This update has been replaced, please put in disabled replaced rules.
March 14, 2017, update for Outlook 2016 (KB3085429) not available to download
HP device Keylogger Vulnerable. Any best practice to patch HP device drivers?
Hi all,
As the news shown HP device require to update their drivers due to the potential security vulnerability. Was wondering is there any guide or best practice to use patch manager to push drivers update to all HP devices? Is there also a list of Patch Manager on which device model is supported to download and push drivers updates?
Thanks in advance
Support for the Intel 'Meltdown' security vulnerability KB4058702
Information
Microsoft released KB4058702 late the night of 1/3/18 (out of band) to address an Intel CPU firmware vulnerability. The patches released will be added to our patch definition update to be released later today, 1/4/18.
List of patches from Microsoft:
https://www.catalog.update.microsoft.com/Search.aspx?q=2018-01
Additional Information
Important information on detection logic for the Intel 'Meltdown' security vulnerability
Current definitions in Patch and Compliance referencing Support for the Intel 'Meltdown' Security Vulnerability
Affected patches:
- MS18-01-IE Q4056568
- MS18-01-SO7 Q4056897
- MS18-01-SO8 Q4056899
- MS18-01-SO81 Q4056898
- MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893
How to Scan and/or Repair against a custom group
Additional Information
Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite as Windows Update does:
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
If key does not exist you will be offered the detection only version of this patch.
This means that the associated patch for a system will not be remediated unless the Registry key is present. This mirrors how the patches are handled by Microsoft. Full details regarding the offering of the patch, and options if the Registry key is missing, are located in the Microsoft article here: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
An Example of the detection only definition being returned will contain "DETECT" in the definition name and under Patch Required it will say: No repair action specified There is also no patch information provided
Image may be NSFW.
Clik here to view.
An Example of the definition where the regkey is detected and you will be able to remediate
Image may be NSFW.
Clik here to view.
Support for the Intel 'Meltdown' security vulnerability KB4058702
Important information on detection logic for the Intel 'Meltdown' security vulnerability
Intel 'Meltdown' security vulnerability KB4058702 is not installing
Hi I am new the the NextGen Patches, and my first task is to use it for the Meltdown vulnerability.
Unfortunatelly I do not got the correct result, and have no more ideas where to look at.
What I checked so far:
I did read:
Important information on detection logic for the Intel 'Meltdown' security vulnerability
Support for the Intel 'Meltdown' security vulnerability KB4058702
About the New Patch Engine in Ivanti Endpoint Manager
Test-PC:
Windows 10 Enterprise - 1703 with McAfee
Registry-Key for Compatibilty:
was set manually by me (McAfee is not able yet to do it)
Image may be NSFW.
Clik here to view.
Vulnerability and Definition:
- Downloaded by PatchManager (My Focus is on 4056891 for Windows 10 - 1703)
Image may be NSFW.
Clik here to view.
Patch Manger does only find the DETECT Vulnerability:
Image may be NSFW.
Clik here to view.
The Vulscan-Log tells me
that the "Install"-Patch is allready installed???
the "DETECT"-Patch tells me it is'nt?
Image may be NSFW.
Clik here to view.
I also activated - the "Enable security scan debug trace log" but I do not understand these files so far:
- PatchManifestSyncSDK.log
- PatchScanSDKDpdTrace.log
Hope you can get me some new tipps.
Kind regards, Marco
Important information on detection logic for the Intel 'Meltdown' security vulnerability
Overview
Microsoft has identified a severe compatibility issue with a small number of anti-virus software products.
We highly suggest all customers review these issues here: https://support.microsoft.com/en-us/help/4072699
Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite as Windows Update does:
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
If key does not exist you will be offered the detection only version of this patch.
This means that the associated patch for a system will not be remediated unless the Registry key is present. This mirrors how the patches are handled by Microsoft. Full details regarding the offering of the patch, and options if the Registry key is missing, are located in the Microsoft article here: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
The patches will be offered for deployment if the key exists.
Affected patches:
- MS18-01-IE Q4056568
- MS18-01-SO7 Q4056897
- MS18-01-SO8 Q4056899
- MS18-01-SO81 Q4056898
- MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893
Affected CVEs:
- CVE-2017-5753
- CVE-2017-5715
- CVE-2017-5754
Link to Security bulletin advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Clik here to view.
