Hello,

during download of install_flash_player_10_active_x.exe we got a error:

"Hash for patch install_flash_player_10_active_x_10.3.181.16.exe does not match with host. Discarding."

I checked patch list: http://community.landesk.com/support/docs/DOC-23222

LANDesk Patch News Bulletin: Adobe has Released FlashPlayer Version 10.3.181.16 02-JUN-2011

I found on Adobe page the hint, that a new version exist since two days (!) Version 10.3.181.22 and 10.3.181.23 (for ActiveX)

http://www.adobe.com/support/security/bulletins/apsb11-13.html

So it could be helpful to change/update the definition...

Regards

axel

Hie everybody,

Since Landesk has published that Google Chrome can now be upgraded following the classical patchng process (except the manual download), i'm trying to update my computer using that system but i have a problem with the "hash" of the file i get from the URL.

It seems that it is not the one that Landesk vulscan is waiting for.

See an extract of my vulscan.log :

**********************************************************

Processing vulnerability GOOGLE_CHROMEv13.0.782.220_Manual
Checking vulnerability GOOGLE_CHROMEv13.0.782.220_Manual, rule index 0
     No products specified for vulnerability.  Assuming it applies.
Running detection script
This is a MSI version so exit the exe rule.
VUL: 'GOOGLE_CHROMEv13.0.782.220_Manual' not detected.  File/OS version(s) verified

   Patch is NOT installed
Checking vulnerability GOOGLE_CHROMEv13.0.782.220_Manual, rule index 1
Prod Google Chrome that installed with msi package (ID:GOOGLE_CHROME_MSI) verified HKLM\SOFTWARE\Classes\Installer\Products\DB53FD4563A4AD530B920A0C388C6841, ver:
Running detection script
strVersion=201516656
GOOGLE_CHROMEv13.0.782.220_Manual detected
VUL: 'GOOGLE_CHROMEv13.0.782.220_Manual' DETECTED.  Reason 'Patch detected'.  Expected '218304220'.  Found '201516656'.  Patch required 'GoogleChromeStandaloneEnterprise_13.0.782.220.msi'.

   Patch is NOT installed

Downloading http://xxx/landesk/patches/GoogleChromeStandaloneEnterprise_13.0.782.220.msi
SubnetAwareDownload (peerOnly = 0) returned 0x0
File received: C:\Program Files\LANDesk\LDClient\sdmcache\GoogleChromeStandaloneEnterprise_13.0.782.220.msi
Warning: downloaded file "http://xxx/landesk/patches/GoogleChromeStandaloneEnterprise_13.0.782.220.msi" hash "cspdl8wcv1DwNnKkSBiYQQ==" doesn't match "EBjXcbK4TThzFB20pYbgTA==".
  Retrying in 15 seconds...
Last status: Retrying in 12 seconds...
Last status: Retrying in 11 seconds...
Last status: Retrying in 10 seconds...
Last status: Retrying in 9 seconds...
Last status: Retrying in 8 seconds...
Last status: Retrying in 7 seconds...
Last status: Retrying in 6 seconds...
Last status: Retrying in 5 seconds...
Last status: Retrying in 4 seconds...
Last status: Retrying in 3 seconds...
Last status: Retrying in 2 seconds...
Last status: Retrying in 1 seconds...
Last status:
Setting peer download to: 0
Deleting and Retrying...
SubnetAwareDownload (peerOnly = 0) returned 0x0
File received: C:\Program Files\LANDesk\LDClient\sdmcache\GoogleChromeStandaloneEnterprise_13.0.782.220.msi
Warning: downloaded file "http://xxxlandesk/patches/GoogleChromeStandaloneEnterprise_13.0.782.220.msi" hash "cspdl8wcv1DwNnKkSBiYQQ==" doesn't match "EBjXcbK4TThzFB20pYbgTA==".
  Retrying in 15 seconds...
Last status: Retrying in 12 seconds...
Last status: Retrying in 11 seconds...
Last status: Retrying in 10 seconds...
Last status: Retrying in 9 seconds...
Last status: Retrying in 8 seconds...
Last status: Retrying in 7 seconds...
Last status: Retrying in 6 seconds...
Last status: Retrying in 5 seconds...
Last status: Retrying in 4 seconds...
Last status: Retrying in 3 seconds...
Last status: Retrying in 2 seconds...
Last status: Retrying in 1 seconds...
Last status:
Deleting and Retrying...
DownloadFileEx returned 0x0
File received: C:\Program Files\LANDesk\LDClient\sdmcache\GoogleChromeStandaloneEnterprise_13.0.782.220.msi
Warning: downloaded file "http://xxx/landesk/patches/GoogleChromeStandaloneEnterprise_13.0.782.220.msi" hash "cspdl8wcv1DwNnKkSBiYQQ==" doesn't match "EBjXcbK4TThzFB20pYbgTA==".
Setting peer download to: 1
Download Failure: Error 800736cc downloading http://xxx/landesk/patches/GoogleChromeStandaloneEnterprise_13.0.782.220.msi
Last status: Failed: Could not download http://xxx/landesk/patches/GoogleChromeStandaloneEnterprise_13.0.782.220.msi

