LevelBlue Knowledge Base » Knowledgebase » Legacy Products » EndPoint Security

What versions of Marshal Security products are currently supported by LevelBlue Technical Support?

Charles Creegan — Sun, 26 Nov 2023 18:02:27 GMT

This article applies to:

MailMarshal (SEG)
MailMarshal ECM/MailMarshal Exchange
MailMarshal SPE
MailMarshal SES
Marshal Reporting Console
WebMarshal
Bitdefender for Marshal
McAfee for Marshal
Sophos for Marshal
Other Products
- MailMarshal Appliance e10000
- MailMarshal Management Pack for MOM
- MailMarshal Management Pack for SCOM
- Marshal EndPoint Security
- Security Reporting Center
- Firewall Suite
- imMarshal for MSN
- Counterspy for Marshal
- Kaspersky for Marshal
- PestPatrol for Marshal

Question:

What versions of Content Security (Marshal) products are currently supported by LevelBlue Technical Support?

Information:

For full details about supported versions of current products, see the articles linked below:

Premises Email Security

Article Q20961 covers the following products:
- MailMarshal (SEG)
- MailMarshal ECM/MailMarshal Exchange
- Secure Email Server (SES)

Web Content Security

Article Q20962 covers WebMarshal.

Service Provider Email Security

Article Q20963 covers MailMarshal SPE.

Anti-Virus and Reporting

Article Q20964 covers the following products:
- Bitdefender for Marshal
- McAfee for Marshal
- Sophos for Marshal
- Marshal Reporting Console

Deprecated and Discontinued Products

e10000 (MailMarshal Node Appliance): End of support: March 31, 2011
EndPoint Security: End of support: May 1, 2013
MailMarshal Management Pack for MOM: End of support: May 1, 2013
MailMarshal Management Pack for SCOM: End of support: May 1, 2013
Security Reporting Center (Windows Version): End of support: December 31, 2009
Security Reporting Center (Solaris Version): Withdrawn
Firewall Suite: Withdrawn
imMarshal for MSN: Withdrawn
Counterspy for Marshal: End of support: January 1, 2014
Kaspersky for Marshal: End of support: November 22, 2023
PestPatrol for Marshal: End of support: January 1, 2014

This article was previously published as:: NETIQKB33882

Where do I send a feature request for a LevelBlue Marshal product?

Charles Creegan — Sun, 01 Mar 2020 00:00:00 GMT

This article applies to:

MailMarshal (SEG)
MailMarshal ECM/MailMarshal Exchange
MailMarshal SPE
WebMarshal

Question:

Where do I send a feature request for a LevelBlue Marshal product?

Procedure:

If you want to request a new feature or you want to suggest an improvement for any product, you can contact Technical Support. You can also enquire through your account manager or reseller.

What are the System Requirements for EndPoint Security clients?

Charles Creegan — Mon, 01 Jun 2009 23:09:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

What are the System Requirements for EndPoint Security clients?
What disk formats does EndPoint Security support?
What Operating System versions does EndPoint Security support?
Why are users on some computers always allowed access to all Device Classes when they should not be?

Information:

The EndPoint Security client can be installed on the following Microsoft Windows versions:

Vista (32 bits only)
Server 2003
XP
2000 (Service Pack 4)
NT (Service Pack 6a, IE4 or above)

The server component is not supported on Vista.

EndPoint Security does not support installation on 64 bit systems.

EndPoint Security is a 32 bit application. It depends heavily on drivers that have not been tested on 64 bit systems.

Notes:

On Windows NT the granularity of control is reduced to Full Control, No Control.

Read Only access is not supported on NT.
File auditing is not supported on NT.

On Windows 2000, writable CDROM devices might be accessible through Roxio Easy CD Creator.

To resolve this issue, ensure that you have installed Service Pack 4 for Windows 2000.

The client computer disks must use the NTFS file system. If the disks do not use NTFS, access restrictions will not be enforced.
For encrypted USB devices, the minimum size is 64MB. EndPointSecurity uses the FAT32 file system for encrypted devices.

