LANDesk Software Version 9.0 SP3

LANDesk Software Version 9.0 LD90-SP3

December 2011

EXCEPT AS RESTRICTED BY LAW, THE SOFTWARE PROGRAMS CONTAINED IN THE PATCH ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE OR FITNESS FOR A PARTICULAR PURPOSE.

This readme contains the following information about 9.0 SP3:

Installation Instructions
Patch Information

Note: This patch requires LD9 SP2

Affected	Patch to Apply
Agent	LD90-SP3-Client
Core	LD90-SP3-Core
Console	LD90-SP3-Console
OffCoreInventory	LD90-SP3-Core
Rollup	LD90-SP3-Core
WebConsole	LD90-SP3-Core

Installing on the Core, Rollup Core, and Web Console Servers

Note: Because Alternate Data Streams (ADS) may block files on Windows systems it is recommended that you extract the patch on the machine you are going to install it on.

If an Off Core Inventory Server exists, stop the LANDesk Inventory Service on the off core inventory server.
Double-click on the self-extracting executable and extract it.
From the extracted files, run Setup.exe.
When Setup completes, reboot the machine if a reboot is required.
After applying the patch you may have to re-activate your core using the Core Server Activation Utility.
If Step 1 was preformed, restart the LANDesk Inventory Service on the off core inventory server.

Note: The installer included with this patch writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the ...\ManagementSuite\log folder.

Installing on Console Machines (not physically located on the core server)

Console Machines need to be updated to be able to connect to the updated core server and database.

For instructions on how to update remote consoles with Patch Manager see community article 7268. Otherwise continue with the following steps to update the agents. All new agents will be patched to the patch level currently on the core server.

Note: Because Alternate Data Streams (ADS) may block files on Windows systems it is recommended that you extract the patch on the machine you are going to install it on.

Close the Console.
Double-click on the self-extracting executable and extract it.
From the extracted files, run Setup.exe.
When Setup completes, reboot the machine if a reboot is required.

Updating the Agent

For instructions on how to update agents with Patch Manager see community article 7268. Otherwise continue with the following steps to update the agents. All new agents will be patched to the patch level currently on the core server.

Note: Due to changes in the agent files there are times that the agent will need to be reinstalled not patched. For example in order to get the updated mirror driver installed a full agent install is required.

Methods for agent deployment

Manual: Map a drive to the \\Coreserver\ldlogon Folder and run "Wscfg32.exe -f". This is used for single client installs and testing.
Push: Schedule a push of the full agent
Self-Contained EXE: Creates an EXE that can be installed.
Advance Agent: This is a two stage process. The advance agent consists of a small MSI and a self-contained EXE. The MSI is deployed to the client and then the MSI downloads and installs the EXE. This allows for bandwidth friendly downloads.

For more information on agent configuration and deployment see community article 23482

Manual installation of client patch.

Note: Because Alternate Data Streams (ADS) may block files on Windows systems it is recommended that you extract the patch on the machine you are going to install it on.

Double-click on the self-extracting executable and extract it.
From the extracted files, run Setup.exe.
When Setup completes, reboot the machine if a reboot is required.

LANDesk Software Version 9.0 SP3

The following sections describe important changes and issues that have been resolved in this Service Pack.

Agent Configuration

Issues Resolved:

After deploying the LANDesk agent the video display driver may not be useable.
Agent services may not always stop or restart correctly
Endpoint Security and NAC option in Agent Configuration cannot be saved when subscription is expired.
Errors generated in Agent configuration when trying create a new agent configuration.
The quoting of binary names was fixed.
Uninstallwinclient.exe may not uninstall the LANDesk® Management Agent on the client.
Running WSCFG32 on a server platform results in the wrong default agent being installed.
Client agents may stop responding: Resolved issue where cbainstall failed to run correctly during agent install.
Deploying the LANDesk agent can cause the scheduledtaskhandler.exe to hang waiting for status back from the client.

