New builds normally get the client pushed to them once they have been domained and added to the right OU then get antivirus and apps installed through . Lately, new builds seem to be picking up the BESclient service, but the bigfix icon never appears, and patches, apps, and AV fail to install. Nothing (as far as I’m aware) has changed on our side. Running currently on 9.2.3. Has anyone run into this before?
How is your client being added?
We use Group Policy for that
Did you check the clients log yet? Feel free to share them.
Did you check the installation path? (We’ve had that issue, tried to reinstall the client but a part of it got on the C: a part of it on the D:)
1 Like
The install path seems to be okay. C:\program files (x86)\Trend Micro\Core Protection Module.
I should make a correction, patches still deploy, it seems, but software that we push out including AV fails. I check the action history on AV and it gives me no details other than “failed”.
I can grab the client logs, where can I find those particular ones?
If IEM is deploying the AV client, the particular client log of a failed machine would be enough.
C:\Program Files (x86)\BigFix Enterprise\BESClient\__BESData\__Global\LogsOw okay, you’re talking about the TM client?
I was talking about the BESclient from BigFix. Those are 2 different agents.
The logs can be found normally under: C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs
unless you have changed your installation path.
Current Date: February 19, 2016
Client version 9.2.3.68 built for Windows 5.0 i386 running on WinVer 6.1.7601
Current Balance Settings: Use CPU: True Entitlement: 0 WorkIdle: 10 SleepIdle: 480
ICU data directory: 'C:\Program Files (x86)\BigFix Enterprise\BES Client'
ICU init status: SUCCESS
ICU report character set: windows-1252
ICU fxf character set: windows-1252
ICU local character set: windows-1252
ICU transcoding between fxf and local character sets: DISABLED
ICU transcoding between report and local character sets: DISABLED
At 15:20:46 -0600 -
Starting client version 9.2.3.68
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using crypto library libBEScrypto - OpenSSL 1.0.1j-fips 15 Oct 2014
Restricted mode
Beginning Relay Select
At 15:20:47 -0600 -
RegisterOnce: Attempting secure registration with 'https://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.3.68&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://xxxx.xxxx.xxxx.com%3a52311&AdapterInfo=50-65-f3-26-d5-7a_172.27.0.0%2f16_172.27.32.126_0&AdapterIpv6=50-65-f3-26-d5-7a%5efe80%3a%3abd5d%3a7453%3a37a4%3ae37e%2f64_0'
Unrestricted mode
Scheduling client reset; Computer id changed to 4578169
Configuring listener without wake-on-lan
Registered with url 'https://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.3.68&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://xxxx.xxxx.xxxx.com%3a52311&AdapterInfo=50-65-f3-26-d5-7a_172.27.0.0%2f16_172.27.32.126_0&AdapterIpv6=50-65-f3-26-d5-7a%5efe80%3a%3abd5d%3a7453%3a37a4%3ae37e%2f64_0'
Registration Server version 9.2.3.68 , Relay version 9.2.3.68
Relay does not require authentication.
At 15:20:48 -0600 -
Completed automatic client authentication key exchange.
Client has an AuthenticationCertificate
Created mailboxsite and marking to gather
Relay selected: xxxx.xxxx.xxxx.com. at: xx.x.xx.xx:52311 on: IPV4
Client resetting
Unrestricted mode
At 15:20:49 -0600 -
Created mailboxsite and marking to gather
At 15:20:50 -0600 -
PollForCommands: Requesting commands
PollForCommands: commands to process: 1
At 15:20:51 -0600 -
Entering service loop
At 15:20:51 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Downloaded 'http://xxxx.xxxx.xxxx:52311/bfmirror/bfsites/manydirlists_1/__fullsite_110758e6cb24ac07067a72a8d718dbafd5f5261c' as '__TempUpdateFilename'
Gather::SyncSiteByFile adding files - count: 188
At 15:20:52 -0600 -
Successful Synchronization with site 'actionsite' (version 4739) - 'http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite'
Site 'mailboxsite' is not yet available on selected relay. Awaiting notification of availability.
Successful Synchronization with site 'mailboxsite' (version 0) - 'http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/mailboxsite4578169'
At 15:20:53 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Relevant - Ziegler Beta Patch Group (fixlet:549)
Relevant - Universal Properties (fixlet:3)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/virtualendpointmanager (fixlet:2130714778)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/updateswindowsapps (fixlet:2130711527)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/trendreporting (fixlet:2130715481)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/trendmicrodataprotection (fixlet:2130714634)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/trendcpm (fixlet:2130715483)
Relevant - Subscribe to Site http://zxxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/CustomSite_test (fixlet:936)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/softwaredistribution (fixlet:2130715620)
Relevant - Role 816 Subscription (fixlet:845)
Relevant - Role 1478 Subscription (fixlet:1481)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/patchingsupport (fixlet:2130714582)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/patchesforesxi (fixlet:2130714776)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/bessecurity (fixlet:2130706434)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/clientmgrtcm (fixlet:2130714581)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/bigfixlabs (fixlet:2130715719)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/bessupport (fixlet:2130706433)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/besinventory (fixlet:2130709525)
Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/assetdiscovery (fixlet:2130709539)
Relevant - (fixlet:4)
Relevant - (fixlet:5)
Relevant - (fixlet:6)
Relevant - (fixlet:7)
Relevant - (fixlet:8)
Relevant - (fixlet:9)
Relevant - (fixlet:10)
Relevant - (fixlet:11)
Relevant - (fixlet:12)
