This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Intel Management Engine Critical Firmware Update Report

Tony_Cooke
Engaged Sweeper

‎11-21-2017 11:45 PM

Hi.

I was wondering is someone had created a report to check all PCs in an organisation to see if they meet the requirements outlined in the link below.

Intel® Management Engine Critical Firmware Update
Intel® Management Engine Critical Firmware Update (Intel SA-00086)

To check all machines manually may take a while so before I look at creating a report I just thought I'd check here to see if someone already had.

Thanks in advance.

All the best,
Tony
Labels:
14 REPLIES 14
Martind
Engaged Sweeper II

‎01-04-2018 06:31 PM

Buenas tardes, tengo el mismo problema que puso Luis Miguel Guerra, alguien respondio sobre esta dificultad?:

Return -1

Last Step 8


Result: Package timeout reached. Stopping deployment executable: Successful. Timeout: (300sec).

Gracias
0 Kudos
Luis_Miguel_Gue
Engaged Sweeper II
In response to Martind

‎01-08-2018 08:35 PM

Alguna novedad sobre este paso que se cae.
0 Kudos
heybobby1
Engaged Sweeper III

‎12-13-2017 04:13 PM

Hi all,

Intel have updated the detection tool to also check AMT versions 8.x-10.x. They've also packaged the console tool in to a single executable.

Heybobby1
0 Kudos
kltr
Engaged Sweeper

‎12-13-2017 12:41 PM

Hi,
I can't run this tool on x86 OS. Erros Says : "......\Intel-SA-00086-console.exe is not valid Win32 application."
This tool and vulnerability risk affect only 64-bit systems? Does the report need to be reorganized only for 64-bit systems?
0 Kudos
RCorbeil
Honored Sweeper II

‎12-07-2017 04:39 PM

Looks like I spoke too soon. I tried deploying it against a couple more machines and it just times out on them. Checking the properties on the files in the C:\Temp\DiscoveryTools\ folder of the test machines reveals them to be blocked.
0 Kudos
inactivematrix
Engaged Sweeper

‎12-06-2017 06:48 PM

To get it to work on my server I had to modify the "Run diagnostic tool" in step 11. This is what I changed the command to:

wscript.exe //B //nologo "c:\temp\discoverytool\run.vbs"

also I opened the \\LanSweeperServername\DefaultPackageShare$\DiscoveryTool folder on my LanSweeper server and remove the block attribute from all the files (just right-click each file, click properties and in the general tab at the bottom click unblock)
Preview file
42 KB
0 Kudos
RCorbeil
Honored Sweeper II
In response to inactivematrix

‎12-07-2017 12:07 AM

inactivematrix wrote:
also I opened the \\LanSweeperServername\DefaultPackageShare$\DiscoveryTool folder on my LanSweeper server and remove the block attribute from all the files (just right-click each file, click properties and in the general tab at the bottom click unblock)

Thank you! This was the missing step to get mine going. I actually couldn't unblock the files where they resided; Windows went through the motions, but when I rechecked, they remained locked. I ended up copying the files to a folder on a network share, unblocking them all, then copying them back.
deryk
Engaged Sweeper

‎12-06-2017 12:01 PM

Not having any luck creating the report, I'm getting the error:

Invalid SELECT statement. Unexpected token "tblRegistry" at line 10, pos 10.: Unexpected token "tblRegistry" at line 10, column 10

Am I doing something daft?



Edit: Seems the report editor didn't like the spaces at the beginning of each line in the SQL. I deleted all the spaces and it worked.

Unfortunately though 99% of the machines are saying "Package timeout reached" despite not being VMs.
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to deryk

‎12-06-2017 02:05 PM

deryk wrote:
Unfortunately though 99% of the machines are saying "Package timeout reached" despite not being VMs.


The Intel-SA-00086 deployment package can reach its timeout due to the following reasons:
  • An old version of run.vbs is used, which is unsigned, this causes a security pop-up on the local computer. This security pop-up makes it so the package cannot run unattended. 
    • This can be resolved by replacing run.vbs on your package share with the new signed version which can be downloaded using the link below.

      https://www.lansweeper.com/files/run.vbs

  • You're deploying on a virtual machine, we've heard reports that the Intel tool is not optimized for virtual machines and will hang on start-up. Virtual machines should by default not be vulnerable.
    • This can be resolved by deploying based on a report that excludes virtual machines, which can be found in the forum post below. You may need to kill the Intel-SA-00086-console.exe process on your local machine as it may keep running.

      https://www.lansweeper.com/forum/yaf_postst15643_Intel-discovery-tool-deployment-SA-00086.aspx#post52768

  • You're deploying on Windows XP SP1/2 or Windows Server 2003 SP1 computers.
    • In this case a different version of run.vbs needs to be used which can be downloaded using the link below. Rename the script used in Step 8 of the deployment package.

      https://www.lansweeper.com/files/run%20SHA1.vbs
If you've already deployed the unsigned version of run.vbs to many computers, you can use the updated version of the deployment package, which now cleans up old Discoverytool folders in all cases, to ensure the latest run.vbs version is used. Remove the old package under the Deployment tab and add the new one found here: https://www.lansweeper.com/forum/yaf_postsm52768_Intel-discovery-tool-deployment-SA-00086.aspx#post52768

As mentioned in the original forum post, If you have any questions regarding this topic, please contact us via support@lansweeper.com.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now