Does EndPoint Security perform audit logging for floppy drives?

Charles Creegan — Fri, 11 Jul 2008 01:40:00 GMT

This article applies to:

Marsahl EndPoint Security

Question:

Does EndPoint Security perform audit logging for floppy drives?
Are internal drives audited by EndPoint Security?

Reply:

Internal floppy disk drives are legacy devices. Disk insertion into these drives is not logged in the EndPoint Security Audit Log.

However Audit Log records are created for USB based external floppy drives.

Does EndPoint Security restrict USB port access?

Charles Creegan — Fri, 11 Jul 2008 01:36:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Does EndPoint Security restrict USB port access?

Reply:

EndPoint Security restricts access to devices connected to the USB port based on the type of device, according to a predefined policy.

For example one can allow access to a USB Memory stick but not an iPod.

EndPoint Security does not restrict access to hardware ports.

What transport mechanism does EndPoint Security use?

Charles Creegan — Fri, 11 Jul 2008 01:32:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

What transport mechanism does EndPoint Security use?
How are policy updates sent from the EndPoint Security server to clients?
How are EndPoint client deployments sent?

Reply:

EndPoint Security communicates between server and clients using HTTPS (secure HTTP protocol). The web server used is Microsoft IIS.

Policy enforcement pop-ups not showing

Charles Creegan — Fri, 11 Jul 2008 00:45:00 GMT

This article applies to:

Marshal EndPoint Security
Windows 2000 client computers

Symptoms:

Policy enforcement pop-ups do not display

Causes:

Windows 2000 clients require a restart after client installation before policy enforcement pop-ups are available.

A reboot notification will be displayed at the time of deployment, unless the EndPoint Security administrator has disabled notifications in the Control Center – Client Settings dialog.

Resolution:

Ensure that Widnows 2000 computers are restarted after deployment of the EndPoint Security client.

I/O Error when accessing encrypted USB device

Charles Creegan — Fri, 11 Jul 2008 00:22:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Why do users see a Windows I/O error when attempting to read from an encrypted USB device?

Information:

This behavior is by design. If a user tries to access an encrypted USB device without the correct password, Windows returns an I/O error.

Windows returns this error when attempting to access media that cannot be read for any reason.

When the correct password is used, the device will be readable.

Client status shows ?? as version number

Charles Creegan — Fri, 11 Jul 2008 00:13:00 GMT

This article applies to:

Marshal EndPoint Security

Symptoms:

Clilent status display shows a client with version number of '??'

Causes:

The client computer may have been rebuilt, or the client installation is corrupt.

Resolution:

To resolve this issue, re-deploy the client to the affected computer.

Policy updates after re-installation of the server

Charles Creegan — Fri, 11 Jul 2008 00:06:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

If the EndPoint Security server is re-installed, will clients retrieve policy from the server?

Information:

If you re-install the EndPoint Security server, clients will automatically pick up a new policy if the policy on the server has been updated.

If the default has not been changed, clients may not automatically pick up the policy. To ensure that the clients collect the new policy, administrators should ensure that the policy is updated at the server after a re-installation.

It is best practice to re-deploy clients after re-installation of the server. This will ensure that all clients pick up the policy and client status is correctly displayed.

What are the limits on the temporary access period?

SPE Team — Mon, 05 May 2008 22:45:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

What are the limits on the temporary access period?

Information:

The temporary access period cannot be shorter than 30 minutes, or longer than 5 days.

If temporary access is granted for less than 30 minutes then access is allowed for 30 minutes. Likewise if temporary access is granted for a period exceeding 5 days access will only be allowed for 5 days.

Does EndPoint Security change anything in Active Directory?

Charles Creegan — Wed, 30 Apr 2008 03:15:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Does EndPoint Security change anything in Active Directory?

Reply:

No, EndPoint Security does not make any changes in Active Directory. EndPoint Security queries AD to retrieve user and group names. Access controls for the existing users and groups are created entirely within EndPoint Security.

Securing access to Smart Phones

Charles Creegan — Wed, 30 Apr 2008 03:06:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

How can I ensure that access through Smart Phones is controlled?

