Installed and setup Shavlik Patch. Getting this error:
Manifest synchronization error. Code=1, message=File 'C:\Users\username\Shavlik\Shavlik Patch\engines.manifest.xml' failed signature check: http://xml.shavlik.com/data/patch/v2/21/manifest/engines.manifest.xml
I can download the file manually. There doesn't seem to be any signature on it though.
I saw a post from a couple years ago with the same issue that didn't have any resolution so I thought I'd revisit this. I have a machine group that has a couple OU's in it and some single machines that are apart of those OU's, but I have them set to exclude when scanning. All of my results when scanning this machine group show that it's still trying to scan these machines though.
Here you can see where I have them listed to be excluded from the scans.
Here are the results of a scan from that machine group that shows the machines as trying to be scanned.
I have had no issues with agentless scanning and deployment. I am however having issues with agent deployment of patches. In the agent patch log I see deployment process failed and none of the computers with the agent are patching they seem to be scanning fine. I have made sure all ports are opened in and out as detailed in the administration guide. I also have tried without anti-virus, tried to point it to vendor site for patch downloads as well as specifying a distribution server (which I confirmed the needed patches were in the distribution share) as well as console download. Have removed and reinstalled the agent verbatim as in the complete uninstall document. Tried different agent policies and tried using the default agent standard deployment Template as well as custom ones nothing thus far seems to work. I have also patiently waited several days for the patches to download and install but nothing. The propatch patch folder is also empty. I have looked at logs etc. but thus far have not been able to find the issue. If I do an agentless scan and deployment all works fine. At the moment it is just a few test machines but in time will need to deploy the agent at 50 + remote locations that have slow links (hence why I need agent).
Any suggestions at what specific logs to look at or what to check?
Thank you
I know that this has been discussed previously, but I wanted to bring the topic up again: is there any timeline/plans to create an api to allow for the automatic patching of new systems? This is a growing annoyance for us, in our efforts to automate all of our server provisioning. While our current build process is utilizing a patched template, the long-term goal is to switch away from templates entirely, and scratch build fully patched systems. Part of doing that is a desire to have Shavlik perform a scan/patch of the system, without our intervention.
So we have a system running the Shavlik Agent that was/is infected with the CryptoWall 3.0 virus. It's been infected since the 26th and we just noticed it. AV definitions are dated yesterday. No quarantine, no detection. Really disappointed in this as I've been a big proponent of the Vipre AV engine for some time but if they can't keep us protected, we may need to change to another engine that can.
Just a heads up to everyone else out there using Shavlik/Vipre as their AV engine.
Hey Everyone!
We have been running an Agentless deployment for a couple years now however we now have 40% of our machines on VPN, which is becoming a nightmare to scan and patch. Most users disconnect from VPN during the day, or shut down, etc - and since scanning takes so long we end up not catching these machines in time to patch them.
Does it make sense in this scenario to start using Agents? From what I understand, scanning time is almost instantaneous with Agents. Can anyone using Agents provide some better insight?
Thanks!
AC
Could you please help me to create a report containing missing patch list for each machine included in a specific patch scan?
I just need to get the list of all missing patches, don't care about installed/effectively installed patches.
Thank you
This is happening on all of our systems that run the Shavlik Agent.
Read more here: Vipre creating thousands of SBS_STDRL temp files :: KW Support & Consulting LLC
Hello,
I have always run the Shavlik agent on my console. I applied patch 3 today, and the agent was uninstalled during the patch process.
Is this expected behavior?
The past few times when performing a security patch scan I recieve this SQL error.
"A database operation failed. Please verify you can connect to the configured database."
"A SQL Server query operation timed out. Consider increasing the command timeout in the configuration file."
Since I was not the person who installed/setup Shavlik, I'm not to sure where to begin looking to resolve this issue. All scans I have done (about 6-7 since this error popped up) have turned out OK, all machines that are normally scanned are sucessfully scanned, and I have been able to push patches just fine, however I don't want this error to bite me in the long run. If someone could point me in the right direction I would appreciate it. I have linked an attachment of the error message below.
Thanks in advance
After Patching my first group of servers with Shavlik, I've noticed that the C:\Windows\Temp folder is filling up Cab_xxxx_x.cab files. These file are created every 30 minutes. I did some googling and a lot of people are seeing it on Windows 2008 R2 server. They are also saying that it might be related to the C:\Windows\Logs\CBS CbsPersist files.
The only machines it is happening on are ones that were patched with Shavlik and the first issues starting show up after the machines were patched.
Windows update on these machines is set to check and notify but not download. most of these machines were reporting that they needed windows updates before they were patched with Shavlik. After the patching Windows update is still reporting this. Normally to remove that message, I stop the Windows update service and delete the C:\Windows\Softwaredistribution folder but that doesn't resolve the problem with C:\windows\temp being created.
Thoughts?
Hello, it seems that my Shavlik Protect is having some issues with permissions. First of all, whenever I try to scan a machine by itself, it will not work, however if I scan it as part of an entire group, it works, this includes machines just created. Secondly, it has having trouble on new machines just created. They do not show up in Machine view, and the permissions just used on say a DC with domain admin access will not work on the new machine. All I get is unable to connect to remote machine. We are using agentless scans. The major difference is that these machines that are unable to scan correctly are on a different domain. Please provide any insight into what could be the issue with these permissions not working correctly.
Greetings,
We are in the process of testing Agents and the Cloud sync and had a couple questions regarding patch downloads.
1. When using Agentless scanning and patching, patches are pushed from the Console. However when reviewing the Agent policy, I noticed there isn't an option to push patches from the console - only Vendor Over Internet and Distribution Server. Is this by design?
2. And if I select Vendor over Internet, does this literally query Microsoft, Adobe, Java etc and download the patches straight from the source, bypassing the Console and Distro points?
3. When "use vendor as backup source" is selected, will this recognize an Agent with the Cloud feature in the policy enabled and use the vendor in the case it is not connected to our MPLS?
Thanks,
AC
Hello all, first time posting...
Just wondering if there is anything built into vCenter protect to deploy custom installation packages for silent installs over the network. I've been looking through the GUI, and I don't really see an option for this, but I also haven't really played around too much with vCenter Protect, I could be missing something obvious.
Is there a way for me to take an .exe, or .msi, and deploy a new package based off of criteria that I define?
Thanks for any help in advance!
Just looked to use this option and don't see it anymore. Has this option been discontinued?
I've created a custom pack for a MS Hotfix and regardless of what type of patch, I choose. It is detected as a Security Patch. This is not the behavior I want it to be detected as... I've used the article found on this site to no avail.
Has anyone had issues where the Patch Data for agents isn't getting the latest definitions from the server? This is happening to a good number of my agents ,even though they all have the same policy applied. If I go to the machine in the console and choose Agents-update patch data it updates without problem, otherwise they will perform their weekly scan with old definitions and patches aren't being applied.