Relevant - (fixlet:13)
Relevant - (fixlet:14)
Relevant - (fixlet:15)
Relevant - (fixlet:16)
Relevant - (fixlet:17)
Relevant - (fixlet:18)
Relevant - (fixlet:19)
Relevant - (fixlet:20)
Relevant - (fixlet:21)
Relevant - (fixlet:22)
Relevant - (fixlet:23)
Relevant - (fixlet:24)
Relevant - (fixlet:25)
Relevant - (fixlet:26)
Relevant - (fixlet:27)
Relevant - (fixlet:28)
Relevant - (fixlet:29)
Relevant - (fixlet:30)
Relevant - (fixlet:31)
Relevant - (fixlet:32)
Relevant - (fixlet:33)
Relevant - (fixlet:603)
Relevant - (fixlet:754)
Relevant - (fixlet:755)
Relevant - (fixlet:756)
Relevant - (fixlet:757)
Relevant - (fixlet:992)
Relevant - Core Protection Module - Endpoint Deploy (Version 10.6 Service Pack 2) (fixlet:993)
At 15:20:56 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Relevant - (fixlet:1471)
Relevant - Java Runtime Environment - Disable 32-bit Java Update (x64) (fixlet:1472)
Relevant - Assign and Revoke Management Rights For __op_103 (fixlet:830)
Relevant - Assign and Revoke Management Rights For __op_102 (fixlet:824)
Relevant - Assign and Revoke Management Rights For __op_101 (fixlet:925)
Relevant - Assign and Revoke Management Rights For __op_3 (fixlet:1480)
Relevant - Assign and Revoke Management Rights For __op_110 (fixlet:927)
Relevant - Assign and Revoke Management Rights For __op_11 (fixlet:926)
Relevant - Assign and Revoke Management Rights For __op_108 (fixlet:843)
Relevant - Assign and Revoke Management Rights For __op_106 (fixlet:842)
Relevant - Assign and Revoke Management Rights For __op_105 (fixlet:835)
Relevant - Assign and Revoke Management Rights For __op_104 (fixlet:841)
Relevant - ZWAS001 - Virus Deployment Core Protection Module (fixlet:962)
At 15:20:56 -0600 -
ActionLogMessage: (group:992,action:993) Action signature verified for Downloads
DownloadsAvailable: checking for 'http://xxxx.xxxx.xxxx.com:52311/bfmirror/downloads/993/0'
DownloadsAvailable: true (action id 993)
ActionLogMessage: (group:992,action:993) Non-Distributed - DownloadsAvailable
ActionLogMessage: (group:992,action:993) Submitting download request
ActionLogMessage: (group:992,action:993) Download url: 'http://esp-download.trendmicro.com/download/cpm/TMCPMInstaller_x64_10.6.0.3025_en.exe'
At 15:20:56 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Relevant - ZWAS001 - Virus Deployment (fixlet:863)
Relevant - Ziegler - Deploy 7-Zip X64 (fixlet:786)
Relevant - Ziegler - Deploy Outlook Global Relay Plugin 32Bit (64 Bit OS) (fixlet:695)
At 15:20:57 -0600 -
ActionLogMessage: (action:1471) Action signature verified for Execution
ActionLogMessage: (action:1471) starting group action
ActionLogMessage: (action:1471) starting sub action
Start monitoring action - Heartbeat Analysis (fixlet:2)
Relevant - BES Health Checks Analysis (fixlet:38)
Relevant - BES Relay Cache Information (fixlet:39)
Relevant - Bandwidth Throttling Status (fixlet:40)
Relevant - BES Management Rights (fixlet:41)
Relevant - BES Relay Status (fixlet:42)
Relevant - BES Component Versions (fixlet:43)
Relevant - Installed Windows Patches Information (fixlet:45)
Relevant - Local User Management Analysis (fixlet:46)
Relevant - Active Directory Security Groups and Organizational Units (fixlet:47)
Relevant - BES Relay Cache (fixlet:48)
Relevant - Software Distribution Deployment Results (fixlet:49)
Relevant - Software Distribution Self Service Portal (fixlet:50)
Relevant - Download Plug-in Versions (fixlet:51)
Relevant - Patch and Update Rollback Information (fixlet:52)
Relevant - Microsoft Office Configuration Information (fixlet:53)
Relevant - Virtual Machine Guest Information - Virtual Machines with BES Client (fixlet:54)
Relevant - Maintenance Window Analysis (fixlet:57)
Relevant - Ubuntu Available and Installed Packages (fixlet:58)
Relevant - Encryption Analysis for Clients (fixlet:60)
Relevant - MDM/Software Distribution Infrastructure Components Status (fixlet:61)
Relevant - Core Protection Module - ActiveUpdate Server Settings (fixlet:73)
Relevant - Core Protection Module - ActiveUpdate Server Information (fixlet:74)
Relevant - Core Protection Module - Self Protection Information (fixlet:77)
Relevant - Core Protection Module - Endpoint Service Status (fixlet:78)
Relevant - Core Protection Module - Endpoint Protection: On-Demand Scan Settings (fixlet:79)
Relevant - Core Protection Module - Endpoint Protection: Real-Time Scan Settings (fixlet:80)
Relevant - Core Protection Module - Endpoint Protection: Global Client Settings (fixlet:81)
Relevant - Core Protection Module - Virus/Malware Outbreak Information (fixlet:82)
Relevant - Core Protection Module - Virus/Malware Information (fixlet:83)
Relevant - Core Protection Module - Endpoint Information (fixlet:84)
Relevant - Core Protection Module - Spyware/Grayware Information (fixlet:85)
Relevant - Core Protection Module for Mac - Endpoint Information (fixlet:89)
Relevant - Data Protection - Endpoint Information (fixlet:90)
Relevant - Core Protection Module for Mac - Endpoint Protection: Real-Time Scan Settings (fixlet:91)
Relevant - Core Protection Module for Mac - Virus/Malware Outbreak Information (fixlet:92)
Relevant - Core Protection Module for Mac - Endpoint Service Status (fixlet:93)
Relevant - Smart Protection Server - Server Information (fixlet:94)
Relevant - Core Protection Module - VDI Component Information (fixlet:95)
Relevant - Smart Protection Relay - Information (fixlet:96)
Relevant - Core Protection Module for Mac - Virus/Malware Information (fixlet:97)
Relevant - Data Protection - Detected Data Loss Prevention Violation Information (fixlet:98)
Relevant - Core Protection Module - Detected Suspicious Behavior Information (fixlet:99)
Relevant - Data Protection - Detected Device Control Violation Information (fixlet:100)
Relevant - Data Protection - Data Loss Prevention Policy Information (fixlet:104)
Relevant - Application Information (Windows) (fixlet:758)
Relevant - Operating System Information (Windows) (fixlet:759)
Relevant - Windows 7 Eligibility Information (fixlet:760)
