How to properly install a LANDESK Endpoint Security component patch

Version 10

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 9.0 and OlderLANDESK Management Suite 2016.x

    The latest patch for Endpoint Security is available in Security and Patch Manager under the "LANDESK Updates" section.



    This document illustrates some important information about installing LANDESK Endpoint Security patches.

     

    It is imperative that the latest Endpoint Security patches are in place and that it is regularly updated.  The Endpoint Security product can typically be updated independent of the LANDESK Agent as a whole.

     

    The date, times and versions of files within the LDCLIENT\HIPS folder on the client should be compared to the LDLOGON\HIPS folder on the core to ensure the client is up to date. In addition LDSECDRV.SYS in the Windows\System32\Drivers folder should be verified as being at the correct version.

     

    As this is a Security product it is important to ensure that all client nodes are updated.

     

    The Endpoint Security client patch functions differently than most other client patches.  Typically the client patch only runs "Vulscan.exe /installhips /showui=false /noselfupdate /ignorePendingFileRename /nosync /rebootaction=never".

     

    If the core server has not already been updated this will only cause the client to be reinstalled with the currently installed EPS patch level that the core server has installed.  This is a common issue and it causes it to appear that the patch is not working, or this is not noticed and an expected fix or functionality change does not actually take place due to the files not being updated to the expected patch level.

     

    How to install a LANDESK Endpoint Security component patch on the Core Server

    Updating the Core through Security and Compliance Manager

    These actions should take place on the Core Server.

     

      1. Select the "LANDESK updates" category within the Patch and Compliance tool.  This tool is located in the Security and Compliance tool group.
      2. Find the latest EPS Component patch definition.

        The definition will have the naming convention of (LDxxCP_EPS_YYYY-MMDDrevision)  Example: LD96-CP-EPS-2015-0916B. 
        It is typically recommended to use the latest available patch when installing an Endpoint Security Component patch.
        EPS-CPPatchView.jpg
      3. Right-click the EPS patch definition and go to Properties.
      4. Right-click the Detection Rule ending in "-Core".
        EPSDefProprties.jpg
      5. If the patch has not been downloaded yet, select "Download Patch". 
      6. Go back to the properties for the definition, right click the rule ending in "-Core" and select "Open patch folder"
      7. The folder where the patch was downloaded to will open.
      8. Run the patch file by double-clicking on it.  This is a self extracting executable.  The default location it extracts to is C:\LANDESK_Patches.
      9. There will be a sub-directory under C:\LANDESK_Patches (or the directory you chose) called the same name as the EPS definition name.
      10. Navigate to that sub-directory.
      11. There will be two .zip files within that subdirectory.  Extract the Core patch.  This is the .ZIP file that does not have the "-client" extension.
      12. Extract that file to the same directory.  The newly created path will look similar to this: C:\landesk_patches\LD96-CP_EPS-2015-1105\LD96-CP_EPS-2015-1105
      13. Navigate to the newly created sub-directory and run Setup.exe.    This will patch the Core Server.  This action typically simply updates the files in LDLOGON\HIPS.  Occasionally there are other server-side changes.

     

    At this point the Core Server will have been updated with the latest Endpoint Security files and clients can now be updated.

     

    Updating the Core Server manually by extracting a downloaded component patch

    1. Run the downloaded component patch file by double-clicking on it.  This is a self extracting executable.  The default location it extracts to is C:\LANDESK_Patches.
    2. There will be a sub-directory under C:\LANDESK_Patches (or the directory you chose) called the same name as the EPS definition name.
    3. Navigate to that sub-directory.
    4. There will be two .zip files within that subdirectory.  Extract the Core patch.  This is the .ZIP file that does not have the "-client" extension.
    5. Extract that file to the same directory.
    6. Navigate to the newly created sub-directory and run Setup.exe.    This will patch the Core Server.  This action typically simply updates the files in LDLOGON\HIPS.  Occasionally there are other server-side changes.

     

    How to update LANDESK clients with the latest Endpoint Security Patch

     

    Updating clients through Patch and Compliance Manager

     

      1. Make sure that the EPS definition specified in Step 2 of the "Updating the Core" section is in the Scan group within Security and Compliance Manager.
      2. Ensure that clients have been scanned and been found "Vulnerable" for this Component Patch.
      3. At this point a repair job can be be created and scheduled to target the clients that need updated and/or the definition can be set to Autofix.

     

    Updating the clients through an "Install/Update Security Components" task

     

    1. Open the Security Activity tool within the Security and Compliance tool group.
    2. Select "Install/Update security components" within the "Create a Task" drop-down.
      InstallUpdateSecurityComponents.jpg
    3. Rename the task to "Install or Update Endpoint Security".
      InstallUpdateEPS.jpg
    4. Select the check box next to "Endpoint Security".
    5. Select an EPS setting that you want to set on the client or leave it at "Keep agent's current settings" which will use the current settings if EPS already exists or use the default settings if it is installing EPS for the first time.
    6. Click "Save".


    At this point a Scheduled Task will be created that can be Scheduled according to your preferences.

     

    Manually updating a single client or a small number of clients for testing purposes

     

    Sometimes it may be preferable to update a single client or a small number of clients to test a new EPS patch prior to updating the core.  The following describes how to do this:

     

    1. Extract the EPS component patch (Default directory is to C:\landesk_patches
    2. Go to the landesk_patches directory and then to the directory created for the extracted component patch.
    3. Extract the main.zip file (not the -client.zip file).
    4. Navigate to the Updates -> 1 -> Image folder in the newly created unzipped directory.
    5. Make a backup of the existing files in the LDCLIENT\HIPS folder on the client.  (Endpoint Security will need to be stopped first).
    6. Copy all of the files from the UPDATES\1\IMAGE folder from the patch into the LDCLIENT\HIPS folder on the client.
    7. Run HIPSClientConfig.exe on the client.  Wait 10 seconds and then reboot the computer (This will install the new driver).
    8. Test the issue or expected functionality change.