendMicro?

    A Yes, it is compatible with running with Symantec EPP and TrendMicro.

     

    Q End Point Protection is a separate add-on to Antivirus correct?

    A Yes, EPS is a part of LANDESK Security Suite and LANDESK antivirus is a separate license.