Monday, December 23, 2024 12:28:54 AM

Monitor for Secure Lockdown crash

8 years ago
#3275 Quote
UPDATE - I apologize, but it seems that it was loading the Windows Profile that crashed, not Secure lockdown

Secure Lockdown crashed on one of our kiosks in a high traffic public space.  Of course it left users at an Administrator account desktop.

I want to start monitoring for this situation.  Please share details on how to monitor if Secure Lockdown has crashed, especially:
1) executable(s) to monitor
2) Event viewer (or other) logs to look for

and anything else that would show that Secure Lockdown has crashed or is not running.

Thank you
0
8 years ago
#3276 Quote
Even if the Secure Lockdown background utility is not running, the user would not have access as an administrator under the locked down account (Windows Group Policy settings prevent this). Currently, there is not a built-in way to determine if Secure Lockdown is running. Inteset will be launching a cloud-based management system for Secure Lockdown within the coming weeks that will allow this.

Note that all Secure Lockdown error messages can be found under the Windows Event Viewer under the Application Logs. Look for the "Secure Lockdown" source.

What was the crash message being displayed and what program produced the message?
0
8 years ago
#3277 Quote
Thank you for the reply.

I do not have details yet on the application crash.  I should have more tomorrow.  Sometime within a couple hours after the configured daily scheduled machine reboot staff discovered the machine at the Windows desktop.  After manually power cycling the machine it went into the Secure Lockdown environment.  The machine is configured to automatically login under the Admin account.

I'm not looking for a built-in way to detect Secure Lockdown running and would instead prefer a manual way (that I can automate).  I would like to setup monitoring tools outside of Secure Lockdown to detect the situation.  What can I check on the system to detect that Secure Lockdown is not running?  The background utility you mentioned executable name or other conditions.

Thank you
0
8 years ago
#3278 Quote
The Secure Lockdown process name exe is called "IntesetSecureLockdownv2.exe" it should always be running under the locked down account.
0
8 years ago
#3281 Quote
I left a note on the first post in thread that this was in fact a crash on the Windows Profile and not a crash of the Secure Lockdown software.  Apparently the user profile did not load for an unknown reason and then a temporary profile was loaded leaving the kiosk at the temporary profile's Windows desktop.

I wonder if there is anything Secure Lockdown can do to help prevent this?  Or any guidance you could give on this?

I found that there is a policy that can be applied that should disable the loading of temporary profiles, I am going to try that.  Also the details on the Secure Lockdown process will be helpful as I can setup monitoring software to detect when it is not running.  So thanks for those details.
0