Shavlik Protect 9.2 Update 2

The Shavlik Team is happy to announce the release of Shavlik Protect 9.2 Update 2. This update provides support for installing the Shavlik Protect Console on Windows 10. It also provides 13 bug fixes for known issues that customers have encountered since Update 1. The install is available now on our downloads page. It will install right over the top of Protect 9.2 Gold or Update 1. You can also upgrade directly to 9.2 Update 2 from Protect 9.0 or 9.1.

For customers still running on Shavlik Protect 9.0 or 9.1, this is a good time to look at upgrading. We will be ending support for all versions pre-9.2 by the end of 2016, due to the end of support for SHA1 certificates. Shavlik Protect 9.2 supports SHA 256 and will automatically convert the current SHA 1 console and agent certificates after you upgrade, making for a very seamless transition to a more secure mode of communication. Please review our product life-cycle policy for more details regarding the end of life date for specific versions.


Shavlik’s 12 Beers of Christmas 2015 Edition


Happy holiday’s everyone! Last year, we did our first 12 Beers of Christmas blog post where the team gave some recommendations of their favorite beers. This is a tradition that actually started from an eight-year practice of doing a beer exchange in our office instead of cookies or Secret Santa. So for all you beer fans out there, here is the 2015 edition of the Shavlik 12 Beers of Christmas. Enjoy!

Randy, Manager, Software Engineering
Mark, Software Engineer
Beer recommendation: Surly Todd – The Axe Man
Style: IPA
ABV: 7.2%
IBU: 100
Description: Todd – The Axe Man is a recipe created by Amager Bryghus in Denmark. The recipe was created for Todd Haug of Surly Brewing. A potent IPA loaded with fresh American aroma hops on a base of rich Golden Promise malt, Surly’s signature malt. Randy says that if you like IPAs, this one is a no brainer. Mark finds it a perfect substitute for Pliny the Elder, which is hard to come by in Minnesota.

So Todd – The Axe Man quickly became an office wide favorite, but since this is supposed to be the “12 beers of Christmas” and not the “1 beer that 12 people liked this Christmas”, I have asked the rest of the team to go down to their next picks.

Matt, Software Engineer
Beer recommendation: Toppling Goliath Pseudo Sue
Style: American Pale Ale
ABV: 7%
IBU: 50
Description: Due to the lack of availability of Pliny, and the rise in popularity of Todd – The Axe Man and by such its growing lack of availability, Matt finds Pseudo Sue the next best thing. This single hop ale showcases the Citra hop. Named for the largest T-rex fossil ever discovered, she roars with ferocious aromas of grapefruit, citrus, mango and evergreen. Delicate in body with a mild bite in the finish.

Brent, Software Engineer
Beer recommendation: Greenbush Unicorn Killer (He would have picked Todd, but Randy and Mark had already beat him to it.)
Style: Spice Beer\Pumpkin Ale
ABV: 7.4%
Description: While Brent is not normally a fan of spice beer, hey says this one is perfectly balanced. Notes of caramel, bread, cinnamon, and clove make this heavier version of the seasonal pumpkin ale a good one.

Travis, Product Support Engineer
Beer recommendation: McMenamins Hammerhead Ale
Style: American Pale Ale
ABV: 6%
Description: Travis is part of our support org out of Salt Lake City. This rich chestnut colored gem is a model of harmony between hops and malted barley. Hammerhead’s signature Cascade hop nose and intense hopped flavor blend nicely with the caramel tones from the crystal malt.

Geoffrey, Technical Support Engineer
Beer recommendation: Wasatch Brewing Ghostrider
Style: White IPA
ABV: 6%
Description: Also with our Salt Lake City team, Geoffrey recommends this as a “gateway” to the wide world of IPAs.  It is smooth and flavorful and light and perfect for any meal pairing. Plus, it goes to show that Utahn’s can make good beer. In the three years I have been with LANDESK, I have seen quite a change in SLC. The beer scene has improved greatly and Wasatch is one of the big contributors to that improvement.

Brian, QA Engineer
Beer recommendation: Dogfish Head 120 Minute IPA (not to be confused with 120 Minute Pineapple)
Style: Imperial IPA
ABV: 18%
IBU: 120 (That is a ton of hops)
Description: Now Brian is in QA, so that should be noted here. Quality Assurance is approving this beer. He says “it’s like getting voluntarily smacked in the face with a bag of hops.” Too extreme to be called beer? Brewed to a colossal 45°P, boiled for a full two hours while being continually hopped with high alpha American hops, dry-hopped every day in the fermenter for a month, and aged for a month on whole leaf hops, 120 Minute IPA is by far the strongest IPA ever brewed. And at 21% ABV and 120 IBU’s, you can see why we are calling this the Holy Grail for Hopheads.