About the New Patch Engine in Ivanti Endpoint Manager
Overview
Ivanti Endpoint Manager’s Patch and Compliance tool now welcomes our Next Generation patch engine. This new architecture enables us to continue optimizing well into the future and is only applicable to the Windows environment. As a preliminary feature, we’re providing the ability to opt-in, allowing for a more controlled introduction of all Next Generation content into your environment. The new patch engine is currently available in the 2017.3 product version.
Updated We are now offering this feature in ALL supported versions of the product.
By electing to download Next Gen content, the core will download new vulnerabilities definitions for products that are currently not supported in the standard content stream (i.e. Microsoft Windows Vulnerabilities). This means that if both options are selected (Next Gen Microsoft Windows Vulnerabilities (beta) and Microsoft Windows Vulnerabilities) there will be no overlap in the vulnerability content downloaded to the core.
Note: All images within this document can be viewed full size by clicking on them
Definition Downloads
In the definition download utility, a new definition type exists under Windows | Vulnerabilities | Next Gen Microsoft Windows Vulnerabilities (beta).
Please ensure your definition downloads are scheduled to occur (2) times per week for the Next Gen vulnerability definitions. The recommended download occurrence should be scheduled on Wednesday and Friday evenings.
Image may be NSFW.
Clik here to view.
This option is not on by default and when selected, all associated Next Gen binaries/vulnerabilities definitions will be downloaded to the core. The binaries (about 30 MB) will be contained in Managementsuite \ Ldlogon \ Timber directory and the definition grouping will be based on your configuration and download filters. Upon definition download, the following can be expected:
Definition Download | Managementsuite \ Ldlogon \ Timber |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
The Managementsuite \ Ldlogon \ Timber \ Content folder will contain a WindowsPatchData.zip file and associated Delta zip files. The WindowsPatchData.zip file contains all vulnerability detection rulesand the Delta zip files contain the differences. This content, along with the remaining Next Gen binaries, will be downloaded to the endpoint upon scanning against Next Gen content. The main WindowsPatchData.zip file will only be downloaded once, Deltas are downloaded to the Core if there are differences that aren't in the WindowsPatchData.zip file. Once the endpoint has the main zip file, it will only retrieve the Delta zip files when scanning against Next Gen content.
Image may be NSFW.
Clik here to view.30
Upon definition download completion of Next Gen Microsoft Windows Vulnerabilities (beta), filtering for this definition type can be done by using the filter string "Next Gen". Every next-gen definition has the filter string hardcoded in the Summary column.
Image may be NSFW.
Clik here to view.
To isolate these definitions, a custom patch group can be created to house these definitions. If you elect to do so, a manual transfer has to take place. To further isolate which devices scan against this custom group, an alternate Distribution and Patch agent setting can be configured to scan against this group. More information on how to configure this is outlined in How to Scan and /or Repair against a custom group and How to use Custom Groups to repair groups of computers.
Content Changes
Every Next Gen definition will contain a pre-defined fixed script for Detection and Remediation. The pre-defined detection script will evaluate Registry, File and Script logic to determine if a device is vulnerable to a definition. The detection details have been included at the beginning of the script content. The Files and Registry Settings section will be blank for all Next Gen content.
These scripts are not meant to be modified. Modification of this logic will leave these definition in an unsupported state
Sample Next Gen definition (Detection Logic) | Sample Next Gen definition (Repair Logic) |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
Distribution and Patch Agent Setting
Updated The "Enable security scan debug trace log" UI feature is only available in 2017.3 and newer product versions. To enable debug trace logs for versions 9.6 - 2017.1 run the following cmd locally on the endpoint or distribute a script to the desired device:
vulscan /enableDpdTrace=true /showui (the showui switch is optional).
This will generate additional logging in the Programdata\Landesk\DebugLog folder consisting of the following (2) files:
- PatchManifestSyncSDK.log
- PatchScanSDKDpdTrace.log
To enhance the log level for all Next Gen content definitions, the following addition has been made to the Distribution and Patch agent settings:
Image may be NSFW.
Clik here to view.
