Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

5.2.x Duplicate Sensor Install Records in Add/Remove Programs

5.2.x Duplicate Sensor Install Records in Add/Remove Programs

Version

Cb Response 5.2.x Windows Sensor

Issue

The GPO uninstall/upgrade issues center around installing via .exe and then upgrading via .msi or vice versa. If you try to do this using the 5.2.x version of the windows sensor, it's possible that the upgrade will fail and/or you will end up with duplicate or "orphaned" entries in the Add/Remove Programs dialog. These extra entries shouldn't be anything more than an annoyance. You can follow the below steps for removing the duplicates

Cause

This is caused by a limitation in the Microsoft installer version fields. One of the fields that we were using to hold the build date such as '170223' was actually limited to a maximum value of  around 65,000. Due to this, the internal logic of the installer couldn't tell a newer release had a higher version number than an older version, so would bail out of the install/upgrade.

Solution

Workaround

These will delete the duplicate entry created by the MSI installer:

32-bit systems:

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2ADD03FC-5CBA-4BF7-A20B-5CD5B2EA3F4A}

64-bit systems:

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2ADD03FC-5CBA-4BF7-A20B-5CD5B2EA3F4A}

Solution

This issue has been addressed in the 5.3.1 sensor release: Cb Response 5.2/5.3 Documentation and Solution Repository

Note: The 5.3.x release is just a patch release labeled as a new minor release so that the MSI installer works properly

This issue is not present in the 6.x release: Cb Response 6.1 Documentation and Solution Repository

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-31-2017
Views:
1041
Contributors