Notification

Icon
Error

Intel discovery tool deployment SA-00086

Posted: Tuesday, December 5, 2017 1:46:53 PM(UTC)
Bruce.B

Bruce.B

Member Administration Original PosterPosts: 562
9
Like
-Update 2017/12/07 16:25 CET: the package was updated to allow the script to run successfully in more environments and prevent package timeout issues. Click the Download Package button to download the latest version.
-Update 2018/04/25: Updated the accompanying report with extra where clauses to prevent Xen and VMware servers from being targeted


DISCLAIMER: The Intel discovery tool has been known to hang on Virtual Machines. As a result running the package on a VM may cause it to hang and end up on a 'Package Timeout' error. Make sure to kill the Intel-SA-00086-console.exe task on these virtual machines.

This installer package runs the Intel-SA-00086 vulnerability detection tool. Make sure to follow the full instructions found in this post to fully view the output. This deployment package will allow you to inventory all computers that are vulnerable, but it will not patch them. Patches are vendor specific and can be found at the bottom of this Intel article.
Instructions:
  • Click Download Package on this page to download the .xml version of the deployment package for import
  • Import the attached .XML file into your Lansweeper installation by going to the Deployment menu and clicking Import.
  • Download the Intel tool.
  • Unzip the tool and move the DiscoveryTool subfolder in its entirety to your package share. The default package share is Program Files (x86)\Lansweeper\Packageshare on your Lansweeper server.
  • Download this script (Right-click Save As...).
  • Place the vbs file in the Packageshare\DiscoveryTool folder.
  • Go to Deployment tab in the web console, select the Intel-SA-00086 package
  • Click on 'Deploy Now'
  • You can deploy based on a selection of your choosing, we however recommend using the report listed below that will give back all Windows computers with a supported OS that are not Virtual Machines.




To add the report below to Lansweeper, do the following:
1. Open the report builder in the Lansweeper web console under Reports/Create New Report.
2. Paste the SQL query (report) found in the report center at the bottom of the page, replacing the default SQL query.
3. Left-click somewhere in the upper section of the page so the query applies.
4. Give the report a title.
5. Hit the Save & Run button to save the report.




Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssetCustom.Model,
tblOperatingsystem.Caption
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On
tblAssets.AssetID = tblOperatingsystem.AssetID
Where tsysAssetTypes.AssetTypename = 'Windows' And tblAssetCustom.Model Not Like
'%Virtual%' And tblAssetCustom.Model <> 'HVM domU' And
tblAssetCustom.Model Not Like '%VMware%' And (tblOperatingsystem.Caption Like
'%Windows 10%' Or tblOperatingsystem.Caption Like '%Windows 8%' Or
tblOperatingsystem.Caption Like '%Windows 7%' Or
tblOperatingsystem.Caption Like '%Windows Server 2012%' Or
tblOperatingsystem.Caption Like '%Windows Server 2016%')
Intel SA-00086 vulnerability detectionDownload Package
DescriptionInstructions:

-Download the Intel tool: https://downloadcenter.intel.com/download/27150
-Unzip the tool and move the DiscoveryTool subfolder in its entirety to your package share. The default package share is Program Files (x86)\Lansweeper\Packageshare
-Download this vbs file: https://www.lansweeper.com/files/run.vbs
-Place the vbs file in the Packageshare\DiscoveryTool folder.
-Deploy the package.
Final ActionNothing
Max. Duration5 min(s), 0 hour(s)
RescanYes
Steps
1. Check if VMware
TypeCondition
SuccessStop (Success)
FailureGo To Step 2
Conditions
Registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS SystemProductName Has Value VMware Virtual Platform
2. Check if hyperv
TypeCondition
SuccessStop (Success)
FailureGo To Step 3
Conditions
Registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS SystemProductName Has Value Virtual Machine
3. Check if Intel® Processor
TypeCondition
SuccessGo To Step 4
FailureStop (Success)
Conditions
Registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 VendorIdentifier Has Value GenuineIntel
4. Check if Discoverytool executable is found
TypeCondition
SuccessGo To Step 5
FailureStop (Failure)
Conditions
File {packageshare}\DiscoveryTool Intel-SA-00086-console.exe Exists
5. Check if script is in place
TypeCondition
SuccessGo To Step 6
FailureStop (Failure)
Conditions
File {packageshare}\Discoverytool run.vbs Exists
6. Check if system was previously found to be not vulnerable.
TypeCondition
SuccessStop (Success)
FailureGo To Step 7
Conditions
Registry HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00086 Discovery Tool\System Status System Risk Has Value This system is not vulnerable.
7. Check if system was patched
TypeCondition
SuccessStop (Success)
FailureGo To Step 8
Conditions
Registry HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00086 Discovery Tool\System Status System Risk Has Value This system is not vulnerable. It has already been patched.
8. Check if Discoverytool already exists locally
TypeCondition
SuccessGo To Step 9
FailureGo To Step 10
Conditions
File c:\Temp\DiscoveryTool Intel-SA-00086-console.exe Exists
9. Remove old versions of tool and script
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Step 10
FailureStop (Failure)
Command rd "c:\temp\discoverytool" /s /q
10. Copy Diagnostic Tool and Dependencies
TypeCommand
Return Codes 1,0,1641,3010
SuccessGo To Step 11
FailureStop (Failure)
Command Xcopy "{packageshare}\DiscoveryTool" c:\Temp\Discoverytool /I /A /R /Y
11. Run diagnostic tool
TypeCommand
Return Codes 0,1641,3010
SuccessGo To Step 12
FailureStop (Failure)
Command cscript //b "c:\temp\discoverytool\run.vbs"
12. Check if system was found to be vulnerable
TypeCondition
SuccessStop (Success)
FailureGo To Step 13
Conditions
Registry HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00086 Discovery Tool\System Status System Risk Has Value This system is vulnerable.
13. Remove discovery tool directory
TypeCommand
Return Codes 0,1641,3010
SuccessStop (Success)
FailureStop (Failure)
Command rd "c:\temp\discoverytool" /s /q
Bruce.B
#1Bruce.B Member Administration Original PosterPosts: 562  
posted: 12/5/2017 2:22:55 PM(UTC)
If you have any feedback or questions regarding this topic, please contact us via support@lansweeper.com.

Active Discussions

Lansweeper Acknowlege from Alerts
by  Hilbers   Go to last post Go to first unread
Last post: Today at 7:55:38 AM(UTC)
Lansweeper LsAgent for Windows command line options?
by  Brandon  
Go to last post Go to first unread
Last post: Yesterday at 4:49:17 PM(UTC)
Lansweeper EmailLog.txt file become big in size
by  Ary Ahmed   Go to last post Go to first unread
Last post: 4/18/2021 10:56:58 AM(UTC)
Lansweeper LsAgent.ini
by  Orion Poplawski  
Go to last post Go to first unread
Last post: 4/17/2021 4:49:12 PM(UTC)
Lansweeper LSagent force a scan
by  Orion Poplawski   Go to last post Go to first unread
Last post: 4/17/2021 4:46:49 PM(UTC)
Lansweeper MS Edge Chromium LanSweeper Extension development
by  steveb  
Go to last post Go to first unread
Last post: 4/16/2021 10:59:56 PM(UTC)
Lansweeper Office 365 v2 Scanning Error
by  DJX   Go to last post Go to first unread
Last post: 4/16/2021 7:37:57 PM(UTC)
Lansweeper Database size growing too large
by  JTempleton  
Go to last post Go to first unread
Last post: 4/16/2021 5:19:22 PM(UTC)