You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

31: How-to troubleshoot LPM rules for Kaseya Agent Service?

It seems that the Kaseya Agent service starts before the PolicyPak services, which means PolicyPak never witnesses Kaseya Agent Service (AgentMon.exe) spawning, so LPM never evaluates if it matches any defined policy.

The owner of the “AgentMon.exe” is on the SecureRun list, the service can start, but then there it isn’t matching the policy which would allow it to spawn child processes that are allowed.


We are going to make the Kaseya service depend on the PolicyPak services.

Since we only need to do this if PolicyPak exists, we’ll use PolicyPak Script Manager to run a PowerShell script to enable the service dependencies (if Kaseya also exists).

Upon rebooting the machine all of the Kaseya actions should match the created policies and child processes are allowed as intended.

PS: Kaseya Agent service’ display name should be same as in the script. Please confirm and edit if it’s different in your environment.

Steps:

  1. Create a PolicyPak Scripts Manager policy under Computer container

  2. Select PowerShell script from the drop-down at On apply action window and paste the PowerShell script from below.

  3. Select ‘Once or when forced’ at Specify process mode window.

  4. Finish the Wizard to complete the policy creation.

Optional:

  • Revert script when policy no longer applies or you do not need PolicyPak services dependencies for Kaseya Agent Service.

***** Powershell 'apply' script:  

 

******Powershell ‘revert’ script:

 
  • 1168
  • 30-Nov-2021
  • 609 Views