HP Battery Recall

There is a battery recall for HP Notebooks. HP has created a Validation Utility to be run manually to see if your battery is affected.


Can someone provide guidance on how I can deploy this Utility and get results on the Bigfix console to see which machines are affected by the recall?

I haven’t looked into this at all to know any of the details. Is it possible to tell if a battery falls under this recall based upon manufacture date?

Can the tool be run silently on the command line? I would get it working to output results to a file on the command line manually first before trying to implement this with BigFix.

It doesn’t seem like it from the short investigation I just did and trying the /Q switch. Using the switch /? gives the following:

Running this on my non-HP system doesn’t give me a good idea of how this is supposed to work:

It should be possible to redirect the console output to a file or if it can be set to create a file do that, then read the file back with relevance. You can look at the recent powershell content as a guide: Microsoft PowerShell content for Meltdown and Spectre

Prefetch for the battery utility should be:

prefetch HPBRCULauncher.exe sha1:e9c3c4ad480f2c24100ee18dea92c5135b2b19ed size:826248 https://h30686.www3.hp.com/Utility/HPBRCULauncher.exe sha256:aa16e2cf5f25d19baf4ed13c1295f9171fbf90d5205ec4755c695db5c5302b33

Prefetch for the HP CASL Framework prereq should be:

prefetch setup.exe sha1:6e64096bde08c47477b0da6254791a4b894d19e7 size:8235808 https://h30686.www3.hp.com/Utility/setup.exe sha256:4a5f508707e7e3801499aee6860035d289cf8bb00066d3d02037e84c46ba199c

I would recommend relevance to detect if the HP CASL Framework is already installed or not and have a separate task to do so. You would also need relevance to check for .Net 4.5 prereq.

@DC2308 I just made a bunch of updates to my post above.

Too bad the utility cannot be used with the command line.

It also does not seem like the GUI tool outputs any information to the command line, or to a file, or to the registry. Without that, no analysis could be used to collect information from the tool.

Can any customers who have contracts with HP put pressure on HP to make a command line version?

Alternatively, if there a relevance inspector which can get the battery information, and then can that information be provided by HP so we can build relevance to search for it?

1 Like

Looks like the portable_batterys property of dmi may give some useful information. Can you check what kind of results you get from these properties in an analysis?

q: properties whose (it as string contains "battery")
A: portable_batterys of <dmi>: dmi portable_battery
A: portable_battery <integer> of <dmi>: dmi portable_battery
A: length of <dmi portable_battery>: integer
A: location of <dmi portable_battery>: string
A: manufacturer of <dmi portable_battery>: string
A: manufacture_date of <dmi portable_battery>: string
A: serial_number of <dmi portable_battery>: string
A: device_name of <dmi portable_battery>: string
A: device_chemistry of <dmi portable_battery>: integer
A: design_capacity of <dmi portable_battery>: integer
A: design_voltage of <dmi portable_battery>: integer
A: sbds_version_number of <dmi portable_battery>: string
A: maximum_error_in_battery_data of <dmi portable_battery>: integer
A: sbds_serial_number of <dmi portable_battery>: integer
A: sbds_manufacture_date of <dmi portable_battery>: integer
A: sbds_device_chemistry of <dmi portable_battery>: string
A: design_capacity_multiplier of <dmi portable_battery>: integer
A: oem_specific of <dmi portable_battery>: integer
A: disallow start when on battery of <task settings>: boolean
A: stop when going on battery of <task settings>: boolean

Looks like you can get a list (with false-positives, but maybe not false-negatives) from the details at http://hp.com/go/batteryprogram2016

1 Like

On my systems, I’m not getting battery serial numbers, but I’m getting manufacturer (“13-14”, “13-42”, “Panasonic”, “SANYO”) ; I’m getting device_names (“VH08083”, “42T4801”, and others); “sbds_version” (1.1, 03.01); and “sbds_serial_number” (8292 and others).

If you are in contact with HP, can you find out whether there’s a way to use this information to correlate to the affected battery list? I’m sure this information must exist but I haven’t found it. Nothing I’m retrieving looks like it’s in the same realm as the battery bar codes they list.

1 Like

it also gives a date range: March 2013 through October 2016

i’d bet HP could provide the same info that the utility is looking for and do the same with relevance or relevance in combination with something else to refine if relevance can’t get specific enough on it’s own.

You could make an offer to allow a user to run the utility themselves. Not sure if it requires admin rights or not.

