Hello Fellow Shavlik patchers.

I have just tested the latest patch from Apple iTunes update on one of my staff workstations.

- Added AI14-001(QAI1114): Itunes 11.1.4 for Windows

This is the result.

Please beware...

To resolve the issue.

Go to Control Panel> Add or Remove Programs (Win XP) or Programs and Features (later)

Remove all of these items in the following order:

• iTunes
• Apple Software Update
• Apple Mobile Device Support (if this won't uninstall press on)
• Bonjour
• Apple Application Support

Reboot, download iTunes, then reinstall, either using an account with administrative rights, or right-clicking the downloaded installer and selecting Run as Administrator.

See also HT1925: Removing and Reinstalling iTunes for Windows XP or HT1923: Removing and reinstalling iTunes for Windows Vista, Windows 7, or Windows 8. Some users may need to follow all the steps in the appropriate support document which includes some additional manual file and folder deletions not mentioned above.

Thanks,

Sirstox

After registering with the Protect Cloud, other users are unable to use their individual logins to view Registered Consoles, Agent Keys, and SCUPdates files.

Accounts in the Protect Cloud are associated to specific emails, and do not share between multiple email addresses.

Because Protect Cloud accounts are associated to specific emails, for multiple users to access the same Protect Cloud account information, the account needs to utilize a shared email address.

What if I already registered a personal account, and don't want to share the personal account?

You can re-register your Protect Console to a shared email account.

Note:If the Protect Console has not been previously registered to a cloud account, follow these same steps to associate a console to a shared account.

• Create a new login on the Protect Cloud Site
  • At the Sign In screen, click Register Now

• Fill out the Account Registration fields, using the new shared email address, then click Create Account.

• Once the new shared account is created, log in using its credentials. Because it is a new account, and has no Consoles associated with it yet, it will show No data available in table.

• Next Register the Protect Console with the new account.
  • In Protect go to Tools> Operations.

• In the Operations menu, click Protect Cloud Sync, then click New...

• Enter the new credentials for the shared account and choose Save.

• In the Protect Cloud Sync Options, choose the Cloud Shared Account Credentials.
• Click Register this console (it should refresh the words 'This console is registered', though it may not visually change)
• Click Force full update now

• Verify the Console Registered and performed a Sync successfully.
  • Click View > Event History.

• Check the Protect Cloud Sync events for 2 events:
  • Name: Register
  • Name: Full Policy sync to the Protect Cloud

• If both events were successsful, the shared account should update within 24 hours to show the console that was just registered to the shared account.

Note: It is recommended to log out then log into the shared acount to view if the console has appeared in the new account.

Shavlik Protect 9.x

Hi,

I bought vCenter Protect 8.0 recently with three year maintenance and support service. But I got information from Shavlik that it ends service for 8.x from May 2014 and asked users to upgrade to 9.x.

I would like to use the vCenter Protect 8.x for some more time since the upgrade has to go through many approvals. Can I get service for 8.x beyond May 2014?

Thanks

Srikanth Badireddy

Certain Hot Fixes are missing from Protect.

One of the criteria for a patch to be added to the Protect data is it must have a publicly available download URL.

Certain Hotfixes from Microsoft are only offered by request.

Example of Microsoft Hotfix Request Form

These patches/hotfixes do not offer a publicly available download url, and therefor are unable to be added to Protect.

Here are some known hotfixes that this article applies to:

• KB2406705
• KB2522766
• KB968287
• KB2597051

Protect Version: All

Hello,

We have just stood up our vCenter Protect server and begun using it to deploy patches to machines in our environment.

One of our constant struggles is to keep our VMware tools up-to-date.   Is there a way to to this using vCenter Protect?  The tool seems very VMware aware (as it should be).  I almost expected to find a checkbox item that would do this.  I don't know if there is a way to add the tools install as a patch.