Information:

Smart phones use multiple communication technologies. In order to secure access to these devices, be sure to block all the technologies these devices use.

For example you may need to block Smartphone, WiFI, Bluetooth and Infra-Red.

Notes:

Because of the variety of devices and access methods, you should test and confirm to your satisfaction that the appropriate classes are set correctly for the devices that might be used on your network.

Policy Customizer Custom Classes and USB Flash Disks

Charles Creegan — Wed, 30 Apr 2008 03:01:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Why are USB flask disks not always shown as belonging to a custom class?

Information:

You can use the Policy Customizer to create custom classes that contain specific USB Flash Disks.

If a custom class contains specific definitions of USB Flash disk(s), they will appear in the "Detected By EndPoint Security" window as assigned to that custom class, as long as the custom class is above the pre-defined "USB Flash disks" class in the Policy Customizer hierarchy.

If the custom class is moved below the pre-defined "USB Flash Disks" then the Policy Class changes to "USB Flash Disks"

To ensure that the custom class applies, place it above "USB Flash Disks" in the hierarchy.

Note:

This behavior is specific to USB Flash Disks and does not affect any other devices that may be detected by EndPoint Security.

How does EndPoint Security affect devices mounted as NTFS partitions?

Charles Creegan — Wed, 30 Apr 2008 02:21:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

How does EndPoint Security affect devices mounted as NTFS partitions?

Information:

If a user has mounted a USB drive as an NTFS folder (and not as a drive letter), then applying EndPoint Security will not block the device. This issue only affects the specific device, not any similar device that may be connected later. Devices are uniquely identifiable and Windows remembers how it mounted each unique device.

Once the EndPoint Security client is deployed to a workstation, the user cannot mount any additional devices as folders.

If the user requires a NTFS mount, the administrators can unblock the USB class for that user on that machine to permit the new folder to be mounted, and then re-apply the policy.

Does EndPoint Security stop devices being mounted?

Charles Creegan — Wed, 26 Sep 2007 04:52:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Does EndPoint Security stop devices being mounted?

Information:

If a user connects an external device (such as a USB memory device, or external hard disk connected by either a USB or Firewire interface), if the Device Class is blocked for the user the device will not be visible to that user.

The device is mounted, and it may be available to the Windows system and other users.

Why is a user still denied access to a device even though they have been granted access?

Oliver Stanley — Wed, 19 Sep 2007 23:21:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Why is a user still denied access to a device even though they have been granted access?

Information:

Marshal EndPoint Security enforces a Deny policy over an Allow policy. If a User Group has been explicitly denied access to a device and within that Group a User has been allowed access, the User will still be denied access to the device.

Procedure:

To Deny and Allow Users within a group, allow all the Users access and then explicitly Deny the Users you dont want to have access.

Can EndPoint Security provide me copies of files accessed on client computers?

Charles Creegan — Mon, 17 Sep 2007 03:16:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Can EndPoint Security provide me copies of files that are being accessed, stored or moved to and from controlled devices?

Reply:

No, EndPoint Security cannot currently record file content.

Notes:

The File Access Log shows the following for each attempted file access:

File type
File name
Client computer
Device class
Date and time
Type of access
Process or software requesting access
Allowed or blocked

Can EndPoint Security control access over Bluetooth, WiFi, and Infrared?

Charles Creegan — Mon, 17 Sep 2007 03:00:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Can EndPoint Security control access over Bluetooth, WiFi, and Infrared?

Reply:

Yes, EndPoint Security can control these types of ports.

Notes:

You cannot set policy for individual devices over Bluetooth, WiFi, or Infrared. You can only enable or disable each of the types of ports, for all devices.

What is required to control access through Palm OS devices?

Charles Creegan — Mon, 17 Sep 2007 02:46:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

What is required to control access through Palm OS devices?

Information:

Blocking Palm OS-based devices does not prevent a memory device mounted on the Palm device from being accessed.

Also, if the Palm device has WiFi, Bluetooth or Infra-Red capability, it may be able to connect using these methods.

