4 Replies Latest reply on Jul 4, 2008 4:15 AM by zman

    Problem: blocked application by Software Monitoring without a rule/policy

    Rookie

       

      Hi guys,

       

       

      first of all, i hope this is the right forum for our

      problem!? And now getting to the point: We have updated our Core server

      form 8.7 SP5 to 8.8... We have created a new agent configuration form

      the 8.8 version of LANDesk and deployed it to a testgroup. On all Notebooks and

      Workstations with the new Client appears a message (from Software

      Monitoring) for blocking the notes.exe (Lotus Notes Client) for exactly

      one time.(same after Reboot)

       

       

      After clicking "close" the popup

      disappears and than its posible to start up Lotus Notes. There is no rule

      defined (not that i'm aware) for blocking notes.exe or something like that... And we have no

      idea we it comes from?!? The clients with the "old" 8.7 SP5 agent configuration have no problems like that!? When anybody can give us a hint for solving

      the problem, we would be very gratefu!

       

       

       

       

       

      PS: i hope my english is not too bad to understand

       

       

       

        • 1. Re: Problem: blocked application by Software Monitoring without a rule/policy
          zman Master

           

          First check SLM (Denied Products by *) and make sure Notes.exe is not listed.  If it is not there then somebody may have entered it inthe registry manually. Check the following key:

           

           

          HKLM\SOftware\Landesk\ManagementSuite\Winclient\SoftwareMonitoring\FTD

           

           

           

           

           

          If it is there whack the registry key and restart softmon. You could also create a custom vulnerability to address this if it is the case.

           

           

          1 of 1 people found this helpful
          • 2. Re: Problem: blocked application by Software Monitoring without a rule/policy
            Rookie

             

            Hi zman,

             

             

            thanks for the hint with the registry! I have found it in the FTD list and will fix it now! Looking in the blocked application list and SLM (denied Products) was the frist thing we did, and it was not listened...  We are 2 administrators for LANDesk and we are sure, we haven't put it manually to the registry - anyway now i have a way for a resolution....

             

             

            last question: did you know from wich configuration files the FTD registry hive is build?

             

             

            • 3. Re: Problem: blocked application by Software Monitoring without a rule/policy
              Rookie

              Hallo again,

               

              i have fixed the problem! While looking in the ldappl3.ini, i've the line: <I>,notes.exe,4670704,Yahoo! Inc.,Yahoo! Messenger,"8,1,0,416" We have blocked the whole Yahoo Messenger and that was the problem i think....

               

               

               

               

               

              The only question is, why is the notes.exe only blocked from clients using the LD 8.8 agent configuration and not the 8.7 SP5 clients? Anyone an idea?

              • 4. Re: Problem: blocked application by Software Monitoring without a rule/policy
                zman Master

                 

                Not sure why it would not be blocked.  The ldappl.ini and softmon are responsible for blocking app. If you search your ldappl.ini for a section called:

                 

                 

                [Denied Applications]
                <I>,filename.EXE,1000,deny 

                 

                 

                 

                You will see what is configured to be blocked. If there is nothing

                there then it was either entered maually or there is something wrong

                with the registry not being updated.

                 

                 

                The line listed in ldappl.ini is normal and will not cause any blocking it just means you are using ldappl.ini for this product.[<I>|d-1977] One thing is that you can also block applications via Security Suite (I don't own this so it slipped my mind). If you own Security Suite check the Blocked Applications under Security Suite.

                 

                 

                Hope this helps.