*****************************************

All the other patches works fine like Flash player, firefox , .....

Any ideas will be appreciated. Thanks a lot

We are getting the error "Cannot Find Agent" when we tried to deploy patches on to several clients remotely.

Close to 500 clients had resluted in the same error.

The status is showing OFF to all the machines,

Kindly suggest possible solutions as we have limited access to machines.

Hello,

Has anyone come across this error? Any help is much appreciated.

I am patching few servers this weekend, and some of them have the status - 'Failed' with Result - 'Unknown Status Code (0x4005,0:16389)'. I checked those servers randomly and noticed patches are installed successfully, but no idea what this error code means.

We are on LANDesk 9.0 SP3 and I am patching againist a Custom Group.

Thanks in advance for any hints, comments or suggestions.

If I apply an update from patch manager for java or adobe products it will override previous settings that were created to stop the applications from trying to self update.

Does anyone know a way without using security Suite to make this happen.  End users to not have the ability to install and this creates a lot of calls to the help desk.

I just wanted to let everyone know, or remind those that already know that Java 6 / JRE 6 is now EOL and that you will not be seeing any new patches for it and that it has a lot of serious vulnerabilities in it.  The last public version was 1.6.0_45

If your company needs Java 6 still, that can purchase extended support from Oracle and get the new patch(es) and create their own Custom Definitions (you can clone the last JRE 1.6 patch and modify as needed as a template) to patch their systems.

Ignoring outdated versions of Java is one of the most serious mistakes you can make!

LANDesk should be releasing one of their new "EOL" detection rules (patches as many of us call them) for this version in the near future, these "EOL" patches will only detect EOL products and alert you to their existence, but will not remove them... You could though clone it and add your own removal or upgrade commands.

Does LANDesk have any plans to release the auto-upgrade patch & definition from v6 to v7 of Java? It would be nice to get that to run natively in LANDesk Patch Manager. Right now, we are prepping a script to uninstall v6 on all systems with software deployment, but I'd love to be able to use a LANDesk-provided patch to do it instead.

LANDeskers -

     Ive been going through the process of creating a new 9.0 core in our existing 8.8 SP3 environment so i can do some testing / training before migrating each of the agents across. Im currently using my own T400s as the current guinea pig for both the new agent and LDAV client, new core install has been straight forward with no issues reported thus far. What i would like to ensure i can get running first is Security and Patch Manager, setting up new policies etc is not a problem (more toward the reason for building the new core, to clean out the old policies) but what i am really after here is the patch information such as:

     - Autofix status

     - Scan / Do Not Scan / Unassigned status

     I have already copied the existing patches from the 8.8 Sp3 - 9.0 Server, updated the patch location which has updated fine (test settings reports all clear).

     I read a forum post which explained to run 'vaminer.exe /exportstatus=patchstatus.xml' the command runs no issue, i can pick up the resulting file but when i try to import it i receive the error 'Unknown XML content'. I would try it again to confirm the error, but i have kicked off the definition download, which will take some time to complete.

     Am i going about this the correct way? Ive read through the BKM's etc which do reference doing this, but now process as to how.

