Quantcast
Viewing all 1121 articles
Browse latest View live

March 14, 2017, update for Outlook 2016 (KB3085429) not available to download

This update has been replaced,  please put in disabled replaced rules.


HP device Keylogger Vulnerable. Any best practice to patch HP device drivers?

Hi all,

 

As the news shown HP device require to update their drivers due to the potential security vulnerability. Was wondering is there any guide or best practice to use patch manager to push drivers update to all HP devices? Is there also a list of Patch Manager on which device model is supported to download and push drivers updates?

 

Thanks in advance

Support for the Intel 'Meltdown' security vulnerability KB4058702

Information

 

Microsoft released KB4058702 late the night of 1/3/18 (out of band) to address an Intel CPU firmware vulnerability.  The patches released will be added to our patch definition update to be released later today, 1/4/18.

 

List of patches from Microsoft:

https://www.catalog.update.microsoft.com/Search.aspx?q=2018-01

 

Additional Information

Important information on detection logic for the Intel 'Meltdown' security vulnerability

 

Current definitions in Patch and Compliance referencing Support for the Intel 'Meltdown' Security Vulnerability

 

Current definitions in Patch and Compliance referencing Support for the Intel 'Meltdown' Security Vulnerability

Affected patches:

  • MS18-01-IE Q4056568
  • MS18-01-SO7 Q4056897
  • MS18-01-SO8 Q4056899
  • MS18-01-SO81 Q4056898
  • MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893

 

How to Scan and/or Repair against a custom group

 

Additional Information

 

Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite as Windows Update does:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

 

If key does not exist you will be offered the detection only version of this patch.

 

This means that the associated patch for a system will not be remediated unless the Registry key is present. This mirrors how the patches are handled by Microsoft. Full details regarding the offering of the patch, and options if the Registry key is missing, are located in the Microsoft article here: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

 

An Example of the detection only definition being returned will contain "DETECT" in the definition name and under Patch Required it will say: No repair action specified There is also no patch information provided

Image may be NSFW.
Clik here to view.
NoRegKeyHighlighted.PNG

An Example of the definition where the regkey is detected and you will be able to remediate

Image may be NSFW.
Clik here to view.
PatchRequired.PNG

 

Support for the Intel 'Meltdown' security vulnerability KB4058702

Important information on detection logic for the Intel 'Meltdown' security vulnerability

Intel 'Meltdown' security vulnerability KB4058702 is not installing

Hi I am new the the NextGen Patches, and my first task is to use it for the Meltdown vulnerability.

 

Unfortunatelly I do not got the correct result, and have no more ideas where to look at.

 

What I checked so far:

 

I did read:

 

Important information on detection logic for the Intel 'Meltdown' security vulnerability

Support for the Intel 'Meltdown' security vulnerability KB4058702

About the New Patch Engine in Ivanti Endpoint Manager

 

Test-PC:

Windows 10 Enterprise - 1703 with McAfee

 

Registry-Key for Compatibilty:

was set manually by me (McAfee is not able yet to do it)

Image may be NSFW.
Clik here to view.
313.png

Vulnerability and Definition:

- Downloaded by PatchManager (My Focus is on 4056891 for Windows 10 - 1703)

Image may be NSFW.
Clik here to view.

 

Patch Manger does only find the DETECT Vulnerability:

Image may be NSFW.
Clik here to view.

 

The Vulscan-Log tells me
that the "Install"-Patch is allready installed???

the "DETECT"-Patch tells me it is'nt?

Image may be NSFW.
Clik here to view.
2018-01-05 17_43_54-mRemoteNG - confCons.xml - wu-ldcore2017.png

 

I also activated - the "Enable security scan debug trace log" but I do not understand these files so far:

  • PatchManifestSyncSDK.log
  • PatchScanSDKDpdTrace.log

 

Hope you can get me some new tipps.

 

Kind regards, Marco

Important information on detection logic for the Intel 'Meltdown' security vulnerability

Overview

 

Microsoft has identified a severe compatibility issue with a small number of anti-virus software products.

 

We highly suggest all customers review these issues here:  https://support.microsoft.com/en-us/help/4072699

 

Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite as Windows Update does:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

 

If key does not exist you will be offered the detection only version of this patch.

 

This means that the associated patch for a system will not be remediated unless the Registry key is present. This mirrors how the patches are handled by Microsoft. Full details regarding the offering of the patch, and options if the Registry key is missing, are located in the Microsoft article here: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

 

The patches will be offered for deployment if the key exists.

Affected patches:

  • MS18-01-IE Q4056568
  • MS18-01-SO7 Q4056897
  • MS18-01-SO8 Q4056899
  • MS18-01-SO81 Q4056898
  • MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893

Affected CVEs:

  • CVE-2017-5753
  • CVE-2017-5715
  • CVE-2017-5754

 

Link to Security bulletin advisory:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Image may be NSFW.
Clik here to view.