Alerting

Issues Resolved:

Severity item "Critical" was mistranslated in Japanese OS.
Installation of IPMI monitoring on some devices caused agent installation failures.
Alertservice.exe is unable to recover from a database connection failure.
Occasionally when configuring an email alert, the alert service may stop when trying to process alerts.
Unable to send alerts to smtp.gmail.com.

AMT

Issues Resolved:

Resolved issue where AMT information is populated in inventory for non AMT machines.
Addressed thread safe issue in OOBCredentials-openssl decryption library.
Update to allow the use of new VeriSign G5 certificate on old vPro devices. See LANDesk community article 22434

Antivirus

Issues Resolved:

Localized custom script properties for Antivirus change settings task page.
Fixed issue with Antivirus key downloading regardless of license status.
AV definitions were not updated if the agent was running version 8.8.
AV exclusions were not preventing Antivirus from accessing files.
AV exclusions were not being used when "scan for risky software" was selected.
Fixed memory leak where handles were not being released properly while parsing the registry for user profile data when the %USERPROFILES% variable was being used in Antivirus exclusions.
Improved scanning of malware in self-extracting archives.
LDDWNLD was failing to properly check the file size on AV pattern files causing the download to fail or not properly update.
Modified files on core were not being updated on the client after a pattern file update.
Non-admin users were able to uninstall LDAV. Vulscan now checks for any removal task (removeav, removeoldav or removehips). If it is a removal task and the user does not have admin rights, it will not uninstall. It will return an appropriate error code depending on which removal task it is.
Outlook was freezing on first use after Antivirus updated pattern files.
Antivirus failed to start after the first reboot when the agent was deployed via push to an agentless machine after applying the LD90-AV-2011-0214 on the core.
Fixed issues starting real-time protection.
VNC.exe was identified as Risky Software even though exclusions were in place. Memory scans always used the manual scan (virus scan) exclusion list when scanning.

Changes and Improvements:

Redesigned approval process for Antivirus pilot definitions. Now allows for approval of definitions at a specific time.
Improved detection for malware with self-protection mechanisms.
Enabled advanced disinfection technology to detect and remove rootkits and other malware.

APM Service

Issues Resolved:

APMService was using excessive CPU and memory when doing MAC tasks after applying a LD90-SD MCP patch.

Console

Issues Resolved:

Queries are not sorted in the query target list in the web console.
Add support for x64 client systems to custom definition for MCP.
Agent Configuration will not keep FQDN. Reverts to system name when saved from remote console.
Selecting hundreds of devices can cause the console to freeze up when agent status is set to all.
Last Saved Date in distribution packages in the 32-bit console was not sorting the package date correctly.
Opening the "All scripts" window took a very long time.

Content Replication

Issues Resolved:

Resolved an issue with incorrect status and "hung" content replication jobs in Japanese
When there were no new files on a source, Content Replication did not report the status correctly. The status is now reported correctly after all files are verified.
In Preferred Server properties the selected Replicator settings were not saved properly
Read credentials were required if the Write credentials are added to a preferred server.
Replicator would download all files from a Source if it was unable to read/write to Preferred server.
Unable to import Preferred Servers.

Custom Scripts

Issues Resolved:

Custom jobs that included SDClient commands did not function correctly with the SDClient Queue

Note: To disable the SDClient queue, use "/disableclientqueue" in the SDClient command line

Database

Issues Resolved:

Adding devices to My Devices can cause an error.
Removed button "Reset Database" as it clears out the database but only rebuilds part of the database leaving it unusable. Installation media is required to build a database.
Coredbutil fails to correctly build the CVDETECTEDV view.
DBRepair crashes when loading hundreds of records.
DBRepairPreserve.txt file is ignored when launching DBRepair from a command prompt.
Reduced the number of database calls made by wsvulnerabilitycore, resulting in fewer concurrent connections to the database.
The exception 0x800a0e78 may be thrown while browsing the Software -> Product inventory information through the web console.
The Feb 2011 MCP created invalid triggers on Oracle databases.
There is a ORA-00904 error in the coredbutil.exe.log file after applying any component patch that updates the database.
Unable to delete machines from the device view if they are designated as replicator.

