Endpoint Settings Issues

Endpoint Settings

Unable to display endpoint notification screen

Problem: The Threat Mitigator endpoint notification screen does not display if the Threat Mitigator device and Network VirusWall Enforcer device are on the same network.

Solution: Add the Threat Mitigator IP address to the Network VirusWall Global Endpoint Exception list.

Scan Failure Due to Data Execution Prevention (DEP)

Problem: Threat Mitigator sometimes fails to clean a client machine if the client machine has enabled Data Execution Prevention (DEP)

• DEP is a Windows feature available only in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003 with Service Pack 1.

Solution 1: Add the Threat Mitigator client agent, RMAgent.exe in the %windir%\PEAgent\TDME folder into the DEP exception list. To get to the DEP exception list, follow the procedure below.

1. While logged on to the client computer as Administrator:

1. Click Start > Run.

2. Type the following: sysdm.cpl

3. Click OK.

The System properties multi-tabbed window appears.

2. On the Advanced tab, under Performance, click Settings. The Performance Options window appears.

3. Click the Data Execution Prevention tab and select the Turn on DEP for all programs and services except those I select: radio button. The Add... button below activates.

4. Click Add.... A file manager window appears.

5. Navigate to the location of the RMAgent.exe file on the client machine and click that file name. A box with a green check appears next to the name RMAgent.exe in the field above the Add... button.

6. Click OK twice.

Solution 2: Download Microsoft Application Compatibility Toolkit and apply its compatibility fix, DisableNX, to Threat Mitigator client agent RMAgent.exe. Save the fix as an .sdb file and deploy the fix to the specific endpoints by one of the following methods:

• Email attachment: The custom database can be sent through email to the users who require the fixes. If users are running Windows XP, they can simply choose to run the attachment.

• Floppy disk: The "Sneaker Net" approach. Copy the database file onto removable media and use that media to install the database on multiple endpoints. (Best suited to a small number of endpoints in close walking distance.)

• Network folder: Endpoints can manually install the compatibility database from a shared network location.

• Push install: You can include the custom database in an installation package that you deploy through push technology. Possible solutions include Microsoft Systems Management Server (SMS) or Group Policy within Active Directory domains.

• Logon script: Does not require user interaction and can be custom-tailored for different groups of users based on the logon script that they receive.

As an example of how a logon script might be used, consider the following:

if not exist %systemroot%\apppatch\RMAgentFix.sdb sdbinst.exe –q \\server1\compat\RMAgentFix.sdb

Excluding Endpoints From Mitigation Tasks

Problem: Some endpoints can be excluded from mitigation events.

Solution: Add the endpoint IP address to the Mitigation Exclusion List from the Threat Discovery Appliance product console.