About the New Patch Engine in Ivanti Endpoint Manager

Overview

 

Ivanti Endpoint Manager’s Patch and Compliance tool now welcomes our Next Generation patch engine. This new architecture enables us to continue optimizing well into the future and is only applicable to the Windows environment. As a preliminary feature, we’re providing the ability to opt-in, allowing for a more controlled introduction of all Next Generation content into your environment. The new patch engine is currently available in the 2017.3 product version.

 

Updated We are now offering this feature in ALL supported versions of the product.

 

 

By electing to download Next Gen content, the core will download new vulnerabilities definitions for products that are currently not supported in the standard content stream (i.e. Microsoft Windows Vulnerabilities). This means that if both options are selected (Next Gen Microsoft Windows Vulnerabilities (beta) and Microsoft Windows Vulnerabilities) there will be no overlap in the vulnerability content downloaded to the core.

 

Note: All images within this document can be viewed full size by clicking on them

Definition Downloads

 

In the definition download utility, a new definition type exists under Windows | Vulnerabilities | Next Gen Microsoft Windows Vulnerabilities (beta).

 

Please ensure your definition downloads are scheduled to occur (2) times per week for the Next Gen vulnerability definitions. The recommended download occurrence should be scheduled on Wednesday and Friday evenings.

Image may be NSFW.
Clik here to view.
Next Gen Download Type.jpg

 

This option is not on by default and when selected, all associated Next Gen binaries/vulnerabilities definitions will be downloaded to the core. The binaries (about 30 MB) will be contained in Managementsuite \ Ldlogon \ Timber directory and the definition grouping will be based on your configuration and download filters. Upon definition download, the following can be expected:

 

Definition Download
Managementsuite \ Ldlogon \ Timber
Image may be NSFW.
Clik here to view.
Next Gen def download.jpg
Image may be NSFW.
Clik here to view.
Next Gen Timber Folder.jpg

 

 

The Managementsuite \ Ldlogon \ Timber  \ Content folder will contain a WindowsPatchData.zip file and associated Delta zip files. The WindowsPatchData.zip file contains all vulnerability detection rulesand the Delta zip files contain the differences. This content, along with the remaining Next Gen binaries, will be downloaded to the endpoint upon scanning against Next Gen content. The main WindowsPatchData.zip file will only be downloaded once, Deltas are downloaded to the Core if there are differences that aren't in the WindowsPatchData.zip file. Once the endpoint has the main zip file, it will only retrieve the Delta zip files when scanning against Next Gen content.

 

Image may be NSFW.
Clik here to view.
Content Folder.jpg
30

 

Upon definition download completion of Next Gen Microsoft Windows Vulnerabilities (beta), filtering for this definition type can be done by using the filter string "Next Gen". Every next-gen definition has the filter string hardcoded in the Summary column.

 

Image may be NSFW.
Clik here to view.
NextGenDef_Sum.jpg

 

To isolate these definitions, a custom patch group can be created to house these definitions. If you elect to do so, a manual transfer has to take place. To further isolate which devices scan against this custom group, an alternate Distribution and Patch agent setting can be configured to scan against this group. More information on how to configure this is outlined in How to Scan and /or Repair against a custom group and  How to use Custom Groups to repair groups of computers.

 

Content Changes

 

Every Next Gen definition will contain a pre-defined fixed script for Detection and Remediation. The pre-defined detection script will evaluate Registry, File and Script logic to determine if a device is vulnerable to a definition. The detection details have been included at the beginning of the script content. The Files and Registry Settings section will be blank for all Next Gen content.

These scripts are not meant to be modified. Modification of this logic will leave these definition in an unsupported state

 

Sample Next Gen definition (Detection Logic)Sample Next Gen definition (Repair Logic)
Image may be NSFW.
Clik here to view.
NextGenCustomScript_Detection.jpg
Image may be NSFW.
Clik here to view.
NextGenContent_Remediation.jpg

 

 

 

Distribution and Patch Agent Setting

Updated The "Enable security scan debug trace log" UI feature is only available in 2017.3 and newer product versions. To enable debug trace logs for versions 9.6 - 2017.1 run the following cmd locally on the endpoint or distribute a script to the desired device:

 

vulscan /enableDpdTrace=true /showui (the showui switch is optional).

