Ivanti Endpoint Manager and Endpoint Security - Security and Compliance
NEW! About the New Patch Engine in Ivanti Endpoint Manager How to patch Office 365 Introduction to Patch Manager - LANDESK Patch Manager 2016 About LDMS 2016 new Patch and Compliance features How to patch and manage Windows 10 using LANDESK Security and Patch Manager How to patch Office365 Click-to-Run installations efficiently with LANDESK How to upgrade to Windows 10 Anniversary Edition using Ivanti Patch and Compliance How to troubleshoot a Patch and Compliance (vulnerability) scan How to patch and manage Windows 10 using LANDESK Security and Patch Manager How to report LANDESK Patch Manager definition issues to technical support How to report LANDESK Patch Manager vulnerability detection problems to support How to request new content be added to Patch and Compliance Manager Remember, the LANDESK Help site is a valuable source of information!

Ivanti Endpoint Manager and Endpoint Security - Security and Compliance

Remember, the LANDESK Help site is a valuable source of information!

Important Notices

LANDESK support program for Windows XP and Server 2003 patch content

How To's	Issues
How to get started with Patch Manager in LDMS 9.6 How to change the default Patch Location for Security and Patch Managerd How to change the Default Distribution and Patch Settings How to change the default Patch Location for Security and Patch Manager How to change the number of Security Scan logs kept on a managed device How to create a Custom Vulnerability Definition in Security and Compliance Manager How to create a Pre-Cached Repair / Staged Repair How to establish a Patch and Compliance Baseline Patch Group How to exclude a managed device from applying patches How to export patch definitions to a Dark Core (a core server with no internet access) How to leverage Linux vendor tools to remediate vulnerabilities How to manage superseded patches in Security and Compliance Manager How to patch and manage Windows 10 using LANDESK Security and Patch Manager How To: Repair Patches as a Specific User or "Run as Administrator" How to repair vulnerabilities using a pre-cache task (install from local cached file or peers instead of from the source… How to reset security scan local scheduler settings using a managed script How to retain more vulscan logs before they are overwritten How to Scan and/or Repair against a custom group How to Scan for Specific Patches How to schedule a Security Scan How to set autofix attempt times before giving up How to set up a Core Server to download patches for other cores with limited internet access (Dark Core) How to speed up patching by disabling creation of restore points per each single update How to start CBA8 with custom definition How to troubleshoot a Patch and Compliance (vulnerability) scan How to troubleshoot Core Server patch content download issues How to troubleshoot detection problems in LANDESK How to troubleshoot high CPU usage from the W3WP process for LDAppVulnerability How to troubleshoot IIS using Log Parser Studio from Microsoft How to troubleshoot Patch Manager detection and remediation issues How to troubleshoot the Patch and Compliance Manager client scan and repair process How to uninstall old Java versions with LDMS Patch and Compliance How to uninstall Patches through Patch Manager How to upgrade Software Using Patch Manager How to upgrade to Internet Explorer 11 using Patch Manager How to use Application Blocking in LDMS 9.6 Patch and Compliance Manager How to use autofix in Security and Compliance Manager How to use Custom Groups to repair groups of computers How To: Use the Patch Cleanup Option in the Download Updates Tool in Patch and Compliance Manager How to Use Manually Downloaded Patches How to use Patch Manager to deploy a LANDESK Service Pack How to use Security and Compliance Manager to deploy a Component Patch How to use VBScript in the detection rule of a Custom Vulnerability How to use VBScript in the Patch Installation & Removal (repair) section of a Custom Vulnerability How to utilize LANDESK to Disable/Enable Windows Automatic Updates How to view installed updates for Windows using WMIC	Issue: "Create custom definition" icon is greyed out in the Patch and Compliance tool. Issue: Additional file in custom patch is not downloaded to same directory as the patch Issue: Affected Computers window doesn't display any results Issue: After upgrading to LDMS 9.6 the 'Download updates' screen still shows 9.5 content Issue: Agent Continually Prompts for Reboot Issue: Autofix no longer repairing vulnerabilities Issue: Cannot open vulscan logs folder from the command line using "vulscan e" Issue: Copied repair patch tasks will not delete Issue: Definition types missing from the download updates window. Issue: Download Updates options missing or show "Do Not Remove" Issue: Download updates settings revert back to original options Issue: Downloaded status next to a definition rule does not show correct status Issue: Gather Historical Information task is failing to run in Management Suite 9.6. Issue: Google Chrome not detected as an installed application on Windows Server in Security and Compliance Manager Issue: High CPU load and slow patch deployment using LANDESK Patch Manager Issue: Java Update Leaves Old Build Installed Issue: KB# is showing up in Windows Update but not in LANDESK Patch Manager Issue: Last Vulnerability (or other type) scan date is not updated in Inventory Issue: Message "No Patches Available" in Scheduled Task status after scheduling repair task Issue: Microsoft Hotfixes aren't included by default in LANDESK Security and Patch Manager Issue: Patch Manager Configuration loses settings inside the Download Updates window Issue: Patch Manager is not installing all of the patches that show up in Windows Update Issue: Patch severity mismatch between Microsoft and LANDESK Issue: Patches are downloaded in different languages Issue: Patches failing to download with the message "Skipping old or disabled patch" Issue: Patches show as both detected and installed Issue: PatchHistory database table is very large and causing a strain on SQL resources Issue: Reboot prompt shows hours until Automatic Reboot Issue: Repair tasks not showing after Portal refreshes Issue: Scanned and Detected numbers are not updating or are incorrect in Patch Manager Issue: Security and Compliance Manager (Vulscan) window blank Issue: Skype updates are not installing depending on the version Issue: Special characters not working in unique filename path for Patch Information section of Custom Definitions Issue: Unable to Download More Than 100 Vulnerabilities at a Time Issue: Unable to download or install .MSU patches through Patch Manager Issue: Unable to log in to Windows after applying Blocked Applications Issue: Unable to schedule and start a patch content download Issue: Very few patches are detected for Windows 2012 server managed nodes Issue: Vulnerability Scans are not updating on the core Issue: Vulscan cannot connect to the vulcore.asmx service on the Core Server Issue: Vulscan is not applying agent setting changes or is using an incorrect agent setting Issue: Vulscan stuck in a loop following deployment of SP1 for LDMS 9.5 Issue: Windows 7 and 2008 clients are blue screening when using Application Blocking IIssue: Windows Devices in another AD domain do not get Patches applied

