One thing I am noticing is that before 9.5, when HIPS blocked something, it didn't log or didn't know WHAT USER tried to run an executable that was not whitelisted.
After the upgrade to 9.5, it shows the specific user that tried to run the program and it's blocking. See attached screenshot.
Is the whitelisting now specific to each user object?
In 9.5 there is an issue with the way the digitally signed file check is working. We should have a patch available soon.
Please seeImportant Support bulletin regarding Endpoint Security Components for LANDesk Management Suite 9.5 for more information and notice of the availability of the patch.