 

This will generate additional logging in the Programdata\Landesk\DebugLog folder consisting of the following (2) files:

  • PatchManifestSyncSDK.log
  • PatchScanSDKDpdTrace.log

To enhance the log level for all Next Gen content definitions, the following addition has been made to the Distribution and Patch agent settings:

 

Image may be NSFW.
Clik here to view.
D&PDebugSettings.jpg

 

This feature is only intended for troubleshooting purposes and should not be on in your default agent setting. When troubleshooting a Next Gen content issue, please create an alternate Distribution and Patch agent setting, enable this feature and assign this setting to the device during troubleshooting only.

 

 

Diagnostic Tool

Updated The "Get debug logs and zip (patch)" feature is only available in 2017.3 and newer product versions.

To retrieve logging remotely access the Diagnostic tool and select the Logs | Client option to view client-side logs. An additional option "Get debug logs and zip (patch)" is present for debug logging for all Next Gen definitions. This will only function if the Distribution and Patch agent setting has Enable security scan debug trace log selected.

 

Image may be NSFW.
Clik here to view.
Diag_DebugLog.jpg

 

How Does Scanning and Remediation Work

 

If the endpoints are on a supported version of the product, the agent does not need to be updated immediately to take advantage of the enhanced patch engine. All devices on an unsupported product version will need to be upgraded. Upon initiation of the vulnerability scanner, the self-update feature will update the necessary vulscan files to ensure compatibility between the files on the client and the latest files on your 2017.3 core. For more on the Self Update feature please reference About Patch Manager Self Update. These binaries must be updated in order for the Next Gen binaries to work with vulscan.exe.

 

Scanning:

A security scan works the same as before for all current content. Whenever the scanner encounters a definition with Next Gen content it will launch the fixed script contained within the definition and perform the following actions:

 

  1. Check for definition scan results in memory.
  2. If this is the first Next Gen definition encountered in the current security scan, no scan results will be found on the client and the following will occur:
    1. The client will check if it needs to download any Next Gen binary files from the core (ldlogon/timber) and transfer them to the LDCLient\Timber directory:
      1. The detection rules “WindowsPatchData.zip” file (about 14MB) is updated on the content servers every time new content is added and will be download to the client. If WindowsPatchData.zip already exists on the client, the smaller delta files will be used to update this file to the current version.
      2. Additional Next Gen binary files will be downloaded if the current versions do not already exist on the client:
    2. The Next Gen COM object is then registered on the client to allow Vulscan.exe to interact with the Next Gen scan engine
    3. The Next Gen scan engine then scans for ALL vulnerabilities and stores the scan results “in-memory”. A FULL scan of all vul_defs is only completed if this is the first Next Gen definition encountered in the current security scan.
    4. The script then references the in-memory scan results to determine if the current definition is vulnerable.

 

The security scan continues scanning as usual.  For any remaining Next Gen content definitions in the current security scan, the detection script will return the result of the specified definition from the in-memory scan results.

The Next Gen scanner runs (maximum of once per vulscan instance) it checks for everything and stores that information in memory, but that information is only used by Next Gen definitions. Legacy definitions work the same way they always have.

 

Remediation:

 

  1. Patch files (Default location - Ldlogon/Patch) uses the existing download mechanism "lddwnld.dll" to transfer the patch files to the sdmcache directory on the client.
  2. The pre-defined remediation script calls the Next Gen SDK with a GUID, Language and a unique file name that’s used for patching.
    • A temporary “package” is created during the repair and contained on the client (Programdata\Landesk\Timber\Pkgs) which is used by the Next Gen patch SDK.

 

Logging

 

The vulscan.log file will continue to serve as the primary log for content detection and remediation, however, several additional logs have been introduced to provide further insight on the activity of the Next Gen content.

 

  • vulscan.log (Programdata\Landesk\Log folder)
  • PatchManifestSyncSDK.log (Programdata\Landesk\Log folder)
  • PatchScanSDK.log (Programdata\Landesk\Log folder, only created when debug trace logging is disabled)
  • PatchScanSDKDpdTrace.log (Programdata\Landesk\DebugLog folder, only created when debug trace logging is enabled)
  • STDeploy.log (Programdata\Landesk\Log folder, but only created when repairing)
  • TimberDeployEvents.log (Programdata\Landesk\Log folder, only created when repairing)

 

Pre-Staging Next Generation Binaries

Pre-Staging Next Generation Binaries

Custom Patch Definitions Disappear After Creation

Pretty much what the title says. I am trying to clone the Windows 10 1709 patch and change a line of code in the powershell command. I can do this, then apply and save it, then it shows up in the list of patches, but as soon as I refresh, the patch disappears. Any ideas?

Image may be NSFW.
Clik here to view.

Patch and Compliance (Detected)

EndPointManager 2017.3 10.1.30.401

 

Hello, I think I already asked this before but can't seem to understand.