Relevant - Network Information (Windows) (fixlet:761)
Relevant - Web Reputation - Site Statistics (fixlet:762)
Relevant - Programs Run at Startup (Windows) (fixlet:763)
Relevant - Random Access Memory (RAM) Properties (Windows) (fixlet:764)
Relevant - Hardware Information (Windows) (fixlet:765)
Relevant - Motherboard Properties (Windows) (fixlet:766)
Relevant - BES Client Helper Service (fixlet:767)
Relevant - Microsoft Visio Version Detection (Windows) (fixlet:768)
Relevant - Microsoft Office Suite Information (Windows) (fixlet:769)
Relevant - USB Devices Detection (Windows) (fixlet:770)
Relevant - Core Protection Module - Behavior Monitor Information (fixlet:771)
Relevant - Adobe Product Detection (Windows) (fixlet:772)
Relevant - Microsoft Project Version Detection (Windows) (fixlet:773)
Relevant - Overview of the Custom Repository Setting (Windows) (fixlet:774)
Relevant - Core Protection Module - Behavior Monitor Exception Information (fixlet:775)
Relevant - Microsoft SQL Server and Client Tools Version Detection (fixlet:776)
Relevant - Physical / Virtual Computer Type Analysis (fixlet:777)
Relevant - Core Protection Module - Spyware/Grayware Restore Information (fixlet:778)
Relevant - Web Reputation - Client Information (fixlet:779)
Relevant - Virtual Machine Guest Information (fixlet:780)
Relevant - Wake-on-LAN Analysis (fixlet:781)
Relevant - Data Protection - Device Control for Storage Devices Information (fixlet:1538)
Relevant - Data Protection - Device Control for Non-Storage Devices Information (fixlet:1541)
Relevant - Core Protection Module - C&C Callback Event Information (fixlet:1686)
At 15:20:58 -0600 -
ActionLogMessage: (group:1471,action:1472) ending sub action
At 15:20:58 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Not Relevant - Java Runtime Environment - Disable 32-bit Java Update (x64) (fixlet:1472)
At 15:20:59 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Relevant - Ziegler - Deploy Snow Agent x64 D160204 (fixlet:1754)
At 15:20:59 -0600 -
ActionLogMessage: (action:1480) Action signature verified for Execution
ActionLogMessage: (action:1480) starting action
At 15:20:59 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_3"="True" on "Mon, 28 Sep 2015 17:14:44 +0000" for client (action:1480)
Command succeeded administrator delete "__op_3" on "Mon, 28 Sep 2015 17:14:44 +0000" (action:1480)
Command succeeded (evaluated true) continue if { value of setting "__Group___AdminBy___op_3" of client = "True" } (action:1480)
At 15:20:59 -0600 -
Adding operator site (__op_3)
At 15:21:00 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded administrator add "__op_3" on "Mon, 28 Sep 2015 17:14:44 +0000" (action:1480)
Not Relevant - Assign and Revoke Management Rights For __op_3 (fixlet:1480)
At 15:21:00 -0600 -
ActionLogMessage: (action:1480) ending action
ActionLogMessage: (action:1481) Action signature verified for Execution
ActionLogMessage: (action:1481) starting action
At 15:21:01 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Client_Role_1478"="1" on "Mon, 28 Sep 2015 17:16:38 +0000" for client (action:1481)
Not Relevant - Role 1478 Subscription (fixlet:1481)
At 15:21:01 -0600 -
ActionLogMessage: (action:1481) ending action
ActionLogMessage: (action:1754) Action signature verified for Downloads
DownloadsAvailable: checking for 'http://zxxxx.xxxx.xxxx.com:52311/bfmirror/downloads/1754/0'
DownloadsAvailable: false (action id 1754)
ActionLogMessage: (group:1807,action:1813) Action signature verified for Downloads
DownloadsAvailable: checking for 'http://xxxx.xxxx.xxxx.com:52311/bfmirror/downloads/1813/0'
DownloadsAvailable: true (action id 1813)
ActionLogMessage: (group:1807,action:1813) Non-Distributed - DownloadsAvailable
ActionLogMessage: (group:1807,action:1813) Busy after ProcessJobRequest - add to pending list for 1 hour
ActionLogMessage: (action:2130706433) Action signature verified for Execution
ActionLogMessage: (action:2130706433) starting action
At 15:21:01 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded (evaluated true) continue if {sha1 of file "BES Support.efxm" of client folder of site "http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite" = "27bfdc5b60d589ae52a6b8d28a9dc5ca2a58f203"} (action:2130706433)
At 15:21:02 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded subscribe "BES Support.efxm" (action:2130706433)
Not Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/bessupport (fixlet:2130706433)
At 15:21:02 -0600 -
ActionLogMessage: (action:2130706433) ending action
At 15:21:03 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Downloaded 'http://xxxx.xxxx.xxxx.com:52311/bfmirror/bfsites/enterprisemirror_2_1246/__fullsite' as '__TempUpdateFilename'
Gather::SyncSiteByFile adding files - count: 128
At 15:21:03 -0600 -
Successful Synchronization with site 'BES Support' (version 1246) - 'http://sync.bigfix.com/cgi-bin/bfgather/bessupport'
At 15:21:03 -0600 - CustomSite_test (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/CustomSite_test)
Downloaded 'http://xxxx.xxxx.xxxx.com:52311/bfmirror/bfsites/manydirlists_27/__fullsite_2707e2be377ebd31de1385ca093716ea06761995' as '__TempUpdateFilename'
Gather::SyncSiteByFile adding files - count: 6
At 15:21:03 -0600 -
Successful Synchronization with site 'CustomSite_test' (version 2350) - 'http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/CustomSite_test'
At 15:21:04 -0600 - opsite3 (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/opsite3)
Downloaded 'http://zxxxx.xxxx.xxxx:52311/bfmirror/bfsites/manydirlists_25/__fullsite_c8589da1ade1fe6e8cdacdc62259231e59a8d3f0' as '__TempUpdateFilename'
Gather::SyncSiteByFile adding files - count: 5
At 15:21:04 -0600 -
Successful Synchronization with site 'opsite3' (version 3784) - 'http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/opsite3'
ActionLogMessage: (action:824) Action signature verified for Execution
ActionLogMessage: (action:824) starting action
DownloadPing command received (ID=1754)
