Radia - General Discussions

 
 
James Longo
ZERO hour Security Patching with Radia Patch Manager

I recently wrote a short article on LinkedIn and thought I would share it with the Radia community on this forum who may not be a part of the LinkedIn groups.

 

At Evergreen Systems we take security patching to the next level by developing custom Radia bulletins for our customers on demand.

With ZERO hour security patching you can have a Radia Patch Management solution in place within an hour of a critical security patch release.

Our custom bulletins don't require an updated wsusscn2.cab file. This is a huge advantage over the standard acquisition and deployment process since there is no need to run a 2 hour acquisition, and deployment of the 200MB+ wsusscn2.cab file before the enterprise can even start patching the enterprise. In some environments, it literally takes days to roll out the updated wsusscn2.cab file each month before patching can begin leaving the enterprise vulnerable for several days.

With ZERO hour patching from Evergreen Systems you can start patching the environment using Radia Patch Manager within hours of the critical security patch release.

For more information about our support offerings send an email to support@evergreensys.com

 

0 1
James Longo
July wsusscn2.cab file not yet available

The June wsusscn2.cab file is still being acquired in the lab. just thought I would update the Radia group with the information. Anyone interested in a wsusscn2.cab free environment can send me an email for more information on our support offerings. 

3 0
Administrator
Tell me what you want .... what you really really want

Most Radia users are either using or aware of Sentient, an Accelerite developed software that provides real-time telemetry, security and remediation for all devices and a product that fully complements Radia. For those users that are still in the dark on Sentient here is a link to useful information, videos, white papers etc.

https://accelerite.com/products/sentient/  

Accelerite is constantly looking to improve its products and we wanted to poll the Radia & Sentient users to ask “What are the big problems you face from an endpoint management perspective?”. Perhaps resolutions are partially available in Radia or Sentient or just a problem you cannot find a solution to.

Anything goes here; provide your top problems, vote or comment on other’s suggestions, open up a new thread and start a side conversation. Our product managers will moderate the discussion along with the Accelerite support team, hopefully some of your pain points will be resolved through discussion and others we can look to resolve through the product roadmap.

1 0
Paweł Korpisz
ZSTOP000 mass update

Hi All,

In our environment we using for every package attribute ZSTOP000 with value WORDPOS(EDMGETV(ZMASTER,ZOS),'WIN7')=0 (to install apps only for windows 7).

Customer want to migrate own systems to Windows 10.

Is there any tool or script which I can user to update that ZSTOP000 attribute for all our applications? We have over 700 apps which needs to be modified.

5 0
Paweł Korpisz
Migrate Radia agents to new environment

Hi,

We have plan to migrate about 5,000 computer to new Radia environment.

All applications will be the same in both environment. Is there some way to read which application are installed on computers and get installation date and status?

Database will be new

3 0
Yvette Arcand
Ability to set HPCA Agent reboot defer option to 4 hours?

 Can the HPCA Agent reboot defer dialog be managed more granularly? For example you can set to 1 day (which gives 8 hour option) but we would like the longest defer time to be 4 hours or less.

0 0
James Longo
Radia Extended OS support, Microsoft released WinXP/Win8/Win2k3 “WannaCrypt” security patch

As many of you are already aware, a major cyber-attack was launched recently that targeted a vulnerability in the SMB server. MS17-010 patched this hole for supported OS’s in March but left unsupported OS’s at risk so Microsoft released patches for the unsupported OS’s. Anyone who is managing WinXP, Win8, or Win2K3 and would like to patch this OS's via Patch Manager can send me an email james.longo@evergreensys.com.

 

See links below for more details about the security patch.


https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

7 0
John Edmondson
The May 2017 wsusscn2.cab file was updated twice in the last day.

FYI - the cab file was updated yesterday (signed at 2:55 am yesterday May 9) and it was just updated again. (signed at 2:25 am today May 10)  I am guessing its got something to do with KB4019472 which we didn't acquire yesterday when we asked for it, I am running an acquisition again.