1. Everything under Detected(current scope) is/are (I assume) vulnerabilities found for the Selected Scope

2. If I schedule a repair task for a particular vulnerability, and the task is successful, when are the vulnerabilities removed from the Detected(current scope) Folder?

 

After point 2 I manually ran on the Client:

a) PolicySync

b)Security Scan

c) Gather Historical Information on the Core

d) restarted the client

e) PolicySync

f)Security Scan

g) Gather Historical Information on the Core

 

But the vulnerability is still listed there.

 

What M I missing?

Any help is appreciated.

Best

Image may be NSFW.
Clik here to view.

I'm unable to download associated patches for non-Microsoft products

Hello.

 

I'm trying to download associated patches in Patch Management.  I can download the patches for Microsoft but not for other vendors (like Apple, Adobe, Google, Mozilla, etc.).  I have the role for Patch Management in EndPoint.  The other person who does the patches with me has admin rights in EndPoint.  He's able to download them without any issues.  Do I need additional rights on the core server or in EndPoint to allow me to download non-Microsoft patches?

Image may be NSFW.
Clik here to view.

Can't see Next Gen Vulnerabilities

We have version 2017.3 SU1, when I look in patch and compliance I only see "Driver updates, Security, Software updates and Vulnerabilities" under Windows. I know there is a SU2 available put I don't see it under vendor or product? Do I need to get that downloaded first? I've tried the article about the category not showing up.

 

Thanks

Steve

 

Image may be NSFW.
Clik here to view.
pcdownloads.JPG

Image may be NSFW.
Clik here to view.

About the New Patch Engine in Ivanti Endpoint Manager

Overview

 

Ivanti Endpoint Manager’s Patch and Compliance tool now welcomes our Next Generation patch engine. This new architecture enables us to continue optimizing well into the future and is only applicable to the Windows environment. As a preliminary feature, we’re providing the ability to opt-in, allowing for a more controlled introduction of all Next Generation content into your environment. The new patch engine is currently available in the 2017.3 product version.

 

Updated We are now offering this feature in ALL supported versions of the product.

 

 

By electing to download Next Gen content, the core will download new vulnerabilities definitions for products that are currently not supported in the standard content stream (i.e. Microsoft Windows Vulnerabilities). This means that if both options are selected (Next Gen Microsoft Windows Vulnerabilities (beta) and Microsoft Windows Vulnerabilities) there will be no overlap in the vulnerability content downloaded to the core.

 

Note: All images within this document can be viewed full size by clicking on them

Definition Downloads

 

In the definition download utility, a new definition type exists under Windows | Vulnerabilities | Next Gen Microsoft Windows Vulnerabilities (beta).

 

New As of 3 Jan 2018, the Next Gen Microsoft Windows Vulnerabilities (beta) option is no longer applicable. All new Windows Vulnerability (this includes 3rd party software) content has been formatted to use the Next Gen scan engine and is contained under Vulnerabilities | Windows Microsoft Vulnerabilities. Any content downloaded prior to 3 Jan will not be affected by this change.

 

Please ensure your definition downloads are scheduled to occur (2) times per week for the Microsoft Windows Vulnerability definitions. The recommended download occurrence should be scheduled on Wednesday and Friday evenings.

NewImage may be NSFW.
Clik here to view.
3Jan.jpg

 

When selected, all associated Next Gen binaries/vulnerabilities definitions will be downloaded to the core. The binaries (about 30 MB) will be contained in Managementsuite \ Ldlogon \ Timber directory and the definition grouping will be based on your configuration and download filters. Upon definition download, the following can be expected:

 

Definition Download
Managementsuite \ Ldlogon \ Timber
Image may be NSFW.
Clik here to view.
Next Gen def download.jpg
Image may be NSFW.
Clik here to view.
Next Gen Timber Folder.jpg

 

 

The Managementsuite \ Ldlogon \ Timber  \ Content folder will contain a WindowsPatchData.zip file and associated Delta zip files. The WindowsPatchData.zip file contains all vulnerability detection rulesand the Delta zip files contain the differences. This content, along with the remaining Next Gen binaries, will be downloaded to the endpoint upon scanning against Next Gen content. The main WindowsPatchData.zip file will only be downloaded once, Deltas are downloaded to the Core if there are differences that aren't in the WindowsPatchData.zip file. Once the endpoint has the main zip file, it will only retrieve the Delta zip files when scanning against Next Gen content.

 

Image may be NSFW.
Clik here to view.
Content Folder.jpg
30

 

Upon definition download completion of Next Gen Microsoft Windows Vulnerabilities (beta), filtering for this definition type can be done by using the filter string "Next Gen". Every next-gen definition has the filter string hardcoded in the Summary column.

