Patch Management Solution

 View Only

{CWoC} PatchAutomation and ZeroDayPatch builds for 8.1 

Jul 10, 2017 07:02 AM

[END OF "SUPPORT" NOTICE]

Hello everyone, after close to 5 years maintaining various tools around Symantec Connect this legacy is turning to be more of a burden than anything else.

It's still is a great set of tool and they all have their use, but as such I'm not going to maintain them anymore.

The source code for this tool may still change over time, and can be found on Github: https://github.com/somewhatsomewhere?tab=repositories

[/END OF "SUPPORT" NOTICE]

ITMS 8.1 was release just a week ago, so it is time for the Patch Automation toolkit to receive it's new addition to the familly: Version 12, built for 8.1 :D.

Important note! 

The build available here works on 8.1, 8.1 RU1 and 8.1 RU2 (english OS).

For any problem please contact me via email or direct message.

Additional references:

All the existing documentation related (and updated) to both tool still apply (both document contain the 7.1 builds as well):

7.5 builds are also available as downloads:

7.6 releases are available on a blog entry:

8.0 releases are available on a blog entry:

Quick reference: ZeroDayPatch Command line help message

ZeroDayPatch (version 12) command line usage:

    /vulnerable
            Use this command line switch to install and run a custom stored
            procedure to retrieve candidate bulletins. The procedure will be
            installed is and named ZeroDayPatch_GetVulnerableMachines-0003.

    /targetguid=
            Use this option to set the target guid to be used with newly 
            created policies. This will over-write the default target defined
            globally.
			
            Note that you can specify more than 1 target guid. Just add more
            /targetguid= to you command line or config file. This
            is most useful if you are delegating computer targetting to other
            team (such as server , workstation administrators).

    /config=
        Reads the file at the provided path and parses each line for com-
        -mand line options. Here is a sample config file content:
            /severity=critical
            /custom-sp=CWoC_GetAllBulletins
            /vendor=google
            /dryrun
            /debug

    /test   
        Run the automate in test mode only. A maximum of 10 policies will
        be created in this mode.

    /dryrun 
        Run the automate in dry run mode. No changes will be made to the 
        system, but expected operation will be printed to the console.

    /severity=|*
        Set the severity used to select bulletins that will be handle by 
        the automate. The * wildcard can be use to match all severities.

    /patchall
        Use this command line if you want to manage bulletins from all
        vendors in the database. By default we only handle Microsoft bul-
        -letins.

    /released-before=
        Configure a date filter that will include bulletin released before
        the specified date. It is set by default to the current date.

    /released-after=
        Configure a date filter that will include bulletin released after
        the specified date. It is set by default to (current date -1 year).

    /custom-sp=
        This option allows the user to specify a custom stored procedure to
        be called during the execution. The stored procedure may be present
        on the database (if not the automate will return with no errors) and
        must contains the following columns that are used and needed:
            * _resourceguid [Software bulletin guid]
            * released [Software bulletin release date]
            * bulletin [Bulletin name]
            * severity [Bulletin Severity]
        You can also add a vendor column if you want to filter bulletins by
        vendor (see option /vendor)

    /vendor=|*
        Configure a vendor filter to only return bulletins that match the
        vendor string from a custom procedure. This is because the vendor
        field doesn't exist in default Patch Procedures used by this tool.

        If /vendor is specified with a custom-sp that doesn't contain the
        vendor field the setting will be ignored (all bulletins will be
        returned).

    /debug
        Output extra information on the command line to allow debugging or
        reporting problems to Symantec Connect.

    /duplicates
        Use this command if you want the tool to generate duplicate
        policies. This is useful if you want, for example, to migrate
        policies from a parent to a child SMP without disruption.

        Note! Duplicated and new entries will be added to the exclusion 
        table in the database for safety reasons.

    /exclude-on-fail
        Use this command to add bulletins to the excluded table if it fails
        3 times during the stagging or policy creation phases. If not uses
        the failing bulletin will only be skipped.

