3 Replies Latest reply on Oct 15, 2008 1:08 AM by rmoffitt

    ST000047 and ST000047 Security Patches

    Apprentice

      Recently Ihave been seeing both ST000046 and ST000047 pop up in the Security and Patch scans, and I not exactly sure what they mean.

       

      If a user, for example, has "ST000047 - Check if the Landesk realtime spyware protection is enabled." pop up in the Security and Patch Information does that mean they have a problem with their realtime spyware protection? I can understand that this is a scan LANDesk should be doing, I want to know if a user is having a problem with their spyware protection, but I don't know if thats what this means. The same thing goes for "ST000046 - Check if the Landesk realtime spyware protection is installed., yes I want that checked for, but what does it mean when it shows up in the information? That their is a problem? or that its just checking for it?

       

      I am sure this is a simple answer and I am just not getting it. Any help would be appreciated.

       

       

      Brendan

        • 1. Re: ST000047 and ST000047 Security Patches
          Expert

          With real-time scanning consuming 100 meg of memory with softom.exe the security threat was modified to allow the end user the ability to choose if they want it on or off.

           

          Softmon.exe using 100Mb of Memory

           

          the custom variable tab in the properties of the definition has the on and off value.  Setting this to the value that you want the end node to be.  Then scanning will report that it is vulnerable depending on what is set there.  Then the ability to remediate it to match what is set has been added as well. 

           

          Before these changes were made you had to make the change in the agent configuration and send an agent update out.  Not it is just a matter of changing the custom variable and scanning and then repairing.

          • 2. Re: ST000047 and ST000047 Security Patches
            Apprentice

            I wonder why your post didn't come up in my searches? AH well ... so basically if I am fine with having the real-time scans run all the time, I can remove those two ID's from my Scan bucket?

             

             

            Brendan

            • 3. Re: ST000047 and ST000047 Security Patches
              Expert

              I must not have used enough 0 in the name when I posted.

               

              You can leave them in to scan folder then you can determine what machines have the real-time on or off depending on what setting you want to have the machines use.