EPS v.4 – we have errors during implementation.

EPS v.4 – we have errors during implementation. (Full Version)

All Forums >> [Network Security] >> GFI EndPointSecurity

Message

poma -> EPS v.4 – we have errors during implementation. (13.Mar.2008 6:25:30 AM)
Hello, We've acquired GFI EndPointSecurity 4.0 license for 300 users, and now trying to implement it in our environment. Unfortunately, we have some problems. 1) Some times we receive an error during agent deployment on some target systems (Windows XP SP2). We can see this error in GFI console. "The installation process has interrupted on 75%" (see fig. 1.jpg). As a result, GFI console shows that the target system have no agent installed (so that, we can not apply policy), but on workstation (target system) we can see that the GFI service was started and we don’t have access to any devices such as USB-flash or CD/DVD-ROM. How to solve this problem? We can't remove agent from console, because during installation it shows 75 % and then "install failed.." 2) After successful deployment on about ~10 systems we've started to receive complaints from our users about popup windows with error messages on their workstations (not all workstations) (see fig. 2.jpg). This errors were occurred when users logs on to systems or when users tried to start some applications (Word, Excel, etc.). We don’t understand the reason of these errors. We can’t reproduce these errors. These errors appears randomly. Can you help us to solve these problems? fig.1 [image]http://forums.gfi.com/C:\1.jpg[/image] fig.2 [image]http://forums.gfi.com/C:\2.jpg[/image]

poma -> RE: EPS v.4 – we have errors during implementation. (13.Mar.2008 6:29:54 AM)
Unfortunately, I don't have permission to add figs (or may be this feature is disabled). fig.2 The message is: " 'some program1.exe' - Drive is missing " description is: "There is no drive in a device. Insert drive in device \Device\Harddisk3\DR4" Where 'some program1.exe' are some programs those automatically start during logon (this error is occurred when users logs on to systems) Where 'some program1.exe' is programs such as WINWORD.exe or EXCEL.exe (this error is occurred when users are trying to start some applications (Word, Excel, etc.) After about 5 clicks on the button <Cancel> (alternatively there are <Retry> and <Continue> buttons) the message is closed and the application (for example WINWORD) is started.

Sven Berger -> RE: EPS v.4 – we have errors during implementation. (20.Mar.2008 12:12:57 PM)
Hi poma, Given that the installation stopped at 75%, but the services are in fact running onthe target machine, I think we can assume that we are dealing with a faulty installation. The behaviour towards "some programs" that you described in your second post is certainly unusual (i.e. I have not heard of it). When the installation failes, there are htree main culprits: Remote Registry on the target machien is not running, Anti-Virus is interfereing, or a router between the machines is active on port 1116 (communication port between the Agent and the EPS Machine). I would suggest you use one of the machines as a test machine ad disable (briefly) Anti-Virus on that machine. As for the Remote Registry, try to open the registry of THAT machine using the regedit of the EPS machine ("Connect to -> another machine"). Ensure you are running regedit under the same credentials as the EPS Service. Apart from that, I think that this is a case for the Tech Support Team. When you contact them, please provide a link to this thread, so they can see what I have suggested so far.

poma -> RE: EPS v.4 – we have errors during implementation. (25.Mar.2008 4:56:32 AM)
We think that the reason of this errors is mounting mode of the internal card-reader devices. There are 4 ports in card-reader, so we have 4 different errors. The error occurs when we connect ports of card-reader as NTFS-folders not like drive letters (not like E:, F:, etc..).

Sven Berger -> RE: EPS v.4 – we have errors during implementation. (6.Apr.2008 1:32:48 PM)
Hi Poma, If you could live with whitelisting the devices, then that would be the way forward. You can whitelist the device by connecting it to a machine and then scanning that machine for connected devices. Failing that, you could always go into Device Manager of the machine where the device is connected to and retrieve the devices' "hardware ID". Once you have that, you can whitelist it because the "hardware ID" is what EPS uses in its Device database.

poma -> RE: EPS v.4 – we have errors during implementation. (7.Apr.2008 2:38:13 AM)
In one word, we found two bugs (may be features):1) If we mount a card-reader as “NTFS-folders” (not as a “letter”, for example, “Drive K”), we have error-popup messages when we are trying to run any applications (for example, WINWORD.exe). And it doesn’t matter, what we want – to prevent access or allow access to card-reader. Error message disappearing after agent deinstallation. 2) If we mount a card-reader as “NTFS-folders” (not as a “letter”, for example, “Drive K”), the security policies does not working correctly. We have a full access to card-reader (for, example SD-card), even if it is denied by permission settings.i.e.I set a full access to SD card for users who are the member of “GFI_ESEC_SecureDigital_FullAccess” group (Status "Full Access").So, the users that are NOT belonging to this group should not have access to SD card. But they have!!! This is occurring when the card reader is mounted as a NTFS-folder.

Sven Berger -> RE: EPS v.4 – we have errors during implementation. (7.Apr.2008 2:43:52 AM)
Hi Poma, can you tell us what device you are talking about?

poma -> RE: EPS v.4 – we have errors during implementation. (7.Apr.2008 5:48:27 AM)
I'm talking about the following devices: card readers (mounted as NTFS-folders, not like a letters) and SD cards (Kingston 1GB MICRO SD). My domain account is not included in the group "GFI ESEC SecureDigital FullAccess", therefore I should not have access to any SD cards. But when card-reader's ports/slots are mounted as NTFS-folders, I have granted full access to SD card and may use it as a storage device (I can copy any data to it).

walter -> RE: EPS v.4 – we have errors during implementation. (20.Jun.2008 2:05:35 PM)
i have identical problem with the 75% install failure and then unable to remove the agent. remote registry connects no problem. Any luck finding what the problem is?

walter -> RE: EPS v.4 – we have errors during implementation. (20.Jun.2008 3:29:08 PM)
having investigated the 75% installation problem further. It appears to be a problem with the windows installer. The error that comes out is that it does not have permission to write to the GFI director - in particular the policysetting xml file. There is obviously some form of protection on that entire directory structure so there is way to modify those setting. Therefore GFI will have to advise how to get past the problem

DrewE -> RE: EPS v.4 – we have errors during implementation. (23.Jun.2008 4:18:20 PM)
Walter, I have not heard of many issues with this upgrade process. I would recommend opening a trouble ticket at http://support.gfi.com so we can investigate. Are you in an environment with 'strict' security requirements? Could the C$ share not be accessible to the interface? If the service is running as a Domain Administrator, and you have local admin rights to the machine in question with that account, then we'll need to examine your log files.

poma -> RE: EPS v.4 – we have errors during implementation. (30.Jun.2008 3:25:28 AM)
2 walter I have solved this issue. Look at the system service "GFI EndPointSecurity Service" on GFI Server. By default this service is started with log-on credentials "LocalSystem", and as far as I remember, this setting is taking place even you configured some another name during installation process. So, stop this service "GFI EndPointSecurity Service". Configure Log-On settings on this service (you need to specify name of Domain Administrator). Also, you need to configure "LogOn Credentials" in the GFI Console. This setting should be as "Use the security context under witch the GFI Service is running". Start the GFI EndPointSecurity Service" and try implementation. with regards

Page: [1]