This feature is only intended for troubleshooting purposes and should not be on in your default agent setting. When troubleshooting a Next Gen content issue, please create an alternate Distribution and Patch agent setting, enable this feature and assign this setting to the device during troubleshooting only.
Diagnostic Tool
Updated The "Get debug logs and zip (patch)" feature is only available in 2017.3 and newer product versions.
To retrieve logging remotely access the Diagnostic tool and select the Logs | Client option to view client-side logs. An additional option "Get debug logs and zip (patch)" is present for debug logging for all Next Gen definitions. This will only function if the Distribution and Patch agent setting has Enable security scan debug trace log selected.
Image may be NSFW.
Clik here to view.
How Does Scanning and Remediation Work
If the endpoints are on a supported version of the product, the agent does not need to be updated immediately to take advantage of the enhanced patch engine. All devices on an unsupported product version will need to be upgraded. Upon initiation of the vulnerability scanner, the self-update feature will update the necessary vulscan files to ensure compatibility between the files on the client and the latest files on your 2017.3 core. For more on the Self Update feature please reference About Patch Manager Self Update. These binaries must be updated in order for the Next Gen binaries to work with vulscan.exe.
Scanning:
A security scan works the same as before for all current content. Whenever the scanner encounters a definition with Next Gen content it will launch the fixed script contained within the definition and perform the following actions:
- Check for definition scan results in memory.
- If this is the first Next Gen definition encountered in the current security scan, no scan results will be found on the client and the following will occur:
- The client will check if it needs to download any Next Gen binary files from the core (ldlogon/timber) and transfer them to the LDCLient\Timber directory:
- The detection rules “WindowsPatchData.zip” file (about 14MB) is updated on the content servers every time new content is added and will be download to the client. If WindowsPatchData.zip already exists on the client, the smaller delta files will be used to update this file to the current version.
- Additional Next Gen binary files will be downloaded if the current versions do not already exist on the client:
- The Next Gen COM object is then registered on the client to allow Vulscan.exe to interact with the Next Gen scan engine
- The Next Gen scan engine then scans for ALL vulnerabilities and stores the scan results “in-memory”. A FULL scan of all vul_defs is only completed if this is the first Next Gen definition encountered in the current security scan.
- The script then references the in-memory scan results to determine if the current definition is vulnerable.
The security scan continues scanning as usual. For any remaining Next Gen content definitions in the current security scan, the detection script will return the result of the specified definition from the in-memory scan results.
The Next Gen scanner runs (maximum of once per vulscan instance) it checks for everything and stores that information in memory, but that information is only used by Next Gen definitions. Legacy definitions work the same way they always have.
Remediation:
- Patch files (Default location - Ldlogon/Patch) uses the existing download mechanism "lddwnld.dll" to transfer the patch files to the sdmcache directory on the client.
- The pre-defined remediation script calls the Next Gen SDK with a GUID, Language and a unique file name that’s used for patching.
- A temporary “package” is created during the repair and contained on the client (Programdata\Landesk\Timber\Pkgs) which is used by the Next Gen patch SDK.
Logging
The vulscan.log file will continue to serve as the primary log for content detection and remediation, however, several additional logs have been introduced to provide further insight on the activity of the Next Gen content.
- vulscan.log (Programdata\Landesk\Log folder)
- PatchManifestSyncSDK.log (Programdata\Landesk\Log folder)
- PatchScanSDK.log (Programdata\Landesk\Log folder, only created when debug trace logging is disabled)
- PatchScanSDKDpdTrace.log (Programdata\Landesk\DebugLog folder, only created when debug trace logging is enabled)
- STDeploy.log (Programdata\Landesk\Log folder, but only created when repairing)
- TimberDeployEvents.log (Programdata\Landesk\Log folder, only created when repairing)
Pre-Staging Next Generation Binaries
Custom Patch Definitions Disappear After Creation
Pretty much what the title says. I am trying to clone the Windows 10 1709 patch and change a line of code in the powershell command. I can do this, then apply and save it, then it shows up in the list of patches, but as soon as I refresh, the patch disappears. Any ideas?
Clik here to view.
Patch and Compliance (Detected)
EndPointManager 2017.3 10.1.30.401
Hello, I think I already asked this before but can't seem to understand.