1 0
Shaun Dawkins
Prompt for pc name at beginning of OSM process

We feel it would be beneficial in our environment to allow our desktop technicians the ability to type in a machine name before the OSM image process starts. Most of the time they start imaging new machines using USB flash drives that connect back to the OSM server. Right now it pulls the serial number automatically. We have a lot of things that happen after the image process takes place and it would work much better for us if our techs had an option to fully name the workstations before it all begins.  Has anyone else been able to accomplish this in their environment? Maybe this ability already exists and we just don't know about it..?

Thank you

8 0
James Longo
April wsusscn2.cab file corruption

I am getting a wsusscn2.cab file corruption error in my lab (9.2, 9.1) when running an acquisition for the April security patches. Anyone else getting this error?

ERROR: Cabinet file wsusscn2.cab is corrupted

 

On a side note:

Microsoft released the April Security bulletins via the new Security Update website. I have not detected an updated via the legacy Security Bulletin website yet and the Security bulletin website is re-directing to the new Security Update website. If the legacy bulletin naming convention has been dropped than you may no longer acquire bulletins in the following format. MS17-XXX

 

Security Update website:

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

7 0
Tony Rodal
Console timeout

Hi, where can I change the Radia console timeout to 60 minutes in Radia 10? Thanks

2 0
Asalman
Creating a custom Agent Package

Hello all,

 

This is Ahmad Salman.

 

I want to ask if we can create a custom agent with all needed policy (Audit, Usage, Security, Software, etc.) so we can deploy it at once instead of doing this after agent installation.

 

This will save time and effort especially for large environment.

 

Thank you

Ahmad Salman

1 0
Jeroen Peereboom
AUDIT multiple files to multiple virtual manager locations: reg key PendingFileRenameOperations deletes folder

I audit a folder for zip files (like C:\folder\*.zip). As I have to deliver the files at two virtual manager locations, I have 2 audit packages, each with its own location. ACTION is 'YYYYYYN' and 'YYYYYNN'

The zip files are created daily and removed by one of the audit packages.  A TIMER (Schedule) runs daily too.

Because of a migration project, I have to deliver the file(s) at a third location. So I copied 1 package. Now 2 packages delete the audited file.

However, now I find that one of the deletes fails and Radia is populating a registrykey 'PendingFileRenameOperations" with the filename. The client's connect.log shows lines like ' cannot find file'. If radia cannot find the file, why add it to the registry key for deletion after reboot?  Even worse, the folder itself appears in this registry key. After reboot the folder is deleted when the folder was empty.

Why is this?

 

JP.

3 0
James Longo
Anyone download the March wsusscn2.cab file ?

So far the only one coming down is dated 2.19.17.

20 0
Prasad Balasubramanian
Apache 2.2.x EOL & Radia hot fixes to upgrade to Apache 2.4

Apache foundation made an announcement in July 2016 that Apache webserver 2.2.x will have EOR (End Of Release) in June 2017 and EOL (End Of Life) in December 2017. Apache 2.2.x served our customers for the last 10 years right from 2005. Apache team foresees very minimum maintenance patches to be released between EOR and EOL and has asked all the users to move to version 2.4 as early as possible. 2.2.x will not receive any security updates from December 2017 onwards. You can learn more about this announcement here:

https://www.apachehaus.com/forum/index.php?topic=1365.0

The Radia product will ensure that customers are safe with this transition. We’ll provide hotfixes for the following supported Radia versions so that there is enough time to conveniently move from Apache 2.2.x to 2.4:

  • Radia 8.1
  • Radia 9.0
  • Radia 9.1
  • Radia 9.2
  • Radia 10.0

The schedule for each of these hot fixes will be announced later, but all of them will be available by May 2017. Please let us know if you have any questions or comments. Please let us know if you have any questions or comments.

