Tech Brief Q&A: Implementing Endpoint Security in 9.6 SP 2 Presented by Martin Gannon June 21, 2015
Contents Questions and Answers from the Live Webinar... 3 About LANDesk Software... 5 To the maximum extent permitted under applicable law, LANDESK assumes no liability whatsoever, and disclaims any express or implied warranty, relating to the sale and/or use of LANDESK products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right, without limiting the rights under copyright. LANDESK retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. LANDESK makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. For the most current product information, please visit www.landesk.com. Copyright 2014, LANDESK Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or trademarks of LANDESK Software, Inc. and its affiliates in the United States and/or other countries. Other brands and names may be claimed as the property of others. 2
Questions and Answers from the Live Webinar Q Can run EPS without the epsui.exe? A You can run EPS without having the system tray icon show up in the system tray, and also have it not show up in the LANDESK program group on the client. Q How frequently is the list updated? A The list is updated every two minutes by the Softmon process on the client, and/or every time vulscan runs. Evidence of the activity will show up in the Security activity. Q If the agent is deployed without the UI is epsui.exe not installed or is it installed and disabled? A The If the Agent is deployed without the UI, EPSUI goes down, but it is disabled. Q Is there a way [outside of LANDesk File Reputation] to scan your Trusted lists [md5 hash for example] for malicious content?? A You can take the MD5 hash from your trusted file list and input it into http://www.virustotal.com Q Is EPS provided as part of the standard LDMS license or Security Suite, or is it a separate license that must be purchased? A EPS is provided as part of the Security Suite license. Q Does it learn it to the trusted file list or to a learn mode list? A You can set the learning to go to a main globally used list, or you can have it learned to the learning list. Q Just like the App Blocking feature, Can this product be used to block OS Updates on endpoints - Windows & Macs OR will this be done via Patch & Compliance? A EPS is Windows only. Q Where does it store the shadow copied files? A It is configurable by default I believe it is under System32\ShadowCopy Q Is there a faster way to have devices send their "user requested apps" in Security Activity to report back to the core [to add an app to the whitelist] 3
A The user can run the security scan manually and this will send back the information to the core with the patch data Q Will items on the trusted vendors list be exempted from the rules if you are in HIPS mode? A Specific rules per file will be enforced regardless of the Trusted Vendor setting. Q Should the Trusted File list be purged of older entries? Is there is size/performance concern to be aware of? A You shouldn t worry about purging older entries. You will want to set a threshold on the length of information you want to keep in the security activity. Q What prevents malware from using a Trust Vendor name such as Microsoft or LANDESK? A The Trusted Vendor list is based on Digital Signatures in the files. It is very difficult for malware to spoof a digital signature. There have been a few instances, but it is very rare. Q So what does the trusted vendor list allow? A The trusted vendor list allows for any vendors that are digitally assigned with that vendor name to be given full control. This can be overwritten by manually set permissions per file. All LANDESK files are automatically trusted. Q Does LANDESK Endpoint protection integrate with Symantec EPP and TrendMicro? A Yes, it is compatible with running with Symantec EPP and TrendMicro. Q End Point Protection is a separate add-on to Antivirus correct? A Yes, EPS is a part of LANDESK Security Suite and LANDESK antivirus is a separate license. 4
About LANDesk Software Simple IT environments are a thing of the past. IT departments juggle too many tools from too many vendors while facing pressure to cut costs, reduce risk and boost productivity. Workers are adding smart phones and tablets to PC or notebook use, dramatically increasing the number of endpoints and operating systems that must be managed. Organizations need intelligent, integrated control over diverse systems and devices. Customers worldwide use LANDesk systems lifecycle management, endpoint security and IT service management (ITSM) solutions to simplify IT complexity and manage mobility mayhem; discover, track and safeguard assets and endpoints; and enable IT staff to improve service levels all while reducing costs and requiring less infrastructure. An IDC study found that on average, LANDesk customers realized a three-year return on investment of 698% for their deployed LANDesk solutions a nearly sevenfold return. The average payback period to recover the initial investment averaged a short 5.1 months. 5