    /retarget
        Use this command if you want to switch existing policies to use a
        new target. The target guid should be provided with /targetguid=...

    /version
        Print out the current version of the tool.

    /?
        Print this help message to the console (stdout).


Statistics
0 Favorited
6 Views
3 Files
0 Shares
0 Downloads
Attachment(s)
zip file
PatchAutomation-8.1.zip   18 KB   1 version
Uploaded - Feb 25, 2020
zip file
PatchExclusion-8.1.zip   12 KB   1 version
Uploaded - Feb 25, 2020
zip file
ZeroDayPatch-8.1.zip   20 KB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Comments

Dec 27, 2018 12:24 AM

Thanks Alex, found them in GAC

Dec 24, 2018 03:24 AM

Which server are you looking for the files on?

Are you trying to build the tool for yourself?

Have you checked the GAC?

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\

Dec 23, 2018 11:55 PM

Hi,

 

I am not able to find these DLLs on my server. Any idea on what I am missing ?

Jul 11, 2018 02:59 AM

I encountered the same issue and I could fix it with making a slight change in Zerodaypatch.cs

The line which is causing the problem

wrap.CreateUpdatePolicy(name, bulletin.ToString(), config.Target_Guids, true);

My correction

wrap.CreateUpdatePolicy(name, bulletin.ToString(), config.Target_Guids[0], true);

Sep 15, 2017 04:53 AM

Hi there sir Ferre

Thank you for this wonderful tool,

I've noticed that this automation process will create a single policy for each bulletin match.

Are there any switch we can use to automate the moving of the policies into a specific folder within the policy groups ?

or a switch where all the matches will be stored in a single policy ?

or a switch to assigning the (folder) GUID to where the newly created policies will be stored at ?

and is there a switch to stop the auto enabling of the policies ?

Rgrds

Euls

Sep 13, 2017 03:04 PM

Hi, Friend

I can not tell you the test results because I do not know your email.

My email is jhkim@kbscom.co.kr. Please send me an e-mail.

Running it with the '/ test' switch is fine.

However, if you run it with the '/ targetguid =' switch, no policy will be created.

 

Aug 31, 2017 04:47 AM

Hi there,

I have tested the uploaded file (ZeroDayPatch-8.1.exe) in a test environment with RU2 and it works fine.

The same is was also true for RU1.

Could there be something specific in your environment?

For your information, here is the command line for the build process:

cmd /c @c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.SoftwareManagement\v4.0_8.1.4508.0__d516cb311cfb6e4f\Altiris.SoftwareManagement.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.InventoryRuleManagement\v4.0_8.1.4502.0__d516cb311cfb6e4f\Altiris.InventoryRuleManagement.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.Common\v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.Common.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.NS\v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.NS.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.Resource\v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.Resource.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.Database\v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.Database.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.NS.StandardItems\v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.NS.StandardItems.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.TaskManagement\v4.0_8.1.4511.0__99b1e4cc0d03f223\Altiris.TaskManagement.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.PatchManagementCore\v4.0_8.1.4538.0__d516cb311cfb6e4f\Altiris.PatchManagementCore.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.TaskManagement.Common\v4.0_8.1.4511.0__99b1e4cc0d03f223\Altiris.TaskManagement.Common.dll /reference:C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Altiris.DotNetLib\v4.0_8.1.4511.0__99b1e4cc0d03f223\Altiris.DotNetLib.dll /out:ZeroDayPatch-8.1.exe ZeroDayPatch.cs Constant.cs APIWrapper.cs CLIConfig.cs CLIInit.cs 

As you can see it has references to the dependent assemblies. Here's a better view of the command line broken in interesting chunks (and removing file path where data is not usefull):