Not sure if the WMI Win32_Battery class provides enough information to be helpful for a useful relevance query:

PS X:\> Get-WmiObject -Namespace "root\cimv2" -Class Win32_Battery

__GENUS                     : 2
__CLASS                     : Win32_Battery
__SUPERCLASS                : CIM_Battery
__DYNASTY                   : CIM_ManagedSystemElement
__RELPATH                   : Win32_Battery.DeviceID="09182 2016/08/18Hewlett-PackardPrimary"
__PROPERTY_COUNT            : 33
__DERIVATION                : {CIM_Battery, CIM_LogicalDevice, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER                    : EROWLEY
__NAMESPACE                 : root\cimv2
__PATH                      : \\EROWLEY\root\cimv2:Win32_Battery.DeviceID="09182 2016/08/18Hewlett-PackardPrimary"
Availability                : 2
    BatteryRechargeTime         : 
BatteryStatus               : 2
Caption                     : Internal Battery
Chemistry                   : 2
ConfigManagerErrorCode      : 
ConfigManagerUserConfig     : 
CreationClassName           : Win32_Battery
Description                 : Internal Battery
DesignCapacity              : 
DesignVoltage               : 12879
DeviceID                    : 09182 2016/08/18Hewlett-PackardPrimary
ErrorCleared                : 
ErrorDescription            : 
EstimatedChargeRemaining    : 98
EstimatedRunTime            : 71582788
ExpectedBatteryLife         : 
ExpectedLife                : 
FullChargeCapacity          : 
InstallDate                 : 
LastErrorCode               : 
MaxRechargeTime             : 
Name                        : Primary
PNPDeviceID                 : 
PowerManagementCapabilities : {1}
PowerManagementSupported    : False
SmartBatteryVersion         : 
Status                      : OK
StatusInfo                  : 
SystemCreationClassName     : Win32_ComputerSystem
SystemName                  : EROWLEY
TimeOnBattery               : 
TimeToFullCharge            : 
PSComputerName              : EROWLEY

This is coming from my HP ProBook 640 G2

PS X:\> Get-WmiObject -Namespace "root\cimv2" -Class Win32_ComputerSystem

Domain              : domain.local
Manufacturer        : HP
Model               : HP ProBook 640 G2
Name                : EROWLEY
PrimaryOwnerName    : My Org
TotalPhysicalMemory : 17054617600

PS X:\> Get-WmiObject -Namespace "root\cimv2" -Class Win32_Bios

SMBIOSBIOSVersion : N76 Ver. 01.04
Manufacturer      : HP
Name              : Default System BIOS
SerialNumber      : 5CG6395NC7
Version           : HPQOEM - 0
1 Like

It does look like a manufacture date in there. The WMI info is definitely available with relevance.

I know if I install Dell Command Monitor, then much more info is available for Dell systems and batteries in WMI. Not sure if something similar exists for HP.

And that SerialNumber looks useful, looks like the same value I should be seeing from dmi, but odd that I’m not retrieving any serial numbers.

:edit: Oh I see now you’re retrieving the system serial number from BIOS, not the battery serial number. Slightly less confused now.

1 Like

What do these queries return from the Fixlet Debugger?

q: serial_numbers of portable_batterys of dmis

q: sbds_serial_numbers of portable_batterys of dmis
1 Like
q: serial_numbers of portable_batterys of dmis
T: 0.000 ms

q: sbds_serial_numbers of portable_batterys of dmis
A: 9182
T: 0.018 ms
1 Like

I believe the HP utility uses the CT # to determine whether or not a battery is affected. The relevance queries you gave me do not provide those numbers, so it seems we will not be able to pull this off with inspectors.

What is that?

If it is available, it is probably only through an HP specific extension to WMI like the equivalent of Dell Command Monitor.

It may be possible to figure out likely candidates without this CT# but not possible to be certain.

The CT# seems like its the battery bar code number. When I ran the HP utility locally on my test machine the results state “No recalled battery detected” and the battery “CT# 6EVXH…”.

I then took off the back panel to get access to battery. No where on the battery does it have this CT # or bar code number.

Below an old HP battery recall notice back in 2016 with more examples of the CT # or bar code numbers of the batteries.

1 Like

If the utility can get the CT# somehow, then it should also be possible to get it independantly on the command line somehow… and possibly with relevance, which would most likely come from a custom extension to WMI. I don’t have any HP systems so I can’t really investigate it myself.

According to one of the links above, you can run the tool with the -s flag to generate an XML output, so that might work.

According to one of the links above, you can run the tool with the -s flag to generate an XML output, so that might work.