     Cheers - Ben

Just a heads up, MS has pulled MS13-036 after finding issues with it

You should read this articlehttp://community.landesk.com/support/docs/DOC-28339

LANdesk 8.7 SP3 - cleints xp sp2. Everything has been running fine with patch, but recently I started to get a lot of the following errors during normal scans and when I do repairs:

• Seeing this a lot but scan says it finsihed with no errors - would not worry about it but see other errors below. Searched but could not find 10053 error. Googled and seems to be an issue with Mcafee and this error when port 25 is blocked for mail. We do run Mcafee 8.0 and upgrading to 8.5 - happens on both versions.

Fri, 23 May 2008 13:02:12 Action SOAPAction: "http://tempuri.org/GetAllPatches2" failed, socket error: 10053, SOAPCLIENT_ERROR: 5.  Status code: -1, fault string

• This one sucks since the repair does not run. Not sure why it says could not relove deviced ID. I run a scan and inventory manually and it works fine. If I run the job agin it appears to work fine. Never seen these errors before, any ideas?

Thu, 22 May 2008 23:01:09 C:\program Files\Landesk\ldclient\VulScan.exe version <8.70.7.26> started
Command line: /nosync /Repair "Group=326" /AgentBehavior=2 /noreboot
Administrator rights are present
MSXML 3.0 is installed
File C:\Program Files\LANDesk\Shared Files\ProxyHost.exe version within specified
Using proxyhost to communicate with the core
Updating settings 
Thu, 22 May 2008 23:01:09 SendRequest: SOAPAction: "http://tempuri.org/GetHashForFile"


Thu, 22 May 2008 23:01:09 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Retrying in 13 seconds...
Thu, 22 May 2008 23:01:23 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Retrying in 13 seconds...
Thu, 22 May 2008 23:01:36 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Disabling vulscan's & lddwnld.dll's use of proxyhost
Retrying in 12 seconds...
Thu, 22 May 2008 23:01:48 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Disabling vulscan's & lddwnld.dll's use of proxyhost
Handling case of core server not found.
RemovePolicy started
RemovePolicy(): unable to LoadState (this is not an error)
using platform WinXPSP2
About to execute the app cmd.exe using the command line of /c WinXPSP2_LDMS_Healthy_remove.bat
About to execute the app cmd.exe using the command line of /c WinXPSP2_LDMS_Unhealthy_remove.bat
Self update Failure: Core did not return requested file hashes.  Error: 80004005
Using cached agent behavior from file C:\Documents and Settings\All Users\Application Data\vulScan\AgentBehavior_2.xml
Behavior name CEG Scan Default Silent.  Revision 1.
CVBehavior name Custom Variable Override 5.  Revision 1.
AV - Not scheduling /scancomputer task
AV - Not scheduling /update task
CoreServer: CORENAME
Device ID: {1C97EC7C-9BED-ED40-991A-B2A0F2F681A5}
Install language lcid: 0x4e40409, primary id: 9, sub id: 1
System Language: ENU, OS Install Language: ENU
Platform: winxp
OS Suite Mask: 256 (0x100)
exchange=
CommonProgramFiles=C:\Program Files\Common Files
IP address: 
Verifying device ID with core CORENAME
Patch Installer: Failed to resolve DeviceID {1C97EC7C-9BED-ED40-991A-B2A0F2F681A5} to a ComputerID 0 from core, aborting.  HRESULT is 80004005.
-------------------Patch Installation----------------------
Getting list of patches 
Reboot and rescan.  Rescan set to false, so doing nothing.
Thu, 22 May 2008 23:01:48 Exiting with return code 0x8db30196.

I checked all the VUNC/folder rights on the core. I can browse to  http://CORENAME/WSVulnerabilityCore/VulCore.asmx. Also the deviced id listed above is still the same.

Thanks.

Hello.

I'm currently writing a batch script to handle patching of Windows servers.

I'm using a batch script to run vulscan because I want to leave some evidence / logging on the local server to show what have been done.

As a part of my logging, I'd like to log if the server is pending a reboot after installing patches. On Windows 2003 Server, the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session      Manager\PendingFileRenameOperations allows me to detect that and that is working fine. However, that key doesn't seem to be used consistently on Windows Server 2008 R2!?