1. Everything under Detected(current scope) is/are (I assume) vulnerabilities found for the Selected Scope
2. If I schedule a repair task for a particular vulnerability, and the task is successful, when are the vulnerabilities removed from the Detected(current scope) Folder?
After point 2 I manually ran on the Client:
a) PolicySync
b)Security Scan
c) Gather Historical Information on the Core
d) restarted the client
e) PolicySync
f)Security Scan
g) Gather Historical Information on the Core
But the vulnerability is still listed there.
What M I missing?
Any help is appreciated.
Best
Clik here to view.
I'm unable to download associated patches for non-Microsoft products
Hello.
I'm trying to download associated patches in Patch Management. I can download the patches for Microsoft but not for other vendors (like Apple, Adobe, Google, Mozilla, etc.). I have the role for Patch Management in EndPoint. The other person who does the patches with me has admin rights in EndPoint. He's able to download them without any issues. Do I need additional rights on the core server or in EndPoint to allow me to download non-Microsoft patches?
Clik here to view.
Can't see Next Gen Vulnerabilities
We have version 2017.3 SU1, when I look in patch and compliance I only see "Driver updates, Security, Software updates and Vulnerabilities" under Windows. I know there is a SU2 available put I don't see it under vendor or product? Do I need to get that downloaded first? I've tried the article about the category not showing up.
Thanks
Steve
Clik here to view.
About the New Patch Engine in Ivanti Endpoint Manager
Overview
Ivanti Endpoint Manager’s Patch and Compliance tool now welcomes our Next Generation patch engine. This new architecture enables us to continue optimizing well into the future and is only applicable to the Windows environment. As a preliminary feature, we’re providing the ability to opt-in, allowing for a more controlled introduction of all Next Generation content into your environment. The new patch engine is currently available in the 2017.3 product version.
Updated We are now offering this feature in ALL supported versions of the product.
By electing to download Next Gen content, the core will download new vulnerabilities definitions for products that are currently not supported in the standard content stream (i.e. Microsoft Windows Vulnerabilities). This means that if both options are selected (Next Gen Microsoft Windows Vulnerabilities (beta) and Microsoft Windows Vulnerabilities) there will be no overlap in the vulnerability content downloaded to the core.
Note: All images within this document can be viewed full size by clicking on them
Definition Downloads
In the definition download utility, a new definition type exists under Windows | Vulnerabilities | Next Gen Microsoft Windows Vulnerabilities (beta).
New As of 3 Jan 2018, the Next Gen Microsoft Windows Vulnerabilities (beta) option is no longer applicable. All new Windows Vulnerability (this includes 3rd party software) content has been formatted to use the Next Gen scan engine and is contained under Vulnerabilities | Windows Microsoft Vulnerabilities. Any content downloaded prior to 3 Jan will not be affected by this change.
Please ensure your definition downloads are scheduled to occur (2) times per week for the Microsoft Windows Vulnerability definitions. The recommended download occurrence should be scheduled on Wednesday and Friday evenings.
NewImage may be NSFW.
Clik here to view.
When selected, all associated Next Gen binaries/vulnerabilities definitions will be downloaded to the core. The binaries (about 30 MB) will be contained in Managementsuite \ Ldlogon \ Timber directory and the definition grouping will be based on your configuration and download filters. Upon definition download, the following can be expected:
Definition Download | Managementsuite \ Ldlogon \ Timber |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
The Managementsuite \ Ldlogon \ Timber \ Content folder will contain a WindowsPatchData.zip file and associated Delta zip files. The WindowsPatchData.zip file contains all vulnerability detection rulesand the Delta zip files contain the differences. This content, along with the remaining Next Gen binaries, will be downloaded to the endpoint upon scanning against Next Gen content. The main WindowsPatchData.zip file will only be downloaded once, Deltas are downloaded to the Core if there are differences that aren't in the WindowsPatchData.zip file. Once the endpoint has the main zip file, it will only retrieve the Delta zip files when scanning against Next Gen content.
Image may be NSFW.
Clik here to view.30
Upon definition download completion of Next Gen Microsoft Windows Vulnerabilities (beta), filtering for this definition type can be done by using the filter string "Next Gen". Every next-gen definition has the filter string hardcoded in the Summary column.
