Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 8584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Deployment Packager - stripping port numbers

deaton

Greetings,

I'm trying to build a stand-alone installer but the Sophos Deployment Manager does not like that I want to use a non-standard port in my Primary Update Location.

Regardless of if I enter our primary update location this way:

http://ourwebsite.com:8085/CIDs/S000/SAVSCFXP

or this way:

http://ourwebsite.com/CIDs/S000/SAVSCFXP:8085

The result is the same: SEP gets installed and shows it's primary update location as : ourwebsite.com/.../SAVSCFXP

....so can anyone tell me how I get it to stop stripping away the port number? I've tried putting the whole field in quotes, etc etc, but no luck.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I've taken a quick look and the SFX that is generated as this can be unpacked (WinRar will do) to review the script, setup.vbs.  You can see that this calls an application called ConfigureUpdate.exe, for example:

    ConfigUpdate.exe "1.com:8080/.../

    If you run this, then check the configuration of AutoUpdate, I see the port number is dropped so I would think the issues likes with ConfigureUpdate not supporting custom ports.

    TBH, I would consider not using the Deployment Packager.  Instead, take a copy of your CID and create a SFX with something like WinRAR.  You can pass any switches you need to setup.exe in the root of the CID as per: https://www.sophos.com/en-us/support/knowledgebase/12570.aspx.  You can use the command line tools to obfuscate the password.

    That said, the easiest route I find to getting an install command is to protect a computer from SEC which is configured as you would want, i.e. update locations, usernames, passwords, etc.. Then watch the scheduled tasks on the remote computer, you can then copy the details of the scheduled task to form the basis of the command and then add the additional switches, e.g. -mng no.

    Hope it helps.

    Regards,

    Jak

Reply
  • 0

    Hi,

    I've taken a quick look and the SFX that is generated as this can be unpacked (WinRar will do) to review the script, setup.vbs.  You can see that this calls an application called ConfigureUpdate.exe, for example:

    ConfigUpdate.exe "1.com:8080/.../

    If you run this, then check the configuration of AutoUpdate, I see the port number is dropped so I would think the issues likes with ConfigureUpdate not supporting custom ports.

    TBH, I would consider not using the Deployment Packager.  Instead, take a copy of your CID and create a SFX with something like WinRAR.  You can pass any switches you need to setup.exe in the root of the CID as per: https://www.sophos.com/en-us/support/knowledgebase/12570.aspx.  You can use the command line tools to obfuscate the password.

    That said, the easiest route I find to getting an install command is to protect a computer from SEC which is configured as you would want, i.e. update locations, usernames, passwords, etc.. Then watch the scheduled tasks on the remote computer, you can then copy the details of the scheduled task to form the basis of the command and then add the additional switches, e.g. -mng no.

    Hope it helps.

    Regards,

    Jak

Children
  • 0 in reply to jak

    Hello,

    quiiite odd, quiiite odd.

    I see the port number is dropped
    I did not see this at first. It looks like ConfigUpdate.exe passes the path (i.e. the first argument) either unmodified if it starts with \\, otherwise as "sanitized" http: URL (scanning from the left up to the first / or \, if the preceding character is a : the first token is apparently considered a scheme and replaced with http:, and the remaining string is appended unmodified; if it's not a : http: is prepended to the unmodified string).
    The weird observation is that sometimes (couldn't detect a pattern but could reproduce it on two endpoints) iconn.cfg contains an additional PortNumber =  configuration item set to the port in the path argument. In this case there's no port in the URL and AutoUpdate seems to ignore Portnumber (the port can be seen neither in the local GUI nor on the console). In other cases there's no Portnumber =, the URL contains the port (visible in the GUI and SEC) and AutoUpdate indeed tries to connect to this port.

    It's not the packager, the rest is murky [:)]

    Christian

  • 0 in reply to QC

    I know this is an old thread but I wanted to comment that your post allowed me to found a solution as I was also having the same problem with it removing the Port Number in an HTTP URL.    The ConfigUpdate.exe command works properly if there is an extra : at the beginning, so :hxxp://mywebsite:8085/RestofURL (changed so it won't convert to URL)

    Of course, the Deployment Packager doesn't like it, so I had to package it without the : and then add it to the setup.vbs script with 7-Zip File Manager.

     

    Thanks!

Unfiltered HTML