At 15:21:04 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_102"="False" on "Mon, 27 Apr 2015 14:44:28 +0000" for client (action:824)
Command succeeded administrator delete "__op_102" on "Mon, 27 Apr 2015 14:44:28 +0000" (action:824)
Command succeeded (evaluated false) continue if { value of setting "__Group___AdminBy___op_102" of client = "True" } (action:824)
Not Relevant - Assign and Revoke Management Rights For __op_102 (fixlet:824)
At 15:21:04 -0600 -
ActionLogMessage: (action:824) ending action
At 15:21:04 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - PC Narcolepsy: Set System Unattended Sleep Timeout - Windows Vista/7 (fixlet:846)
Relevant - Enable Wake-from-Standby by Magic Packet - Windows XP/Vista/Win7/2008 and Mac OS 10.4/10.5/10.6/10.7 (fixlet:845)
At 15:21:04 -0600 -
ActionLogMessage: (action:830) Action signature verified for Execution
ActionLogMessage: (action:830) starting action
At 15:21:04 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
BackgroundAdviceEvaluation SkipMessageFile optimization of Libraries.fxf
At 15:21:04 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_103"="False" on "Mon, 27 Apr 2015 16:14:09 +0000" for client (action:830)
Command succeeded administrator delete "__op_103" on "Mon, 27 Apr 2015 16:14:09 +0000" (action:830)
Command succeeded (evaluated false) continue if { value of setting "__Group___AdminBy___op_103" of client = "True" } (action:830)
Not Relevant - Assign and Revoke Management Rights For __op_103 (fixlet:830)
At 15:21:04 -0600 -
ActionLogMessage: (action:830) ending action
At 15:21:05 -0600 -
ActionLogMessage: (action:835) Action signature verified for Execution
ActionLogMessage: (action:835) starting action
At 15:21:05 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - Install BES Client Helper Service (fixlet:591)
Relevant - Enable BigFix Client Interacting with Desktop (fixlet:540)
Relevant - TROUBLESHOOTING: Disable Mini Dumps (fixlet:701)
Relevant - Enable Encryption for Clients (fixlet:978)
Relevant - Enable Client support for Central European languages - Windows (fixlet:1105)
At 15:21:05 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_105"="True" on "Mon, 27 Apr 2015 16:40:04 +0000" for client (action:835)
Command succeeded administrator delete "__op_105" on "Mon, 27 Apr 2015 16:40:04 +0000" (action:835)
Command succeeded (evaluated true) continue if { value of setting "__Group___AdminBy___op_105" of client = "True" } (action:835)
At 15:21:05 -0600 -
Adding operator site (__op_105)
At 15:21:05 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded administrator add "__op_105" on "Mon, 27 Apr 2015 16:40:04 +0000" (action:835)
Not Relevant - Assign and Revoke Management Rights For __op_105 (fixlet:835)
At 15:21:05 -0600 -
ActionLogMessage: (action:835) ending action
ActionLogMessage: (action:841) Action signature verified for Execution
ActionLogMessage: (action:841) starting action
At 15:21:06 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_104"="True" on "Mon, 27 Apr 2015 17:04:51 +0000" for client (action:841)
Command succeeded administrator delete "__op_104" on "Mon, 27 Apr 2015 17:04:51 +0000" (action:841)
Command succeeded (evaluated true) continue if { value of setting "__Group___AdminBy___op_104" of client = "True" } (action:841)
At 15:21:06 -0600 -
Adding operator site (__op_104)
At 15:21:06 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded administrator add "__op_104" on "Mon, 27 Apr 2015 17:04:51 +0000" (action:841)
Not Relevant - Assign and Revoke Management Rights For __op_104 (fixlet:841)
At 15:21:06 -0600 -
ActionLogMessage: (action:841) ending action
ActionLogMessage: (action:842) Action signature verified for Execution
ActionLogMessage: (action:842) starting action
At 15:21:06 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - Install Tivoli Endpoint Manager Relay (Version 8.2.1472.0) (fixlet:2188)
At 15:21:06 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_106"="True" on "Mon, 27 Apr 2015 17:05:26 +0000" for client (action:842)
Command succeeded administrator delete "__op_106" on "Mon, 27 Apr 2015 17:05:26 +0000" (action:842)
Command succeeded (evaluated true) continue if { value of setting "__Group___AdminBy___op_106" of client = "True" } (action:842)
At 15:21:06 -0600 -
Adding operator site (__op_106)
At 15:21:06 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded administrator add "__op_106" on "Mon, 27 Apr 2015 17:05:26 +0000" (action:842)
Not Relevant - Assign and Revoke Management Rights For __op_106 (fixlet:842)
At 15:21:06 -0600 -
ActionLogMessage: (action:842) ending action
At 15:21:07 -0600 -
ActionLogMessage: (action:843) Action signature verified for Execution
ActionLogMessage: (action:843) starting action
At 15:21:07 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - Install IBM Endpoint Manager Relay (Version 9.2.1) (Superseded) (fixlet:1871)
Relevant - Install IBM Endpoint Manager Console (Version 9.2.3) (Superseded) (fixlet:1969)
Relevant - Updated Windows Client - IBM Endpoint Manager version 9.2.5 Now Available! (fixlet:1982)
At 15:21:07 -0600 - actionsite (http://zxxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_108"="True" on "Mon, 27 Apr 2015 17:06:47 +0000" for client (action:843)
Command succeeded administrator delete "__op_108" on "Mon, 27 Apr 2015 17:06:47 +0000" (action:843)
Command succeeded (evaluated true) continue if { value of setting "__Group___AdminBy___op_108" of client = "True" } (action:843)
At 15:21:07 -0600 -
Adding operator site (__op_108)
At 15:21:07 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded administrator add "__op_108" on "Mon, 27 Apr 2015 17:06:47 +0000" (action:843)
Not Relevant - Assign and Revoke Management Rights For __op_108 (fixlet:843)
At 15:21:07 -0600 -
ActionLogMessage: (action:843) ending action
At 15:21:07 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - Updated Windows Client - IBM BigFix version 9.2.6 Now Available! (fixlet:2276)
Relevant - BES Component Versions (fixlet:204)
Relevant - BES Relay Status (fixlet:205)
Relevant - BES Management Rights (fixlet:212)
