Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Managed Software Delivery Detection Issues - Checkpoint Endpoint Security

Updated: 17 Aug 2011 | 5 comments
Steelerphan's picture
Steelerphan
0 0 Votes
Login to vote

I've been searching the forums and web for weeks on this issue.

 

We own a hard disk encrypiton software product :Checkpoint Endpoint Security Version 7.6.150.  I have a managed software delivery policy that installs it on all our laptop computers.  For about 90-95% of the 600 laptops we have, it deploys and works perfectly.  When tracking down the noncompliant clients I noticed that on the majority of them, the software is failing the detection check, downloading the package and trying to execute an install even though the software is already there.  I can't seem to figure out why the detection rules work on the majority of the computers but fail on others.

 

OS involed:

Win XP Pro

Win 7 Pro

Win7 Pro 32 bit

 

I'm currently using the detection rules imported with MSI software package.  It is using the MSI product code for detection.  Anyone run into anything similiar ?

Discussion Filed Under:
, ,

Comments

mclemson's picture
17
Aug
2011
0 Votes 0
Login to vote
mclemson
Trusted Advisor
Accredited

Check for MSI code

On the non-compliant computers, is the GUID present in the registry at HKLM\Software\MicrosoftWindows\CurrentVersion\Uninstall?  If your MSI GUID is 123-456-789, but you can't find this GUID within the registry in this area, then the detection is properly failing.

If it is, can you find the software within this area of the registry by searching for the keyword (e.g. Checkpoint)?  If so, what is the GUID?   You can either add this GUID to the detection rule, or you can determine that it's a different product for some reason -- 64-bit, auto-update, etc.  If that's the case, you may want to add it to a different software resource, such as one targeting 64-bit. 

Does this help at all?  Or is the GUID correct on "non-compliant" machines?

Mike Clemson, Senior Systems Engineer
Intuitive Technology Group -- Symantec Platinum Partner

Steelerphan's picture
17
Aug
2011
0 Votes 0
Login to vote
Steelerphan

Very good point, since these

Very good point, since these are laptop users I dont always have access to machines and I haven't delved into the registry to verify that.  I will check that out and let you know.  Thanks for the suggestions!

 

 

GO STEELERS!  :-p

mclemson's picture
17
Aug
2011
0 Votes 0
Login to vote
mclemson
Trusted Advisor
Accredited

P.S. Go Pittsburgh!

P.S. Go Pittsburgh!

Mike Clemson, Senior Systems Engineer
Intuitive Technology Group -- Symantec Platinum Partner

dlopes's picture
17
Aug
2011
0 Votes 0
Login to vote
dlopes
Accredited

By any change did you run the

By any change did you run the Repair Instalation Paths from the console?

It might have messed up the registry key used by the MSI product code, making it unaccessible therefore not detected...

Daniel Lopes de Oliveira
Endpoint Management Architect & Consultant
-----------------------------------------------
MCITP: EA

Steelerphan's picture
17
Aug
2011
0 Votes 0
Login to vote
Steelerphan

I didn't but I am not the

I didn't but I am not the only one who has worked on this project so I can't say for sure it wasn't done before time.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,018