→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Tony_Cooke
Engaged Sweeper
Hi.

I was wondering is someone had created a report to check all PCs in an organisation to see if they meet the requirements outlined in the link below.

Intel® Management Engine Critical Firmware Update
Intel® Management Engine Critical Firmware Update (Intel SA-00086)

To check all machines manually may take a while so before I look at creating a report I just thought I'd check here to see if someone already had.

Thanks in advance.

All the best,
Tony
14 REPLIES 14
Martind
Engaged Sweeper II
Buenas tardes, tengo el mismo problema que puso Luis Miguel Guerra, alguien respondio sobre esta dificultad?:

Return -1

Last Step 8


Result: Package timeout reached. Stopping deployment executable: Successful. Timeout: (300sec).

Gracias
Alguna novedad sobre este paso que se cae.
heybobby1
Engaged Sweeper III
Hi all,

Intel have updated the detection tool to also check AMT versions 8.x-10.x. They've also packaged the console tool in to a single executable.

Heybobby1
kltr
Engaged Sweeper
Hi,
I can't run this tool on x86 OS. Erros Says : "......\Intel-SA-00086-console.exe is not valid Win32 application."
This tool and vulnerability risk affect only 64-bit systems? Does the report need to be reorganized only for 64-bit systems?
RCorbeil
Honored Sweeper II
Looks like I spoke too soon. I tried deploying it against a couple more machines and it just times out on them. Checking the properties on the files in the C:\Temp\DiscoveryTools\ folder of the test machines reveals them to be blocked.
inactivematrix
Engaged Sweeper
To get it to work on my server I had to modify the "Run diagnostic tool" in step 11. This is what I changed the command to:

wscript.exe //B //nologo "c:\temp\discoverytool\run.vbs"

also I opened the \\LanSweeperServername\DefaultPackageShare$\DiscoveryTool folder on my LanSweeper server and remove the block attribute from all the files (just right-click each file, click properties and in the general tab at the bottom click unblock)
inactivematrix wrote:
also I opened the \\LanSweeperServername\DefaultPackageShare$\DiscoveryTool folder on my LanSweeper server and remove the block attribute from all the files (just right-click each file, click properties and in the general tab at the bottom click unblock)

Thank you! This was the missing step to get mine going. I actually couldn't unblock the files where they resided; Windows went through the motions, but when I rechecked, they remained locked. I ended up copying the files to a folder on a network share, unblocking them all, then copying them back.
deryk
Engaged Sweeper
Not having any luck creating the report, I'm getting the error:

Invalid SELECT statement. Unexpected token "tblRegistry" at line 10, pos 10.: Unexpected token "tblRegistry" at line 10, column 10

Am I doing something daft?



Edit: Seems the report editor didn't like the spaces at the beginning of each line in the SQL. I deleted all the spaces and it worked.

Unfortunately though 99% of the machines are saying "Package timeout reached" despite not being VMs.
Esben_D
Lansweeper Employee
Lansweeper Employee
deryk wrote:
Unfortunately though 99% of the machines are saying "Package timeout reached" despite not being VMs.


The Intel-SA-00086 deployment package can reach its timeout due to the following reasons:
  • An old version of run.vbs is used, which is unsigned, this causes a security pop-up on the local computer. This security pop-up makes it so the package cannot run unattended. 
    • This can be resolved by replacing run.vbs on your package share with the new signed version which can be downloaded using the link below.

      https://www.lansweeper.com/files/run.vbs

  • You're deploying on a virtual machine, we've heard reports that the Intel tool is not optimized for virtual machines and will hang on start-up. Virtual machines should by default not be vulnerable.
    • This can be resolved by deploying based on a report that excludes virtual machines, which can be found in the forum post below. You may need to kill the Intel-SA-00086-console.exe process on your local machine as it may keep running.

      https://www.lansweeper.com/forum/yaf_postst15643_Intel-discovery-tool-deployment-SA-00086.aspx#post52768

  • You're deploying on Windows XP SP1/2 or Windows Server 2003 SP1 computers.
    • In this case a different version of run.vbs needs to be used which can be downloaded using the link below. Rename the script used in Step 8 of the deployment package.

      https://www.lansweeper.com/files/run%20SHA1.vbs
If you've already deployed the unsigned version of run.vbs to many computers, you can use the updated version of the deployment package, which now cleans up old Discoverytool folders in all cases, to ensure the latest run.vbs version is used. Remove the old package under the Deployment tab and add the new one found here: https://www.lansweeper.com/forum/yaf_postsm52768_Intel-discovery-tool-deployment-SA-00086.aspx#post52768

As mentioned in the original forum post, If you have any questions regarding this topic, please contact us via support@lansweeper.com.