Relevant - Bandwidth Throttling Status (fixlet:218)
Relevant - Wake-on-LAN Analysis (fixlet:840)
At 15:21:07 -0600 -
ActionLogMessage: (action:925) Action signature verified for Execution
ActionLogMessage: (action:925) starting action
At 15:21:08 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_101"="False" on "Tue, 12 May 2015 14:28:14 +0000" for client (action:925)
Command succeeded administrator delete "__op_101" on "Tue, 12 May 2015 14:28:14 +0000" (action:925)
Command succeeded (evaluated false) continue if { value of setting "__Group___AdminBy___op_101" of client = "True" } (action:925)
Not Relevant - Assign and Revoke Management Rights For __op_101 (fixlet:925)
At 15:21:08 -0600 -
ActionLogMessage: (action:925) ending action
At 15:21:08 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - BES Client Setting: Relay Selection Controls (fixlet:154)
Relevant - BES Client Setting: Enable Debug Logging (fixlet:157)
Relevant - BES Client Setting: Communication Method (fixlet:158)
Relevant - BES Client Setting: Download Throttling (fixlet:167)
Relevant - BES Client Setting: CPU Usage (fixlet:168)
Relevant - BES Client Setting: Enable Auto Relay Selection (fixlet:292)
Relevant - BES Client Setting: Lock Computer (fixlet:295)
Relevant - BES Client Setting: Remove Arbitrary Client Setting (fixlet:310)
Relevant - BES Client Setting: Client UI Enable/Disable Main Dialog (fixlet:484)
Relevant - BES Client Setting: Client UI Tray Mode Selection (fixlet:485)
Relevant - BES Client Setting: Client UI Balloon Mode Selection (fixlet:486)
Relevant - BES Client Setting: Encrypted Reports (fixlet:543)
Relevant - BES Client Setting: Designate Wake-on-LAN Forwarders (fixlet:571)
Relevant - BES Client Setting: BESClientUI Enable Mode (fixlet:573)
Relevant - BES Client Setting: Enable/Disable Dynamic Throttling (fixlet:605)
Relevant - BES Client Setting: Client UI Minimum Analysis Interval (fixlet:651)
Relevant - BES Client Setting: Hold Mode For Missing Client UI (fixlet:684)
Relevant - BES Client Setting: Enable Command Polling (fixlet:688)
At 15:21:08 -0600 -
ActionLogMessage: (action:926) Action signature verified for Execution
ActionLogMessage: (action:926) starting action
At 15:21:09 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - Start Service (fixlet:221)
Relevant - Stop Service (fixlet:222)
Relevant - Automatically Restart Stopped BES Clients Using TaskScheduler (fixlet:250)
Relevant - TROUBLESHOOTING: Run BES Client Diagnostics (fixlet:353)
Relevant - Restart Service (fixlet:447)
At 15:21:09 -0600 - actionsite (http://xxxx.xxxx.xxxx.com:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded setting "__Group___AdminBy___op_11"="False" on "Tue, 12 May 2015 14:28:46 +0000" for client (action:926)
Command succeeded administrator delete "__op_11" on "Tue, 12 May 2015 14:28:46 +0000" (action:926)
Command succeeded (evaluated false) continue if { value of setting "__Group___AdminBy___op_11" of client = "True" } (action:926)
Not Relevant - Assign and Revoke Management Rights For __op_11 (fixlet:926)This log shows a client just starting to do its work. The Trend site subscription is valid but has not yet even subscribed to the site. Depending on the size of your deployment and the number of operators and sites, it can take a while to get through the initial setup of the client.
1 Like
The AV deployment started a minute before the logs cut out. I’m grabbing the other half of the logs that should hopefully show when the deployment failed a few minutes later. Posting shortly.
At 15:21:09 -0600 -
ActionLogMessage: (action:926) ending action
At 15:21:10 -0600 - BES Support (http://sync.bigfix.com/cgi-bin/bfgather/bessupport)
Relevant - Hide BES Clients from the Add/Remove Programs List - BES Client >= 8.0 (fixlet:713)
Relevant - TROUBLESHOOTING: Restart the BES Client Service (fixlet:199)
Relevant - TROUBLESHOOTING: Uninstall BES Client (fixlet:219)
Relevant - TROUBLESHOOTING: Enable BES Client Usage Profiler (fixlet:361)
Relevant - Force BES Clients to Run Manual Relay Selection (fixlet:432)
Relevant - Switch BES Client Action Site Masthead - BES >= 9.0 (fixlet:1516)
Relevant - TROUBLESHOOTING: Reset the BES Client - BES >= 9.0 (fixlet:1976)
At 15:21:10 -0600 -
ActionLogMessage: (action:927) Action signature verified for Execution
ActionLogMessage: (action:927) starting action
At 15:21:11 -0600 - actionsite
Command succeeded setting "__Group___AdminBy___op_110"="True" on "Tue, 12 May 2015 14:30:24 +0000" for client (action:927)
Command succeeded administrator delete "__op_110" on "Tue, 12 May 2015 14:30:24 +0000" (action:927)
Command succeeded (evaluated true) continue if { value of setting "__Group___AdminBy___op_110" of client = "True" } (action:927)
At 15:21:11 -0600 -
Adding operator site (__op_110)
At 15:21:11 -0600 - actionsite
Command succeeded administrator add "__op_110" on "Tue, 12 May 2015 14:30:24 +0000" (action:927)
Not Relevant - Assign and Revoke Management Rights For __op_110 (fixlet:927)
At 15:21:11 -0600 -
ActionLogMessage: (action:927) ending action
At 15:21:12 -0600 -
ActionLogMessage: (action:218) Action signature verified for Execution
ActionLogMessage: (action:218) starting group action
ActionLogMessage: (action:218) starting sub action
At 15:21:13 -0600 - actionsite
Command succeeded setting "__RelaySelect_Automatic"="1" on "Mon, 29 Dec 2014 19:04:57 +0000" for client (group:218,action:219)
At 15:21:13 -0600 -
ActionLogMessage: (group:218,action:219) ending sub action
At 15:21:13 -0600 - actionsite
Not Relevant - BES Client Setting: Enable Auto Relay Selection (fixlet:219)
At 15:21:14 -0600 -
Beginning Relay Select
At 15:21:15 -0600 -
RegisterOnce: Attempting secure registration with RequestType=RegisterMe60&ClientVersion=9.2.3.68&Body=4578169&SequenceNumber=1&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=
Unrestricted mode
Configuring listener without wake-on-lan
Registered with url
Registration Server version 9.2.3.68 , Relay version 9.2.1.48
Relay does not require authentication.