Image may be NSFW.
Clik here to view.
To isolate these definitions, a custom patch group can be created to house these definitions. If you elect to do so, a manual transfer has to take place. To further isolate which devices scan against this custom group, an alternate Distribution and Patch agent setting can be configured to scan against this group. More information on how to configure this is outlined in How to Scan and /or Repair against a custom group and How to use Custom Groups to repair groups of computers.
Content Changes
Every Next Gen definition will contain a pre-defined fixed script for Detection and Remediation. The pre-defined detection script will evaluate Registry, File and Script logic to determine if a device is vulnerable to a definition. The detection details have been included at the beginning of the script content. The Files and Registry Settings section will be blank for all Next Gen content.
These scripts are not meant to be modified. Modification of this logic will leave these definition in an unsupported state
Sample Next Gen definition (Detection Logic) | Sample Next Gen definition (Repair Logic) |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
Distribution and Patch Agent Setting
Updated The "Enable security scan debug trace log" UI feature is only available in 2017.3 and newer product versions. To enable debug trace logs for versions 9.6 - 2017.1 run the following cmd locally on the endpoint or distribute a script to the desired device:
vulscan /enableDpdTrace=true /showui (the showui switch is optional).
This will generate additional logging in the Programdata\Landesk\DebugLog folder consisting of the following (2) files:
- PatchManifestSyncSDK.log
- PatchScanSDKDpdTrace.log
To enhance the log level for all Next Gen content definitions, the following addition has been made to the Distribution and Patch agent settings:
Image may be NSFW.
Clik here to view.
This feature is only intended for troubleshooting purposes and should not be on in your default agent setting. When troubleshooting a Next Gen content issue, please create an alternate Distribution and Patch agent setting, enable this feature and assign this setting to the device during troubleshooting only.
Diagnostic Tool
Updated The "Get debug logs and zip (patch)" feature is only available in 2017.3 and newer product versions.
To retrieve logging remotely access the Diagnostic tool and select the Logs | Client option to view client-side logs. An additional option "Get debug logs and zip (patch)" is present for debug logging for all Next Gen definitions. This will only function if the Distribution and Patch agent setting has Enable security scan debug trace log selected.
Image may be NSFW.
Clik here to view.
How Does Scanning and Remediation Work
If the endpoints are on a supported version of the product, the agent does not need to be updated immediately to take advantage of the enhanced patch engine. All devices on an unsupported product version will need to be upgraded. Upon initiation of the vulnerability scanner, the self-update feature will update the necessary vulscan files to ensure compatibility between the files on the client and the latest files on your 2017.3 core. For more on the Self Update feature please reference About Patch Manager Self Update. These binaries must be updated in order for the Next Gen binaries to work with vulscan.exe.
Scanning:
A security scan works the same as before for all current content. Whenever the scanner encounters a definition with Next Gen content it will launch the fixed script contained within the definition and perform the following actions:
- Check for definition scan results in memory.
- If this is the first Next Gen definition encountered in the current security scan, no scan results will be found on the client and the following will occur:
- The client will check if it needs to download any Next Gen binary files from the core (ldlogon/timber) and transfer them to the LDCLient\Timber directory:
- The detection rules “WindowsPatchData.zip” file (about 14MB) is updated on the content servers every time new content is added and will be download to the client. If WindowsPatchData.zip already exists on the client, the smaller delta files will be used to update this file to the current version.
- Additional Next Gen binary files will be downloaded if the current versions do not already exist on the client:
- The Next Gen COM object is then registered on the client to allow Vulscan.exe to interact with the Next Gen scan engine
- The Next Gen scan engine then scans for ALL vulnerabilities and stores the scan results “in-memory”. A FULL scan of all vul_defs is only completed if this is the first Next Gen definition encountered in the current security scan.
- The script then references the in-memory scan results to determine if the current definition is vulnerable.
The security scan continues scanning as usual. For any remaining Next Gen content definitions in the current security scan, the detection script will return the result of the specified definition from the in-memory scan results.
The Next Gen scanner runs (maximum of once per vulscan instance) it checks for everything and stores that information in memory, but that information is only used by Next Gen definitions. Legacy definitions work the same way they always have.