 

Image may be NSFW.
Clik here to view.
NextGenDef_Sum.jpg

 

To isolate these definitions, a custom patch group can be created to house these definitions. If you elect to do so, a manual transfer has to take place. To further isolate which devices scan against this custom group, an alternate Distribution and Patch agent setting can be configured to scan against this group. More information on how to configure this is outlined in How to Scan and /or Repair against a custom group and  How to use Custom Groups to repair groups of computers.

 

Content Changes

 

Every Next Gen definition will contain a pre-defined fixed script for Detection and Remediation. The pre-defined detection script will evaluate Registry, File and Script logic to determine if a device is vulnerable to a definition. The detection details have been included at the beginning of the script content. The Files and Registry Settings section will be blank for all Next Gen content.

These scripts are not meant to be modified. Modification of this logic will leave these definition in an unsupported state

 

Sample Next Gen definition (Detection Logic)Sample Next Gen definition (Repair Logic)
Image may be NSFW.
Clik here to view.
NextGenCustomScript_Detection.jpg
Image may be NSFW.
Clik here to view.
NextGenContent_Remediation.jpg

 

 

 

Distribution and Patch Agent Setting

Updated The "Enable security scan debug trace log" UI feature is only available in 2017.3 and newer product versions. To enable debug trace logs for versions 9.6 - 2017.1 run the following cmd locally on the endpoint or distribute a script to the desired device:

 

vulscan /enableDpdTrace=true /showui (the showui switch is optional).

 

This will generate additional logging in the Programdata\Landesk\DebugLog folder consisting of the following (2) files:

  • PatchManifestSyncSDK.log
  • PatchScanSDKDpdTrace.log

To enhance the log level for all Next Gen content definitions, the following addition has been made to the Distribution and Patch agent settings:

 

Image may be NSFW.
Clik here to view.
D&PDebugSettings.jpg

 

This feature is only intended for troubleshooting purposes and should not be on in your default agent setting. When troubleshooting a Next Gen content issue, please create an alternate Distribution and Patch agent setting, enable this feature and assign this setting to the device during troubleshooting only.

 

 

Diagnostic Tool

Updated The "Get debug logs and zip (patch)" feature is only available in 2017.3 and newer product versions.

To retrieve logging remotely access the Diagnostic tool and select the Logs | Client option to view client-side logs. An additional option "Get debug logs and zip (patch)" is present for debug logging for all Next Gen definitions. This will only function if the Distribution and Patch agent setting has Enable security scan debug trace log selected.

 

Image may be NSFW.
Clik here to view.
Diag_DebugLog.jpg

 

How Does Scanning and Remediation Work

 

If the endpoints are on a supported version of the product, the agent does not need to be updated immediately to take advantage of the enhanced patch engine. All devices on an unsupported product version will need to be upgraded. Upon initiation of the vulnerability scanner, the self-update feature will update the necessary vulscan files to ensure compatibility between the files on the client and the latest files on your 2017.3 core. For more on the Self Update feature please reference About Patch Manager Self Update. These binaries must be updated in order for the Next Gen binaries to work with vulscan.exe.

 

Scanning:

A security scan works the same as before for all current content. Whenever the scanner encounters a definition with Next Gen content it will launch the fixed script contained within the definition and perform the following actions:

 

  1. Check for definition scan results in memory.
  2. If this is the first Next Gen definition encountered in the current security scan, no scan results will be found on the client and the following will occur:
    1. The client will check if it needs to download any Next Gen binary files from the core (ldlogon/timber) and transfer them to the LDCLient\Timber directory:
      1. The detection rules “WindowsPatchData.zip” file (about 14MB) is updated on the content servers every time new content is added and will be download to the client. If WindowsPatchData.zip already exists on the client, the smaller delta files will be used to update this file to the current version.
      2. Additional Next Gen binary files will be downloaded if the current versions do not already exist on the client:
    2. The Next Gen COM object is then registered on the client to allow Vulscan.exe to interact with the Next Gen scan engine
    3. The Next Gen scan engine then scans for ALL vulnerabilities and stores the scan results “in-memory”. A FULL scan of all vul_defs is only completed if this is the first Next Gen definition encountered in the current security scan.
    4. The script then references the in-memory scan results to determine if the current definition is vulnerable.

 

The security scan continues scanning as usual.  For any remaining Next Gen content definitions in the current security scan, the detection script will return the result of the specified definition from the in-memory scan results.

The Next Gen scanner runs (maximum of once per vulscan instance) it checks for everything and stores that information in memory, but that information is only used by Next Gen definitions. Legacy definitions work the same way they always have.

 

Remediation:

 

  1. Patch files (Default location - Ldlogon/Patch) uses the existing download mechanism "lddwnld.dll" to transfer the patch files to the sdmcache directory on the client.
  2. The pre-defined remediation script calls the Next Gen SDK with a GUID, Language and a unique file name that’s used for patching.
    • A temporary “package” is created during the repair and contained on the client (Programdata\Landesk\Timber\Pkgs) which is used by the Next Gen patch SDK.

