We figured it out. Turns out EPS App Control was not configured and started using default settings. This caused it to block batch files from running.
Yeah - that would do it.
Great to hear you figured it out & got unstuck.
I'm sorry, can you give some more detail on what you found mis-configured, and how you fixed it? Seeing the same code on a batch file package.
So at a guess, EPS (Endpoint Security) was enabled, but not configured. That means that it starts with certain default settings.
Depending on your license, you may or may not have the option for EPS. If you do, here's the agent configuration section (where EPS then has separate agent behaviours for the various sub-sections):
So - here's a few pictures to talk you through what (I think) was needed (up to scantujr ) to correct obviously .
So first of all, here's the basic EPS agent configuration options (assuming you have the licensed bits for it):
And here's the detailed EPS menu where you select the initial EPS agent behaviour:
And EPS behaviour itself has "sub" behaviours - which is probably what was meant with "was not configured" - so you want to pay attention to this section:
... the usual "gotcha" being that if EPS has no configured behaviour to adhere to, it must "behave in some default way" (which usually is "show the UI, and allow most things") ... in case you have EPS installed on your clients, but your license on it ran out or so, a "dead giveaway" that you have the EPS component on clients can be found via the logs.
If you have a HIPS folder under LDCLIENT, you will likely have EPS installed (but not necessarily configured):
... and if you have the UI / systray option enabled, THIS (gray shield thing) is what the systray symbol looks like:
1 of 1 people found this helpful
by default application control - file protection ( rule Landesk self-protection) blocks all modification in folder %LDCLIENT%.
Batch distribution task try to modify some tmp files in this location, thererefore it is blocked ( in learning mode too) by this rule and task fails with return code 16386 . You need add rule that allows to modify tmp files in this location %LDCLIENT%.
here is extract from the log file (BVD.RPT) if it is blocked
3;C:\Windows\system32\cmd.exe;XXYYY [SYSTEM];16.09.2016 9:09:05;Protected directory modification (C:\Program Files\LANDesk\LDClient\Data) (C:\Program Files\LANDesk\LDClient\Data\sd_7091.tmp);Denied;
and here allowed
3;C:\Windows\system32\cmd.exe;XXYYY [SYSTEM];16.09.2016 9:17:53; (C:\Program Files\LANDesk\LDClient\Data\sd_7091.tmp);Allowed;