Client has an AuthenticationCertificate
At 15:21:16 -0600 -
Fixed - Ziegler - Apply auto relay selection (fixlet:55)
At 15:21:16 -0600 -
ShutdownListener
SetupListener success: IPV4/6
ActionLogMessage: (action:218) ending group action (completed)
ActionLogMessage: (action:1471) ending group action (completed)
At 15:21:17 -0600 -
ActionLogMessage: (action:2130706434) Action signature verified for Execution
ActionLogMessage: (action:2130706434) starting action
At 15:21:17 -0600 -
Command succeeded (evaluated true) continue if {sha1 of file "Enterprise Security.efxm" of client folder of site "" = } (action:2130706434)
Command succeeded subscribe "Enterprise Security.efxm" (action:2130706434)
Not Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/bessecurity (fixlet:2130706434)
At 15:21:17 -0600 -
ActionLogMessage: (action:2130706434) ending action
At 15:21:17 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Site level relevance is now: True for relevance '(if( name of operating system starts with "Win" ) then platform id of operating system != 3 else false) AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true )'
Downloaded '' as '__TempUpdateFilename'
At 15:21:20 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Gather::SyncSiteByFile adding files - count: 136
At 15:21:21 -0600 -
Successful Synchronization with site 'Enterprise Security' (version 2442) - 'http://sync.bigfix.com/cgi-bin/bfgather/bessecurity'
At 15:21:22 -0600 - opsite104
Downloaded
Gather::SyncSiteByFile adding files - count: 4
At 15:21:22 -0600 -
Successful Synchronization with site 'opsite104' (version 1979) -
At 15:21:23 -0600 - opsite105
Downloaded '
Gather::SyncSiteByFile adding files - count: 4
At 15:21:23 -0600 -
Successful Synchronization with site 'opsite105' (version 1980) -
At 15:21:23 -0600 -
At 15:21:23 -0600 -
Successful Synchronization with site 'opsite106' (version 1981) -
At 15:21:23 -0600 - opsite108
Downloaded
Gather::SyncSiteByFile adding files - count: 4
At 15:21:23 -0600 -
Successful Synchronization with site 'opsite108' (version 1986) - '
At 15:21:23 -0600 - opsite110
Downloaded
Gather::SyncSiteByFile adding files - count: 5
At 15:21:24 -0600 -
ActionLogMessage: (action:2130709525) Action signature verified for Execution
ActionLogMessage: (action:2130709525) starting action
At 15:21:25 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - 2734642: RDS-based applications crash in Windows 7 SP1 or Windows Server 2008 R2 SP1 - Windows 7 SP1 / Windows Server 2008 R2 SP1 (x64) (fixlet:273464203)
At 15:21:25 -0600 - actionsite
Command succeeded (evaluated true) continue if {sha1 of file "BES Inventory and License.efxm" of client folder of site = "79856a33a166450b4425312d4638ab1bab135a48"} (action:2130709525)
Command succeeded subscribe "BES Inventory and License.efxm" (action:2130709525)
Not Relevant - Subscribe to Site http://sync.bigfix.com/cgi-bin/bfgather/besinventory (fixlet:2130709525)
At 15:21:25 -0600 -
ActionLogMessage: (action:2130709525) ending action
At 15:21:25 -0600 - BES Inventory and License (http://sync.bigfix.com/cgi-bin/bfgather/besinventory)
Downloaded __fullsite' as '__TempUpdateFilename'
Gather::SyncSiteByFile adding files - count: 92
At 15:21:26 -0600 -
Successful Synchronization with site 'BES Inventory and License' (version 171) - 'http://sync.bigfix.com/cgi-bin/bfgather/besinventory'
ActionLogMessage: (action:2130709539) Action signature verified for Execution
ActionLogMessage: (action:2130709539) starting action
At 15:21:27 -0600 - BES Inventory and License (http://sync.bigfix.com/cgi-bin/bfgather/besinventory)
Relevant - Operating System Information (Windows) (fixlet:16)
Relevant - Programs Run at Startup (Windows) (fixlet:17)
Relevant - Random Access Memory (RAM) Properties (Windows) (fixlet:18)
Relevant - Motherboard Properties (Windows) (fixlet:19)
Relevant - Microsoft Office Suite Information (Windows) (fixlet:21)
Relevant - USB Devices Detection (Windows) (fixlet:22)
Relevant - Network Information (Windows) (fixlet:33)
Relevant - Application Information (Windows) (fixlet:34)
Relevant - Hardware Information (Windows) (fixlet:35)
Relevant - Adobe Product Detection (Windows) (fixlet:41)
At 15:21:29 -0600 - BES Asset Discovery (http://sync.bigfix.com/cgi-bin/bfgather/assetdiscovery)
Relevant - Designate Nmap Scan Point (fixlet:225)
At 15:21:29 -0600 - actionsite
Command succeeded action parameter query "install_path" with description "Specify an installation path%0A%0AFor default installation path, leave blank" (group:992,action:993)
Command succeeded (evaluated true) continue if {(if (it = "") then (true) else ((not exists matches (regular expression "[%25%22?*|/<>:]") of it) of ((parenthesized part 3 of matches (regular expression "^(\w+)\:(\\)?(.*)$") of it) as string) of (if (it starts with "%22" AND it ends with "%22") then ((preceding text of position (length of it - 1) of it) of (following text of position 1 of it) of it) else (it)))) of ((parameter "install_path" of action) as string)} (group:992,action:993)
Command succeeded (evaluated true) continue if {(if (it = "") then (exists it whose (type of it = "DRIVE_FIXED" AND free space of it >= 700*1024*1024) of (drive of parent folder of client)) else (if (exists parenthesized part 2 of matches (regular expression "^(\%22)?(\w)\:") of it) then ((exists drive it whose (type of it = "DRIVE_FIXED" AND free space of it >= 700*1024*1024)) of ((parenthesized part 2 of matches (regular expression "^(\%22)?(\w)\:") of it as string) & ":")) else (false))) of ((parameter "install_path" of action) as string)} (group:992,action:993)
Command succeeded delete No 'C:\Windows\CPMInstallResult.log' exists to delete, no failure reported (group:992,action:993)
Command succeeded (evaluated true) continue if { not exist file ((value of variable "SYSTEMDRIVE" of environment) & "\" & "temp")} (group:992,action:993)
Command started - waithidden "C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\actionsite\__Download\TMCPMInstaller.exe" -f "multi-language" -i "C:\Program Files (x86)\Trend Micro" (group:992,action:993)
At 15:21:30 -0600 - BES Inventory and License (http://sync.bigfix.com/cgi-bin/bfgather/besinventory)
Relevant - Physical / Virtual Computer Type Analysis (fixlet:55)
At 15:21:39 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution - Windows 7 SP1 - KB3075226 (x64) (fixlet:1508225)
At 15:22:05 -0600 -
Report posted successfully
At 15:22:13 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - 2893634: Performance of an application that calls the GetFileAttributesEx function degrades significantly in Windows 7 SP1 or Windows Server 2008 R2 SP1 - Windows 7 SP1 / Windows Server 2008 R2 SP1 (x64) (fixlet:289363401)