Nick, Software Engineer
Beer recommendation: Hacker-Pschorr Oktoberfest Märzen
Style: Oktoberfest/ Märzen
ABV: 5.8%
Description: This is a decedent of the original Märzen style beer. Bavarian barley slow roasted, caramelized to a rich, red amber color combined with the purest spring waters from the Alps, exclusive yeast and the finest Hallertau hops.

Neil, Territory Sales Manager
Beer recommendation: Andechser Bergbock Hell
Style: Heller Bock
ABV: 7%
Description: From one of our Sales reps across the pond.  He says this was a staple when he lived in Germany.  He also recommends the Dunkel from Andechser.  Aromatic and mild.

Tyler, Software Engineer
Beer recommendation: New Glarus Scream
Style: Imperial IPA
ABV: 9%
IBU: 85
Description: Scream boasts an inspired 85 IBUs that reverberate cleanly though this IIPA. New Glarus Brewery grown estate hops join other Wisconsin grown hops to dominate this brew from Kettle Boil to Dry Hopping. You hold a deceptively seductive Original Gravity of 20.9 degrees Plato following the always 100% naturally bottle conditioned fermentation. Luscious Wisconsin grown and malted barley along with English Maris Otter malt is the bold heart of this lustful sensory enchantment. Surrender is inevitable so enjoy today.

Ben, Territory Sales Representative
Beer recommendation: Heritage American Expedition
Style: Wheat Ale
ABV: 4.5%
IBU: 10
Description: a light bodied American wheat ale. Bathed in farmers honey and spiced with ginger, it will give any traveler the fortitude and perseverance to carry on.

Bob, Channel Account Manager
Beer recommendation: Southern Tier 2xStout
Style: Sweet Stout
ABV: 7.5%
Description: Double Milk Stout
“2 varieties of hops & 3 types of malts”
Milk stout, also called ‘cream’ or ‘sweet’ stout, is a stout containing lactose, a sugar derived from milk. Because lactose is unfermentable by beer yeast, it adds sweetness and body to the finished beer. Milk stouts have been claimed to be nutritious, and were marketed as such in the early 1900s with claims that would make the FDA wince. One ad read, “Ideal for nursing mothers, for the healthy, for the invalid, and for the worker.” Surely! Of course, we couldn’t stop at a traditional milk stout. Ours is a double, an addition to our 2X line, and at 7.5% abv is every bit as delicious as it sounds. To your health!

Byron, Systems Administrator
Beer recommendation: Left Hand Milk Stout Nitro
Style: Sweet Stout
ABV: 6%
Description: This English style of beer, also known as Sweet Stout or Cream Stout, first appeared in London in the late 1800’s. The early brewers touted the health benefits of the milk sugar in this beer which today relates mainly to the increased amount of calories (no real health benefits…sorry). The milk sugar adds a well-rounded sweetness to this dark beer and makes it an outstanding, year ‘round stout.

And because I don’t want to be left out you get a bonus 13th Beer of Christmas!

Chris, Product Manager
Beer recommendation: Samuel Smiths Yorkshire Stingo
Style: English Strong Ale
ABV: 8%
Description: I found this in London at a pub called the Chandos.  Since then I found this is distributed in the US which is AWESOME! Bottle conditioned only. Some of the oak casks at Samuel Smith’s date back more than a century with the individual oak staves being replaced by the Old Brewery coopers over the years. Gradually the casks soak in more & more of the character of the ale fermented in stone Yorkshire squares. Yorkshire Stingo is aged for at least a year, matured in these well-used oak casks in the brewery’s underground cellars deriving fruit, raisin, treacle toffee, Christmas pudding and slight oaky flavors, before being further naturally conditioned in bottle.

Whatever holiday you may be celebrating, may it be filled with joy, family, great food, and great beer.

From all of us at Shavlik, have a happy holiday season!

Federal agencies, cybersecurity, and an order from the White House to step up their game


Dateline 2015:

Scary stuff, right? Unfortunately, this should all sound very familiar as there has been a steady stream of headlines around the rising concerns of securing U.S. federal agencies from cyber attack.

I recently had a conversation with Ben Tacheny, the U.S. Federal Territory Sales Representative here at Shavlik. Needless to say, Ben has been very busy as of late. He had a lot of really good insights and guidance that I wanted to share.

