timwiser

Still getting this even on the latest patch.

This is an issue facing me at the moment. I want to do a server upgrade (we're two versions behind on Automate) but a stumbling block is the requirement to enter local admin rights to allow the fat client to update the first time it's launched post-upgrade. Traditionally someone would 'nip' around the office of 50 users and put in their credentials, but in these current times that's not really practical. I've tried relaxing permissions on the ProgramData\Labtech folders and registry keys but the 'Downloading dependencies' stage always demands local admin rights. If anyone's got a workaround I'd love to hear it.

We have some machines which, around 2pm each day, start running very slowly. Task Manager shows that a process called LocalNoNetworkFirewall is eating the CPU like there's no tomorrow. Disabling the Automate agent services prevents this from happening. I've checked the various schedules to see what might be kicking off at 2pm but can't find any match. Has anyone else come across this problem before? Google throws back a bunch of things to try but none of them have worked so far - only disabling the Automate agent, which isn't really an option going forward.

Has anyone managed to make a detection template for this AV product? I don't want to reinvent the wheel.....

Anyone else seen this? I'm tempted to start chopping down the classes that we have but don't want to do that if it makes little difference.

Does anyone else have a massive problem with extra data fields in the web interface essentially not working? If I open up the EDFs for a computer, client or location I just get an "Encountered unhandled exception" error and the EDFs don't appear, or appear partially. I suspect there's something broken somewhere in one of our EDFs which is cocking the whole system up but I'm damned if I know what.

Thanks Mike! I actually managed to get something from support (I know!!!) in the end.

Hi all, We've just taken on a client that is using CrowdStrike Falcon as their AV product and do not want to switch to our managed AV. Therefore I've got the lovely job of creating an AV definition in Automate. The EXE is at C:\Program Files\CrowdStrike\CSFalconController.exe The definition files are in the form of .sys files which live inside C:\Windows\System32\Drivers\CrowdStrike There's no update command as far as I can see as this is a Cloud-based AV product, akin to Webroot. The AP process is CSFalconService.exe I've built a definition as follows: Name: CrowdStrike Program Location: %ProgramFiles%\Crowdstrike\CSFalconController.exe Definition location: c:\windows\system32\drivers\crowdstrike\ Date mask: (.*) OS type: 64-bit Windows AP process: csfalconservice* Does this work? Does it hell. I've even tried setting the definition location to a specific file. I just cannot get this damned software to detect. Anyone know/see where I'm going wrong? TIA, Tim.

Yeah, the fact that support will sometimes (depending on who you get) just throw away tickets that involve any sort of customisation (aka "using the product") annoys me intensely. I love the idea LazySQL monitors. I've been doing these for a while myself - I love the name!!

I'm really struggling with getting a detection template for AVG Business Security. This is my template so far: Name: AVG Business Security Program: %ProgramFiles%\AVG\Antivirus\AVGUI.exe Definitions: %ProgramFiles%\AVG\Antivirus\defs\aswdefs.ini Update: %ProgramFiles%\AVG\Antivirus\ashUpd.exe AP process: AVGSvc* Date mask: (.*) OS Type: Windows I've tried the Registry approach, I've tried hardcoded paths, I've tried EVERYTHING. The def is being sent to the local agent as I've checked the Registry. Anyone know what else I can try??

Anyone know if it's possible to hide the Languages and Screen Capture items in the menu?

This event is now full. Looking forward to a great day of sharing and learning!

Hi all, we still have some spaces available for this event. Drop me a line if you're interested in meeting fellow Automate users and abusers

Sorry for this, I'll check the URL shortly.

I literally just spotted the fact that the updates could not be downloaded. Is that what the error relates to?