1 2 Previous Next 19 Replies Latest reply on May 11, 2017 12:55 PM by frederickk

    LANDESK Screensaver??

    frederickk Apprentice

      LDMS 9.6 SP1

       

      i am not used to seeing a "Flower Box" screensaver from landesk.

      Landesk_Screensaver.png

       

      this 'landesk screensaver' does not show up in my list of regular screensavers.

      Windows_screensaver_list.png

       

      is this normal for windows 7, 8 or 10 computers?

      is there some setting in landesk that i have overlooked that activates screensavers for clients?

       

      i have a colleague who has the 3D flowerbox appear as her screensaver. it even shows up in their list of normal screensavers someone also said that the bubbles appeared when they did not originally have one set.

      the screenshots are from my windows 8 computer. i looked into my windows 7 computer and there is no screensaver associated with the landesk folder on that system. this is perplexing for the next few minutes until i figure out where things went wrong.

       

      any ideas?

        • 1. Re: LANDESK Screensaver??
          phoffmann SupportEmployee

          There is an SSFLWBOX.SCR file in the LDLOGON directory on the Core (just checked my 9.6 SP2 one) if you're after it.

           

          It's not mentioned in the agent-config .INI file, so I'm not 100% sure how it ends up going down on the client ...

          • 2. Re: LANDESK Screensaver??
            frederickk Apprentice

            my problem is why is a Windows 95 era screen saver suddenly appearing on random computers and a few servers? landesk can detect whether or not you have a screensaver password. this feature was about cause LDMS to be the culprit but i just felt like that was not the answer.

             

            this appearance kind of coincides with some IE script errors that my colleagues are having. this follows some windows update that apparently happened a few weeks back. i only just now realized what people were talking about when they said they got a screensaver when they did not initially setup one. i have been instructing my technicians to delete the screensaver and change screen saver settings. if anyone knows anything, i am all ears.

            • 3. Re: LANDESK Screensaver??
              LANDave SupportEmployee

              I would be worried about a virus infection.  This file should not show up on the core or on clients.

               

              Please upload the .SCR file to http://www.virustotal.com to be examined.

               

              pchihi.com » Blog Archive » 3d flower box.scr Removal Guide – How to Get Rid of 3d flower box.scr for Good

               

              I have the latest definitions downloaded and I do not have this .SCR file on my core server in any directory.

               

              • 4. Re: LANDESK Screensaver??
                JoeDrwiega SupportEmployee

                What version is your Core and has it been upgraded at all? Also check you agent settings section and go to Custom variable override settings and Show only definitions of Type: Security Threats (all items) and see if you have any check boxes set to Override and what they are set to. Just to verify this is not setting anything it shouldn't.

                • 5. Re: LANDESK Screensaver??
                  phoffmann SupportEmployee

                  I've seen that SCR file in both v2016 and 9.6 ... I'll try to hunt down which update(s) it comes from ... it'll give a better venue to try & track down who "owns" that file / how it got there. It is surprising in its presence, I'll admit.

                   

                  Will try to crack open a bunch of things when I'm not on the road & have a breather (hopefully a little later this week *fingers crossed*).

                  • 6. Re: LANDESK Screensaver??
                    LANDave SupportEmployee

                    Has anyone uploaded this .SCR file to http://www.virustotal.com to ensure this is safe?  I still have not seen a response on this.

                     

                    I have searched our entire build server here at LANDESK and have not found a single instance of this file.

                     

                    In addition I have not found a single instance of this file in our patch directory that contains all of the patches for our products.

                     

                    I would urge you guys to upload it to virustotal and also to do a virus scan of your systems.

                    • 7. Re: LANDESK Screensaver??
                      phoffmann SupportEmployee

                      Done.

                       

                      • LANDesk Management Suite 9.6 SP2 and May CP's installed. SHA-256 of the patch is ==> 0d3e10a1f6ae810e847d72f85d198046509662ba386c68a551ac9ab64fe435c1

                       

                      Detections: 0/53 (probably harmless). Points of peculiar note - it has a "Symantec Reputation" of Suspicious.Insight - which links to this page here (not much to get worried about):

                      - Suspicious.Insight | Symantec

                       

                      • LANDesk Management Suite 2016 with SU 4 installed ... SHA-256 of the patch is ==> 0d3e10a1f6ae810e847d72f85d198046509662ba386c68a551ac9ab64fe435c1

                       

                      ... I can throw copies of both VM's up for someone to have a look at if for some weird reason none of your folks end up having that file in their LDLOGON directories Dave?

                       

                      Still not had time to crack open / trawl through the various patches to see if any of them put the screensaver from 1999 down .

                       

                      <Also - still no idea how on earth some file in LDLOGON that doesn't make up the agent ended up on a client ... that part is quite odd>

                      • 8. Re: LANDESK Screensaver??
                        LANDave SupportEmployee

                        Paul,

                         

                        I searched our entire patch server for the filename and did not find it existing anywhere there.

                        1 of 1 people found this helpful
                        • 9. Re: LANDESK Screensaver??
                          frederickk Apprentice

                          again, this file popped up and coincides with a number of things that transpired recently. just today another colleague pointed out some "programs" in the add/remove section that were labeled CVE-2014-XXXX that were related to internet explorer zero-day vulnerabilities. it is most likely that we had been hit with something like that, and appeared on a number of computers. i think that number is <100 out of a potential 3000. i'm happy that they are not high numbers, but not happy that we got hit with something. i have my plan and am about to put it into action. thank you all.

                          • 10. Re: LANDESK Screensaver??
                            seattleman1969 SupportEmployee

                            I just ran into this on a fresh install, new customer, 2016.3 SU3 core. The only devices that this ssflwbox.scr appears on are devices that have had LDAV deployed to them via the vulscan.exe /installav methodology. Additionally these machines were not allowing users to login until the administrators added their specific GPOs to the "logon local" local policy on the devices in question, effectively locking out the users until that time.

                            • 11. Re: LANDESK Screensaver??
                              frederickk Apprentice

                              that is a similar thing that has happened on our end. we are still using LDMS 9.6 though.

                               

                              i decided to set up a scheduled task on the LDMS server to delete the ssflwbox.scr file every 4 hours and log the delete time. it continuously appears around 11pm every night. if i check the log file in the morning, it shows that it was updated/changed/edited the previous night. since creating this, i have not had as many people reporting those similar GPO issues.

                              • 12. Re: LANDESK Screensaver??
                                seattleman1969 SupportEmployee

                                So the LDAV install was a red herring, it just happened to have coincided with another task that ran when vulscan was called which installed an Ivanti Content Security Threat ST000202. If you have installed ST00202 it may be the culprit. There is no uninstall logic in ST000202 so you will have to reverse engineer the install to clean it up. Once we did this we were able to resolve of this situation.

                                 

                                Thanks!

                                1 of 1 people found this helpful
                                • 13. Re: LANDESK Screensaver??
                                  frederickk Apprentice

                                  i do not recall purposely installing that, so i am unsure of where to find it. can you elaborate a little more please?

                                  • 14. Re: LANDESK Screensaver??
                                    seattleman1969 SupportEmployee

                                    In your console go to Patch and Compliance, from the dropdown in the upper left select "Security Threats" then check to see if ST000202 is set to Scan and Autofix. If it is not then your situation may vary from what we experienced.

                                    1 2 Previous Next