Endpoint Security 2023.1

End of Life Notice

Note that Ivanti Endpoint Security 8.6 earlier versions are now in self-support. Any customers on 8.6 (8.6.0.10) or earlier versions should upgrade now to a supported release.
For more information, refer to the Ivanti Endpoint Security Lifecycle policy.

Enhancements and Improvements

We’ve made some further updates to the set of REST APIs available for Ivanti Endpoint Security, including the following:

  • Ability to install or uninstall IES modules via REST API

  • Ability to schedule agent update installs via REST API

  • Ability to define customized deployment name via REST API

  • Return the deployment ID as response when creating a deployment via REST API

  • Allow REST API JWT timeout to be configurable

  • Provide option to get applicable updates for specific endpoints or groups via REST API

  • Provide ability to obtain OS build report via REST API

  • Provide ability to disable patches by product via REST API

With all of these additional capabilities, we’ve also enhanced the security capabilities around the API calls to ensure that these calls can only be initiated by authorized parties. For more details, refer to the REST API Getting Started Guide.

We’ve updated the following components to improve the overall security posture of the product.

  • Prevention of HTTP response header disclosure of Microsoft IIS and ASP.Net versions.

Trusted Ownership is the de facto standard for Application Control at Ivanti and is used across a range of different security products such as Ivanti Application Control. It relies on examining the NTFS owner of an application. If an application is introduced, and hence owned, by a non-Trusted owner, e.g. a standard user, the application is instantly prevented from running.

However, if an application is introduced and owned by a ‘Trusted Owner’, e.g. an administrator or a software deployment system such as Microsoft SCCM, then every user can run the application, unless otherwise stated.

This alleviates the IT burden associated with other application control solutions that require ongoing maintenance of allowed lists, for example, when application or Operating System content requires patching.

Refer to Trusted Ownership - Why? What? How? for more information on Trusted Ownership.

Ivanti Endpoint Security has now added Trusted Ownership as an additional option under Trusted Path. You can define a Trusted Path policy for the entire C:\ drive but select the “Include Trusted Owners” checkbox. The result is that any executable file in the C:\ drive is allowed to execute but only if the file is owned by a Trusted Owner, which is either Administrators, TrustedInstaller, Local Service or System. This means that only executable files installed by an authorized process are allowed to execute. If the user downloads a file from the Internet or clicks on a link in an email which causes an executable file to be installed, this file will be blocked because if will by owned by the logged-in user, who is not trusted.

Trusted Ownership greatly reduces the administrative burden of implementing Application Control while still providing a very secure solution.

Trusted Path configuration with the 'New Trusted Path' prompt open.

Resolved Issues

The following issues were resolved in this release:

Problem ID Title

89713

Endpoint Membership for a custom group does not display endpoints when using a Source Group.

90112

IES Device Control policy creation fails with Internal Server Error when using File Filters.

89768

Mac agent install issue with Error unknown operating system (8.3076).

91030

IES 2022.2 with Hotfix [Hotfix 8.6 U4 HF 1.exe] to address macOS agent registration issue applied causes Windows 11 to show as Windows 10 on the console.

77073

'Sound, Video and Game Controllers' device class is missing 'Bluetooth' BUS option.