Accoding to http://support.microsoft.com/kb/832475 some newer updates can write sort of the same status to registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile but I haven't had much luck with finding any updates that make use of this (have tested with the latest MS updates from this week). Still, if I install patches via vulscan that requires a reboot and then running the same vulscan again without rebooting, the patch installation will fail because a reboot is pending (as shown on the attached screenshot).

Are there other ways of detecting a pending reboot? I seem to recall something about vulscan also being able to set a pending reboot flag, but I can't find any information about it.

Thanks in advance

/Michael

Anyone have a direct link to this patch? I found all the others but this one is MIA....

Thanks!

Fellow Custom-Vulnerabilitarians:

Don Moss and I have been tasked to present on Custom Vulnerabilities at Interchange in Vegas.  In the past when I presented this topc, I have used customer examples of how to accomplish interesting and off-the-wall feats using the Custom Vul.  These original custom vuls (from my Interchange session 3 years ago) were the reason this sub-community site was created - probably should have been in LDMS instead of LDSS as Cust Vuls are included in LDMS.  If you have or know someone who has created a cool or interesting custom vul, please let me know.  I will have swag for the folks that have thier custom vul used in the preso.  See you in Vegas!

JW

John Wyckoff

NA technical team lead for channel enablement

LANDesk SW Inc

I work for a state agency with about 13,000 devices reporting to one Core. We are running LDMS 9.0 SP2. My question is, we are trying to develop our patching method for all Microsoft updates via LD Patch Manager. We have been tasked with creating a process with Patch Manager that would mimic what WSUS does in terms of automated patch management. We are struggling to find a solution. Has anyone in a similar environment with a similar number of devices successfully accomplished this? Any advice/information/suggestions/recommendations would be greatly appreciated.

Thanks.

I have some machines that show they require specific patches. I intall them successfully with LANDesk, reboot the machines and re-scan them. The patches still show up as being needed. Just for the heck of it I went to Windows Updates which showed the machines needed the same patches. I applied them through that method. Ran Windows Updates again and it shows they needed them.

The patches include MS10-001, MS10-076 on two of my machines.

The patches MS11-050, MS11-057 and MS11-81 on another machine.

Any ideas what to do?

Hi,

I recently upgraded to LDMD 8.8 (SP2) and now I am turning my attention to patching our windows clients as we did with the previous LDMS versions.

The issue I am having now is that I can not run a vulnerability scan on any client. If run it from start\programs\LANDesk management\security scan I get “Failed Cannot Interpret data” (picture1.jpg), and I have created a scheduled task that also fails, the result is “Unable to get vulnerability definitions from core” (picture2.jpg).

Schedule task script below:

[MACHINES_WIN]

;--- assumes that ldappl.ini is in same dir as the .exe

REMEXEC1=<qt/>%LDMS_CLIENT_DIR%\Vulscan.exe<qt/> /agentbehavior=6 /taskid=%TASKID%, STATUS

[MACHINES_MACX]

REMEXEC1=ldkahuna \"/Library/Application Support/LANDesk/bin/ldpatch\" /agentbehavior=6 /taskid=%TASKID%, STATUS

[MACHINES_LINUX]

REMEXEC1=/usr/LANDesk/ldms/vulscan -V2 -t %TASKID%, STATUS

Any pointers would be appreciated.

Hello.

I was wondering what the easiest and best method of maintaining autofix settings for multiple definitions and multiple scopes are?

Since upgrading to LD 9.5, we are using the "autofix by scope" feature to do our patching. We generally speaking have 3 scopes for patching workstations which is "patch everything", "patch everything except Java" and "patch nothing". When releasing new patches we then have to update the autofix settings for the patching scopes so newly released patches will get installed via autofix.

Since it (to me) for some unknown reason isn't possible to change the autofix settings on multiple definitions at once when they're in the "Unassigned" folder, the change will have to be made in the "Scan" folder. What we do is changing to the "patch everything" scope, select all definitions in the folder, right-click one of them and choose "Enable autofix for the current scope". We then change to the "patch everything except Java" scope, select all definitions except the Java related ones, right-click one of them and choose "Enable autofix for the current scope".

While that procedure works, there's a significant risk of errors and the process seems a bit cumbersome if the procedure should be extended to more scopes or additional patches should be excluded from a scope.

