Issue:
The security and compliance scanner (Vulscan) is running repeatedly on client systems after installing Service Pack 1 for LDMS 9.5.
The Vulscan log files will show the scanner repeatedly downloading settings .XML files.
Cause:
This is due to a bug in code that is causing vulscan to loop continuously when installing a patch calls for a reboot, but a reboot is not allowed due to the Scan and Repair or Agent settings.
This issue will only occur when the following conditions are met:
- The client computer has pending continue tasks
(This is visible in the registry under HKLM\Software\LANDesk\ManagementSuite\WinClient\Vulscan\Continue)
(It is also written into the local scheduler as a task) - Scan and Repair Settings or Agent Settings are set to (Never Reboot)
- A reboot is actually needed.
- Vulscan /continue gets launched (usually from local scheduler).
Vulscan will loop indefinitely attempting to trigger the reboot. A reboot of the client will fix this condition if the patch has been applied to the core.
If a reboot is not possible, terminating the existing Vulscan process will be necessary to allow the client to download the updated vulscan.dll file.
Taskkill or PSKill can be used to terminate the running process.
Resolution:
Install patch 95-Vulscan-2013-0708 on the core server. This patch contains a new Vulscan.dll file. This patch can be downloaded from here: Not authorized to view the specified document 29070 or is available through LANDesk Updates in Patch Manager.
Client computers will then automatically update to the new vulscan.dll file the next time a Security and Compliance scan is run.