Device Control Manager

Issues Resolved:

Fixed several blues screen issues.
"Allow / Don't show again" pop-up messages in Japanese not appearing correctly.
Files were shadowed even if target drives were registered in the Known Volumes registry key.
Fixed an issue where pressing the '3' on the number pad was bringing up "Restricted Operation".
Printers were not being blocked properly.
Target devices for shadow copy were not gathered correctly if \Device\HarddiskVolume** was greater than 10.
Device Control was allowing write to removable USB device when "Read Only” was selected. Problem came from empty Internet Temporary Directories. This was causing DCM violations on I:\ and J:\ to be ignored.

Discovery

Issues Resolved:

Agent status (binoculars) does not work if Exceed PowerSuite is installed on agent.
Connection Failed, Object reference not set to an instance of an object error after deleting a device.

Endpoint Security

Issues Resolved:

Endpoint options were still in the Start Menu even though the options were unchecked in the settings.
Deploying a white list with Chinese characters to a CHS client showed garbled characters. Unicode filename support was implemented on the client side, but the console was still storing UTF8 filename in the EPS certification list.
EPS requires distribution packages be loaded into memory through ldsecsrv before they can be run. The hashing routine's memory consumption is now optimized for very large executables files.
Graphs for HIPS Security Activity were throwing database exceptions in the console.exe.log file.
High CPU usage due to very large trusted file list. The client side now uses an efficient database format for storing trusted file list information.
EPS improperly recognizing infected processes as System/Windows processes. There was a safety mechanism in white-listing that allowed programs from system32 to run even if they didn't have specific permission. This mechanism is now disabled.
LANDesk Endpoint Security was not compatible with Symantec Endpoint Protection 12. This was due to the hooking mechanism within Symantec Endpoint Protection 12, which caused the Endpoint Security driver to lose track of process name. Compatibility has been added.
LANDesk Firewall wasn’t appearing EPS GUI and was not working.
Switching the LD firewall with a batch file was not working well when accessing a UNC file share.
Explorer.exe was unable to delete executable files even when "Modify Executable Files" and "Modify Protected Files" was set.
Endpoint Security blocked programs on a DFS Share if the DFS share was mapped to drive letter.
Fixed memory leak.
Merging trusted files was not working correctly.

Host Intrusion Prevention System

Issues Resolved:

Explorer.exe unable to delete executable files even when "Modify Executable Files" and "Modify Protected Files" is set.
HIPS blocks program on DFS Share if DFS share is mapped to drive letter.
Memory leak in HIPS process.
Merging trusted files does not work correctly.

Inventory

Issues Resolved:

Error Incorrect syntax near ',' Clearing column PXEBOOT from NETWORKSOFTWARE.
Event Error: Failed to start a TCP/IP thread.
Inventory scan on Lenovo M58 computers causes BSD.
When using Media Center Editions of Windows XP, the Inventory Scanner is reporting system(s) as Windows XP Professional.
Miniscans are deleting Software > Package group when 'Delete SW Before Process Full Scan' setting is turned on. This should only work on full scans, not mini or delta scans.
Quotes are being added to custom data after unchecking: Block unknown inventory items.
Right-Click option missing for Inventory scan on Multi-Selected Devices.
The backend of the post SP2 Inventory Server can get into a hung state due to thread conflicts causing scans to stop processing.
The Inventory Server exceeds the Oracle limit of 1000 expressions when deleting products from a device record.
The Inventory Server is ignoring the attribute Virtualized Application. The attribute is not set in the database.
The ldappl3 shows incorrect extensions in the multimedia scan extensions section.
When scanning for IEChannelPlayer.exe the inventory scanner will crash.

LaunchPad

Issues Resolved:

Getting a NULLREFERENCEEXCEPTION when LDAP queries are resolved.
Memory leak and LaunchPad running at 99% CPU. Fixed an issue that caused 100% CPU usage in certain conditions.

Linux

Issues Resolved:

Inventory information for Available Storage, and Total Storage (listed under Mass Storage - Mount) is now correct.
The ownership of /etc is no longer changed when installing the agent.
When running a vulnerability scan the correct task status will be reported.

Changes and Improvements

The inventory scanner now detects the number of processors.
Added support for RHEL 6 (64-bit) with the x64 version of the Linux Agent.

Macintosh

Issues Resolved:

After installing the agent ldtmc and ldremote will no longer prompt the user for access through the firewall.
Vulnerability definitions of Office 2008 1225 - 1229 now detect correctly.
Fixed an issue where ldcron (local scheduler) would fail to launch a scheduled task.
Remote control sessions no longer log extra data that make the RC session reports incorrect.
Mac scans should no longer fail to process on the core because of a NULL product name.
A Policy should now always finish downloading the file(s) before trying to run the task.
The Mac policy window should no longer show that it is downloading when it is actually installing
Fixed an issue where sometimes a Mac wouldn't display public policies
Vulnerabilities that a Mac has scanned for are no longer stuck in All Definitions Not Scanned.
Fixed an issue with vulnerability detection where it would get an incorrect path error.
Repairing a vulnerability via policy should no longer report as failed when it succeeded.
Policy supported push should no longer report successful without the task running on the client.
Remote control through the gateway should no longer fail with error 4 when prompting the user for permission.
When pushing an agent via SSH a reboot should no longer be needed.
Repair tasks no longer get SOAP errors for 10 minutes before installing the patch.
Repair tasks should no longer install successfully but report to the console Incorrect Function.
Using the suppress wallpaper feature during a remote control session should no longer cause a 6 second lag.

Changes and Improvements:

Added a chevron icon (>>>) to the Apple Menu Bar that allows the user to check for policies and run inventory and security scans.
Policies can now use command line switches.
Added 10.7 (Lion) support.

Multicast

Issues Resolved:

Multicast was unable to simultaneously multicast using more than 25 Multicast Domain Representatives regardless of GUI setting.
Tmcsvc may crash periodically when with "Can Subnet Rep set to 0 in the device registry.

OS Deployment

Issues Resolved:

OSD scripts were displaying LAST SAVED BY as the currently logged in user. Last Saved Date will now be correct once the script is saved again, copied or created
HII Client will now use Preferred Server correctly via UNC or HTTP. Download speed is also faster.
WinPE occasionally does not receive an IP address automatically

Changes and Improvements:

WinPE has been upgraded to version 3.1 (Windows 7 SP1 codebase)
OSD licence validation has been improved and simplified
If an OSD script appears to have been modified via Advanced Edit, a warning will be presented when trying to open the script that changes will be overwritten. A backup is also created
Hardware-Independent Imaging (HII) has been completely changed. Drivers are not assigned by make and model but matched dynamically.
HII now uses DISM to install drivers to Windows Vista and newer images while the image is offline
Created a new process to help upgrade WinPE image. Drivers and environment details will be migrated when WinPE is updated
Please review all information in the OSD, HII and Provisioning in LANDesk Management Suite 9 SP3 community document.