How To's

Issues

How to get started with Patch Manager in LDMS 9.6

How to change the default Patch Location for Security and Patch Managerd

How to change the Default Distribution and Patch Settings

How to change the default Patch Location for Security and Patch Manager

How to change the number of Security Scan logs kept on a managed device

How to create a Custom Vulnerability Definition in Security and Compliance Manager

How to create a Pre-Cached Repair / Staged Repair

How to establish a Patch and Compliance Baseline Patch Group

How to exclude a managed device from applying patches

How to export patch definitions to a Dark Core (a core server with no internet access)

How to leverage Linux vendor tools to remediate vulnerabilities

How to manage superseded patches in Security and Compliance Manager

How to patch and manage Windows 10 using LANDESK Security and Patch Manager

How To: Repair Patches as a Specific User or "Run as Administrator"

How to repair vulnerabilities using a pre-cache task (install from local cached file or peers instead of from the source…

How to reset security scan local scheduler settings using a managed script

How to retain more vulscan logs before they are overwritten

How to Scan and/or Repair against a custom group

How to Scan for Specific Patches

How to schedule a Security Scan

How to set autofix attempt times before giving up

How to set up a Core Server to download patches for other cores with limited internet access (Dark Core)

How to speed up patching by disabling creation of restore points per each single update