I've tried searching the VMware communities, KB and elsewhere on the Internet.  To my surprise I haven't turned up anything.  It would be very useful for us to roll that into our regular patch cycle.  (one less thing to forget)

Has anyone else done this or run into a definitive no?  I know there is an option to have the VMs auto-update on reboot/power up.  In my environment the issues with that are:

• It is a bit uncontrolled.  The environment is very rigid on change controls, and our patch cycles fall into that system. 
• I still have to power off the machine once to flip that switch.  Some of our systems come down very infrequently.

If anyone has run into a better solution, I am all ears...

Thanks!

This document explains the function of the machine groups navigation pane and the machines view in Shavlik Protect and offers guidance on utilizing both.

Administrators may sometimes find the information found contained in the machine groups and machines view in Shavlik Protect to be confusing or difficult to understand. Understanding the function of both of these different views may help users to know how to better scan and patch machines in their environment. This document will explain each function and provide suggestions of how administrators may best use these views for an optimal experience in Shavlik Protect.

In Shavlik Protect, the Machine Groups can be found in the navigation bar on the left side of the window. Shavlik Protect defaults to displaying Machine Groups in this navigation pane, but other displays can be selected from the navigation bar like Patch and SP Groups, Agent Policies, Templates, etc.

Under the Machine Groups navigation view you will see these two groups of machine groups:

    -Default Machine Groups, which includes: My Machine, My Domain, My Test Machines, and Entire Network.

    -My Machine Groups- This group contains/will contain any user-created machine groups

While machine groups can be used to scan individual machines- they are best used to scan pre-defined groups of machines. As administrators find different criteria to justify creating custom patch templates and groups, the machine groups can be used to group machines together as required.

These machine groups do not represent strictly defined machine groups or organizational directories in Protect, but rather a pre-defined selection of machines to be targeted by a scan. Machines can therefore belong to multiple machine groups. Deleting machine groups does not delete machines or their records out of Shavlik Protect- their record will be maintained in the machines view, which will be explained in the next portion of this article.

The machines view is the best way to view the status of individual machines in Shavlik Protect. The machines view makes readily available a wide range of functions related to managing individual machines. You can patch individual machines, deploy missing patches to individual machines, etc.

The machines view can be accessed by going to View>Machines. You should see a screen similar to this one:

The machines view simply displays every machine that has been scanned by the console- and displays the result/properties of this machine as of the most recent scan. The accuracy of the machine view relies on how recently a patch scan was completed- and which patch scan was used.

The following are some specific questions that are often asked regarding the function of these different views in Shavlik Protect.

Q: Can individual machines belong to multiple machine groups at the same time?

A: Yes. A machine group does not designate a separate location or distinct group of machines, but rather just acts as a list of computers to be scanned per the users demand. Belonging to one group does not deny the ability ot belong to another.

Q: Why do some machines in the machine view show as part of a group to which they no longer belong?

A: The machine view only provides a record of individual machines as of their most recent scan. If the most recent scan was in a group to which it no longer belongs, performing a scan of the machine through the current group should resolve the inconsistency. This allows machines to still be able to be targeted individually and scanned despite deleting or modifying the groups to which the machine may belong.

Q: Can you scan and patch indidvidual machines through the machine groups?

A: Yes, users can scan individual machines in the machine group by opening the machine group and marking the machines to exclude from the scan as excluded. However, with large machine groups this can be a difficult process. An easier way to scan individual machines would be by right-clicking the target machine in the machines view, and selecting the desired scan.

Q: Can I sort machines in the machine view by a different criteria than the machine group to which they belong?

A: Yes. By using the customizable columns in the machine view, you can see the individual machines ordered by a variety of variables such as IP address, domain, machine name etc. The left column in the machines view is used as the grouping characteristic. To group machines by domain, you would simply click and drag the domain column all the way to the left. Clicking this column will cause all the machines to be sorted by this criteria.

• How to Export\Import Machine Groups
• Machine Group - Change Machines Displayed Machine Group

Shavlik Protect 9.x
vCenter Protect 8.x

Good morning all,

I was wondering if anyone has had any sucess scripting/packaging the VMware View Agent as a custom patch.

