How to troubleshoot LANDESK Device Control Shadow Copy

Version 4

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6

    In C:\Documents and Settings\All Users\Application Data\Vulscan is an ActionHistory.xml file being created?

     

    Does the ActionHistory.xml contain information similar to the following?

     

    <Action name="E:\Directory Compare.exe" code="118" date="1261435724" type="83" user="XPSP3\User" configguid="LDMS9_17">
    <status>01d813bb.bb49c539.0000000d.tmp|4005759|-1507959040|Generic volume||de6d421a</status>
    </Action>

    Note: Code "118" as listed in the ActionHistory.xml is "VIGMODE_ALERT_SHADOWCOPY"

     

    These action codes are detailed here:

    http://community.landesk.com/support/docs/DOC-6853

     

    After a vulscan is run is this file renamed to .SENT?

     

    Does the Device Control settings XML contain the Shadow Copy setting?

     

    DCM.XML within the HipsBehavior_CoreServerName_XX.zip file in C:\Documents and Settings\All Users\Application Data\Vulscan

    (Or ProgramData\Vulscan on Windows 7/Server 2008 or higher):

     

    - <ShadowCopy Mode="On">
      <ShadowDir>%System%\ShadowCopy</ShadowDir>
      <ShadowDirMaxSize>61440</ShadowDirMaxSize>
      <ShadowDirMaxAge>10</ShadowDirMaxAge>
      </ShadowCopy>

     

    Do any errors show up in the \Program Files\LANDesk\ManagementSuite\Log\WSVulnerabilityCore.dll.log file?

     

    Database:

     

    Shadow copy information is stored in the database in the ShadowCopyAction table.

     

    Here is the format of that table:

     

    ShadowCopyActionTable-1.png

    ShadowCopyActionTable-2.png