  • cmd /c @c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  • /reference:v4.0_8.1.4508.0__d516cb311cfb6e4f\Altiris.SoftwareManagement.dll
  • /reference:v4.0_8.1.4502.0__d516cb311cfb6e4f\Altiris.InventoryRuleManagement.dll
  • /reference:v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.Common.dll
  • /reference:v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.NS.dll
  • /reference:v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.Resource.dll
  • /reference:v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.Database.dll
  • /reference:v4.0_8.1.4528.0__d516cb311cfb6e4f\Altiris.NS.StandardItems.dll
  • /reference:v4.0_8.1.4511.0__99b1e4cc0d03f223\Altiris.TaskManagement.dll
  • /reference:v4.0_8.1.4538.0__d516cb311cfb6e4f\Altiris.PatchManagementCore.dll
  • /reference:v4.0_8.1.4511.0__99b1e4cc0d03f223\Altiris.TaskManagement.Common.dll
  • /reference:v4.0_8.1.4511.0__99b1e4cc0d03f223\Altiris.DotNetLib.dll
  • /out:ZeroDayPatch-8.1.exe
  • ZeroDayPatch.cs Constant.cs APIWrapper.cs CLIConfig.cs CLIInit.cs

Note that the file versions in bold should all be the 8.1 gold release, not RU1 or RU2.

This build process leverages assembly redirection that comes with each new release or update - which are redirecting the DLL from the one pointed in the executable to the latest version installed.

Aug 01, 2017 05:08 AM

I have the same problem.

Not available after version upgrade

Patch Management Solution 8.1 Version 8.1.4528

Please check it

Thank you

Jul 25, 2017 09:44 PM

Hi Ludovic,

 

I tested with /debug.

I get same result.

Jul 13, 2017 03:46 AM

Hi Dany_Kim,

Can you run the tool with /debug on?

And post the output here :D.

Thanks in advance,

Ludovic

 

Jul 12, 2017 10:23 AM

Failed to create policy.

Patch Management Solution 8.1 RU1, Version 8.1.5101.0

 

Processing bulletin MSNS17-07-3213574 (b8d6dbf3-9a75-413a-ab0a-b34bfb2fca2a) now.
This bulletin is already staged.
Checking if we need to create a new policy now.
... create a policy for the bulletin now.
'System.Collections.Generic.List`1[System.Guid]' 형식 개체를 'Altiris.Common.GuidCollection' 형식으로 캐스팅할 수 없습니다.
위치: Symantec.CWoC.APIWrappers.PatchAPI.CreateUpdatePolicy(String name, String bulletinGuids, List`1 targetGuids, Boolean enabled)
위치: Symantec.CWoC.ZeroDayPatch.RunAutomation(GuidCollection bulletins)
Failed to create policy for bulletin MSNS17-07-3213574 1 time(s)...
'System.Collections.Generic.List`1[System.Guid]' 형식 개체를 'Altiris.Common.GuidCollection' 형식으로 캐스팅할 수 없습니다.
위치: Symantec.CWoC.APIWrappers.PatchAPI.CreateUpdatePolicy(String name, String bulletinGuids, List`1 targetGuids, Boolean enabled)
위치: Symantec.CWoC.ZeroDayPatch.RunAutomation(GuidCollection bulletins)
Failed to create policy for bulletin MSNS17-07-3213574 2 time(s)...
'System.Collections.Generic.List`1[System.Guid]' 형식 개체를 'Altiris.Common.GuidCollection' 형식으로 캐스팅할 수 없습니다.
위치: Symantec.CWoC.APIWrappers.PatchAPI.CreateUpdatePolicy(String name, String bulletinGuids, List`1 targetGuids, Boolean enabled)
위치: Symantec.CWoC.ZeroDayPatch.RunAutomation(GuidCollection bulletins)
Failed to create policy for bulletin MSNS17-07-3213574 3 time(s)...
Failed to create policy for bulletin MSNS17-07-3213574 3 times - skipping the bulletin now.
 

Need for your help~

Related Entries and Links

No Related Resource entered.