Remediation:
- Patch files (Default location - Ldlogon/Patch) uses the existing download mechanism "lddwnld.dll" to transfer the patch files to the sdmcache directory on the client.
- The pre-defined remediation script calls the Next Gen SDK with a GUID, Language and a unique file name that’s used for patching.
- A temporary “package” is created during the repair and contained on the client (Programdata\Landesk\Timber\Pkgs) which is used by the Next Gen patch SDK.
Logging
The vulscan.log file will continue to serve as the primary log for content detection and remediation, however, several additional logs have been introduced to provide further insight on the activity of the Next Gen content.
- vulscan.log (Programdata\Landesk\Log folder)
- PatchManifestSyncSDK.log (Programdata\Landesk\Log folder)
- PatchScanSDK.log (Programdata\Landesk\Log folder, only created when debug trace logging is disabled)
- PatchScanSDKDpdTrace.log (Programdata\Landesk\DebugLog folder, only created when debug trace logging is enabled)
- STDeploy.log (Programdata\Landesk\Log folder, but only created when repairing)
- TimberDeployEvents.log (Programdata\Landesk\Log folder, only created when repairing)
Pre-Staging Next Generation Binaries
Why patch compliance don't download new update patch.
Dear All,
From I LANDesk Management Suite 9.6 SU 3.I observe patch can't download new patch since October 2017 (Checked from sort publish date)
Inspection and correction
I try to reactivate license.
Image may be NSFW.
Clik here to view.
I already checked license as below.
Image may be NSFW.
Clik here to view.
I try to checked path location for download.
Image may be NSFW.
Clik here to view.
Log file as below.
01/09/2018 18:04:56 INFO 7768:1 : ------------------- Update process started --------------------
01/09/2018 18:04:56 INFO 7768:1 : Verifying access to site US West Coast (https://patch.landesk.com)
01/09/2018 18:05:15 INFO 7768:1 : Downloading Patches
01/09/2018 18:05:15 INFO 7768:1 : Attempting to download 0 patches
01/09/2018 18:05:24 INFO 7768:1 : Updating patch downloaded status for 44327 patches
01/09/2018 18:07:57 INFO 7768:1 : Finished downloading patches
01/09/2018 18:07:59 INFO 7768:1 : Completed updating definitions
01/10/2018 09:38:26 INFO 20204:Main Thread : ------------------- Update process started --------------------
01/10/2018 09:38:27 INFO 20204:Main Thread : Verifying access to site Europe (https://patchemea.landesk.com)
01/10/2018 09:38:51 INFO 20204:Main Thread : Downloading Patches
01/10/2018 09:38:51 INFO 20204:Main Thread : Attempting to download 0 patches
01/10/2018 09:38:55 INFO 20204:Main Thread : Updating patch downloaded status for 44327 patches
01/10/2018 09:41:22 INFO 20204:Main Thread : Finished downloading patches
01/10/2018 09:41:24 INFO 20204:Main Thread : Completed updating definitions
01/10/2018 09:47:22 INFO 20204:Main Thread : ------------------- Update process started --------------------
01/10/2018 09:47:22 INFO 20204:Main Thread : Verifying access to site US East Coast (https://patchec.landesk.com)
01/10/2018 09:47:25 INFO 20204:Main Thread : Downloading Patches
01/10/2018 09:47:25 INFO 20204:Main Thread : Attempting to download 0 patches
01/10/2018 09:47:33 INFO 20204:Main Thread : Updating patch downloaded status for 44327 patches
01/10/2018 09:49:53 INFO 20204:Main Thread : Finished downloading patches
01/10/2018 09:49:56 INFO 20204:Main Thread : Completed updating definitions
01/10/2018 10:01:37 INFO 21324:Main Thread : ------------------- Update process started --------------------
01/10/2018 10:01:38 INFO 21324:Main Thread : Verifying access to site US West Coast (https://patch.landesk.com)
01/10/2018 10:01:55 INFO 21324:Main Thread : Downloading Patches
01/10/2018 10:01:55 INFO 21324:Main Thread : Attempting to download 0 patches
01/10/2018 10:02:02 INFO 21324:Main Thread : Updating patch downloaded status for 44327 patches
01/10/2018 10:04:30 INFO 21324:Main Thread : Finished downloading patches
01/10/2018 10:04:32 INFO 21324:Main Thread : Completed updating definitions
Clik here to view.