0 0
James Longo
Patch Tuesday - cancelled this month due to unknown problems

I just received this information from one of our clients.  It appears that Microsoft will not release any patches this month due to unknown problems with some/all of the patches. Please see below for more information.  

 

https://blogs.technet.microsoft.com/msrc/

 

Month: February 2017

February 2017 security update release

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates….

2 0
John Edmondson
Radia 9.2 - Real-time Bandwidth Management

Is anyone making use of the RTBWMGMT setting in COP?  I am looking for any experience using this.  Previous iterations of bandwidth throttling in Radia were not very successful but it was indicated that this one works better.  We did some testing and confirmed that it will in fact work effectively in our lab, we created some very slow connections and observed successful throttling.

Is anyone using this? and if so, what settings did you find effective. (default out of box is 40% with 15 second polling interval)

 

1 0
James Longo
Follow up: Custom Office patching via Radia brought up at the forums.

 The custom Office bulletins mentioned at the forums are non-Security Office updates that are NOT available via Radia. While some Office updates are available most are not and require custom bulletins. Before creating custom bulletins we first search Accelerite's non-Security webpage to make sure the bulletins are not available for acquisition by default.

 

 Over the past several years the custom bulletin portfolio between Dignity Health and Evergreen Systems has grown to around 300 custom Radia bulletins and continues to grow monthly. Using custom bulletins greatly increases ROI by expanding the content that can be managed by Radia Patch Manager, utilization of the built in compliance reports, and decreasing the amount of time it takes to package content.

 

 Some of our custom bulletins can be acquired by Radia by default (FLASH PLAYER, ADOBE READER, JRE, etc.), but may be prohibitive.and require some tailoring to meet the needs of individual clients.

 

 Our goal at Evergreen Systems is to make Radia the best third party patching tool on the market and in support of that goal we offer unlimited custom bulletin support to all our support customers. 

 

See below for partial list of the custom bulletin portfolio.

 

 As an example, KB3085607 is a junk email update and not available via Radia non-security bulletins or MUC bulletins.

https://support.microsoft.com/en-us/help/3085607/october-13,-2015,-update-for-outlook-2010-junk-email-filter-kb3085607

 

 Accelerite supported Bulletins

http://patchcontent.accelerite.com/Radia/patch_management/data/info/bulletins/muc_bulletins.html

 http://patchcontent.accelerite.com/Radia/patch_management/data/info/bulletins/non_security_bulletins.html

 

* CUSTOM BULLETIN PORTFOLIO (Includes partial Office (OFC) list as a reference). Not all custom bulletins are listed.

 

7-ZIP

926     7-ZIP-920.xml
228     7-ZIP-1603.xml

Adobe Products

280     ADOBE-ACROBAT-10113.xml
270     ADOBE-ACROBAT-11012.xml
285     ADOBE-ACROBAT-11015.xml

570     ADOBE-FLASH-17-169.xml
781     ADOBE-FLASH-17-188.xml
781     ADOBE-FLASH-18-160.xml
775     ADOBE-FLASH-18-194.xml
781     ADOBE-FLASH-18-203.xml
459     ADOBE-FLASH-18-209.xml
103     ADOBE-FLASH-18-232.xml
282     ADOBE-FLASH-19-185.xml
281     ADOBE-FLASH-19-226.xml
315     ADOBE-FLASH-19-245.xml
315     ADOBE-FLASH-20-228.xml
315     ADOBE-FLASH-20-267.xml
315     ADOBE-FLASH-20-286.xml
090     ADOBE-FLASH-20-306.xml
090     ADOBE-FLASH-21-182.xml
090     ADOBE-FLASH-21-197.xml
298     ADOBE-FLASH-21-213.xml
298     ADOBE-FLASH-21-242.xml
340     ADOBE-FLASH-22-210.xml
829     ADOBE-FLASH-23-162.xml
433     ADOBE-FLASH-23-207.xml
837     ADOBE-FLASH-24-194.xml