We just went from 5.0 to 5.2 and need to now upgrade 100+ manual VM's. I was wondering if there was a way to use a custom patch to accomplish this.

It's just a pain since you have to always go in the order of VM Tools then agent. Luckily you can upgrade tools without having to uninstall the agent using Shavlik.

Please provide some suggestions!

Thanks,
Troy

I have a vulnerability that the fix is a reghack located in HKEY_CURRENT_USER.

The problem is that we share workstations but have no romaing profiles.

No matter how many times I add this reg key, this vulnerability keep sshowing in a Nessus scan.

How can I succussfully patch this?

Hello Forum.   More of a general observation question than anything, seeing that this application deals with updates.   I am experiencing this on multiple Win2008R2 servers, and it's not always the same MS update #.   I have ruled out Shavlik, as it happens when I manually install an update.

When scanning thru the updates in the View Installed Updates window, I am seeing identical entries for updates.   They seem to be more prevalent for Office and Lang Packs.  Has anyone else experienced this phenomenon and received confirmation from Microsoft that this is an "known issue" or a bug with the program?

Thanks for your time.

After updating Flash with Shavlik, a Nessus scan told me that a bunch of Windows 7 machines still needed an update for the 64-bit plugin version of Flash while Shavlik said they were up to date.  Looking at C:\Windows\system32\Macromed\flash on these machines, I see

FlashUtil64_12_0_0_43_Plugin.exe

NPSWF64_12_0_0_43.dll

On machines not flagged, I see 12_0_0_44, and I see this version in C:\Windows\syswow64\Macromed\flash on all machines.  Both the 32-bit and 64-bit versions come from the same installer, so I suspect the installer did something strange, not Shavlik.  Perhaps some logic error triggered if Firefox was running when the patch was applied.  Roughly one third of our Windows 7 machines did this.

We have no 64-bit plugin-based browsers installed, so I just deleted the two old files on the affected machines.  It will be interesting to see what happens the next time flash is updated.

We have a fairly secure environment that has a large number of GPOs in place to lock things down.  I am fairly sure that one of them is preventing Shavlik from working correctly.

Here is a same of the ST.ServiceHost.managed.log:

--------

2014-02-10T23:15:56.7378449Z 0009 I RescanManager.cs:411|No more rescan items, shutting down rescan thread.

2014-02-10T23:16:01.2052916Z 0016 I MachineDeployment.cs:1141|Machine name: %HostName%.

2014-02-10T23:16:01.3353046Z 0016 E MachineDeployment.cs:1093|%HostName%: Access to read the target machines registry using the configured credential was denied

2014-02-10T23:16:01.3893100Z 0016 E AgentDeployment.cs:213|System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

   at Microsoft.Win32.RegistryKey.Win32ErrorStatic(Int32 errorCode, String str)

   at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey, String machineName, RegistryView view)

   at ST.Deployment.MachineDeployment.RemoteSystemDirectory()

   at ST.Deployment.MachineDeployment.get_RemoteSystemDirectoryUnc()

   at ST.BusinessObjects.Deployment.AgentDeployment.DeployAgent()

2014-02-10T23:16:01.3973108Z 0016 E MachineDeployment.cs:1093|%HostName%: Unable to connect using the configured credential.

2014-02-10T23:16:25.3887097Z 0016 I MachineDeployment.cs:1141|Machine name: %HostName%.

2014-02-10T23:16:25.4627171Z 0016 E MachineDeployment.cs:1093|%HostName%: Access to read the target machines registry using the configured credential was denied

--------

FIPS is required in the environment, but I have it disabled in .config files using:

--------

...

</st>

<runtime>

<enforceFIPSPolicy enabled="false"/>

</runtime>

<system.diagnostics>

...

--------

I had this working at one point, but something changed and now only agents that are currently installed will work, and even then, only "kinda".

What is broken:

- Agent deploys.

- Manual agent installs (fails to get a policy list).

- Automatic patching for currently installed agains.

Ideas?