Patch Manager

Issues Resolved:

Vulnerability repair task was failing if a user logged out of the client while the task was in process. When this happened, the status of the task was incorrectly reported (as either "pending" or "complete") but the repair was not complete.
A user with just "edit" rights was able to edit/modify public settings in Security & Patch Manager.
Added the ability to disable the check box for "Add all computers containing this patch" to the uninstall dialog if the PatchSettings value DontAllowAllNodesToUninstall is set to 1 in the database.
Sample SQL statement to see current patch settings:
select * from PatchSettings
SQL statement to set the value:
update PatchSettings set Value = 1
where Name = 'DontAllowAllNodesToUninstall'
Added UpdateFromCoreRecursive to vulscan.
Updated retry logic for vulscan communication through proxyhost, It now sleeps 5 seconds and tries again. It will try a maximum of 3 times. It prints a new log message: "attempting to connect to proxy host." On failure, it says: "Retrying connection to proxy after 5 seconds."
Fixed an issue encountered when during a repair task, the machine lost the Agent Behavior after a reboot had been deferred a reboot was forced after 1 minute.
Patch and Compliance Information window default header was not locked. Updated the toolbar buttons without their text and stopped anchoring the type and last scan date to the right side.
Cannot download associated Patches for definition in the Unassigned group. Downloading of patches for unassigned definitions is now allowed.
Could not remove a dependency from a custom definition.
Updated how dependencies and prerequisites are handled when cloning definitions.
Console was hanging when creating a patch repair task with multicast.
Creating a repair job as a policy creates a Delivery Method with the name of the patch.
Custom definitions doing a recursive search for "File Must NOT Exist" erroneously detect file existence. Improved recursive file checker.
Database corruption in vulnerability table if two actions occur on the same table.
Date comparison in file detection logic not working correctly.
Defer install until machine locked not completing.
Definitions not detected on Windows XP ENU with a MUI (French, German, Spanish).
Deleted items in custom groups not syncing properly.
Modified dependency parsing order.
Detected" and "Scanned" columns were not being properly updated.
Detection tab in Custom Definition properties was resizing the "Add prerequisite" and "Remove prerequisite" buttons incorrectly.
Disabling a vulnerability rule will now remove the associated data from the CVDetected table.
Improved resolution of the Core Server name.
Improved scan results if two patches in the scan job have the same unique name.
Patch task Reboot Prompt was defaulting to Reboot Now. A user could inadvertently hit enter if the Reboot Now button took focus. To avoid this, the reboot button is now grayed out for the first 3 seconds of the dialog's existence.
Right clicking a vulnerability in patch manager and selecting 'affected computers' was showing computers outside of scope.
Right-click clear scan/repair status option was incorrectly disabled on vulnerabilities that are sync targets.
Scope scanned and detected counts incorrect.
Selecting "Preferred Servers" in the content replication tool takes a very long time to populate the preferred servers. Improved performance.
Improvement for concurrent connections when contacting WSVulnerabilityCore.
The "Filter" drill down box under "Scope counts using filter:" checkbox for 'Definition scan status' chart is available when it is not selected.
The [JOBPARAM] and [MULTICAST] are missing from repair script. When choosing the multicast option, A checkbox called "include downloaded patches even if they're not currently required." When checked, the repair dialog will add any patches that aren't required but that have been downloaded to the list of files in the multicast list.
The autofix status is now cleared when a definition is moved to “Do Not Scan” or “Unassigned”.
The computers that are not in the scope show up in the affected computers dialog.
Unable to download/update vulnerabilities from remote console. The downloader skips the SLM entry, even if it's checked, if its not running on the core.
Unable to scan HKLM\Software on 64bit computers.
User with rights to only view, edit, and public edit "Patch and Compliance" can repair custom patch groups.
Users could manage devices outside of their scope in the 32-bit console.
Values for "scanned" "detected" "not scanned" not correctly limited by scope.
Vaminer hangs if patches cannot be downloaded from FTP source.
VAminer is failing to download patches on definitions that have already been downloaded if the “Download patches for definitions selected” above is checked and either of the radio buttons selected.
Vulnerability ID ST000079 (Windows Firewall) always detected on Windows XP Clients.
Vulscan was ignoring custom deferral reboot settings on patches that require a reboot. Vulscan now also logs whenever it deletes application data. Removed duplicate logging of app data path.
Vulscan logs getting deleted during the SP2 upgrade process. Vulscan now only deletes existing PID_vulscan*.log files if they are over a day old. It will do this whenever it does a scan or repair now as well.
When "Group patches in subfolders by language and vender" was ticked, autofix was failing. It was required to do an IISRESET to reload the PatchSources settings. Now the web service will automatically reload those every 60 seconds.
Improved Security Scan return status.
When vulscan does an auto update, it was deleting the agent behavior and was not reloading it.