How to start CBA8 with custom definition

How to troubleshoot a Patch and Compliance (vulnerability) scan

How to troubleshoot Core Server patch content download issues

How to troubleshoot detection problems in LANDESK

How to troubleshoot high CPU usage from the W3WP process for LDAppVulnerability

How to troubleshoot IIS using Log Parser Studio from Microsoft

How to troubleshoot Patch Manager detection and remediation issues

How to troubleshoot the Patch and Compliance Manager client scan and repair process

How to uninstall old Java versions with LDMS Patch and Compliance

How to uninstall Patches through Patch Manager

How to upgrade Software Using Patch Manager

How to upgrade to Internet Explorer 11 using Patch Manager

How to use Application Blocking in LDMS 9.6 Patch and Compliance Manager

How to use autofix in Security and Compliance Manager

How to use Custom Groups to repair groups of computers

How To: Use the Patch Cleanup Option in the Download Updates Tool in Patch and Compliance Manager

How to Use Manually Downloaded Patches

How to use Patch Manager to deploy a LANDESK Service Pack

How to use Security and Compliance Manager to deploy a Component Patch

How to use VBScript in the detection rule of a Custom Vulnerability

How to use VBScript in the Patch Installation & Removal (repair) section of a Custom Vulnerability

How to utilize LANDESK to Disable/Enable Windows Automatic Updates

How to view installed updates for Windows using WMIC

Issue: "Create custom definition" icon is greyed out in the Patch and Compliance tool.

Issue: Additional file in custom patch is not downloaded to same directory as the patch

Issue: Affected Computers window doesn't display any results

Issue: After upgrading to LDMS 9.6 the 'Download updates' screen still shows 9.5 content

Issue: Agent Continually Prompts for Reboot

Issue: Autofix no longer repairing vulnerabilities

Issue: Cannot open vulscan logs folder from the command line using "vulscan e"

Issue: Copied repair patch tasks will not delete

Issue: Definition types missing from the download updates window.

Issue: Download Updates options missing or show "Do Not Remove"

Issue: Download updates settings revert back to original options

Issue: Downloaded status next to a definition rule does not show correct status

Issue: Gather Historical Information task is failing to run in Management Suite 9.6.

Issue: Google Chrome not detected as an installed application on Windows Server in Security and Compliance Manager

Issue: High CPU load and slow patch deployment using LANDESK Patch Manager

Issue: Java Update Leaves Old Build Installed

Issue: KB# is showing up in Windows Update but not in LANDESK Patch Manager

Issue: Last Vulnerability (or other type) scan date is not updated in Inventory

Issue: Message "No Patches Available" in Scheduled Task status after scheduling repair task

Issue: Microsoft Hotfixes aren't included by default in LANDESK Security and Patch Manager

Issue: Patch Manager Configuration loses settings inside the Download Updates window

Issue: Patch Manager is not installing all of the patches that show up in Windows Update

Issue: Patch severity mismatch between Microsoft and LANDESK

Issue: Patches are downloaded in different languages

Issue: Patches failing to download with the message "Skipping old or disabled patch"

Issue: Patches show as both detected and installed

Issue: PatchHistory database table is very large and causing a strain on SQL resources

Issue: Reboot prompt shows hours until Automatic Reboot

Issue: Repair tasks not showing after Portal refreshes

Issue: Scanned and Detected numbers are not updating or are incorrect in Patch Manager

Issue: Security and Compliance Manager (Vulscan) window blank

Issue: Skype updates are not installing depending on the version

Issue: Special characters not working in unique filename path for Patch Information section of Custom Definitions

Issue: Unable to Download More Than 100 Vulnerabilities at a Time

Issue: Unable to download or install .MSU patches through Patch Manager

Issue: Unable to log in to Windows after applying Blocked Applications

Issue: Unable to schedule and start a patch content download

Issue: Very few patches are detected for Windows 2012 server managed nodes

Issue: Vulnerability Scans are not updating on the core

Issue: Vulscan cannot connect to the vulcore.asmx service on the Core Server

Issue: Vulscan is not applying agent setting changes or is using an incorrect agent setting