Relevant - 2687503: Description of the Office 2010 update - Office 2010 SP1 (fixlet:268750301)
Relevant - 2687449: Description of Office 2010 Language Pack SP2 (fixlet:268744901)
Relevant - 2687455: Office 2010 Service Pack 2 Available (fixlet:268745501)
Relevant - 2687463: Description of SharePoint Designer 2010 SP2 - KB2687463 - SharePoint Designer 2010 (fixlet:268746303)
Relevant - 2825640: Description of the Office 2010 update (fixlet:282564003)
Relevant - 2553145: Description of the PowerPoint 2010 update - PowerPoint 2010 Gold/SP1 (fixlet:255314503)
Relevant - 2589298: Description of the Office 2010 update - Office 2010 (fixlet:258929803)
Relevant - 2589375: Description of the Office 2010 update - Office 2010 (fixlet:258937503)
Relevant - 2794737: Description of the Office 2010 update - Office 2010 (fixlet:279473703)
Relevant - 2589352: Description of the Office 2010 update 2589352 - Office 2010 SP2 (fixlet:258935203)
Relevant - 2849973: Description of the Outlook 2010 hotfix package (Outlook-x-none.msp) - Outlook 2010 SP1/SP2 (fixlet:284997301)
At 15:22:15 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - MS12-030: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Office Graph 2010 - Office 2010 Gold/SP1 (fixlet:1203021)
Relevant - MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution - Office 2010 Gold/SP1 (fixlet:1204605)
Relevant - MS12-057: Vulnerability in Microsoft Office Could Allow Remote Code Execution - Microsoft Office 2010 SP1 (KB2687510) (V2.0) (fixlet:1205716)
At 15:22:16 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - 2637518: An update is available - .NET Framework 3.5.1 - Windows 2008 R2 SP1 / Windows 7 SP1 (x64) (fixlet:263751809)
Relevant - 2618669: An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2 - Windows 7 SP1 / Windows Server 2008 R2 Gold/SP1 (x64) (fixlet:261866901)
Relevant - 2760730: Description of an update rollup that resolves interoperation issues in Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1 - Windows 7 SP1 (x64) (fixlet:276073001)
Relevant - 2713128: A network printer is displayed incorrectly as offline on a computer that is running Windows 7 or Windows Server 2008 R2 - Windows 7 Gold/SP1 / Windows 2008 R2 Gold/SP1 (x64) (fixlet:271312803)
Relevant - 2647753: Update rollup: Fix printing problems in Windows 7 and Windows Server 2008 R2 - Windows 7 Gold / Windows 7 SP1 (x64) (fixlet:264775307)
Relevant - 983246: "Type Mismatch" error message when you run a VBA macro in a 64-bit version of an Office 2010 application - Windows 7 SP1 / Windows Server 2008 R2 SP1 (x64) (fixlet:98324603)
Relevant - 2520487: AD DS database size increases significantly when the Credential Roaming feature is enabled in Windows Vista, in Windows 7, in Windows Server 2008 or in Windows Server 2008 R2 - Windows 7 SP1 / Windows Server 2008 R2 SP1 (x64) (fixlet:252048703)
Relevant - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2005 SP1 Redistributable Package (x64) (v2, re-released 6-14-2011) (fixlet:1102531)
Relevant - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (x64) (v2, re-released 6-14-2011) (fixlet:1102533)
At 15:22:17 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2005 SP1 Redistributable Package (v2, re-released 6-14-2011) (fixlet:1102527)
Relevant - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (v2, re-released 6-14-2011) (fixlet:1102529)
At 15:22:18 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege - Sharepoint Workspace 2010 Gold/SP1 (fixlet:1107403)
Relevant - MS11-089: Vulnerability in Microsoft Office Could Allow Remote Code Execution - Office 2010 Gold/SP1 (fixlet:1108906)
Relevant - MS11-094: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution - Microsoft PowerPoint 2010 - Office 2010 Gold/SP1 (fixlet:1109406)
Relevant - 2597011: Description of the Outlook 2010 hotfix package - KB2597011 - Office 2010 Gold/SP1 (fixlet:259701101)
At 15:22:19 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Relevant - 2444328: You cannot access shared files or shared printers in Windows 7 or in Windows Server 2008 R2 - Windows 7 SP1 / Windows Server 2008 R2 SP1 (x64) (fixlet:244432801)
At 15:22:20 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
BackgroundAdviceEvaluation::FinishDataLoop side line file 2007 Non Security Updates (x64).fxf
At 15:22:21 -0600 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
BackgroundAdviceEvaluation::FinishDataLoop side line file 2004 Non Security Updates (Apps).fxf
At 15:22:21 -0600 - actionsite
Fixed - ZWAS001 - Virus Deployment Core Protection Module (fixlet:962)
Fixed - ZWAS001 - Virus Deployment (fixlet:863)
At 15:23:08 -0600 -
Report posted successfully
At 15:24:14 -0600 - actionsite
Fixed - Ziegler - Deploy Outlook Global Relay Plugin 32Bit (64 Bit OS) (fixlet:695)
At 15:24:26 -0600 - actionsite
Command failed (Action ended while waiting for another process to complete) waithidden "{download path "TMCPMInstaller.exe"}" -f "multi-language" -i "{name of drive of system folder & "\" & following text of last "\" of value of variable "ProgramFiles" of environment & "\Trend Micro"}" (group:992,action:993)
At 15:24:27 -0600 -
Client shutdown (Service manager shutdown request)
Current Date: February 19, 2016
Client version 9.2.3.68 built for Windows 5.0 i386 running on WinVer 6.1.7601
Current Balance Settings: Use CPU: True Entitlement: 0 WorkIdle: 10 SleepIdle: 480
ICU data directory: 'C:\Program Files (x86)\BigFix Enterprise\BES Client'
ICU init status: SUCCESS
ICU report character set: windows-1252
ICU fxf character set: windows-1252
ICU local character set: windows-1252
ICU transcoding between fxf and local character sets: DISABLED
ICU transcoding between report and local character sets: DISABLED
At 15:28:35 -0600 -
Starting client version 9.2.3.68
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using crypto library libBEScrypto - OpenSSL 1.0.1j-fips 15 Oct 2014
At 15:28:37 -0600 -
Restricted mode
Initializing Site: BES Asset Discovery
Initializing Site: BES Inventory and License
Initializing Site: BES Support
Initializing Site: CustomSite_test
Initializing Site: Enterprise Security
At 15:28:38 -0600 -
Initializing Site: mailboxsite
Initializing Site: opsite104
Initializing Site: opsite105
Initializing Site: opsite106
Initializing Site: opsite108
Initializing Site: opsite110
Initializing Site: opsite3
Beginning Relay Select
At 15:28:39 -0600 -
RegisterOnce: Attempting secure registration with RequestType=RegisterMe60&ClientVersion=9.2.3.68&Body=4578169&SequenceNumber=2&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=
Unrestricted mode
Configuring listener without wake-on-lan
Registered with url
Registration Server version 9.2.3.68 , Relay version 9.2.1.48
Relay does not require authentication.