Timber\CL5.exe reported as Trojan in F-Secure and other AV-scanners
Hi,
we are using F-Secure and get reports for recognition of the CL5.exe as a Trojan
I check it with Virustotal.com:
Result 7/65:
Clik here to view.
How to patch Office 365
Overview:
Ivanti Patch and Compliance now provides support for Office 365 versions 2013 and 2016. Patch and Compliance administrators can now scan, detect, and remediate client devices that have Office 365 installed. For Office 365 version 2013, Ivanti leverages the Microsoft Office Deployment Tool to perform the remediation tasks for updating Office 2013 installations. For Office 365 version 2016, Ivanti has developed an Office Com API to perform remediation tasks for updating Office 2016 installations. Ivanti provides a utility (Office365Util.exe) for you to use to download the Office installation data and to check the hash for Office 2016 installation data. When the Office patches are downloaded, Ivanti Endpoint Manager will check the hash on the pertinent files to ensure validity.
High Level Process
- The Ivanti administrator downloads Office 365 definitions from the Ivanti global servers.
- Once the Office 365 definitions are downloaded to the core, the Ivanti administrator can scan for those Office 365 vulnerabilities.
- In order to remediate (apply latest patches) detected vulnerabilities, Ivanti administrator have to manually run, on the core machine, a new tool provided by Ivanti (Office365Util.exe). Using this tool, the Ivanti administrator can choose the Office 365 versions that are relevant to the environment. The Ivanti Office 365 utility will download the patch binaries and the Microsoft Office deployment tool from the Microsoft cloud.
- Once the patch binaries are downloaded to the core, the Ivanti administrator can apply the patches to all vulnerable endpoints using the standard method of applying patches.
Step 1: Download Content
Customers download the Office 365 vulnerability definitions, the O365Util.dll, and the Office365Util.exe from the Ivanti Global Host Content Server by downloading the latest Microsoft Windows Vulnerabilities.
Download Updates (Microsoft Windows Vulnerabilities) | Updating Definitions (Office365Util.exe/O365Util.dll) |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
Updating Definitions (MSO365)MSOFFICE 365 (Vul_Defs) | MSO365 (Vul_Defs) |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
Step 2: Launch Office365Util.exe
Upon successful content download, an Office365Utility folder is created under the LDLogon share and will contain the Office365Util.exe file provided by Ivanti.
\\Core_Server\LDLogon\Office365Utility
Image may be NSFW.
Clik here to view.
This utility will allow you to select the specifics regarding the Office 365 product you are patching. Launch this utility directly from C:\Program Files\LANDesk\ManagementSuite\ldlogon\Office365Utility\ by double-clicking on Office365Utility.exe
(do not try to run it via the network share \\Core_Server\LDLogon\Office365Utility or \\localhost\LDlogon\Office365Utility as you will get an error).
Step 3: Select Options from Office365Util
The view provided below displays the available options inside of the Office365Util application (Ivanti Office 365 Utility for Patch and Compliance):
Platforms | Deployment Tools |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
Channels | Office 365 (2013) Product List View |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
In order to successfully patch Office 365, select which Office 365 patch product updates to download in order to support client remediation. After selecting the desired product updates from the Ivanti Office 365 Utility for Patch and Compliance application, click START.
Image may be NSFW.
Clik here to view.
Office 365 Tool
The START action will do (2) things:
- Create an Office365Tool folder under the LDLogon share and process the Microsoft setup.exe file
\\Core_Server\LDLogon\Office365Tool
The contents of this folder will contain the Deployment Tool Type (2016 or 2013) selected during the download and all relative installation data applicable to the options selected in the Ivanti Office 365 Utility for Patch and Compliance
application. The display below will outline the contents of both Deployments Tools (2016 and 2013).
If you have both 2016 and 2013 products in need of patching, the download has to be completed separately.
Office365Tool | Deployment Tool Options |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
2016 Content | 2013 Content |
---|---|
Image may be NSFW. Clik here to view. ![]() | Image may be NSFW. Clik here to view. ![]() |
2. Create an Office365 folder under the LDLogon\Patch share that contains the patch files(s):
\\Core_Server\LDLogon\Patch\Office365
Patch Location
Updated Office 365 patching is not designed to take advantage of our download technology. The client device will NOT download o365 patch files from a preferred server or peer device. The files will be retrieved from the default or non-default patch location.
