How to use LANDESK Endpoint Security to protect the LANDESK client files and services

Version 14

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    LANDESK Endpoint Security can be used to protect the LANDESK Client files and services.

     

    In it's most basic protection mode, LANDESK EPS can protect against various forms of malware, and through file protection rules can be used to lock down directories and/or files to prevent tampering from the end user or an outside attack.

     

    This article will describe the best settings to use with EPS in it's basic protection mode for this purpose.

     

    EPS is an excellent addition to any environment as an additional layer of protection against malware and various attacks.  It is to be used in addition to Antivirus software.

     

    Using LANDESK Endpoint Security to protect LANDESK Client Files and Services

     

    In it's most basic protection mode, EPS protects critical portions of the registry and system files.

     

    In addition, through file protection rules various malicious activity is blocked.

     

    • Prevents modification of the LANDESK Client directories
    • Prevents modification of critical HIPS files
    • Prevents modification of the HOSTS file
    • Prevents usage of scripts (.SHB, .SHS, .VBE, etc)
    • Prevents malicious use of FTP or TFTP
    • Prevents malicious scripts from being launched by MSN Messenger or Microsoft Outlook

     

    The following settings should be used if you want to use in it's least intrusive and most basic protection mode:

     

    1. Open the Security and Compliance tool group within the LDMS console.
    2. Go to the Agent Settings tool.
    3. Find the Security --> Endpoint Security section under "My agent settings" or "All agent settings" in the left-hand pane.
    4. Highlight the "Endpoint Security" node on the left and then double-click the setting you wish to modify on the right.
    5. Configure the settings as seen below:
      EPSPage1.jpg
    6. In the "Digital Signatures" tab configure the settings as pictured below:

      EPSPage2.jpg
    7. Move to the "Application Control" setting you wish to edit that is tied to the Endpoint Security setting and Edit it.
    8. Uncheck everything on the "General Settings" page.  Under the General Settings page under "Action to take" set to "Always Allow".
    9. Save the configuration.

    If violations are detected, these will be logged and can be viewed within the Security activity tool.