275     ADOBE-READER-10113.xml
199     ADOBE-READER-10114.xml
425     ADOBE-READER-10115.xml
420     ADOBE-READER-11012.xml
117     ADOBE-READER-11013-MUI.xml
064     ADOBE-READER-11013.xml
117     ADOBE-READER-11014-MUI.xml
064     ADOBE-READER-11014.xml
120     ADOBE-READER-11015.xml
064     ADOBE-READER-11016.xml
319     ADOBE-READER-11017-MUI.xml
290     ADOBE-READER-11017.xml
375     ADOBE-READER-11018.xml
831     ADOBE-READER-11018_MUI.xml
413     ADOBE-READER-11019.xml
167     ADOBE-READER-11019_MUI.xml

213     ADOBE-SHOCKWAVE-1218158.xml
932     ADOBE-SHOCKWAVE-1218159.xml
797     ADOBE-SHOCKWAVE-1220162.xml

Apple Itunes

471     APPLE-IT-AAS-12-1-3.xml
477     APPLE-IT-AAS-12-4-3.xml
376     APPLE-IT-AAS-12-5-5.xml
485     APPLE-IT-MDS-12-1-3.xml
499     APPLE-IT-MDS-12-4-3.xml
679     APPLE-IT-MDS-12-5-5.xml
355     APPLE-ITUNES-12-1-3.xml
366     APPLE-ITUNES-12-4-3.xml
316     APPLE-ITUNES-12-5-5.xml

Chrome

322     CHROME-43.xml
219     CHROME-44.xml
091     CHROME-47.xml
331     CHROME-48.xml
341     CHROME-49.xml
336     CHROME-50.xml
473     CHROME-52.xml
984     CHROME-53.xml
915     CHROME-54.xml
195     CHROME-55.xml

Custom in-house developed VBscript compiled to executable to create/enforce registry value.

485     DH-KB3123303.xml

FierFox

316     FIREFOX-39-3.xml
293     FIREFOX-39.xml
996     FIREFOX-40-2.xml
305     FIREFOX-40.xml
448     FIREFOX-45-2.xml

FileZilla

523     FZILLA-37.xml
881     FZILLA-38.xml

Java Runtime Environment

447     JRE-1-6.xml
913     JRE-1-7-79-x64.xml
421     JRE-1-7-79.xml
876     JRE-1-7-80-x64.xml
401     JRE-1-7-80.xml
667     JRE-1-7.xml
534     JRE-1-8-101-X86.xml
534     JRE-1-8-102-X86.xml
466     JRE-1-8-45-X86.xml
460     JRE-1-8-45.xml
374     JRE-1-8-60-X86.xml
484     JRE-1-8-66-X86.xml
530     JRE-1-8-71-X86.xml
528     JRE-1-8-73-X86.xml
528     JRE-1-8-77-X86.xml
464     JRE-1-8_40.xml

Security/Non-Security individual custom KB's

366     MS-KB2443685.xml
934     MS-KB2506014.xml
518     MS-KB2533552.xml
480     MS-KB2670838.xml
590     MS-KB2786081.xml
481     MS-KB2834140.xml
652     MS-KB2836943.xml
652     MS-KB2861855.xml
451     MS-KB2863058.xml
731     MS-KB2901907.xml
262     MS-KB2979597.xml
673     MS-KB3020369.xml
187     MS-KB3045999.xml
491     MS-KB3133977.xml
490     MS-KB3137061.xml
532     MS-KB3138378.xml
464     MS-KB3138901.xml
509     MS-KB3139923.xml
555     MS-KB3140245.xml
519     MS-KB3147071.xml
436     MS-KB3148851.xml
483     MS-KB3156417.xml
951     MS-KB3161102.xml
450     MS-KB3161608.xml
454     MS-KB3162835.xml
460     MS-KB3170735.xml
648     MS-KB3172605.xml
573     MS-KB3177723.xml
819     MS-KB3179573.xml
462     MS-KB3151800.xml
573     MS-KB3197868.xml
891     MS-KB3205394.xml
188     MS-KB3207752.xml
237     MS-KB3212646.xml   
321     MS-KB967885.xml
366     MS-KB976902.xml
820     MS-KB982861.xml
467     MS-VC6003790-X86.xml