 

Logging

 

The vulscan.log file will continue to serve as the primary log for content detection and remediation, however, several additional logs have been introduced to provide further insight on the activity of the Next Gen content.

 

  • vulscan.log (Programdata\Landesk\Log folder)
  • PatchManifestSyncSDK.log (Programdata\Landesk\Log folder)
  • PatchScanSDK.log (Programdata\Landesk\Log folder, only created when debug trace logging is disabled)
  • PatchScanSDKDpdTrace.log (Programdata\Landesk\DebugLog folder, only created when debug trace logging is enabled)
  • STDeploy.log (Programdata\Landesk\Log folder, but only created when repairing)
  • TimberDeployEvents.log (Programdata\Landesk\Log folder, only created when repairing)

 

Pre-Staging Next Generation Binaries

Pre-Staging Next Generation Binaries

Why patch compliance don't download new update patch.

Dear All,

 

From I LANDesk Management Suite 9.6 SU 3.I observe patch can't download new patch since October 2017 (Checked from sort publish date)

 

Inspection and correction


I try to reactivate license.

Image may be NSFW.
Clik here to view.
aaa.png

I already checked license as below.

Image may be NSFW.
Clik here to view.

 

I try to checked path location for download.

Image may be NSFW.
Clik here to view.
image006.png

 

Log file as below.

01/09/2018 18:04:56 INFO  7768:1     : ------------------- Update process started --------------------

01/09/2018 18:04:56 INFO  7768:1     : Verifying access to site US West Coast (https://patch.landesk.com)

01/09/2018 18:05:15 INFO  7768:1     : Downloading Patches

01/09/2018 18:05:15 INFO  7768:1     : Attempting to download 0 patches

01/09/2018 18:05:24 INFO  7768:1     : Updating patch downloaded status for 44327 patches

01/09/2018 18:07:57 INFO  7768:1     : Finished downloading patches

01/09/2018 18:07:59 INFO  7768:1     : Completed updating definitions

01/10/2018 09:38:26 INFO  20204:Main Thread : ------------------- Update process started --------------------

01/10/2018 09:38:27 INFO  20204:Main Thread : Verifying access to site Europe (https://patchemea.landesk.com)

01/10/2018 09:38:51 INFO  20204:Main Thread : Downloading Patches

01/10/2018 09:38:51 INFO  20204:Main Thread : Attempting to download 0 patches

01/10/2018 09:38:55 INFO  20204:Main Thread : Updating patch downloaded status for 44327 patches

01/10/2018 09:41:22 INFO  20204:Main Thread : Finished downloading patches

01/10/2018 09:41:24 INFO  20204:Main Thread : Completed updating definitions

01/10/2018 09:47:22 INFO  20204:Main Thread : ------------------- Update process started --------------------

01/10/2018 09:47:22 INFO  20204:Main Thread : Verifying access to site US East Coast (https://patchec.landesk.com)

01/10/2018 09:47:25 INFO  20204:Main Thread : Downloading Patches

01/10/2018 09:47:25 INFO  20204:Main Thread : Attempting to download 0 patches

01/10/2018 09:47:33 INFO  20204:Main Thread : Updating patch downloaded status for 44327 patches

01/10/2018 09:49:53 INFO  20204:Main Thread : Finished downloading patches

01/10/2018 09:49:56 INFO  20204:Main Thread : Completed updating definitions

01/10/2018 10:01:37 INFO  21324:Main Thread : ------------------- Update process started --------------------

01/10/2018 10:01:38 INFO  21324:Main Thread : Verifying access to site US West Coast (https://patch.landesk.com)

01/10/2018 10:01:55 INFO  21324:Main Thread : Downloading Patches

01/10/2018 10:01:55 INFO  21324:Main Thread : Attempting to download 0 patches

01/10/2018 10:02:02 INFO  21324:Main Thread : Updating patch downloaded status for 44327 patches

01/10/2018 10:04:30 INFO  21324:Main Thread : Finished downloading patches

01/10/2018 10:04:32 INFO  21324:Main Thread : Completed updating definitions

Image may be NSFW.
Clik here to view.

Timber\CL5.exe reported as Trojan in F-Secure and other AV-scanners

How to patch Office 365

Overview:

Ivanti Patch and Compliance now provides support for Office 365 versions 2013 and 2016.  Patch and Compliance administrators can now scan, detect, and remediate client devices that have Office 365 installed. For Office 365 version 2013, Ivanti leverages the Microsoft Office Deployment Tool to perform the remediation tasks for updating Office 2013 installations. For Office 365 version 2016, Ivanti has developed an Office Com API to perform remediation tasks for updating Office 2016 installations. Ivanti provides a utility (Office365Util.exe) for you to use to download the Office installation data and to check the hash for Office 2016 installation data. When the Office patches are downloaded, Ivanti Endpoint Manager will check the hash on the pertinent files to ensure validity.