To control access to a Palm OS device you must configure both the Palm and Other Plug And Play Storage Device Classes in the EndPoint Security policy. This will control the ability to Hotsync with Palm devices, and also any attached storage such as Secure Digital, Sony Memory Stick or Compact Flash cards.
It is also necessary to disable the WiFi, Bluetooth and Infra-Red capabilities of a computer to prevent access by Palm OS devices over these connection methods.

Therefore, in summary, to completely block a Palm OS-based device, deny access to the following Device Classes:

Palm
Other Plug And Play
Infra-Red
WiFi
Bluetooth

Note:

Active Directory and DNS Configuration Considerations

Charles Creegan — Mon, 17 Sep 2007 02:29:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

What are the important DNS setup requirements to ensure EndPoint Security can use Active Directory?
Can EndPoint Security manmage machines in multiple Active Directory Domains?

Information:

Marshal EndPoint Security makes extensive use of Active Directory to detect and contact client systems.

Trusted Domains

To select users and groups in a different domain and to deploy the client software through the Console's Active Directory browser, you need to have established a trusted relationship between the domain you are logged in to and the target domain.

DNS Considerations

Malfunctioning of the DNS will significantly affect the operation of Active Directory. Therefore it is essential to configure DNS correctly, so that Active Directory will function properly.

For a more in-depth treatment of DNS configuration for Active Directory, see the following Microsoft Knowledge Base article:

KB237675: Setting Up the Domain Name System for Active Directory

Review the following configuration items to ensure that DNS is healthy and that the Active Directory DNS entries will be registered correctly:

DNS IP configuration
Active Directory DNS registration
Dynamic zone updates
DNS forwarders

Smartphone devices can be accessed via Windows Explorer after client deployment

Charles Creegan — Mon, 17 Sep 2007 02:11:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Why can Smartphone devices be accessed via Windows Explorer even though the policy restricts them?
Just deployed EndPoint Client and some devices are not being blocked.

Reply:

If a device had already been used in the user session in which the client agent was deployed, access may not be blocked. This is because blocking logic is checked at the time of the original connection.

To fully block devices you may need to log off/log on, or restart the system.

Can I install the EndPoint Security client without deploying it from the server?

Charles Creegan — Tue, 04 Sep 2007 03:56:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Can I install the EndPoint Security client without deploying it from the server?
Can I deploy the EndPoint Security client with an Active Directory Group Policy Object?
Can I install the EndPoint Security client using drive imaging such as Ghost?

Reply:

The EndPoint Security distribution package includes a MSI based client installation package.

You can use this package to create Ghost images or GPO deployments.

For more details, see the ReadMe.txt file in the MSI_Client folder of the distribution package. This file includes instructions about file locations and configuration settings.

Note:

When you install a client locally, the EndPoint Security server software must be running and accessible by HTTPS from the client in order for client registration and policy updates to occur.

Can EndPoint Security use the same IIS as other websites?

Charles Creegan — Tue, 04 Sep 2007 03:52:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

Can I install EndPoint Security and other websites on the same server using IIS?
Can I use the IIS Lockdown tool on the EndPoint Security server?

Reply:

EndPoint Security uses Microsoft Internet Information Services (IIS) or Apache web server software on the server to communicate by HTTPS with clients.

If you install EndPoint Security using IIS, Marshal recommends using a dedicated installation of IIS on a non-internet facing server.

The IIS lockdown tool must not be applied to the IIS installation.

Notes:

EndPoint Security will use IIS if it is available, or automatically install Apache if necessary.

How can I deny most access and permit selected users?

Charles Creegan — Tue, 04 Sep 2007 03:35:00 GMT

This article applies to:

Marshal EndPoint Security

Question:

How can I deny most access and permit access for selected users only ?
I want to create a restrictive policy for use of removable devices

Procedure:

You can set a default policy for EndPoint Security using the Default Policy Wizard in the Console (Tools > Default Policy Wizard).

You can choose to allow or deny access by default.

You can also quickly set any device class to "no access" using the Wizard at any time.

After you set the basic policy, you can set up exceptions for individual users or user groups.