ZESUser.exe reaches out into the Internet

This document (7012625) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks Endpoint Security Management 11.2
Novell ZENworks Configuration Management 11.2

Situation

ZESUser.exe tries to connect to the Internet on agent startup.

Resolution

Workaround:
Create a file %zenworks_home%\esm\ZESUser.Exe.Config with the content:
"...
<?xml version="1.0" encoding="utf-8"?>
<configuration>
        <runtime>
               <generatePublisherEvidence enabled="false"/>
        </runtime>
</configuration>
..."

Cause

The Microsoft .NET 3.5 framework default behavior is to verify the authenticode signature on executable start-up. The ZCM agent .net executables are not signed and the managed device might not have access to the Internet at the moment the executable is loading. This can cause delay or even timeouts on ZCM agent module startup and generates unnecessary Internet traffic.

Status

Reported to Engineering

Additional Information

For most .net executables the ZCM agent already contains such a .Exe.Config file to disable this generatePublisherEvidence functionality, but it is missing for ZESUser.exe.

More information about this .net functionality is available at MSDN

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

Document ID:7012625
Creation Date:18-JUN-13
Modified Date:18-JUN-13
- NovellZENworks Configuration Management
  ZENworks Endpoint Security Management

Did this document solve your problem? Provide Feedback

Knowledgebase

My Favorites