Q: Ben, what kinds of security problems are federal government agencies facing today?

Happy National Beer Day!

For those of you who are followers of our team, you know that we here at Shavlik enjoy a good beer. Today we are going to go off topic and focus on National Beer Day. I have been working on a house project that is nearly complete, but didn’t make it in time for National Beer Day. I am changing over from bottling my own home brew to kegging. I have almost everything ready. Even got the first beer I plan to keg already started (Belgian Tripel). The kegerator itself is, unfortunately, on back order until end of April. **Sigh**


September Patch Tuesday Round-Up

ShavlikSecurityThis month may have been a light release from Microsoft, but there was still plenty of updates to deploy. Microsoft released four security updates, one of which was critical, resolving 42 vulnerabilities. On the Non-Microsoft front, there were releases from Adobe and Google to take note of. Adobe Flash had a patch Tuesday release resulting in an IE advisory and a Google Chrome release to update the Flash plug-in. The Flash update resolved 12 vulnerabilities. There was no security updates for Office this month, but there were 18 non-security updates. One of those has run into some issues and had to be pulled. Here is a priority breakdown for security updates this month and details on known issues:

Shavlik Priority 1 Updates (Priority 1 updates should be applied as soon as possible):

  • MS14-052: Cumulative Security Update for Internet Explorer (2977629) – This update is rated as critical by Microsoft. It resolves 37 vulnerabilities which could allow for remote code execution. The updates are all relating to memory corruption issues. One of the vulnerabilities resolved (CVE-2013-7331) has been exploited in targeted attacks in the wild. There are a large number of vulnerabilities and one publicly exploited making this a high priority for update.
  • APSB14-21: Security updates available for Adobe Flash Player – This update is rated as a Priority 1 by Adobe. The update resolves 12 vulnerabilities which have a variety of impacts including memory corruptionbypass memory randomization, code execution, bypass same origin policy, and security feature bypass.
  • MSAF-029: Microsoft Security Advisory: update for vulnerabilities in Adobe Flash in Internet Explorer – This update allows Internet Explorer to support the latest Adobe Flash release which resolves 12 vulnerabilities and is rated as a Priority 1 by Adobe.
  • CHROME-111: Chrome 37.0.2062.120 – Resolves four vulnerabilities including one high priority vulnerability. The update also includes support for the latest Adobe Flash plug-in which puts it up in the priority list for this month.

Shavlik Priority 2 Updates (Priority 2 updates should be tested and rolled out in a reasonable time frame, typically within 10-30 days of release):

  • MS14-053: Vulnerability in .Net Framework could allow Denial of Service – This update resolves one privately reported vulnerability which could lead to a DoS, but by default an install of .Net will not be vulnerable to this vulnerability. The flaw is exposed if ASP.NET is installed and registered with an IIS server. This would require customer to install ASP.NET manually.
  • MS14-054: Vulnerability in Windows Task Scheduler could allow for elevation of privilege – This update resolves one privately reported vulnerability in Microsoft Windows which could allow for elevation of privilege. The attacker must, however, have a valid logon credential and be able to log on locally to exploit this vulnerability.
  • MS14-055: Vulnerabilities in Microsoft Lync Server could allow Denial of Service – This update resolves three privately reported vulnerabilities in Microsoft Lync Server. The attacker must send a specially crafted request to the Lync Server to exploit this vulnerability.

Watch List:

  • Adobe delayed release of APSB14-20 – The update will be a Priority 1 from Adobe as it resolves several critical vulnerabilities. The release was delayed to the week of September 15, meaning it will drop any day now. Once it does, you can expect to bump this up to the Priority list for rolling out this month.
  • Office non-security patch pulled by Microsoft – Microsoft did not release any security updates for Office this month, but 18 non-security updates have released.  An issue was discovered with KB2889866, an update for OneDrive, which would cause syncing to another users library to fail and moving of links etc, to no longer be picked up by sync.

For access to Shavlik’s Patch Tuesday webinar or presentation you can go to our webinars page and check out the ‘Recent Webinars’ section and click view. You can also sign up for the October Patch Tuesday webinar where we will discuss the Patch Tuesday release for all of the critical apps that affect you.

Patch Tuesday Advanced Notification September 2014

PatchWithoutBorderSo far we have four bulletins announced for September 2014, one Critical and three Important. Back in August Microsoft put a hard deadline on implementing the Update 1 (KB2919355) for Windows 8.1 and Server 2012 R2, making it so users need to install Update 1 in order to keep their systems updated.