Notepad++

619     NOTEPAD-PP-6-9-1.xml


** Microsoft Office Bulletins / *Partial list

263     OFC-KB2553140.xml
290     OFC-KB2553308.xml
280     OFC-KB2553347.xml
167     OFC-KB2589386.xml
290     OFC-KB258982.xml
262     OFC-KB2687275.xml
286     OFC-KB2817369.xml
384     OFC-KB2850061.xml
311     OFC-KB2881026.xml
285     OFC-KB2883019.xml
284     OFC-KB2956084.xml
271     OFC-KB2956187.xml
859     OFC-KB2965206.xml
275     OFC-KB2965297.xml
271     OFC-KB2965300.xml
274     OFC-KB2965301.xml
318     OFC-KB3039701.xml
296     OFC-KB3054964.xml
278     OFC-KB3054976.xml
051     OFC-KB3055042.xml
296     OFC-KB3085607.xml
275     OFC-KB3114570.xml

Opera

191     OPERA-40.xml

Skype

432     SKYPE-7-28-101.xml

UltraVNC

645     ULTRA-VNC-1-0-90.xml

VLC Media Player

330     VLC-2-2-3.xml

WinZIP

273     WINZIP-20-5-121.xml

WireShark

537     WIRESHARK-2-2-0.xml

Custom Uninstall Bulletins to remove problematic software

567     UNINSTALL-32.xml
814     UNINSTALL-64.xml


Windows OS Extended Security Bulletins (XP/2003)

401     MS14-027-XP.xml
179     MS14-029-XP.xml
557     MS14-033-XP.xml
137     MS14-035-XP.xml
041     MS14-036-XP.xml
405     MS14-036-XP_503.xml
403     MS14-036-XP_509.xml
959     MS14-037-XP.xml
387     MS14-038-XP.xml
415     MS14-040-XP.xml
941     MS14-051-XP.xml
941     MS14-056-XP.xml
476     MS14-058-XP.xml
615     MS14-062-XP.xml
492     MS14-063-XP.xml
461     MS14-064-XP.xml
105     MS14-065-XP.xml
456     MS14-066-XP.xml
472     MS14-067-XP.xml
464     MS14-070-XP.xml
105     MS14-080-XP.xml
547     MS14-084-XP-57.xml
491     MS14-084-XP-58.xml
318     MS14-084-XP.xml
488     MS14-085-XP.xml
115     MS14-129-XP.xml
482     MS15-002-XP.xml
486     MS15-003-XP.xml
491     MS15-008-XP.xml
043     MS15-009-XP.xml
491     MS15-010-XP.xml
240     MS15-011-CU.xml
470     MS15-014-XP.xml
488     MS15-016-XP.xml
043     MS15-018-XP.xml
484     MS15-019-XP.xml
429     MS15-020-XP.xml
470     MS15-021-XP.xml
478     MS15-023-XP.xml
474     MS15-024-XP.xml
476     MS15-025-XP.xml
468     MS15-031-XP.xml
057     MS15-032-XP.xml
483     MS15-035-XP.xml
494     MS15-039-XP.xml
477     MS15-043-XP.xml
736     MS15-044-XP.xml
743     MS15-051-XP.xml
485     MS15-055-XP.xml
477     MS15-056-XP.xml
036     MS15-057-XP.xml
505     MS15-061-XP.xml
439     MS15-078-XP.xml
417     MS15-079-XP.xml
437     MS15-083-XP.xml
648     MS15-084-XP.xml
406     MS15-093-XP.xml

