7.6 Using the Endpoint Security Client Diagnostics Tools

The Endpoint Security Client features several diagnostics tools that can create a customized diagnostics package that can then be delivered to Novell Support to help resolve any issues. Optionally, logging and reporting can be activated to provide full details regarding endpoint usage. Administrators can also view the current policy, add rule scripting, and check the Endpoint Security Client driver status.

The following sections contain more information:

7.6.1 Creating a Diagnostics Package

If problems occur because of the Endpoint Security Client’s presence on the endpoint, administrators can provide detailed diagnostics information packages to Novell Support. This information is vital in resolution of any issues. The diagnostics package is defined by the following items:

  • Bindings: Captures the current driver bindings for the endpoint.

  • Client Status: Captures the current client status (displayed on the About window) as well as other internal status.

  • Driver Status: Captures the current status of all drivers on the endpoint (displayed in the Driver Status window).

  • Group Policy Object: Captures the current GPO for the user/endpoint as designated by your directory service (for example., Active Directory).

  • Log Files: Captures the designated logs (see Section 7.6.3, Logging).

  • Policy: Captures the current policy running on the Endpoint Security Client (see View Policy).

  • Network Environments: Captures the current and detected network environments.

  • Registry Settings: Captures the current registry settings.

  • Reports: Captures any reports in the temp directory (see Section 7.6.4, Reporting).

  • System Event Logs: Captures the current System Event logs.

  • System Information: Captures all system information.

To create a diagnostics package:

  1. Right-click the Endpoint Security Client icon, then click About.

    Endpoint Security Client About screen
  2. Click Diagnostics.

    Endpoint Security Client DIagnostics screen
  3. Select the items to be included in the package (all are selected by default).

  4. Click Create Package to generate the package.

    The generated package (ESSDiagnostics_YYYYMMDD_HHMMSS.zip.enc) is available on the desktop. This encrypted zip file can now be sent to Technical Support.

The Remove Temporary Files setting, which is only available when a password override is active in the policy, can be deselected to keep each package component type in a temporary directory. This setting should be deselected only when a Novell Professional Services representative is present on-site and wants to check individual logs. Otherwise, the files that are generated are not necessary and take up disk space over time.

7.6.2 Administrator Views

The Administrator views for the diagnostic tools, such the Remove Temporary Files check box, display only when a password override is present in the policy. The View Policy button requires that either the password or a temporary password to be entered. After the password is entered, it does not need to be entered again, as long as the diagnostics window remains open.

Figure 7-1 Administrator Views

The following sections contain more information:

View Policy

The View Policy button displays the current policy on the device. The display shows basic policy information and can be used to troubleshoot suspected policy issues.

Figure 7-2 View Policy Window

The policy display divides the policy components into the following tabs:

  • General: Displays the global and default settings for the policy.

  • Firewall Settings: Displays the Port, ACL, and Application groups available in this policy.

  • Firewalls: Displays the firewalls and their individual settings.

  • Adapters: Displays the permitted network adapters.

  • Locations: Displays each location, and the settings for each.

  • Environments: Displays the settings for defined network environments.

  • Rules: Displays integrity and scripting rules in this policy.

  • Misc: Displays assigned reporting, hyperlinks, and custom user messages for this policy.

Rule Scripting

The Rule Scripting button allows the administrator to enter a specific script into the Endpoint Security Client that runs on this endpoint only. You can use the scripting window to browse for an available script (scripts must be either jscript or vbscript), or a script can be created by using this tool.

Figure 7-3 Rule Scripting Window

Variables are created by clicking Add, which displays a second window where the variable information can be entered.

Figure 7-4 Scripting Variable Window

Editing a variable launches the same window, where you can edit as needed. Delete removes the variable. Click Save in the main scripting window after a variable is set.

Driver Status

The Driver Status button displays the current status of all drivers and affected components.

Figure 7-5 Client Driver Status Window

Settings

The Settings button lets administrators adjust the settings for the Endpoint Security Client without re-installing the software. Select the actions you want to perform, then click the Apply button:

Figure 7-6 Endpoint Security Client Settings Control

The following sections contain more information:

Disable Self Defense

Disables all protections used to keep the client installed and active on the machine. Disabling should only be used when performing patch fixes to the Endpoint Security Client.

IMPORTANT:This must be deselected and applied again, or Client Self Defense remains off.

Clear File Protection

This will clear the hashes from the protected files. The current policies and licensing information will remain. Once the hashes are cleared, the file may be updated. This can only be performed while Client Self Defense is turned off.

Reset to Default Policy

Restores the original policy to permit check-in when the current policy is blocking access.

Clear Uninstall Password

This clears the password that is required for uninstalling the Endpoint Security Client. Once cleared, the Endpoint Security Client can be uninstalled without a password prompt. Use when the uninstall password is failing, or lost.

Reset Uninstall Password

Resets the password required to uninstall the Endpoint Security Client. The administrator will be prompted with a window to enter the new uninstall password.

7.6.3 Logging

Logging can be turned on for the Endpoint Security Client, permitting it to log specific system events. The default logs gathered by the Endpoint Security Client are XML Validation and Commenting. Additional logs can be selected from the checklist. When troubleshooting, it is recommended that logging be set according to the directions of Novell Technical Support and the circumstances that lead to the error be repeated.

Figure 7-7 Logging Window

Additionally, the type of log created, file settings, and roll-over settings can be adjusted, based on your current needs.

To make the new logs record after the device’s reboot, check the Make Permanent box, otherwise the Endpoint Security Client reverts to its default logs at the next reboot.

Add Comment

The option to add a comment to the logs is available on the diagnostics window. Click the Add Comments button to display the Add Comment window. Comments are included with the next batch of logs.

Figure 7-8 Comment Window

NOTE:If the Comments option in logging is unchecked, the Add Comments button does not display.

7.6.4 Reporting

Reporting allows the addition of reports for this endpoint. Reports can be added and increased in duration; however, reports cannot fall below what was already assigned by the policy (for example, specific reporting, if activated in the policy, cannot be turned off). See Section 6.2.4, Compliance Reporting for descriptions of the report types.

Figure 7-9 Reporting Overrides

The duration settings for each report include:

  • Off: Data is not gathered.

  • On: Data is gathered based on the set duration.

  • On - Disregard Duration: The data is gathered indefinitely.

The duration and send interval can be set using the Report Times options on the right of the screen.

Figure 7-10 Duration Settings, and Make Permanent

Check the Make Permanent box to continue uploading the new reports for just this end-user; otherwise, reporting reverts to the policy default at the device’s next reboot.

Making Reports Available for a Diagnostics Package

To capture reports in the diagnostics package, check the Hold Files box in the Reporting window. This option causes reports to be retained in the temp directory for the time/space defined in the Reporting window. These reports can then be bundled in the diagnostics package.

Figure 7-11 Hold Reports for Diagnostics