Is there a better way of doing it?

Thanks in advance.

I'm using LANDesk Management Suite Service Pack 3 and have duplicates of all my devices in device names.
Not sure what is causing this...

I've started our monthly patch cycle I've noticed that MS13-045 (Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)) is failing when it tries to install as part of our patch custom group for this month.

Looking into one PC, it is failing with the following error:

Anyone else facing this error?

If it can't be patched as part of our monthly group, we'll have to do a stand-alone patch task for this one...

LANdesk 8.7 SP3 - cleints xp sp2. Everything has been running fine with patch, but recently I started to get a lot of the following errors during normal scans and when I do repairs:

• Seeing this a lot but scan says it finsihed with no errors - would not worry about it but see other errors below. Searched but could not find 10053 error. Googled and seems to be an issue with Mcafee and this error when port 25 is blocked for mail. We do run Mcafee 8.0 and upgrading to 8.5 - happens on both versions.

Fri, 23 May 2008 13:02:12 Action SOAPAction: "http://tempuri.org/GetAllPatches2" failed, socket error: 10053, SOAPCLIENT_ERROR: 5.  Status code: -1, fault string

• This one sucks since the repair does not run. Not sure why it says could not relove deviced ID. I run a scan and inventory manually and it works fine. If I run the job agin it appears to work fine. Never seen these errors before, any ideas?

Thu, 22 May 2008 23:01:09 C:\program Files\Landesk\ldclient\VulScan.exe version <8.70.7.26> started
Command line: /nosync /Repair "Group=326" /AgentBehavior=2 /noreboot
Administrator rights are present
MSXML 3.0 is installed
File C:\Program Files\LANDesk\Shared Files\ProxyHost.exe version within specified
Using proxyhost to communicate with the core
Updating settings 
Thu, 22 May 2008 23:01:09 SendRequest: SOAPAction: "http://tempuri.org/GetHashForFile"


Thu, 22 May 2008 23:01:09 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Retrying in 13 seconds...
Thu, 22 May 2008 23:01:23 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Retrying in 13 seconds...
Thu, 22 May 2008 23:01:36 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Disabling vulscan's & lddwnld.dll's use of proxyhost
Retrying in 12 seconds...
Thu, 22 May 2008 23:01:48 Action SOAPAction: "http://tempuri.org/GetHashForFile" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string: 
Disabling vulscan's & lddwnld.dll's use of proxyhost
Handling case of core server not found.
RemovePolicy started
RemovePolicy(): unable to LoadState (this is not an error)
using platform WinXPSP2
About to execute the app cmd.exe using the command line of /c WinXPSP2_LDMS_Healthy_remove.bat
About to execute the app cmd.exe using the command line of /c WinXPSP2_LDMS_Unhealthy_remove.bat
Self update Failure: Core did not return requested file hashes.  Error: 80004005
Using cached agent behavior from file C:\Documents and Settings\All Users\Application Data\vulScan\AgentBehavior_2.xml
Behavior name CEG Scan Default Silent.  Revision 1.
CVBehavior name Custom Variable Override 5.  Revision 1.
AV - Not scheduling /scancomputer task
AV - Not scheduling /update task
CoreServer: CORENAME
Device ID: {1C97EC7C-9BED-ED40-991A-B2A0F2F681A5}
Install language lcid: 0x4e40409, primary id: 9, sub id: 1
System Language: ENU, OS Install Language: ENU
Platform: winxp
OS Suite Mask: 256 (0x100)
exchange=
CommonProgramFiles=C:\Program Files\Common Files
IP address: 
Verifying device ID with core CORENAME
Patch Installer: Failed to resolve DeviceID {1C97EC7C-9BED-ED40-991A-B2A0F2F681A5} to a ComputerID 0 from core, aborting.  HRESULT is 80004005.
-------------------Patch Installation----------------------
Getting list of patches 
Reboot and rescan.  Rescan set to false, so doing nothing.
Thu, 22 May 2008 23:01:48 Exiting with return code 0x8db30196.

I checked all the VUNC/folder rights on the core. I can browse to  http://CORENAME/WSVulnerabilityCore/VulCore.asmx. Also the deviced id listed above is still the same.

Thanks.