Endpoint Encryption

 View Only
Expand all | Collapse all

Why does PGP 10.1.2 attempt auto-update?

  • 1.  Why does PGP 10.1.2 attempt auto-update?

    Posted May 09, 2014 02:30 PM

    I use PGP 10.1.2. under Windows 7 x64. While debugging another issue with a packet sniffer, I noticed that the machine is trying to contact a Symantec/PGP update server, which returns a 503 Service Temporarily Unavailable message. Here is the GET request:

    http://143.127.2.49/update4?r=updates_file&ln=D4BGNGWPMYJ6Z2DUER7Z7Z6XMFYC&lang=en-US&ver=10.1.2&build=9

    Here is how the response looks in a browser:

    PGPUpdateResponse.png

    Auto-update was supposedly removed from PGP 10, right? Why is it trying to update? Is there a registry key to turn this off?

    Mark Berry



  • 2.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 13, 2014 11:24 AM

    There should be the option inside Tools > Options > PGP Software Updates.  You can turn it off there.



  • 3.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 13, 2014 02:56 PM

    There is no option there. From the Help file:

    Checking for Updates

    Note: The option to automatically check for updates is no longer available in PGP Desktop, starting with version 10.1. To check for an update or to install an update, you must manually download the file.

    With the acquisition of PGP Corporation by Symantec Corporation, PGP operations is in the process of integrating with Symantec operations.

    It seems they removed the option but didn't remove the actual update check. That's why I was asking about a registry key.



  • 4.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 13, 2014 05:06 PM

    Mark,

    What does it say under your PGP Stamp in the registry?  More info on locating it is here:

    http://www.symantec.com/docs/TECH149315

    If the PGP Stamp says anything other than Default PGP Stamp, it will think it is in a managed environment, and could potentially be looking to that server for updates to policy, as well as potential software updates.  Let me know what the value is, and we can go from there.

    Was the installation upgraded from a previous version?  It could be possible that the upgrade process did not properly reset the stamp.



  • 5.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 14, 2014 03:46 AM

    Is this a clean install or an upgrade from pgp 9.x?



  • 6.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 14, 2014 12:29 PM

    PGPSTAMP is "Default PGP Stamp".

    Yes, I think this was an upgrade from 9 to 10.1.2, then 10.2, then (for reasons explained here) down to 10.1.2. I thought each upgrade did an uninstall first but can't recall for sure.

    If this is not easily solvable, I'm not going to worry about it too much. The 503 error comes back very fast, and I assume it's not checking all that often, so I don' think it's bogging down my machine.



  • 7.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 14, 2014 12:32 PM

    Upgrade, probably from 9.x. See also my answer to Mike.



  • 8.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 15, 2014 06:15 AM

    I think its the upgrade from 9 to 10 is the issue.  I would recommend blitzing the machine, getting rid of all instances of PGP within registry etc., and reinstalling.



  • 9.  RE: Why does PGP 10.1.2 attempt auto-update?
    Best Answer

    Posted May 15, 2014 01:59 PM

    Okay, did some more packet sniffing and process monitoring:

    • The update check comes from PGPtray.exe.
    • The check occurs every 15 minutes.
    • Before running the check, PGPtray.exe accesses two files in the path C:\Users\[UserName]\AppData\Roaming\PGP Corporation\PGP:  PGPpolicy.xml and PGPprefs.xml.
    • PGPprefs.xml contains the following key:

          <key>checkForUpdates</key>
          <integer>1</integer>

    • If I change that "1" to "0", the update checks stop. Restarting PGPtray.exe is not required.

    What do you guys see in your PGPprefs.xml file in the checkForUpdates value?



  • 10.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 15, 2014 02:31 PM

    Good catch Mark, that is an area of the prefs that I don't often need to delve into from a support perspective.

    Mine shows 1, which is expected being in a managed environment where I do get the latest updates to install.  As long as that change persists for you, it does look like it should fix the issue.  If it does not, you may try exiting PGP Services, renaming the two .xml files, and starting PGP Desktop again.  It should go through the user creation again, and generate new PGPpolicy.xml and PGPprefs.xml files.

    Honestly, if changing the value to 0 works for you, the simplest solution is often the best.

    Does that update server show up under the section of Keyservers?  Open that PGPprefs.xml file in wordpad and do a search for update01.pgp.com.  It is more out of curiousity than anything else, but if that server is listed, check the value of isConfigServer under the server.  Does it say <true></true>?



  • 11.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 15, 2014 03:37 PM

    Mike,

    I searched PGPprefs.xml for all instances of pgp.com and could only find keyserver.pgp.com. The string update01 doesn't occur at all. I even opened PGPtray.exe but if it's in there, it's not a text string. Ditto for the IP address. So I still don't know how it is determining the update server. Maybe it's concatenated in code?

    Stopping and starting PGPtray.exe does modify PGPprefs.xml, but checkForUpdates remains 0.

    Mark



  • 12.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 15, 2014 05:36 PM

    Thanks for the confirmation and additional info.  I'm glad the change is persistent as well.



  • 13.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 16, 2014 07:40 PM

    The reason this was looking for updates is prior 10.2.0 we used to have an auto-update feature built into the PGP Desktop client. This has since changed and you get your updates from your Encryption Management Server or in the case of standalone client, you download product updates from the Symantec Fileconnect site:

    https://fileconnect.symantec.com

    Regards,

    Ben



  • 14.  RE: Why does PGP 10.1.2 attempt auto-update?

    Posted May 16, 2014 08:34 PM

    Ben, according to the 10.1.2 Help file (see my post above), auto-update was removed starting at 10.1, not 10.2. And they did at least remove the option from the 10.1.2 UI, but it was trying to auto-update anyway.