 

 

0 0
Accelerite User Summit
Questions and comments from the Windows 10 Discussion at Accelerite User Summit 2017

The Windows 10 session at the Accelerite User Summit sparked a lot of questions. We've put a brief summary of the questions and answers from the session. We'd love to get some feedback on this topic from the wider Radia user team:

1. Will there be any change in the policy entitlements with the new MSFT patching?

No, the entitlement process remains the same

2. Upgrading Radia 9.x to 10.x is painful, are there any improvements done in migration process.Acc?

We are working to remove the pain points after 10.cp1, the current approach is once the customer is on Radia 10. The upgrades will be done as updates to the environment.

3. Custom xml process - Is acclerite still going to support office patches and non-security patches or do they need to request as an on need basis?

A we are in the streamlining the process to reduce time iand providing the custom xmls faster.

4. Roll back option for patches  specially for cumulative patches?

Currently we cant rollback individual patches in a cumulative patch. And Accelerite will work it as an enhancement.

5. is there an auto entitlement after acquiring pactches as there are 100s of patches and is time consuming to entitle them.

Will work as an enhancement.

6. Supercedence - During acquisition when we mark the supercedence option it should delete the superceded patches after the timelimit expires?

Accelerite will work this as an enhancement.

 

 

0 0
Vicki Foster
Tier 2 softlock after sync

What would cause Tier 2 servers to sometimes stay soft-locked after there daily sync?

Looking for some points to start investigating.

dmabatch action=unlock usually has to be ran each day on those affected.

Any ideas?

Version 8.1

1 0
John Edmondson
COBServer Reports

Hi, Does anyone know what  the COBServer Reports  reporting view is all about? 

Radia 9.2 has this under in Reporting server , Reporting Views, Infrastructure Management Reports?

0 0
Tony Rodal
Export policy and assigning edm policy in powershell

Hi, I'm fairly new to PowerShell but I was wondering if anyone has had success exporting the software policy and then being able to assign a package to an AD group? Thanks for any help in advance.

2 0
James Longo
Deploying MS-KB3192391 security patch based on KBnumber instead of Bulletin

Anyone else deploying the latest security-only patch MS-KB3192391 via a custom bulletin?

0 0
Libor Janda
Tightening SSL

Hello all,

does anyone experience with tweaking SSL? I need to turn SSL v3 off on RCS in Radia 8.1. Documented is only configuring cipher set in EDMPROF.

Any idea?

Libor

1 0
John Edmondson
Set software service to leave compressed resources in place after installation

What Service\Package setting controls whether the client deletes the compressed resources after the package installation is completed. (not the AIP, I mean the LIB\DATA resources).  I thought it was possible to configure these to remain in place but I can't seem to find the setting.  (we have 9.2 if it makes a diff)

1 0
William.McGinnity
test

test

0 0
James Longo
test

test

1 0
Douglas Davis
RCA Agent Deployment

 

In 7.8, when deploying the client agent from the Portal we had the capability to select a Profile (Agent Media install) and to select an Initialization file  (install.ini).

 

I'm looking in 10.0 and I dont see the same funcitonality with deploying an Agent.

 

 Is there something that I can enable in 10.0 to give me the drop down for selecting different install.ini when deploying from the Portal.

 

 

 5

 

1 0
James Longo
Radia Patch Manager extended third party patching is not impacted by Microsoft's new cumulative patching roll-ups

 A quick reminder that our custom Radia Patch Management solutions are not impacted by Microsoft's decision to limit OS patching to roll-ups instead of individual bulletins/kb's.  As long as the modules are available for manual download we can develop a custom Radia Patch Management solution based on individual requirements, including any individual kb's/patches released by Microsoft in the future.

1 0
James Longo
The September wsusscn2.cab file has finally been released by Microsoft

I was able to acquire the latest wsusscn2.cab file around 5am this morning.

 

5 0

Top Contributors