Hello,

I think I have an issue with Shavlik returning the correct number of missing patches. I have a server that I scan with the WU Scan option. The scan finishes and the output says that there are 25 missing patches. If I log onto the server I just scanned and open Windows Update it returns telling me I have 0 updates pending. I even have monitoring software on the server and that says there are no updates available.

Some of the updates that Skavlik thinks are available for the server are Word, Outlook, Adobe Reader, etc. and none of these applications are installed on the server. I have made sure it is scanning the correct IP/hostname.

I have recently upgraded to version 9 but the issue has been going on since before that.

Is there a way in Protect to make sure that ALL servers get rebooted even if they don't require any patches?

We have systems that have been patched up to Apache Tomcat 6.0.39. When we scan these systems the Apache Tomcat 6.0.37 patch is showing up as applicable and missing which is a bug.

Please resolve.

I tried to open a case via the web portal but it gave some error on the attach files portion every time. Says something about not being associated with an account. Sorry.

When upgrading from an older version of Protect, to the current version, some users may receive the following error:

Error 1612: The installation source for this product is not available. Verify that the source exists and that you can access it.

Users who receive this error message will be unable to install protect until the issue in question is resolved.

The upgrade process is unable to complete due to a failed/partial uninstall of the previous verison of Protect or a failed/partial install of the current version. In order to resume the upgrade process, this partial install must be removed.

In order to resolve this error, the user must remove all remainining elements of previous Protect installations/failed upgrades following to ensure proper installation. In attempting to completely remove all previous instances of Protect software and installations, it is recommended that the administrator try using the Microsoft® Fix It tool- as this tool can make the process easier, and minimize manual interaction with the registry.

*Note: The Fixit utility is provided by Microsoft. As Shavlik cannot guarantee the tool's proper function, make sure you read any known issues or guidelines for this tool on Microsoft's site prior to use.

This tool can be obtained from Microsoft at the following link:

http://support.microsoft.com/mats/Program_Install_and_Uninstall

Here are instructions on how to use this Fix it tool:

-Use the link above to navigate to the Fix it main page.

-Click on ‘Run Now’ and choose ‘Save File’.

-Run the .exe file that is downloaded and choose ‘Accept’ on the first page.

-Choose the second option ‘Detect problems and let me select the fixes to apply’.

-Choose the ‘Uninstalling’ option

-You will see a list of the installed products on the server.  Choose the product if you see it on the list for instance. ‘VMware vCenter Protect’.  If you do not see  the product on the list then select ‘Not listed’.

To continue, if vCenter Protect or Netchk Protect is listed:

-Choose vCenter Protect or Shavlik NetChk Protect and click ‘Next’.

-Choose ‘Yes, try uninstall’

-Verify both options are check-marked and click ‘Next’.

-You should see a screen that indicates whether vCenter Protect was uninstalled or not.

-Click ‘Next’ and the close out of the screen.

If vCenter Protect or Netchk Protect is Not Listed:

Choose ‘Not Listed’ and click ‘Next’.

Enter the product code for the version of the Product installed and click ‘Next’. (Include the brackets)

Product codes for vCenter Protect/NetChk Protect are listed below.

Verify both options are check-marked and click ‘Next’.

You should see a screen where it indicates whether the product was uninstalled or not.

Click ‘Next’ and the close out of the screen.

Product GUID codes:

Make sure to use the exactly corresponding GUID for the version of Protect you are attempting to uninstall.

Shavlik NetChk Protect 7.x

Protect 7.0.832.0: {C6D1AE7C-DE93-4E93-A916-C4144525C82C}

Protect 7.0.841.0: {C6D1AE7C-DE93-4E93-A916-C4144525C82C}

Protect 7.1.410.0: {90047C28-0B1B-4B30-8177-50729907EBF2}

Protect 7.2.155.0: {9B7F1E45-4C47-4E25-9EAB-098923E4171C}

Protect 7.5.2716.0: {CEA2D643-08C0-422E-9B27-B58ED9D38D07}

Protect 7.6.1482.0: {661A3308-5BE2-4E0F-A752-BDDB247DD2DB}

Protect 7.8.1340.0: {0A4D8D5E-7177-4A45-8A7F-0A5757403F97}

Protect 7.8.1388.0: {0A4D8D5E-7177-4A45-8A7F-0A5757403F97}

Protect 7.8.1392.0: {0A4D8D5E-7177-4A45-8A7F-0A5757403F97}

vCenter Protect 8.x

Protect 8.0.3756.0: {F77AFB04-D13F-48DA-BB99-A5B31B6AAE0B}

Protect 8.0.3965.1: {5A696B05-9F06-4B3D-83A0-69E848EFAC4A}

Protect 8.0.4027.2: {5A696B05-9F06-4B3D-83A0-69E848EFAC4A}

Shavlik Protect 9.x

Protect 9.0.1106.0: {8045AD29-C6A4-43F5-9F1F-9560EB09F99A}

Protect 9.0.1182.0: {070964CB-00B0-4E36-A3F6-A09F76FBD197}

Upon completing these steps attempt again to install the latest version of Protect. If all remains of former Protect instances are removed correctly, the new version of Protect should install as desired without further issue.

If the Fixit tool fails to correct the error, you may need to manually delete an upgrade key located under HKEY_CLASSES_ROOT\Installer\UpgradeCodes in the registry. Then try reinstalling Protect with the latest installer.

Note: It is highly recommended to perform a backup of the registry before performing any modifications. For information on how to backup the Windows Registry:  http://windows.microsoft.com/en-US/windows-vista/Back-up-the-registry

If you continue to encounter any install errors, please contact Shavlik Support (http://www.shavlik.com/support/contact/).

• Protect 9 Installation Guide
• Protect 9 Upgrade Guide
• How to Activate Shavlik Protect
• How to Clean up Broken Installs with the Microsoft Fix it Tool

Protect Version: All



• Scan results fail to import.
• The operations monitor stops at step '5. Wait for results'.
• You see the error "warning: scan still running - incomplete results"
• STProtect.managed log contains an error such as:
  
  DB connection issue error " E APAlertEventProducer.Create|Unable to connect to SQL Server 'xxx'. SqlError message: 'Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Here are some things to check and/or try for this issue:

1) Check for previously imported results that are stuck in the arrivals directory. These temporary files can be deleted. They can be found here:

-On Vista/2008/7: C:\ProgramData\LANDesk\Shavlik Protect\Console\Arrivals

-On XP/2003: C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Console\Arrivals

2) If your Protect console is installed on a 2003 or XP system, make sure the HTTP SSL service is started and automatic.

3) If you're using an Express version of SQL, make sure that the database isn't full - 10GB is the limit for SQL Express 2008R2 & newer. 4GB is the limit for older versions of SQL Express. You can use the database maintenance function in Protect to help clear up space - it can be found under Tools > Database Maintenance within Protect.

4) In Protect go to Help > Index and look up the “SQL Server Post Installation Notes” document. Follow the directions within.

5) Close Protect, Restart the Shavlik Protect Console service. Reopen Protect.

After these steps, test running a few scans and see if results show up fine now.

If results are still failing try this:

-Alternate credentials for the console service: Close Protect, then go to Start > All Programs > Shavlik Protect > Database setup tool. On the "SQL Database Configuration" screen where it shows "Choose how services will connect to the database", check mark the option to Use alternate credentials for console services. Then set the Authentication method (the most common would be Specific Windows User), then set domain admin or service credentials. Finish through the setup tool, and test scanning again.

If you still have an issue, please go through the following steps to obtain trace logs and send them to support:

-In Protect go to Tools > Options > Logging and make sure both User Interface and Services are set to “All”. Save.

-Close Protect.

-Stop the Shavlik Protect Console services.

-Delete all the logs from:

-Vista, 2008, & Win7: C:\ProgramData\LANDesk\Shavlik Protect\Logs

-Windows XP & 2003: C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Logs

-Start the Shavlik Protect Console service and open Protect.