Image may be NSFW.
Clik here to view.Image may be NSFW.
Clik here to view.
Non-Default Patch Location
This section is only applicable to those who have changed the default download location for patches. After downloading the Office 365 patch updates and installation data with the Ivanti Office 365 tool, the following SOURCE will be in the vulnerability definition:
Office 365 (2016)
httpSourcesURL="Core_Server/LDLogon/Patch/Office365/DeploymentToolType/Channel/Architecture"
Ex: httpSourcesURL=http://2016E/ldlogon/patch/office365/2016/current/x64
Office 365 (2013)
httpSourcesURL=http://Core_Server/LDLogon/Patch/Office365/DeploymentToolType
Ex: httpSourcesURL= http://2016E/ldlogon/patch/office365/2013
In order for the Patch Install Commands in the vulnerability definition to interpret the correct patch location, the Custom Variable will have to be set in every MSO365 vulnerability definition.
To do this open the properties on the definition and select the Custom Variables tab. By default the value specified will resolve to the default patch location.
Image may be NSFW.
Clik here to view.
You will need to explicitly set the value to reflect the location your patches reside.
Image may be NSFW.
Clik here to view.
The Patch Install Commands section of the definition utilizes a script that resolves the Custom Variable.
Image may be NSFW.
Clik here to view.
References
How to change the default Patch Location for Security and Patch Manager
Next Gen: Why the Delta vs Cumulative Update is Offered for Windows 10
Purpose
This article explains how our detection the Delta or Cumulative version of the patch is offered.
Description
Our detection logic will verify the 'UBR' value from the registry to determine if the Delta or the Cumulative update will be offered.
HKLM" Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion" Value="UBR" (Update Build Revision)
- The Delta is offered if build version equals N-1. (N= Latest Build. Current build being offered minus one version level)
- The full Cumulative update is offered if build version is N-2 or less.
You will only be offered one or the other and never both.
Related Documentation
Clik here to view.
anyone been able to push 1709 update to windows 10 in LANDesk?
Looks like is a service pack but when i open that it says it is a manual download
String not found Patch Action 47
Issue:
Getting messages like the following in the Security and Patch Information for clients on the History page:
String not found Patch Action 46
String not found Patch Action 47
Solution:
The messages are cosmetic and can be ignored. They will go away if you upgrade to 2016.3 with the latest update or 2017.3.
Next Gen Microsoft Windows Vulnerabilities (beta) is not shown in the Patch Manager > Download updates > Windows > Vulnerabilities
Next Gen Microsoft Windows Vulnerabilities (beta) is not shown in the Patch Manager > Download updates > Windows > Vulnerabilities
Image may be NSFW.
Clik here to view.
To resolve the issue, click on and select "Microsoft Windows Vulnerabilites", click on button "Apply" and click on the button "Download now".
Image may be NSFW.
Clik here to view.
Once the download completes, go back to "Download updates" and the definition type "Next Gen Microsoft Windows Vulnerabilities ( beta ) will be shown.
Error: "Unable to find string with ID message" in Vulscan UI
If you are like me living a country that does not have a localized version of LANDESK, you might run into this issue.
You start the Vulnerability Scan and when the message should appear that the vulscan detects a vulnerability, you only get the message: Unable to find string with ID...
This happens because LANDESK doesn't support the language of your OS but builds a XXXvulscan.dll with your language code. In the case of The Netherlands, we would see a NLDvulscan.dll. This 'localized' dll unfortunately doesn't contain the all of the strings the vulscan UI asks for.
To remedy this, go to the LDLogon share on the Core Server. Copy the ENUvulscan.dll and rename the copy to XXXvulscan.dll, XXX being your country ID. If the localized DLL exists already, delete it before you rename the copy.
That's it. Your vulscan running on the workstation will detect a newer DLL on the server and automatically download it. And you will have all the strings available from the English languange DLL, showing you exactly what is detected and more.
In addition this can occur if not all Vulscan related files are up to date and there is a mismatch.