My coworker looked into this and concluded that the -s flag was available for a previous version of the battery utility in a previous battery recall. It doesn’t seem to work with the current battery program, which he suspected may not be intended for enterprise customers.

Hopefully customers can put pressure on HP to release a new version of the battery recall utility which supports the -s flag.

1 Like

What a massive pain. Even enterprise customers have non-enterprise models they have to support.

If anyone gets this to work or gets a way to do this detection, let me know. I’m happy to get this working with bigfix if possible.

1 Like

Good news!

One of my very astute coworkers coworkers suggested extracting the EXE. When we did that, we discovered a number of files, including 2 executables. It turns out that the “-s” flag is supported by the HPBRCU.Autorun.exe file. While the program appears to output nothing to stdo, there are two files created: One Error Log & One XML file. The XML file is shown above containing the results of the recall check!

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

 Volume in drive C is OSDisk
 Volume Serial Number is 24AA-40C9

 Directory of C:\Users\EROWLEY\Downloads\HPBRCULauncher

01/18/2018  04:01 PM    <DIR>          .
01/18/2018  04:01 PM    <DIR>          ..
06/15/2016  04:14 PM           526,400 HPBRCU.Autorun.exe
06/15/2016  04:14 PM               256 HPBRCU.Autorun.exe.hpsign
06/09/2016  07:41 PM         1,342,856 HPBRCU.exe
06/09/2016  07:42 PM               256 HPBRCU.exe.hpsign
10/05/2013  02:38 AM           455,328 msvcp120.dll
10/05/2013  02:38 AM           970,912 msvcr120.dll
               6 File(s)      3,296,008 bytes
               2 Dir(s)  411,972,292,608 bytes free

C:\Users\EROWLEY\Downloads\HPBRCULauncher>HPBRCU.Autorun.exe -s

 Volume in drive C is OSDisk
 Volume Serial Number is 24AA-40C9

 Directory of C:\Users\EROWLEY\Downloads\HPBRCULauncher

01/18/2018  04:03 PM    <DIR>          .
01/18/2018  04:03 PM    <DIR>          ..
01/18/2018  04:03 PM             1,139 5CG6395NC7_160314.xml
01/18/2018  04:03 PM             1,596 ErrorLogger.log
06/15/2016  04:14 PM           526,400 HPBRCU.Autorun.exe
06/15/2016  04:14 PM               256 HPBRCU.Autorun.exe.hpsign
06/09/2016  07:41 PM         1,342,856 HPBRCU.exe
06/09/2016  07:42 PM               256 HPBRCU.exe.hpsign
10/05/2013  02:38 AM           455,328 msvcp120.dll
10/05/2013  02:38 AM           970,912 msvcr120.dll
               8 File(s)      3,298,743 bytes
               2 Dir(s)  409,496,870,912 bytes free


The XML file appears to be named with the serial number of the laptop, an underscore, & some other value (not sure what it is). You can see inside that I have “No recall needed” between the PrimaryBatteryRecallStatus tags.

    <ProductName>HP ProBook 640 G2</ProductName>
    <DateChecked>1/18/2018 4:03:14 PM</DateChecked>
    <PrimaryBatterySerialNumber>09182 2016/08/18</PrimaryBatterySerialNumber>
    <PrimaryBatteryRecallStatus>No recall needed</PrimaryBatteryRecallStatus>
    <SecondaryBatteryCTNumber>No Battery Detected</SecondaryBatteryCTNumber>
    <SecondaryBatterySerialNumber>Not Detected</SecondaryBatterySerialNumber>
    <SecondaryBatteryRecallStatus>Unknown or Invalid</SecondaryBatteryRecallStatus>

Promising! :smile:


Update: My coworker has been able to create a fixlet which:

  1. Downloads the HP Battery Recall Files to the client.
  2. Runs “HPBRCU.Autorun.exe -s”
  3. Waits 30 seconds.
  4. Continues if there is a XML file in the directory.
  5. Reads the lines of the XML file in search of a recall status.
  6. Writes the recall status info into the registry.

The fixlet is designed to be coupled with an analysis that reads the registry for the HP battery recall status info.

Note: One gotcha was we discovered that all of the extracted contents of HPBRCULauncher.exe needed to be present in the directory “HPBRCU.Autorun.exe -s” runs from. What we decided to do was extract the EXE ourselves, then use BFArchive to compress it into a file that would work with the “extract” actionscript command.

My coworker doesn’t feel like sharing it, but this is the basics of what he did.