The Endpoint Security Client features several diagnostics tools that can create a customized diagnostics package that can then be delivered to Novell Support to help resolve any issues. Optionally, logging and reporting can be activated to provide full details regarding endpoint usage. Administrators can also view the current policy, add rule scripting, and check the Endpoint Security Client driver status.
The following sections contain more information:
If problems occur because of the Endpoint Security Client’s presence on the endpoint, administrators can provide detailed diagnostics information packages to Novell Support. This information is vital in resolution of any issues. The diagnostics package is defined by the following items:
Bindings: Captures the current driver bindings for the endpoint.
Client Status: Captures the current client status (displayed on the About window) as well as other internal status.
Driver Status: Captures the current status of all drivers on the endpoint (displayed in the Driver Status window).
Group Policy Object: Captures the current GPO for the user/endpoint as designated by your directory service (for example., Active Directory).
Log Files: Captures the designated logs (see Section 7.6.3, Logging).
Policy: Captures the current policy running on the Endpoint Security Client (see View Policy).
Network Environments: Captures the current and detected network environments.
Registry Settings: Captures the current registry settings.
Reports: Captures any reports in the temp directory (see Section 7.6.4, Reporting).
System Event Logs: Captures the current System Event logs.
System Information: Captures all system information.
To create a diagnostics package:
Right-click the
icon, then click .Click
.Select the items to be included in the package (all are selected by default).
Click
to generate the package.The generated package (ESSDiagnostics_YYYYMMDD_HHMMSS.zip.enc) is available on the desktop. This encrypted zip file can now be sent to Technical Support.
The Remove Temporary Files setting, which is only available when a password override is active in the policy, can be deselected to keep each package component type in a temporary directory. This setting should be deselected only when a Novell Professional Services representative is present on-site and wants to check individual logs. Otherwise, the files that are generated are not necessary and take up disk space over time.
The Administrator views for the diagnostic tools, such the
check box, display only when a password override is present in the policy. The button requires that either the password or a temporary password to be entered. After the password is entered, it does not need to be entered again, as long as the diagnostics window remains open.Figure 7-1 Administrator Views
The following sections contain more information:
The
button displays the current policy on the device. The display shows basic policy information and can be used to troubleshoot suspected policy issues.Figure 7-2 View Policy Window
The policy display divides the policy components into the following tabs:
General: Displays the global and default settings for the policy.
Firewall Settings: Displays the Port, ACL, and Application groups available in this policy.
Firewalls: Displays the firewalls and their individual settings.
Adapters: Displays the permitted network adapters.
Locations: Displays each location, and the settings for each.
Environments: Displays the settings for defined network environments.
Rules: Displays integrity and scripting rules in this policy.
Misc: Displays assigned reporting, hyperlinks, and custom user messages for this policy.
The
button allows the administrator to enter a specific script into the Endpoint Security Client that runs on this endpoint only. You can use the scripting window to browse for an available script (scripts must be either jscript or vbscript), or a script can be created by using this tool.Figure 7-3 Rule Scripting Window
Variables are created by clicking
, which displays a second window where the variable information can be entered.Figure 7-4 Scripting Variable Window
Editing a variable launches the same window, where you can edit as needed.
removes the variable. Click in the main scripting window after a variable is set.The
button displays the current status of all drivers and affected components.Figure 7-5 Client Driver Status Window
The
button lets administrators adjust the settings for the Endpoint Security Client without re-installing the software. Select the actions you want to perform, then click the button:Figure 7-6 Endpoint Security Client Settings Control
The following sections contain more information:
Disables all protections used to keep the client installed and active on the machine. Disabling should only be used when performing patch fixes to the Endpoint Security Client.
IMPORTANT:This must be deselected and applied again, or Client Self Defense remains off.
This will clear the hashes from the protected files. The current policies and licensing information will remain. Once the hashes are cleared, the file may be updated. This can only be performed while Client Self Defense is turned off.
Restores the original policy to permit check-in when the current policy is blocking access.
This clears the password that is required for uninstalling the Endpoint Security Client. Once cleared, the Endpoint Security Client can be uninstalled without a password prompt. Use when the uninstall password is failing, or lost.
Resets the password required to uninstall the Endpoint Security Client. The administrator will be prompted with a window to enter the new uninstall password.
Logging can be turned on for the Endpoint Security Client, permitting it to log specific system events. The default logs gathered by the Endpoint Security Client are XML Validation and Commenting. Additional logs can be selected from the checklist. When troubleshooting, it is recommended that logging be set according to the directions of Novell Technical Support and the circumstances that lead to the error be repeated.
Figure 7-7 Logging Window
Additionally, the type of log created, file settings, and roll-over settings can be adjusted, based on your current needs.
To make the new logs record after the device’s reboot, check the
box, otherwise the Endpoint Security Client reverts to its default logs at the next reboot.The option to add a comment to the logs is available on the diagnostics window. Click the
button to display the Add Comment window. Comments are included with the next batch of logs.Figure 7-8 Comment Window
NOTE:If the
option in logging is unchecked, the button does not display.Reporting allows the addition of reports for this endpoint. Reports can be added and increased in duration; however, reports cannot fall below what was already assigned by the policy (for example, specific reporting, if activated in the policy, cannot be turned off). See Section 6.2.4, Compliance Reporting for descriptions of the report types.
Figure 7-9 Reporting Overrides
The duration settings for each report include:
Off: Data is not gathered.
On: Data is gathered based on the set duration.
On - Disregard Duration: The data is gathered indefinitely.
The duration and send interval can be set using the
options on the right of the screen.Figure 7-10 Duration Settings, and Make Permanent
Check the
box to continue uploading the new reports for just this end-user; otherwise, reporting reverts to the policy default at the device’s next reboot.To capture reports in the diagnostics package, check the temp directory for the time/space defined in the Reporting window. These reports can then be bundled in the diagnostics package.
box in the Reporting window. This option causes reports to be retained in theFigure 7-11 Hold Reports for Diagnostics