Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Convert CSI Package for App/Program deployment

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
kjohnston Convert CSI Package for App/Program deployment
Member 24th Jun, 2014 16:48
Ranking: 0
Posts: 2
User Since: 8th Apr, 2014
System Score: N/A
Location: CA
Last edited on 24th Jun, 2014 16:50

I am wondering if it is possible to take a package that was created using CSI and instead of deploying it through the "Windows update" method, we can deploy it using the Application or Program model while still keeping all the settings you modified during the package creation.

A few challenges I am having is that if I am patching an app that requires the application to be closed prior to the update, I don;t see any way to control this through the patch management process..
When we deploy windows updates the users machine might still be on with all apps open, and once the uodates are applied then the user is told to reboot... If i do the same thing and deploy Adobe reader, it will just fail because it is open.

How do I avoid this, or at the very least allow us to control the deployment (put the file in a script that prompts the user, or a script that force closes the app).

Another thing is making this available in a Task Sequence during image deployment, not sure if that is possible.

r.danailov RE: Convert CSI Package for App/Program deployment
Secunia Official 26th Jun, 2014 09:06
Score: 25
Posts: 173
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi,

You can export each and every package, just as it was modified with additional settings (only at page 1 and 2) by using the ''Create SPS Package'' button at step 2 of the SPS wizard where you can also configure your scripts.

After a package is being exported, you can do whatever you like with it - there are two files being exported where the ''sps.exe'' is the file that has all settings and the appropriate script - this is the file you need to deploy onwards.

Windows Update has a mechanism to tackle patches that are running at the time of installing your new patch. The WU service will attempt to install them, they may logically fail because the application is open, but WU will flag the failed patch as ''Pending for Installation'' and it will install it anyway during Shut Down since the user is then being logged off and no running processes can interfere with the pending update installation (which happens before WU service halts).

Unfortunately, as you wish to use another deployment service to install your patches, we cannot provide you with further recommendations on how to achieve the 'pending state' in case some patches are failing because their application is running.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support
kjohnston RE: Convert CSI Package for App/Program deployment
Member 26th Jun, 2014 13:59
Score: 0
Posts: 2
User Since: 8th Apr 2014
System Score: N/A
Location: CA
I am using SCCM 2012 R2 to deploy these patches.

I am just not sure if it is better to deploy using a SUG or create it as an App so I can control how it gets installed, but I will test the theory of having my deployment "fail" because it is open, then restart the machien and see if it works, if that is the case then I am OK with that.

The second thing I am trying to do is during an OS Deployment I would like to have the SUG get installed so that if a machine does not have the latest version of say Java, that during the deployment phase it installs it. No user is logged on at that time, so the installs should not fail.

I have the SUG configured to be Installable, which I understand should install the application/program regardless of if it is installed or not on the machine.

Maybe this approach is also best suited for using the sps.exe file and deploy it as a Program during install.

When I take an sps.exe file and just double click it it does not run silent, and I cannot seem to add any switches to it to make it run silent, so I am not sure why the sps.exe file is not allowing me to add switches. I assume you guys just create a wrapper around the script and file? This would make sense, but also does not make it versatile in deploying it once it is wrapped.
Was this reply relevant?
+0
-0
r.danailov RE: Convert CSI Package for App/Program deployment
Secunia Official 1st Jul, 2014 09:41
Score: 25
Posts: 173
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Last edited on 1st Jul, 2014 09:44
Hi,

Excuse me, but I am not sure I understand the below sentence.
May I kindly ask you to elaborate in order for me to understand the question completely?

I have the SUG configured to be Installable, which I understand should install the application/program regardless of if it is installed or not on the machine.

if I understand correctly, you are talking about the feature ''AlwaysInstallable'' available in the Secunia Package System. Is that correct?

When you double-click on a package that is named 'sps.exe' (being exported via CSI), it is expected to install. If it did not install, then there is some type of a technical problem which you do not see since it's made to be silent.

This problem could either be related to permissions (double-clicking only allows UAC to apply account restrictions, try using 'Run As Administrator).

If it's not permission-related, then I would assume installation problem. In this case, you can take the other file being exported (with the longer name) and run it with a double-click (equal to manual installation) so that you see the GUI upon installation, thus you can also see the error and determine what's the issue.

You are correct, we create a wrapper around the script and the original installer. We have not intended these packages to be versatile in terms of modification after being exported. The export feature is there to help customers troubleshoot, and to allow other tools to deploy fully built patches as per Secunia's recommendation and technology.

If we allow you to modify a package that had been exported, then in practice this package looses it's purposes intended by our software. You are however always able to re-edit your script, re-export your package, so anyway the procedure is as flexible as it could be.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability