I have one workstation which will not allow the Agent to install. The install goes to 50% and stops. I have tried everything I can think of. I have tried all the suggestions on this site. I have gone into the registry and removed every trace of Landesk and Shavlik. I have turned the firewall off. I have tried a manual install on the W/S and it registers successful. Nothing has worked. It is still "installed, waiting for registration". Telnet works. I have installed Shavlik agent on hundreds of machines and have never been defeated, but that has come to an end.
I need some new ideas on how to get this agent installed. We use the Threat engine or I would forget it and go on. But I can't place the W/S in production without virus protection.
This document shows how to find the installation and setup logs for Shavlik Protect. This can be useful if attempting to troubleshoot an installation failure.
Description
The setup and install logs for Shavlik Protect can be found by doing the following:
Go to Start > Run (or search) > Type: %temp%
or
C:\Users\*your_user*\AppData\Local\Temp
Either option brings you to the same directory. You will need to search the temp directory for the following naming of files. There may be multiple of each depending how many times you have attempted installation. The newest log files would be the best to collect for support.
ProtectSetup_xxx.log - This contains the logging of prerequisite checks during installation of the Protect console.
ProtectInstall_xxx.log - Protect console main installation log file.
STPlatformInstall_xxx.log - Agent main installation log file.
STPlatformUpdater_xxx.log - Additional logging for agent setup/install.
This document outlines how to gather logs for troubleshooting issues with the Console, Agent, or Target systems.
Description
Here are some basic instructions on how to gather console, client (target) side logs, agent logs, and install logs for Protect. These should work for most console and agent type issues.
Protect 9.X console logging:
1. Please open the Protect GUI and then go to Tools > Options > Logging and change logging to “All” for both user interface and services.
a. Windows 7, 8, 2008, 2012 & Vista: C:\ProgramData\LANDesk\Shavlik Protect\Logs
b. Earlier OS’s: C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Logs
5. Start the console service and open the Protect GUI.
6. Attempt to reproduce the issue. Please document steps to reproduce.
a. Collect the logs from the Logs folder mentioned earlier in step 4 (please zip if possible)
b. [Deployment issues only] On the target system please zip and send a copy of the entire C:\Windows\Propatches folder and its contents (you can leave out the Patches sub-folder).
7. Zip and send all the logs.
You can also obtain the "ST.FileVersions.log" which contains all file versions relevant to Protect by going to Help > About Shavlik Protect > Export Info.
Protect 9.x agent logging:
1. Open the agent policy assigned to the machine we are gathering logs from.
2. Change the logging level to ‘All’ and Save and update Agents. Choose to update agents if prompted.
3. Go to the target machine, close the agent GUI and stop the services:
o The services start with Shavlik or ST.
4. Delete all the logs from:
o Vista & Later: C:\ProgramData\LANDesk\Shavlik Protect\Logs
o Earlier OS’s: C:\Documents and Settings\All Users\Application Data\ LANDesk\Shavlik Protect\Logs
5. Start services.
6. Attempt to reproduce the issue. Please note the steps to reproduce.
7. Take applicable screenshots.
8. Zip and send all the logs and screenshots. (from the previous specified folders above)
On the machine you are deploying to navigate to C:\Windows\ProPatches
Locate the CL5.log, dplyevts.log, and Safereboot.log and copy to a new folder on the desktop.
Navigate to C:\Windows\ProPatches\Scheduler.
Locate the Scheduler.log and add it to the folder created in step 2 so all logs are together.
Zip and send all the logs.
Additional Logging for Threat Protection/Antivirus Issues:
There is additional logging that can be obtained for Threat Protection/Antivirus related issues, such as detection of false positives. See the following document for the steps to obtain this addtional logging:
This document contains information about the SSL3.0 vulnerability CVE-2014-3566 and whether is affects Shavlik Products or infrastructure.
Details
The CVE-2014-3566 SSL 3.0 (POODLE) vulnerability does not affect Shavlik products or infrastructure directly.
The vulnerability is in the SSL 3.0 protocol. If you disable this protocol on systems running Shavlik products you will effectively resolve the vulnerability. Guidance on how to disable SSL 3.0 is available from OS and browser vendors. Several are listed out inthis blog article. Disabling SSL 3.0 on servers running web services in your environment will prevent exposure to those specific services. You should also disable SSL 3.0 on client machines in your environment to protect them from connecting to services that are still exposed. Again, documentation from Microsoft and other vendors describe how to do this at the OS and browser level.
Finally, the Shavlik team has already taken steps to secure Shavlik content and cloud services to ensure that all web services hosting Shavlik content and resources are protected from this vulnerability.
We are using BMC Bladelogic tool for Patching, which uses Shavlik to download Patches. I checked in our Patch Catalog and repositories, the KB2977292 is still missing.
When I build our Windows 7 SP1 workstation images I will use Windows Update to install any missing security patches before running sysprep and sealing the image. During the OS deployment through MDT the deployment will slipstream OS patches on the fly with DISM. Once the system goes out on the floor to the users, we have Shavlik scan and deploy new patches as needed. Pretty straightforward.
The "problem" I am having is that the Shavlik scans do not detect any patches that I sealed into the image or that get deployed during the Image staging process with DISM as missing or installed.
For example, if I sealed up an image with KB2667402 and during the OS install had KB2978742 install with DISM via MDT deployment, then went and scanned the systems with my production Shavlik scan template neither of those patches will show up as installed or as missing in the scan results.
Now I know the correct patches are installed, and I can do into Installed Updates in Control Panel and see that they are installed. My problem is that if we have a security audit our patch scanning and deployment system (Shavlik) does not list installed patches as being installed.
So when I run a security patch scan from my Shavlik console the results for installed patches does not account for 150+ patches that are indeed installed. That means the patch status numbers in any reports are not going to be accurate for those patches on those machines and if I get audited and have to provide a detailed report on patches from my console the numbers are going to be off compared to what is actually out in my environment.
I'm wondering if this is a known behavior or something that can be corrected?
This document is meant to provide information about how to track and manage license seat usage within the Protect application.
Description
Overview on how license seats are tracked/assigned with Protect
From Protect Help (Contents > Installation and Setup > Getting Started > How Licenses are Tracked):
When a patch deployment is performed, Shavlik Protect records the machine name in the database if it does not already exist. From there, the number of remaining seats available for deployment is reduced by one for each target. If you elect to use Shavlik Protect Agent, each agent machine is allocated a license and also counts against the total number of license seats available. If the same machine is managed in both an agentless and agent-based manner, that machine is counted only once. Similarly, when scanning virtual machines, a machine is counted only once even if it is scanned both in online (powered on) mode and offline (powered off) mode.
Additional Information
When a deployment seat is assigned to a system, it will be assigned to that system for 45 days as long as the system is not deployed to again.
Deployment seats are not 'assigned' to a system when a scan is performed. Only when a deployment or agent installation takes place.
How to view the number of license seats used and systems currently assigned a license seat
Basic view of license usage
To see an overview of all current license usage for a Protect console, go to Help > About Shavlik Protect. Under 'Licensed Capabilities' you will see some useful information such as your expiration date, the total number of license seats you have available, the number of deployment seats used, and the features you have enabled.
Example:
Obtaining list of systems currently assigned a license seat
There is a report that can be run within Protect to obtain a list of systems that are currently assigned a license seat.
To obtain this report in Protect, go to Tools > Create Report. In the drop-down next to 'Select report to view:', choose "Seat License Status". Then click the 'Generate report' button. The Seat License Status report will provide a listing of the following information; Number of total license seats available, number of license seats used, number of license seats remaining, and a full list of all systems that currently have a license seat assigned.
Example of Seat License Status report:
If you have used all your license seats
If you have used all your available license seats and need additional seats here are your options:
1. If you have used all your license seats and require additional seats to continue patching or installing agents you will need to get in contact with our sales team. They will be able to add seats to your license key.
2. If you are renaming machines or cycling old/new machines in your network this can cause you to run out of license seats (since Protect assigns a license seat to machines by machine name for 45 days). If this is the case you should contact support and provide your license key for a workaround.
Scanning a remote machine in Protect fails with the following error: Error 452: Unable to connect to the remote machine
Cause
This issue occurs if one or more scanning prerequisites are not met, usually due to a configuration issue.
Resolution
To resolve this issue:
Reboot the Protect console machine.
Verify if the Server and Remote Registry services are enabled on the remote machine and that you can remotely log in to this machine.
To test the remote registry connection:
Click Start> Run, type regedit, and click OK. The Registry Editor window opens.
Click File> Connect Network Registry.
Ensure that the Workstation service is running on the machine performing the scan.
Check if there is already a connection between the server and scanned device and that this connection is using a different set of credentials than the Protect patch server. In this case,the Protect patch server cannot establish the connection. If the target machine being scanned is already connected to the scanning server via a drive mapping, the scan fails
Try scanning the target machine using both IP and Name.
Test the admin share using this command:
net use\\machine_name\IPC$/user:domain\ username password
Note: Provide the actual name of the machine you are trying to scan, along with the same credentials that you are attempting to scan with. You can substitute machine_name with domain if you are using local credentials.
Check the Local Area Connection properties on the target machine to ensure that File and Printer sharing is enabled.
Try lowering your thread count for simultaneous machines scanned in the scan template to see if this eliminates the error. To do this, navigate to Scan template> General tab.
Microsoft provides a patch to resolve this issue in a specific scenario. To verify if this is applicable, open a command prompt and run these commands:
The purpose of this document is to help to prepare a current Protect console and database for upgrade to a newer version of Protect, and also to provide some information about how to resolve common upgrade issues.
Description
Preparing for Upgrade of Protect
Most issues with upgrading Protect can be avoided by ensuring that you are meeting system requirements and that proper database maintenance has been performed prior to upgrade. The list below can be used as a guide to ensure you have a successful upgrade:
Review the System Requirements for the version of Protect you plan to install. Refer to the document - Shavlik Protect Requirements Guide
Prior to upgrade, it is recommended that you clean out as much old results as possible and perform database maintenance. This document covers the full steps for database maintenance: DOC-23430
The user who will perform the upgrade of the database should either be the SA for the database in SQL, or the user should at least have the following privileges for the Protect database: Privileges required for upgrade purposes: db_securityadmin, db_ddladmin Privileges required for all Protect users: STExec, DB_DataReader, DB_DataWriter
It is worth noting that the Agent Manager has been removed in version 9. All functionality is available from within Machine View.
You can see the full list of changes in each build, here.
What to do if you face an upgrade failure you cannot resolve
If you receive an upgrade or installation failure, and you are not able to use the above resources to resolve the issue it's time to open a support case.
Contact Support with one of the following methods:
This document outlines how to locate the Shavlik Protect license activation key in the console and transfer this key to a new or additional Protect console.
Description
When migrating to a new Shavlik Protect server or setting up an additional Protect console machine- understanding where to find the license key and how to input it in to the new console is vital to maintaining Shavlik Protect functionality through this transition. As this process may not frequently performed by administrators, a reference/guide for this process may prove to be helpful.
Locating the License Key on Existing Protect Console
Follow the process below to obtain your license key from your console machine. After locating the key in order to prepare to transfer the key to the new console machine, copy this 25-digit license key and make it readily available.
In Shavlik Protect 9.x:
Help>About Shavlik Protect Advanced
In the About Shavlik Protect window, the license key can be found in the main text display under
License Key:
Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxx
In vCenter Protect 8:
This process is nearly identical to the process in Shavlik Protect 9.x. Refer to the images above.
To locate the license key follow this path:
Help>About VMware vCenter Protect
In the About VMware vCenter Protect window, the license key can be found in the main text display under:
License Key:
Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxx
Note: In the event the Protect Console is no longer installed, it may still be possible to obtain the license key from the following registry entry:
The AK Value will contain the Activation Key/License key.
Activating the License Key in New Console
Activation is the process by which the Protect software is validated as having been purchased. In order for the new Protect console to fully function activation is required. Users are prompted after installing and opening Shavlik Protect to input their activation key, through the Shavlik Protect Activation window.
To transfer the license key from your previous console machine follow the directions in the window as ordered by number:
1. Select an activation mode (on left portion of window)
Select "Product or bundle license"
2. Enter your activation key(s) (in center of window)
In the text field below, paste or manually input your 25-digit Protect license key
Click the "Add" button right of the text field.
3. Select activation method (lower-center of window)
Choose "Online activation" if you have an internet connection.
Click "Activate online now"(at the lower-right corner)
This document is meant to help understand why a threat may not have been detected by the Shavlik Protect agent and what actions to take in such a scenario as well as best practices for using/configuring threat protection with Shavlik Protect agents.
While this sounds like a straight-forward question, the reality is there are so many variables that come into play when you try to protect a machine against malware that it is almost impossible to give any one reason.
The most likely cause is improper configuration or outdated threat definitions being used. We will go into how to ensure you've configured everything correctly and how to check the threat definitions version later. First, some background.
The Shavlik Protect agent's Threat Protection engine is based on the Vipre SDK engine and uses threat definitions created by GFI's ThreatTrack Security (formerly Sunbelt Software). At this point there are over 13 million detections in the Vipre signature files. There are hundreds of generic detections that can catch some new malcode before the Vipre analysts even see it. Also the Vipre threat engine has the ability to detect and stop a great deal of virus-like behavior. However, it is worth noting that there may be as many as 50,000 new pieces of malcode arriving somewhere on the Internet EVERY day. The Vipre team see cases in which new malcode does make it through the threat protection defenses, but it is not a common occurrence.
Is there a place I can check if a certain threat should be detected?
Since the Shavlik Protect agent uses Vipre (ThreatTrack) threat definitions you can search the database, here:
How to verify your threat definitions are up-to-date
There are a few places you may need to check to verify the threat definitions in-use by Shavlik Protect agents in your environment are up-to-date.
1. Ensure that the threat definitions downloaded on the Protect console system are current. (This is especially important if you are using distribution servers.)
-Go to Help > About within Protect. If your definitions are current you should see a green check under 'Data versions' next to Threat definitions.
-If the threat definitions displays a red x you should run Help > Refresh Files to perform the update of definitions.
-When running Help > Refresh Files you will see that the 'Threat Definitions download will complete in the background.'
-Make sure to give it a few minutes to update. Then you should see a green check next to Threat definitions in Help > About.
2. You can use Machine View to see some threat definition information from your agents.
-Go to View > Machines.
-You can use the columns 'Threat Definition', 'Threat Definition Age', and 'Latest Threat Scan Date' to help in determining if your agents are current.
-Keep in mind that these columns only update when the agent reports back results of a threat scan. That's why 'Latest Threat Scan Date' is important.
-It is also worth noting that if the agent uses vendor-over-internet download settings the definition number may be slightly off from the console definition version from Help > About. It's nothing to worry about - just a difference in Major vs Minor versions.
-Some of these columns are not shown by default - you can add them by right-clicking on a column title and clicking 'Column Chooser'.
3. If necessary, you can check the definition version on the agent itself.
-Open the agent by double clicking the taskbar tray icon, or by going to Start > All Programs > Shavlik Protect > Shavlik Protect Agent.
-Go to the Overview tab if you are not brought there by default. Here you can see the threat definition version used during the last threat scan.
-If you have not recently run a threat scan this can be misleading. You can run a threat scan via the Threat tab, if configured.
-To update the threat definitions from the agent GUI or run a threat scan, use the tasks in the upper left when on the Threat tab.
-Note: Depending on the settings in the agent policy you may not be able to access the agent or access certain tabs. To change these settings go to the Protect console, and edit the agent policy. The settings are under General Settings > 'Allow the user to'.
*Note: For offline or disconnected environments refer to this document for instructions on manually updating threat definition files:
Why does the console (Help > About) threat definition version differ from the latest threat definition version on an agent?
There can be a slight variation in the version numbers due to a minor and major version number system that the Vipre threat engine uses. The major, or 'Package Version' in the examples above is 27274 where the Minor or 'MinVersion' is 27270. Both versions are the current definition versions. These can be manually found by looking at the latest entry in the ThreatManifest.xml on the console sytem. Before checking this make sure the console threat definitions are up-to-date (step one above).
The ThreatManifest.xml can be found in the Datafiles folder, most commonly:
Generally the latest will be the last entry, but it's best to base it on highest version number found or newest date. The entry in the xml will look something like this:
Notice the MinVersion and PackageVersion numbers. Note the ReleaseDate value - this will help determine the latest entry in the ThreatManifest.xml.
Ensuring the Agent Policy, Distribution Server(s), and other settings are configured correctly
Here are the best practices for ensuring the threat protection is configured correctly. You may need to verify agent policy settings in each agent policy you are using.
1. Open the agent policy.
2. Go to the General Settings tab.
-Check on how your agent policy is set for the agent to obtain its definitions under 'Engines, data, and patch download location'.
-If this is set to vendor over internet the agent will attempt to obtain definitions directly from the vendor site, so you may need to ensure that the internet connection is working properly and that the vendor site(s) are not blocked.
-Additionally if the agent policy is set to use vendor over internet and you use a proxy in your environment, it is pertinent that you verify your proxy settins and provide any required proxy credentials to authenticate. This can be done under the 'Network' section of the General Settings tab.
3. Go to the Threat Tab
-In the tabs above go to 'Threat Tasks'
-Ensure that you have at least one threat task set up. There are options of quick or full scan.
-Note: Quick scan covers common locations and runs within a few minutes. Full scan will scan all files on the system and may take up to an hour.
4. Once you have your Threat Task(s) set up, go to the Active Protection tab.
-Ensure to have a check next to 'Enable Active Protect'
-Set the file access level that you would like active protection to use. Using the 'limit to high risk file types' or 'on execute' settings will increase performance but not all things will be checked by active protection.
5. Check your settings on all other Threat tabs - Threat Actions, Allowed Threats, Exceptions to ensure they are set correctly.
6. Save the changes to your policy.
Ensuring Distribution Servers are configured correctly and synchronizing
This section only applies if your agent policy is currently set to use a distribution server under 'Engine, data, and patch download location'.
1. Verify the distribution server settings in-use by your agent policy or policies. If you have multiple distribution servers in-use you may need to perform the following steps for each distribution server. If your agent systems have internet connectivity available it's recommended to allow the 'Use vendor as backup source' setting.
2. Go to Tools > Operations > Distribution Servers to verify the setup and sync of your distribution server(s).
3. Make sure to verify the paths to each distribution server is still valid, and verify there are valid credentials set on each distribution server.
4. Make sure that automatic synchronization is set up for each distribution server.
-You can add a scheduled sync by highlighting the distribution server, choose 'Threat engines/definitions' from the drop-down above, then click on the '+ Add scheduled sync' button.
-You will see the scheduled sync added to the list of 'Scheduled automatic synchronization' below.
5. Manually run the synchronization to make sure it completes successfully.
-To do this, highlight the scheduled sync for threat data, then click 'Run now' above it.
6. If you want to manually verify the files are synchronizing properly you can compare the files in your share to what exists on your Protect console.
-The ThreatData directory of the console is: C:\ProgramData\LANDesk\Shavlik Protect\Console\ThreatData
-If the sync has worked correctly you should have a ThreatData folder on your distribution server share with the same files in it as the above directory.
Setting up automatic recurring download of threat definitions
Follow these steps if you would like to set up the automatic download of threat definitions. This will help to ensure your definitions are always at the latest.
1. Go to Tools > Operations > Downloads.
2. Under the 'Schedule automatic downloads' section choose 'Threat engines/definitions' from the drop-down, then click '+Add'.
3. You'll be brought to the Schedule Download screen where you can set up a recurring schedule to automatically download new definitions.
4. Once you have this set up how you like, click 'Save.'
5. You should now see a task for 'Download threat data' showing the next run time and recurrence. You can also highlight this and click 'Run now'.
Other Considerations
1. Use of Protect Cloud Agents
-If you are using the Protect Cloud agent functionality you may need to ensure that your Protect cloud account is set up correctly.
-Go to Tools > Operations > Protect Cloud Sync for these settings.
-Make sure the Protect Cloud account credentials are correct, and you may need to run a 'Force full update now'.
-You may also need to go into your agent policy or policies and ensure the policy is set to sync with Protect Cloud if using this feature.
-This setting is a checkbox found in agent policy > General Settings > Network > Sync with the Protect Cloud.
For more information about Protect Cloud Sync see the following Protect Help articles:
What do I do if I have verified everything appears to be working properly and threat definitions are current, but a threat is still not detected by the Shavlik Protect Agent?
Here is what to do:
1. Obtain as much of the following information as possible to provide to support:
-Threat definition version currently used. (See above on how to find this)
-
-Any applicable screenshots, a link to threat download if from a website, or a zipped copy of files that are suspected to be infected.
-Logs from the agent. Make sure logging is set to 'All' in your agent policy. Follow steps for agent logging in DOC-22921.
The purpose of this document is to provide some Q&A and cover best practices on using the 'Security Tools' patch type filter within Protect.
Description
What are Security Tools?
Within Protect it's possible to enable scanning for a patch type filter of "Security Tools". Security Tools are updates and security advisories such as Windows Defender updates and Windows Malicious Software Removal Tool. This also includes certificate updates and hotfixes for known security risks that are not yet fully supported by a security bulletin.
Scanning for Security Tools is enabled within a custom Patch Scan Template. (Figure 1)
Figure 1: Example of Filtering tab within a custom Patch Scan Template using the Security Tools filter:
Best Practice for Scanning/Deploying Security Tools
The best practice for using Security Tools is to only apply these when necessary and when proper testing has been done in your environment. Most items in set as a Security Tool in Protect apply only for specific scenarios. Make sure to read the corresponding Bulletin or KB article from the vendor prior to applying these updates.
Why do some Security Tools always show as missing?
There are some items classifed as security tools that will always show as missing due to the nature of the update. Please see the following document concerning these updates: http://community.shavlik.com/docs/DOC-23049
This document is meant to describe the best practices for the order in which to apply updates with Protect when using agentless patch scanning and deployment.
Description
When preparing to deploy updates to your systems with Shavlik Protect, it is best to follow the order listed below:
If you wish to deploy software using the software distribution feature of Protect, do so first. See the following document for more information on software distribution: http://community.shavlik.com/docs/DOC-23116
View scan results. How many service packs show missing? These should be applied prior to patches/hotfixes.
Deploy operating system level service packs first.
Run your patch scan again after applying OS level SPs.
Deploy any remaining service packs. Take into account that each service pack must be deployed separately, and each service pack will require a reboot. This can seem tedious, however, it's important that you do service packs first. Service packs may update the base code for the application as well as apply currently missing updates during the process. New updates may be required once the service pack is applied as well.
After all service packs have been applied, run a patch scan on the systems once more, and then deploy missing patches.
Additional Information
More information about agentless deployment of service packs and patches can be found in Protect's online Help under "Agentless Patch Management Tasks".
This document is meant to provide the steps on how to perform an offline or 'manual' activation of the Protect application.
Description
If you are unable to activate Shavlik Protect over an internet connection for any reason, you have to option to choose the 'Manual Activation' function. Here is the full process on how to use the manual (or offline) activation function:
1. Select an activation mode (either Product or bundle license or Trial mode).
2. Paste or type your key into the Enter your activation key(s) box.
3. Select Manual activation.
4. Click Create request.
5. An XML file named LicenseInfo.xml is generated and saved to the desktop of your console computer. This file contains the information needed to make an offline activation request.
6. Move the XML file to a computer that has an Internet connection.
9. The web portal will process the license information and generate a license file.
10. Download the processed license file and move it to the console computer.
11. Within Shavlik Protect, select Help > Enter/refresh license key.
12. On the Shavlik Protect Activation dialog click Import manual license.
13. Go to the location of the processed license file and then click Open.
14. Shavlik Protect will process the file and the program will be activated.
If for some reason you are unable to activate using the offline activation portal mentioned above, please open a case with support and send your manual activation file in using the support portal: https://www.support.shavlik.com.
The patch can be applied to Shavlik Protect build 9.1.4334.0 and 9.1.4446.
Resolved Issues
• Updated content feed to allow for new format change for CVE.
• Resolved an issue where deployment email notifications were not being sent if send mail in hours was set to 0 and deployment fails on any system in the deployment.
• Resolved an issue ST.ServiceHost.exe.config is not overwritten on upgrade from previous version if the config file was modified manually resulting in ‘email service is currently unavailable’ error.
Do we have any option in shavlik where we can exclude any machine or a particular machine group to be excluded from any activity of patch deployment even if the system is a member of an another Machine group which is scheduled for deployment.
This document outlines how to use a Custom Action to remove the ProPatches folder. A Custom Actionmay include executing a specific command or invoking a custom batch file at specified time(s) during the deployment process. You can specify custom files and actions that occur during every deployment that uses the template, or only for those deployments that install a specific patch or service pack.
Configuration Setup
A Custom Action will only run if a deployment occurs. If there are no missing patches selected to deploy to a target machine, the Custom Action will NOT occur.
Create a New Scan Template; enter a Name for the Template, and Save it.
Alternatively - open an existing Scan Template you wish to modify.
Select CustomActions under the Patch Properties tab.
Save and close.
2. Create a new Deployment Template.
- Give it a Name
- Uncheck Send Tacker Status
3. Go to the Post-Deploy Reboot tab and choose "Never Reboot After Deployment".
4. Go to the Custom Action tab and click New.
- Step 1 - Leave default
- Step 3 - Change to 'After all Patches"
- Step 4 - Enter the following: rmdir /s /q %pathtofixes
- Click Ok
5. Save and close the Deployment Template.
6. Use the new Scan Template to scan all your machines
7. Use the new Deployment Template to deploy the QSK2745 MSST-001 patch. This patch is used for Custom Actions.
