2 Replies Latest reply on Apr 11, 2012 7:48 AM by jdfed

    Multiple systems popping up error with LANDesk HIPS


      Hi All,


      I'm going to open up a trouble ticket after creating this post, but wanted to see if anyone is having the same issue.


      We are running LANDesk Security Suite and Management Suite 9 SP3.


      We have Endpoint Security, Device Control and HIPS installed on all of our agents, but they are currently not doing anything. Eventually we want to at least use the Device Control to limit what can be done with CD/DVD drives and USB ports and perhaps also use the application whitelisting, but all of that is currently turned off, but installed.


      It's all installed so we don't have to deal with reinstalling the agent later and causing reboots to production systems.


      The only problem is that some systems are occassionally popping up a window with the error "LANDesk Host Intrusion Prevention has stopped working" and the only choice is to "Close the program".


      Unfortunately, I don't see anything in the event logs or LANDesk logs that help diagnose this issue.


      And considering that we need users to trust this product and that we are running it on production systems, it can't be this buggy.


      Anyhow, it would be interesting to see if anyone else is having this problem. I was quite surprised that I got zero hits when searching for the exact error.


      I've attached a JPEG of the error.

        • 1. Re: Multiple systems popping up error with LANDesk HIPS
          Peter Lee Apprentice

          I do have the same issue with SP2. I did install the agent with End-Security enabled which without carrying restrict policy. I hope someone from LANDesk can tell how this happen and how to resolve.



          • 2. Re: Multiple systems popping up error with LANDesk HIPS
            jdfed Rookie

            It's not just you...we reported troubling behavior with EPS (Endpoint Security) after SP3 and a new agent rollout to LANDesk Support, and it is something they are now aware of and actively trying to resolve.


            Our new SP3 agent (deployed to a small group - 250 clients) had the Firewall "learning mode" turned on, but the other EPS settings - HIPS and Device Control - disabled. Some clients had HIPS turned on anyway (with pop-ups and blocks), and others registered blocked CD's. Very disturbing to see this when the agent config settings (and default HIPS and DC settings) call for neither to be turned on.


            While we wait for the fix, I had no choice but to create a new agent, disabling all EPS settings. I'm hoping this works as a temporary band-aid. I'll update next week to let you know if it worked.