Attention: Required patch LD88-Spyware-20722-882 and LD-Spyware-20722-876 needs to be applied.
UPDATE: LANDesk will release the LDSS 8.8 SP1 patch in content Monday February 9th, 2009. The patch install and content for detection for both SP1 and SP2 will be in the same vulnerability definition and the vulnerability ID of the content for both service packs will be LD-Spyware-20722-882_v2 .
LANDesk Software has released a new patch for LANDesk Security Suite (LDSS) 8.7 and 8.8 to update the spyware scanning engine to the latest version. In order to use latest Spyware definitions database this update will need to be applied to the Core Server and to every client (8.7 clients simply need to be update to SP6) due to the changes in the way the new definition database files are formatted and downloaded.
This latest engine has the ability to handle new functionality to download and use incremental changes to the spyware definition database file. The database file is currently over 10 MBs in size and each time an update is released the clients download the entire file. The incremental update will make it so that the base spyware database will only be downloaded to clients that do not have the full database. By so doing, when updates are released only the changes will be downloaded. Once the incremental updates reach a certain size a new base file will be released and then incremental updates will be created from the new base database file.
Patch LD88-Spyware-20722-882 includes a new version of Vulscan.exe 8.80.2.30, Softmon.exe 8.80.2.19 and ceapi.dll 7.1.0.13. LD-Spwyare-20722-876 includes a new version of Vulscan.exe 8.70.7.64 Softmone.exe 8.70.7.18 CEAPI.DLL 7.1.0.13. This update will replace the current spyware scanning engine update that is currently in the LANDesk 8.8 content (LD88-SpyWare-16681-882). The new patch will need to be applied to the core server so that it will know how to handle and import the incremental files into the database.Currently, without this patch, all new content downloaded to the core will not import into the database properly. Moreover, every 8.8 client needs this patch in order to update softmon.exe to the correct version; softmon does not auto-update like vulscan and the ceapi.dll. 8.7 SP6 includes the correct version of Softmon.exe so as long as an SP6 client is applied this patch only needs to be applied to the core.
If you're on 8.8 Gold you will need to upgrade in order to process any new spyware content. If you're on 8.8 SP1 the patch written for 8.8 SP2 is currently being regression tested for a possible future release. If you're on 8.7 and have a service pack version below SP6 you will also need to upgrade. The content available today in LANDesk updates has only been tested and currently will only install on LDSS 8.7 SP6 and LDSS 8.8 SP2. If you're on LDSS 8.8 SP1 want the patch before it is fully tested please call support and get it. If the regression test for 8.8 SP1 passes, LANDesk content will be updated with a SP1 version.
Note: This patch should be applied using the LANDesk update via the Security and Patch tool. We recommend the patch be installed using Security and Patch tool, re-installing the entire agent is not required. If the agent needs to be upgraded, please refer to http://community.landesk.com/support/docs/DOC-4449 prior to upgrading the agents.
Matrix breakdown:
· LDSS 8.8 no Service Pack - Will need to install SP2A (possibly just SP1 depending on test results) then apply the patch LD88-Spyware-20722-882 on the Core Server and all Clients. Failing to install the patch on the clients will cause softmon.exe to utilize high amounts of CPU until the patch is applied.
· LDSS 8.8 Service Pack 1 - See community link for any future information regarding the regression testing. If testing is successful, the patch LD88-Spyware-20722-882 will need to be installed to every the Core and every client. It may be necessary to upgrade to SP2A. If you would like this patch before all testing has been done, call support and ask for it.
· LDSS 8.8 Service Pack 2(A) Install LD88-Spyware-20722-882 on the Core Server and all Clients.
· LDSS 8.7 Service Pack 1-5 Upgrade to SP6 and then apply LD87-Spyware-20722-876. SP6 and LD87-Spyware-20722-876 must be installed in order to receive new spyware content.
· LDSS 8.7 Service Pack 6 Install LD87-Spyware-20722-876 on the Core Server. Clients will simply need to be on SP6 as SP6 contains the updated softmon.exe.
For future updates, please see subscribe to this article