 

High Level Process

 

  1. The Ivanti administrator downloads Office 365 definitions from the Ivanti global servers.
  2. Once the Office 365 definitions are downloaded to the core, the Ivanti administrator can scan for those Office 365 vulnerabilities.
  3. In order to remediate (apply latest patches) detected vulnerabilities, Ivanti administrator have to manually run, on the core machine, a new tool provided by Ivanti (Office365Util.exe). Using this tool, the Ivanti administrator can choose the Office 365 versions that are relevant to the environment. The Ivanti Office 365 utility will download the patch binaries and the Microsoft Office deployment tool from the Microsoft cloud.
  4. Once the patch binaries are downloaded to the core, the Ivanti administrator can apply the patches to all vulnerable endpoints using the standard method of applying patches.

Step 1: Download Content

 

Customers download the Office 365 vulnerability definitions, the O365Util.dll, and the Office365Util.exe from the Ivanti Global Host Content Server by downloading the latest Microsoft Windows Vulnerabilities.

 

Download Updates (Microsoft Windows Vulnerabilities)Updating Definitions (Office365Util.exe/O365Util.dll)
Image may be NSFW.
Clik here to view.
o365downloadupdates.jpg
Image may be NSFW.
Clik here to view.
updates.jpg

 

Updating Definitions (MSO365)MSOFFICE 365 (Vul_Defs)MSO365 (Vul_Defs)
Image may be NSFW.
Clik here to view.
MSO365.jpg
Image may be NSFW.
Clik here to view.
MSo365Def.jpg

Step 2: Launch Office365Util.exe

 

Upon successful content download, an Office365Utility folder is created under the LDLogon share and will contain the Office365Util.exe file provided by Ivanti.

 

\\Core_Server\LDLogon\Office365Utility

 

Image may be NSFW.
Clik here to view.
2017-10-18_1747.png

This utility will allow you to select the specifics regarding the Office 365 product you are patching. Launch this utility directly from C:\Program Files\LANDesk\ManagementSuite\ldlogon\Office365Utility\ by double-clicking on Office365Utility.exe
(do not try to run it via the network share \\Core_Server\LDLogon\Office365Utility or \\localhost\LDlogon\Office365Utility as you will get an error).

 

Step 3: Select Options from Office365Util

 

The view provided below displays the available options inside of the Office365Util application (Ivanti Office 365 Utility for Patch and Compliance):

There is no Channel support for Office 2013

 

PlatformsDeployment Tools
Image may be NSFW.
Clik here to view.
o365Patform.jpg
Image may be NSFW.
Clik here to view.
o365Utility2016.jpg

 

ChannelsOffice 365 (2013) Product List View
Image may be NSFW.
Clik here to view.
o365_2013.jpg
Image may be NSFW.
Clik here to view.
o365Channel.jpg

 

In order to successfully patch Office 365, select which Office 365 patch product updates to download in order to support client remediation. After selecting the desired product updates from the Ivanti Office 365 Utility for Patch and Compliance application, click START.

 

 

    Image may be NSFW.
Clik here to view.
STARTo365.jpg
 

 

Office 365 Tool

 

The START action will do (2) things:

 

  1. Create an Office365Tool folder under the LDLogon share and process the Microsoft setup.exe file

    \\Core_Server\LDLogon\Office365Tool

The contents of this folder will contain the Deployment Tool Type (2016 or 2013) selected during the download and all relative installation data applicable to the options selected in the Ivanti Office 365 Utility for Patch and Compliance
application. The display below will outline the contents of both Deployments Tools (2016 and 2013).

 

If you have both 2016 and 2013 products in need of patching, the download has to be completed separately.

 

Office365Tool
Deployment Tool Options
Image may be NSFW.
Clik here to view.
oToolOverview.jpg
Image may be NSFW.
Clik here to view.
oToolBothPlats.jpg

 

2016 Content2013 Content
Image may be NSFW.
Clik here to view.
2016View.jpg
Image may be NSFW.
Clik here to view.
2013View.jpg

   
      2. Create an Office365 folder under the LDLogon\Patch share that contains the patch files(s):

 

\\Core_Server\LDLogon\Patch\Office365

Patch Location

 

Updated Office 365 patching is not designed to take advantage of our download technology. The client device will NOT download o365 patch files from a preferred server or peer device. The files will be retrieved from the default or non-default patch location.