Power Management

Issues Resolved:

Installing a power policy on Windows XP should no longer require a reboot to go into effect.

Provisioning

Issues Resolved:

ConfigTargetOSHandler.log was lost once the machine rebooted from WinPE. The log is now written to the local Windows\Temp folder.
Unplanned shutdown messages may appear when using System Reboot function within Provisioning template.
Patch system action "Scan and remediate group" did not remediate the patch group correctly.
Unable to start Provisioning templates as a scoped user on newly added machines.
Provisioning task status was often incorrect.
Provisioning scheduling process reliability significantly improved
Provisioning task stayed active if it fails to flatten the template due to a hash error.
Some Provisioning tasks continued running after an action failed and "Stop processing the template if this action fails" was selected.
Software Distribution actions in Provisioning templates were unreliable. Created new SDClientHandler that will wait until SDClient or Vulscan completes and then run the Provisioning action
When using a Distribute Software action to deploy a package that contains a dependent package, the action failed.
Significant work and improvements were made to address reliability and scalability throughout all areas of Provisioning

Query

Issues Resolved:

Grouping a new query with a =/or and a Not Exists loses the grouping.
Queries get truncated after 7 entries.
Queries on certain bits of custom data can cause the 32-bit Console to crash (without error) due to a stack overflow.

Remote Control

Issues Resolved:

32 bit mirror driver in RC 519 is unsigned and generates a MS digital signature popup during installation in Windows XP.
After applying patch 50907 file transfer from a Windows 7 machine is unable to browse more than 5 folders deep without causing an error in Windows Explorer.
Attempting to use Remote Control via the Management Gateway with a user that is restricted by a scope will fail.
Console hangs when logging in after remote control patch is installed.
ISSPROXY is not starting when running Remote Control from a remote console on a Windows 7 x64 host. Error message: "Unable to send a request to the remote computer".
LANDesk Remote Control folder cannot be removed even after remote control console was uninstalled from Windows 7.
Mirror driver (9.1.0.151) causing error "Invalid Display Settings".
RC Service on Windows 7 running Excel 2003 causes a clipboard error.
File Transfer can cause Windows Explorer to crash.
The stop command for Remote Control via the LANDesk Cloud Appliance is not collected in Remote Control History.
Unable to remote control via http://coreserver/remote when laptop is running on batteries.
User is prompted for permission multiple times.
When deleting files through File Transfer the parent folder may deleted if the names match.
With the lock keyboard and mouse setting enabled, the end user is still able to perform a Ctrl-Alt-Del.
When renaming a file through File Transfer, the parent folder may be renamed instead of the file itself.
The settings on the Remote Control Viewer started via the Web-Console are not saved into the "Instant Support Suite Console\Container" registry.

Changes and Improvements:

Added Remote Control auto-switch feature to dynamically determine if the client should run in direct or gateway mode.
Added support for multiple monitors

Reporting

Issues Resolved:

After going to SP2 missing two canned reports. Recurring spyware (by device), and Devices where spyware could not be removed.
All of the Benefit Analysis standard reports do not order the dates chronologically on the bar chart or within the report details.
An empty report is sent by email to most of the recipients if multiple recipients are specified in the report scheduled job.
Double-byte characters do not export to CSV correctly.
Role and Scope limitations not properly restricted when running some vulnerability reports.