Client has an AuthenticationCertificate
Relay selected:
At 15:28:40 -0600 -
PollForCommands: Requesting commands
At 15:28:41 -0600 -
PollForCommands: commands to process: 0
At 15:28:42 -0600 -
ActionLogMessage: (group:992,action:993) ending sub action (client restarted)
At 15:28:44 -0600 -
Entering service loop
Successful Synchronization with site 'actionsite' (version 4739) -
At 15:28:45 -0600 -
Site 'mailboxsite' is not yet available on selected relay. Awaiting notification of availability.
Successful Synchronization with site 'mailboxsite' (version 0) - '
User interface process started for user
Encryption: optional encryption with no certificate; reports in cleartext
At 15:28:48 -0600 -
Report posted successfully
At 15:28:50 -0600 -
ActionLogMessage: (action:992) ending group action (completed)
SetupListener success: IPV4/6
ActionLogMessage: (action:1754) Action signature verified for Downloads
DownloadsAvailable: checking for
DownloadsAvailable: true (action id 1754)
ActionLogMessage: (action:1754) Non-Distributed - DownloadsAvailable
ActionLogMessage: (action:1754) Submitting download request
ActionLogMessage: (action:1754) Download url: 'SWDProtocol://127.0.0.1:52311/Uploads/41D2A0B78EDC241B2D8E2B833A8B473F04B2B136/ZIEGLERANDCOMPANY_win_3703_comp_uninstall_x64.msi.bfswd'
ActionLogMessage: (action:1754) Non-Distributed - DownloadsAvailable
ActionLogMessage: (action:1754) Action signature verified for Execution
ActionLogMessage: (action:1754) starting action
At 15:28:51 -0600 - actionsite
Command succeeded parameter "baseFolder" = "__Download/" (action:1754)
Command succeeded move "__Download/41D2A0B78EDC241B2D8E2B833A8B473F04B2B136" "__Download/ZIEGLERANDCOMPANY_win_3703_comp_uninstall_x64.msi" (action:1754)
Command succeeded parameter "mainSWDLogFolder" = "C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData/__Global/SWDDeployData" (action:1754)
Command succeeded folder create "C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData/__Global/SWDDeployData" (action:1754)
Command succeeded parameter "logFile" = "SWD_DeploymentResults.log" (action:1754)
Command succeeded delete No 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\actionsite\__createfile' exists to delete, no failure reported (action:1754)
Command succeeded parameter "logFolder" = "C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData/__Global/SWDDeployData" (action:1754)
Command succeeded delete No 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\actionsite\run.bat' exists to delete, no failure reported (action:1754)
Command succeeded createfile until _end_ (action:1754)
Command succeeded move __createfile run.bat (action:1754)
Command succeeded override wait (action:1754)
Command succeeded override hidden=true (action:1754)
Command succeeded override completion=job (action:1754)
Command started - wait run.bat (action:1754)
At 15:29:50 -0600 -
Report posted successfully
Command succeeded (Exit Code=0) wait run.bat (action:1754)
Command succeeded parameter "returnCode" = "0" (action:1754)
Command succeeded (0) exit {parameter "returnCode"} (action:1754)
Fixed - Ziegler - Deploy Snow Agent x64 D160204 (fixlet:1744)
At 15:30:27 -0600 -
ActionLogMessage: (action:1754) ending action
At 15:30:27 -0600 -
ActionLogMessage: (group:1807,action:1813) Action signature verified for Downloads
DownloadsAvailable: checking for
DownloadsAvailable: true (action id 1813)
ActionLogMessage: (group:1807,action:1813) Non-Distributed - DownloadsAvailable
ActionLogMessage: (group:1807,action:1813) Submitting download request
ActionLogMessage: (group:1807,action:1813) Download url:
At 15:30:29 -0600 -
ActionLogMessage: (action:2130711527) ending actionLooks like you’re computer is rebooting before the process can complete.
That’s the normal message if the action is running while the computer or agent restarts so it could be the “right” thing for this action
1 Like
I prefer having the BigFix agent install after imaging automatically instead of relying on GPO only. This also allows for using the clientsettings.cfg file to set initial settings and speed up the initial provisioning of the client.
How long have you waited?
The BigFix client does appear to be working in general.
Closing the loop on this. Ended up updating the installation files. It appears that the baseline for the virus deployment was updated to look for the newest version without actually having access to the new files. Got a tool to completely uninstall the corrupted install and reinstalled it once the relays and actions were updated.