Issue: Vulscan stuck in a loop following deployment of SP1 for LDMS 9.5

Issue: Windows 7 and 2008 clients are blue screening when using Application Blocking

IIssue: Windows Devices in another AD domain do not get Patches applied

Information	Errors
About an update & improvement to the LANDeskScan.DLL notification About Autofix and Scan by Scope changes in LDMS 9.6 About content verification in LANDESK Patch Manager About IIS Virtual Directories and File Permissions for Security and Patch Manager About LANDESK Distribution and Patch settings About LANDESK Patch Content severity levels About LANDESK Patch Manager and Antivirus return codes About LANDESK Security and Compliance Manager content About manually downloaded patch definitions About Patch and Compliance content vulnerability definition title suffixes About Patch Codes for Inventory About Patch Manager 9.6 new permissions options for editing and importing definitions About Patch Manager Auto Update About Patch Manager vulnerability information and the processes that affect it About Patching: 101 - A simple, effective method of patching About the "Gather Historical Information" task in Ivanti EPM Patch and Compliance Manager About the "Patch-only settings" inside "Distribution and Patch Settings" About the "Use 64-bit registry view on 64-bit windows" setting within Patch and Compliance definition rules About the Checksum and Hash types used in Patch Manager definitions About the Compliance group in Security and Compliance Manager About the icons in the Security and Compliance tool About the LANDESK support program for Windows XP and Server 2003 patch content About the LDMS 9.5 and 9.6 Patch Manager database schema About the Patch Manager definition rules processing order About the Registry Keys that are checked to see if a reboot is needed About the security and compliance scan (vulscan) log files About the Vulnerability scan and repair logs	Error "Unable to get the setting from core" when running security scan (Vulscan.exe) Error: "0x8db30194" (404) from vulscan Error: "0x8db3019c All Patches Failed" in Vulscan log file Error: "1314" when installing a patch or application through Patch Manager Error: "8004005" when patching Microsoft Office installs Error: "Cannot complete the requested action. The device must be rebooted first." when running vulnerability repair job Error: "Client user does not have administrator rights" when running Vulnerability Scan Error: "Core could not find a file" when running vulscan on clients Error: "Could not establish trust relationship for the SSL/TLS secure channel error" when downloading patch definitions Error: "Error writing scripting file. Please verify access privilege" when running vulnerability repair job Error: "Failed to apply compliance settings" during vulnerability scan Error: "Failed to download all additional files" when repairing a vulnerability using a Policy method Error: "Failed. Cannot Interpret Data" when running a Security and Compliance scan Error: "Hash for patch does not match with host. Discarding" when downloading Patch Content Error: "HTTP Error 403" / Vulscan Return Code 433 Error: "Invalid column name 'scan' when downloading content after Service Pack installation Error: "Invalid XML file 951_updates.xml. There is an error in XML document (2, 2)" when downloading Antivirus definitio… Error: "Length of LOB data (XXXXXX) to be replicated exceeds configured maximum 500000" when downloading updates Error: "No uninstall instructions. Patch is not installed." when uninstalling a patch Error: "Node's reported ID is not in the database" Error: "RunPatches ERROR: Download failed (80072f76)" when repairing vulnerability Error: "Server Busy" when running a Vulnerability Scan Error: "Unable to find string with ID message" in Vulscan UI Error: "Unable to get custom variable overrides" Error: "You have not specified a site from which to download updates" when downloading updates in Patch Manager

Information

Errors

About an update & improvement to the LANDeskScan.DLL notification

About Autofix and Scan by Scope changes in LDMS 9.6

About content verification in LANDESK Patch Manager

About IIS Virtual Directories and File Permissions for Security and Patch Manager

About LANDESK Distribution and Patch settings

About LANDESK Patch Content severity levels

About LANDESK Patch Manager and Antivirus return codes

About LANDESK Security and Compliance Manager content

About manually downloaded patch definitions

About Patch and Compliance content vulnerability definition title suffixes