Role Based Administration

Issues Resolved:

Applied user scope doesn't limit scope of devices in some canned reports.
Limited users can edit Definition group setting in Patch and Compliance.
The 'Refresh Scope' permission does not work when applied to AD groups.
The help does not explain how to configure the TTL for complex AD environments.
Unique key constraint error trying to delete a user/team and reassign ownership of objects to another user.
A user with Patch and Compliance View, Edit, Deploy, and Edit Public rights cannot move repair task to Public.
View only right in RBA gave access to "Allow action" in HIPS.

SDK-MBSDK

Issues Resolved:

Automated patch Process did not use the configured Scan and repair settings.
Fixed an issue that caused the GetProvisioningTemplates request to give random results.
Fixed an issue that caused ScanAndApplyGroupPatchToMachines to not start the task.
The ScheduleDistribution method should now check the start time of the scheduled task instead of only starting immediately.

Changes and Improvements

The automated patch process can now use scan and repair settings.

Software Distribution

Issues Resolved:

After upgrading LDMS 8.7 agent to 9.0 SP2 recommended once polices are displayed again for installation. Fixed an issue where a 8.7 client upgrade to 9.0 SP2 would cause recommended once policies that were deployed with 8.7 to show up as available after the upgrade to 9.0 SP2.
Custom messages in either a batch file or Visual Basic script cause software distribution push tasks to hang in an active state.
Dependent packages run without user notification.
Error code mappings not following package order.
Export /Import of Core files fails to import detection logic.
Chart in Scheduled Tasks showing incorrect numbers for Failed.
Policy Invoker delay can't be changed from the default 3 seconds.
Policy Supported Push using "Recommended", "Run Once" and "Delay" runs twice.
PowerShell Scripts were running as 32-bit.
Private queries do not show up as targets in the schedule task UI in the web console.
Public task modified by user with scope is now limited by that scope.
Return code 3010 has been added to non-MSI return codes.
SDCLIENT doesn't download packages when the "/local" // "/peeronly" options are used.
SDCLIENT doesn't download the taskmanifests when the "/local" // "/peeronly" options are used.
A setup.exe that extracts an MSI file may install files to the default user instead of current user.
Under certain conditions Software Distribution statuses may not be writen correctly and leave a .temp file. These files cannot be recovered and will be deleted periodicially
Task owner in web console shows wrong user.
Timeout option added for hung software distribution tasks.
VBScript packages with delivery method of run from source are failing on the clients.
When using the Web Console users create a task. When the task is viewed in the Windows Console the owner is the user that created the task but the scope is someone different.
LDClientdb.db3 file being marked as .bad.
Software distribution portal crashes when trying to close it after installing the MCP SD 04-28.
The Group name is garbled in the Software Deployment Portal.

Software License Monitoring

Issues Resolved:

Devices should no longer show multiple editions of a single piece of software installed such as MS Visio Pro and MS Visio Std.
Devices should no longer be duplicated in the SLM Console.
Fixed an issue that caused the inventory scanner to hang (on gatherproducts.exe) when a shortcut with no target path is encountered.
Fixed an issue that caused SLM data to be inconsistent.
Fixed an issue that caused the compliance calculator to never finish.
Fixed an issue that caused Microsoft Office 2007 to incorrectly reported on devices.
Fixed an issue that caused some products to show incorrect usage information.

Changes and Improvements

Non EXE files (.dat, .dll, etc) can now be added to Product Detection.
Added logic to determine which version/edition (if any) of Adobe Creative Suite® is installed on Windows clients.

Web Console

Issues Resolved:

Team tasks do not show up in Web console.
Content Replication RBA right doesn't work unless user is a full-on LDMS admin.
Doing a UDD scan via LDAP is not reliable if the Organizational Unit selected contains in its name any characters from the ASCII extended table.
Deleting UDD Scheduled Tasks also deletes the UDD Config.
Distribution packages that are not public show as public for Web console users.
Clicking on "schedule" in the Web console takes several minutes to open the scheduling window.
Web console memory leak when AMT devices are in the network view.
Right click inventory scan option is grayed out in the Web console.