-Reproduce the error/issue.

-Afterwards please zip and send all the logs.

Shavlik Protect 9.x

Test Connection from Machine Group fails

The affected client report one of the following errors when a Test Connection is run:

• Registry reports: The network path was not found(53)
• Perfmon reports: Unable to connect to specified machine or machine is offline (-2147481648)

This can happen if the Remote Registry is not running, not responding, or if the IPC pipe is blocked by a policy or registry change.

To troubleshoot this issue:

1. Click Start > Control Panel > Administrative Tools > Services.
2. Find the "Remote Registry" service. Ensure the Startup Type is set to Automatic and the Status is set to Started. Start the service or change the startup type to match these values.
3. If the connection still fails, restart the "Remote Registry" service and try again.
4. Check the Active Directory or domains for a policy blocking access to the Remote Registry service.
5. Open the Registry Editor (regedit.exe ) and check the key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
   • If the key is missing, restore it by exporting a known good key from another server running the same operating system and service pack level. Restart the server.
6. If the connection still fails, reboot any Active Directory domain controllers.

• Scanning a remote machine with Protect fails with Error 501 - Remote registry access denied
• http://www.shavlik.com/uploadedFiles/Support/Online_Documentation/Shavlik_Protect_90/administration-guide.pdf

Protect Version: All

The purpose of this document is to outline the process for creating a custom patch, and to provide an example of how to create a custom patch using Shavlik Protect.

- Open the custom patch editor. Tools > Custom patch editor

- Next, click on Create a new custom XML file.

*Notes:

• You can add a Custom Product if this patch relates to a specific product. Although this step is not necessary it will add detection for the product itself.  In this case it is not needed as the product is the operating system. Adding a custom product will allow you to target that application for the patch. If the product is not detected it will not look for the patch.

• I created an example product called X-Zip. You will need to provide a HKEY_LOCAL_MACHINE registry key path for the software as well as the corresponding information.

- Click insert, then Add Bulletin (or right click Custom Bulletins > Add New Bulletin).

- Give the bulletin a name. In this example I used HF01-001 because it is a hotfix.

- Give the bulletin a title, typically this will be a description. In the summary portion provide any important information.

*Note: The only required field is the bulletin name. 

- Click on Insert and add a custom patch (or right click Custom Patches > Add New Patch).

- Give your patch a name. In this example I used the KB as the patch name.

- Select the bulletin you created in the above steps.

- Select the type of patch, and the severity.

- From here you will add the detection information in the Scan Information tab.

*Note: This step is very important as it will identify if the system needs this patch or not. If this is a MS patch, their KB on the patch will indicate what files or registry keys are used when detecting if the patch is needed. If this is not a MS patch and you are not sure how to detect it, it is recommended to install the patch on at least one machine to verify what files and/or registry keys are involved. In the example below we are using a file to detect if the patch is missing.

- You can also target a particular application or operation system using the targeting tab. In this case, since this update is only applicable to Windows Server 2008 SP2 and Vista SP2 I selected all corresponding operating systems.

*Notes:

• Targeting is not required, however if not specified the update will be offered for all systems that meet the scanning requirements.

• If you added a custom product it will show under targeting available products. You will first need to save the XML and import the custom XML before your custom product will appear in the list.

- On the deployment tab browse to the location of the patch and select it. Protect will automatically fill in the file size. Select any install switches that are required or desired for the patch deployment. In this case since the file is a .msu we need the /quiet switch.

*Note: Click the link for more information on using .msu files: http://community.shavlik.com/docs/DOC-1902

- Next you will need to validate your XML. There will be more information in the issue column if the validation fails.

- Save your custom XML, and then click the X to close the dialog box. This will prompt for you to import the custom patch.

- Click import now.

- When the below dialog box pops up select your Custom XML file and click OK. It goes through a second validation.

- After validation the Import Patch Definitions process automatically updates the database with the latest definitions, including the newly created custom XML. If you created a custom product you should see it added as well.

