Migrate a Shavlik console from one machine to another

Got a Shavlik console running on Windows XP, Server 2003, or any other 32 bit OS?  Want to move to a newer OS to take advantage of the better performance and to move off of platforms that are going to be out of support in the near future?  We got you covered.

We are working on releasing a new Protect console migration tool that will allow you to move a console from one server to another quickly and with minimal manual effort.  The tool we be available soon and we are looking for beta and field testers.  As a field tester you will get hands on assistance from the Shavlik team for your migration.  Beta testers will get one of our escalation techs via webex supporting them.  If you are interested in signing up contact us at Protect-Help@shavlik.com and ask to be added to the list.

We have also announced the deprecated features in our next release.  The most important items to note are the operating systems that will no longer be supported as a Protect console.  These will all still be agent and agentless targets for the Protect capabilities, but you will not be able to install new or upgrade systems on these platforms.  For more details see this KB article.


Chris Goettl

September Patch Tuesday Advanced Notification

Hold on tight; the day we anxiously await every month will soon be upon us, and September’s patch Tuesday looks like it will be a doozy.Microsoft has pre-announced the release of 14 bulletins with four of those being rated as critical. See Microsoft’s announcement here.

Security Bulletin Breakdown:

  • Four bulletins are rated as Critical.
  • Ten bulletins are rated as Important.

Vulnerability Impact:

  • Eight bulletins address vulnerabilities that could lead to Remote Code Execution.
  • Three bulletins address vulnerabilities that could lead to Elevation of Privilege.
  • Two bulletins address vulnerabilities that could lead to Denial of Service.

Affected Products:

  • All Internet Explorer versions
  • All supported Windows operating systems
  • Office 2003 SP3, 2007 SP3, 2010, 2013, Office for Mac, Office Compatibility Pack SP3
  • SharePoint Server 2003 SP3, 2007 SP3 (32- and 64-bit), 20120 SP1 & SP2, 2013
  • Office Web apps 2010 SP1 and SP2
  • Microsoft FrontPage 2003 SP3

I will review the Microsoft releases for the September Patch Tuesday in our next monthly patch Tuesday webcast which is scheduled for Wednesday, September 11 at 11 a.m. CDT. I will also discuss other non-Microsoft releases that have occurred since the August Patch Tuesday. You can register for the Patch Tuesday webcast here.

Chris Goettl

Avoid the latest Java Zero Day by upgrading to Java 7 today

If you have not ready up on the ZDNet and other posts regarding this exploit here is a link to an article talking in more depth.  If you are still on Java 6 you are vulnerable to this Java vulnerability.  Java 7 update 21 and earlier are also exposed.  There is an exploit kit available to hackers for $450 dollars.  They can purchase a way to exploit this vulnerability off the shelf.  This means it is past time to upgrade your Java runtime.

So, Shavlik Protect users, here are some easy steps to create a scan template to allow you to deployupgrade Java 7 update 25 to your machines to ensure they are up to date.

For users on Protect 9.0 the steps are as follows:

  1. Create a new Patch Group by clicking on the +New > Patch Group…
  2. Name the Patch Group “Java 7 Software Distribution”
  3. Click add and sort by QNumber column.  Select QJAVA7U25N and QJAVA7U25X64N and save the patch group.
  4. Click +New > Patch Scan Template… and name it Java 7 Software Distribution
  5. On the Filtering tab uncheck the Patch Type > Security Patches and Patch filter settings set to “Scan Selected” and click the “…” button and select the “Java 7 Software Distribution” patch group.
  6. Click on the “Software Distribution” tab and check the box to enable Software Distribution.  Save the scan template.
  7. Scan and Deploy the Java 7 update 25.

The best way to protect against this zero day is to eliminate the presence of Java 6 and this should be an easy way to do so.

Chris Goettl


Virtual Patches and the Data Center Environment

In advance of VMworld we caught up with Chris Goettl, Program Product Manager for Shavlik , to learn more about the patching in the data center environment.

Q:  What are some of the key things to consider when deploying patches in a datacenter environment?

Chris:   From the conversations I have with customers I think getting up and running quickly is important.  You would be surprised how long some products take to implement.  Many of our competitors deploy agent-based systems that take longer to implement.  We have talked to some of their customers that struggled with implementation. In fact, one was in year two of trying to roll out a well-known product.

Q:  What is different about Shavlik from a timing perspective?

Chris:  There are a few things that give us an advantage in this area; in fact, we can show value on the same day.   So for example, if you install our product, we can be up and running, assessing your environment, and can stage patches within the first hour.   There is no product in the market that can be installed and be up and running delivering patches to endpoints that fast. 

Q: How do your products complement VMware?

Chris:  Of course we can patch VMware offline and online machines as well as hypervisors, but there is another area where we work well together.  Our products help VMware introductory level customers maintain their patch capability. This all stems from our previous relationship with VMware (we were owned by VMware before joining the LANDesk family).

Q: How does Shavlik provide benefit to these customers?

Chris: Let’s say you have a virtual infrastructure with 50 VMs on standard servers.  If the customer is running vSphere or less, then you have a big challenge to maintain that infrastructure.  On the other hand, enterprise VMware customers that have vSphere have an extremely robust product that images the hypervisor.  Every time you reboot the hypervisor it actually reboots under the base image, so all the customer has to do is apply a patch to the base image and then every time they reboot the hypervisors they are up to date.

Q: So Shavlik helps bridge the gap between VMware standard and the enterprise? 

Chris: Right, so we have a hypervisor feature within our product.  When IT installs Shavlik Protect the feature is already in place.  With Protect, you install it and type in the IP address or the server name for the hypervisor and a credential.  Protect connects, you click on a scan button, click on which patches you want, click deploy, and that is about it.  It really is a matter of months to minutes.

Shavlik Announces Mobile Device Management Support

I was reading an article this weekend about the latest Facebook exploit.  This exploit is actually easier to exploit on mobile devices than on PC or Mac.  The mobile device comes with the end user in the business world today.  Users are using their personal phones for business use on a daily basis. Last week, while I was at VMworld, I did talk a bit with Admins who acknowledge the problem but have no solutions to start solving the problem. Shavlik announced the release of Mobile Device Management for the Android and iOS to provide some of the core capabilities IT admins need to address these issues.

Core Features of Shavlik

  • Lock out apps
  • Control rights and permissions to corporate systems (e.g. Exchange, Intranet, CRM)
  • Remote kill / wipe for lost or stolen devices
  • Location services
  • Application / OS installation and updates
  • Troubleshooting and health monitoring

We all know we have to keep devices coming in to the enterprise safe and we all have more than enough work to do. Adding basic core features goes a long way in keeping your data safe and enabling IT admins to focus on other elements of their jobs.

Chris Goettl