Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Why does PGP 10.1.2 attempt auto-update?

Created: 09 May 2014 • Updated: 15 May 2014 | 13 comments
Mark Berry's picture
This issue has been solved. See solution.

I use PGP 10.1.2. under Windows 7 x64. While debugging another issue with a packet sniffer, I noticed that the machine is trying to contact a Symantec/PGP update server, which returns a 503 Service Temporarily Unavailable message. Here is the GET request:

http://143.127.2.49/update4?r=updates_file&ln=D4BGNGWPMYJ6Z2DUER7Z7Z6XMFYC&lang=en-US&ver=10.1.2&build=9

Here is how the response looks in a browser:

PGPUpdateResponse.png

Auto-update was supposedly removed from PGP 10, right? Why is it trying to update? Is there a registry key to turn this off?

Mark Berry

Operating Systems:

Comments 13 CommentsJump to latest comment

Alex_CST's picture

There should be the option inside Tools > Options > PGP Software Updates.  You can turn it off there.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Mark Berry's picture

There is no option there. From the Help file:

Checking for Updates

Note: The option to automatically check for updates is no longer available in PGP Desktop, starting with version 10.1. To check for an update or to install an update, you must manually download the file.

With the acquisition of PGP Corporation by Symantec Corporation, PGP operations is in the process of integrating with Symantec operations.

It seems they removed the option but didn't remove the actual update check. That's why I was asking about a registry key.

Alex_CST's picture

Is this a clean install or an upgrade from pgp 9.x?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Mark Berry's picture

Upgrade, probably from 9.x. See also my answer to Mike.

Mike Ankeny's picture

Mark,

What does it say under your PGP Stamp in the registry?  More info on locating it is here:

http://www.symantec.com/docs/TECH149315

If the PGP Stamp says anything other than Default PGP Stamp, it will think it is in a managed environment, and could potentially be looking to that server for updates to policy, as well as potential software updates.  Let me know what the value is, and we can go from there.

Was the installation upgraded from a previous version?  It could be possible that the upgrade process did not properly reset the stamp.

Mark Berry's picture

PGPSTAMP is "Default PGP Stamp".

Yes, I think this was an upgrade from 9 to 10.1.2, then 10.2, then (for reasons explained here) down to 10.1.2. I thought each upgrade did an uninstall first but can't recall for sure.

If this is not easily solvable, I'm not going to worry about it too much. The 503 error comes back very fast, and I assume it's not checking all that often, so I don' think it's bogging down my machine.

Alex_CST's picture

I think its the upgrade from 9 to 10 is the issue.  I would recommend blitzing the machine, getting rid of all instances of PGP within registry etc., and reinstalling.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Mark Berry's picture

Okay, did some more packet sniffing and process monitoring:

  • The update check comes from PGPtray.exe.
  • The check occurs every 15 minutes.
  • Before running the check, PGPtray.exe accesses two files in the path C:\Users\[UserName]\AppData\Roaming\PGP Corporation\PGP:  PGPpolicy.xml and PGPprefs.xml.
  • PGPprefs.xml contains the following key:

        <key>checkForUpdates</key>
        <integer>1</integer>

  • If I change that "1" to "0", the update checks stop. Restarting PGPtray.exe is not required.

What do you guys see in your PGPprefs.xml file in the checkForUpdates value?

SOLUTION
Mike Ankeny's picture

Good catch Mark, that is an area of the prefs that I don't often need to delve into from a support perspective.

Mine shows 1, which is expected being in a managed environment where I do get the latest updates to install.  As long as that change persists for you, it does look like it should fix the issue.  If it does not, you may try exiting PGP Services, renaming the two .xml files, and starting PGP Desktop again.  It should go through the user creation again, and generate new PGPpolicy.xml and PGPprefs.xml files.

Honestly, if changing the value to 0 works for you, the simplest solution is often the best.

Does that update server show up under the section of Keyservers?  Open that PGPprefs.xml file in wordpad and do a search for update01.pgp.com.  It is more out of curiousity than anything else, but if that server is listed, check the value of isConfigServer under the server.  Does it say <true></true>?

Mark Berry's picture

Mike,

I searched PGPprefs.xml for all instances of pgp.com and could only find keyserver.pgp.com. The string update01 doesn't occur at all. I even opened PGPtray.exe but if it's in there, it's not a text string. Ditto for the IP address. So I still don't know how it is determining the update server. Maybe it's concatenated in code?

Stopping and starting PGPtray.exe does modify PGPprefs.xml, but checkForUpdates remains 0.

Mark

Mike Ankeny's picture

Thanks for the confirmation and additional info.  I'm glad the change is persistent as well.

PGP_Ben's picture

The reason this was looking for updates is prior 10.2.0 we used to have an auto-update feature built into the PGP Desktop client. This has since changed and you get your updates from your Encryption Management Server or in the case of standalone client, you download product updates from the Symantec Fileconnect site:

https://fileconnect.symantec.com

Regards,

Ben

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Mark Berry's picture

Ben, according to the 10.1.2 Help file (see my post above), auto-update was removed starting at 10.1, not 10.2. And they did at least remove the option from the 10.1.2 UI, but it was trying to auto-update anyway.