- Once the definitions are updated proceed to scanning your machines.

*Notes:

• Make sure that the scan template you're using includes the patch filter type that applies to your custom patch when scanning (i.e. Security Patch, Non-Security, Security Tool, etc.)

• We recommend testing with one machine that needs the patch to verify everything is working properly.

- Deploy the patch and verify it installs properly.

*Note: You should now also be able to look up and view your custom patch using View > Patches in Protect.

If the patch detects as missing correctly, but the .bat file never runs on the target system, see our knowledge base related to custom patch .bat file never completing:
http://community.shavlik.com/docs/DOC-23119

Shavlik Protect 9.0.1182
Shavlik Protect 9.0.1106

This document explains how to perform a backup of your database with Shavlik Protect.

You can use Shavlik Protect to perform a backup of the database thanks to the built-in Database Maintenance Tool.

To access it you need to navigate to Tools> Operations> Database Maintenance.

When you have accessed this window, at the bottom you will find the different options available in the SQL Server section.

You need to select Backup database and transaction log, then you choose the path where you want to store your backups.

The location could be local (on the same machine as Protect) or could be a UNC path (the account performing the backup needs access to that location).

Lastly, you have to press Run now and the task will run in the background. You can follow the operation by going to View> Event History :

Once it has completed, your backup will be created in the folder you chose earlier. Your backup will have the naming convention as :

Name of the DB - Backup - Timestamp, here is an example :

The account used to access the database and run the operation is the account set in the Database Setup Tool in the Services section. You can specifiy an account or leave it to match the account being used to connect to the database in the upper section.

The account needs db_owner rights to perform the backup.

• vCenter Protect 8.x
• Shavlik Protect 9.x

This will help you identify agent issues caused by out of date root certificates.

• Cannot install or update agent binaries in Shavlik Protect
• Installing or updating Protect agent binaries fails
• The agent interface installs, but the the scanning engines, such as patch, threat, and asset engines, are missing

The STAgentUpdater.log file returns entries similar to:

2012-02-20T16:03:43.9185682Z 0790 W SingleFileDownload.cpp:340 Signature check failed - C:\ProgramData\Shavlik Technologies\Agent Data\protect.manifest.cab

2012-02-20T16:03:43.9653700Z 0790 E STAgentUpdater.cpp:629 Update failed with error: class STCore::CInvalidOperationException at XmlDomManagement.cpp:356: Error loading XML document from 'C:\ProgramData\Shavlik Technologies\Agent Data\Protect.manifest.xml': The system cannot locate the object specified.

<somepatch>.msi failed signature check

The root certificates on the target agent machine are expired or out of date.

To resolve this issue the root certificates of the client (agent) machine must be updated. You can apply the updates using Protect.

To Apply the Updates:

1. Create a custom patch scan template that includes the patch type filter Security Tools.
2. Run a scan on the target machine and then look for the bulletins MSRC-001 or MSRC-002.

Related Document: How to Find/Exclude Specific Patches in Scan Results.

MSRC-001 is for Windows XP and 2003. For newer operating systems, such as Vista, 2008, and Windows 7, the root certificates are automatically updated if the machine is connected to the Internet. However, if you have to apply the update manually, you should be able to deploy MSRC-002 from Protect.

You cannot update root certificates on operating systems that are not within the Microsoft support lifecycle. Ensure that you are using a supported operating system and service pack level.

In the event the computer is not connected to the internet to automatically update these files they must be downloaded/distributed manually. Though Protect designates 2 different Bulletin Id's for root certificates (MSRC-001 & MSRC-002), they both use the same patch from Microsoft. If root certificates need to be installed, but protect is unable to do so, download the patch directly from Microsoft and run.

Download Here

When you run the exe, it will run and vanish. It will not give a completion message.

Patch states it is for XP, but if you read the article below under the section "Root update package installation on disconnected environments" it states it works on other OS's as well.

Microsoft Article:Windows Root Certificate Program members

Protect Version: All