Image may be NSFW.
Clik here to view.
iis.jpg
Image may be NSFW.
Clik here to view.
explorer.jpg

 

Non-Default Patch Location

 

This section is only applicable to those who have changed the default download location for patches. After downloading the Office 365 patch updates and installation data with the Ivanti Office 365 tool, the following SOURCE will be in the vulnerability definition:

 

Office 365 (2016)

 

httpSourcesURL="Core_Server/LDLogon/Patch/Office365/DeploymentToolType/Channel/Architecture"

 

Ex: httpSourcesURL=http://2016E/ldlogon/patch/office365/2016/current/x64

Office 365 (2013)

httpSourcesURL=http://Core_Server/LDLogon/Patch/Office365/DeploymentToolType

 

Ex: httpSourcesURL= http://2016E/ldlogon/patch/office365/2013

 

In order for the Patch Install Commands in the vulnerability definition to interpret the correct patch location, the Custom Variable will have to be set in every MSO365 vulnerability definition.

 

To do this open the properties on the definition and select the Custom Variables tab. By default the value specified will resolve to the default patch location.

 

Image may be NSFW.
Clik here to view.
Sources.jpg

 

You will need to explicitly set the value to reflect the location your patches reside.

 

Image may be NSFW.
Clik here to view.
variable.jpg

 

The Patch Install Commands section of the definition utilizes a script that resolves the Custom Variable.

 

Image may be NSFW.
Clik here to view.
2016.jpg

 

References

How to change the default Patch Location for Security and Patch Manager

Microsoft Office 2016 Deployment Tool

Microsoft Office 2013 Deployment Tool for Click-to-Run


Next Gen: Why the Delta vs Cumulative Update is Offered for Windows 10

Purpose

 

This article explains how our detection the Delta or Cumulative version of the patch is offered.

 

Description

 

Our detection logic will verify the  'UBR' value from the registry to determine if the Delta or the Cumulative update will be offered.

HKLM" Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion" Value="UBR" (Update Build Revision)
  • The Delta is offered if build version equals N-1. (N= Latest Build. Current build being offered minus one version level)
  • The full Cumulative update is offered if build version is N-2 or less.

 

You will only be offered one or the other and never both.

 

Related Documentation

 

Windows 10 release information

Image may be NSFW.
Clik here to view.

anyone been able to push 1709 update to windows 10 in LANDesk?

Looks like is a service pack but when i open that it says it is a manual download

String not found Patch Action 47

Issue:

Getting messages like the following in the Security and Patch Information for clients on the History page:

String not found Patch Action 46

String not found Patch Action 47

 

Solution:

The messages are cosmetic and can be ignored. They will go away if you upgrade to 2016.3 with the latest update or 2017.3.

Next Gen Microsoft Windows Vulnerabilities (beta) is not shown in the Patch Manager > Download updates > Windows > Vulnerabilities

Next Gen Microsoft Windows Vulnerabilities (beta) is not shown in the Patch Manager > Download updates > Windows > Vulnerabilities

 

Image may be NSFW.
Clik here to view.
screenshot epm 2017.3 download updates updates tab.PNG

 

To resolve the issue, click on and select "Microsoft Windows Vulnerabilites", click on button "Apply" and click on the button "Download now".

 

Image may be NSFW.
Clik here to view.
screenshot epm 2017.3 download updates updates tab selected windows vulnerabilities.PNG

 

Once the download completes, go back to "Download updates" and the definition type "Next Gen Microsoft Windows Vulnerabilities ( beta ) will be shown.

Image may be NSFW.
Clik here to view.
screenshot epm 2017.3 download updates updates tab next gen microsoft windows vulnerabilities beta ticked.PNG

Error: "Unable to find string with ID message" in Vulscan UI

If you are like me living a country that does not have a localized version of LANDESK, you might run into this issue.

 

You start the Vulnerability Scan and when the message should appear that the vulscan detects a vulnerability, you only get the message: Unable to find string with ID...

 

This happens because LANDESK doesn't support the language of your OS but builds a XXXvulscan.dll with your language code. In the case of The Netherlands, we would see a NLDvulscan.dll. This 'localized' dll unfortunately doesn't contain the all of the strings the vulscan UI asks for.

 

To remedy this, go to the LDLogon share on the Core Server. Copy the ENUvulscan.dll and rename the copy to XXXvulscan.dll, XXX being your country ID. If the localized DLL exists already, delete it before you rename the copy.

 

That's it. Your vulscan running on the workstation will detect a newer DLL on the server and automatically download it. And you will have all the strings available from the English languange DLL, showing you exactly what is detected and more.

 

In addition this can occur if not all Vulscan related files are up to date and there is a mismatch. 

Viewing all 1121 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>