The first patch Microsoft will be rolling out is for Internet Explorer and is Critical. For the past few months we have seen large numbers of vulnerabilities primarily around memory corruption and memory leaks being resolved in IE. It’s likely we are going to see a continuation of that trend that started back in June, but it’s probably going to be a fairly clean month for IE.

Of the three Important updates, there are two vulnerabilities that could result in a denial of service attack and one that could result in an elevation of privileges. These bulletins affect .Net Framework, the Windows Operating System and Lync Server. The .Net update is going to be the most important thing here and IT managers should make sure they are testing it adequately before rolling it out.

On the third party front, we are expecting an update from Opera any time now. They have updated their change log, but the new version (24) has not yet been made available on their downloads.

For Adobe we anticipate an update for Flash to be quite likely this month. So far in 2014 there has only been one patch Tuesday without a Flash update and that month there were two updates outside of patch Tuesday, one of which was a Zero Day. If there is a Flash release, you can expect a Microsoft Advisory update for IE to update the Flash plug-in and most likely a Google Chrome update to support the plug-in as well.

Microsoft Security Bulletins:

  • 1 bulletin is rated as Critical.
  • 3 bulletins are rated as Important

Vulnerability Impact:

  • 1 bulletin addresses vulnerabilities which could allow Remote Code Execution.
  • 2 bulletins address vulnerabilities which could result in a Denial of Service.
  • 1 bulletin addresses vulnerabilities which could allow Elevation of Privileges.

Affected Products:

  • All supported Windows Operating Systems.
  • All supported Internet Explorer versions.
  • .Net Framework.
  • Lync Server.

Join us as we review the Microsoft and third-party releases for September Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, September 10th at 11 a.m. CDT.  We will also discuss other product and patch releases since the August Patch Tuesday.

You can register for the Patch Tuesday webinar here.

Thank You for Joining Shavlik at VMworld 2014



Last week I was in San Francisco for VMworld 2014.  We had a great week and a lot of traffic in our booth.  We had over 1500 people stop by the booth between Sunday and Wednesday.  We crammed crowds of VMworlders into the booth for live demonstrations of Shavlik Protect 9.1 (Ryan from our SE team lining up another crowd for a demo and Becky loading up more snap bracelets to give away).  We slapped a couple thousand blue Shavlik snap bracelets (which are also a stylus) on the people who stopped by and a few drive by’s who didn’t stop to talk.


We also had hundreds of Shavlik users stop by the booth as well.  I think I met a couple dozen long time users who remember HFNetChk.  That dated them pretty much all the way back to the beginning of Shavlik and the original command line assessment tool based on the original MBSA.  It was great talking with you all and hearing the things you liked and those things you would like to see improve in the product.  Keep that feedback coming as that is how we ensure the product does what you want.

Make sure to catch us in April at RSA.  If you do you can join us for snap bracelet target practice. Below is Kate from our Field Marketing team loading up with snap bracelets between demos.

MS14-045 re-released today and everyone wants to know if they need to uninstall the previous version

Microsoft re-released MS14-045, which was causing blue screens for some customers. Our content team did release an out-of-band content update to add the new version of MS14-045. It was released as a new KB (2993651). The Microsoft bulletin has answers to many common questions in the Update FAQ, but the one question most people are asking me is do they have to uninstall the previous one if it is not blue screening systems. Microsoft states in the FAQ that the patch will install over the top of the previous version, but they are recommending uninstall even if you are not having issues.

For that reason, Shavlik Protect will still show the original KB if you have already installed the original. The new version replaces the previous one, so if you have not installed it you would not see the original by default. We kept the original in product but marked it as non-deployable so customers who had not already installed would not accidentally do so. This also removed the ability to uninstall if you had already deployed the original update. Our support team has created a set of custom actions to remove the original patch. You can view that KB here.



Blue Screen (Stop 0x50) after applying update KB2982791 to Windows 7


Reports have started popping up regarding a Blue Screen of Death (BSOD) after applying MS14-045 to Windows 7 systems. If you are seeing issues please go to this Microsoft forum post and let them know. Microsoft MVP Susan Bradley and others have started a support case with Microsoft and are asking for anyone else who sees these issues to let them know so they can collect all possible information in one place and help Microsoft quickly find and resolve this issue.

All is not doom and gloom, however. Many reports for members of (mailing list focused on patch management issues), have reported successful deployment of these updates. The Shavlik Content Team did not encounter the BSOD during our Patch Tuesday testing. LANDESK and Shavlik employees have not reported issues either. I personally deployed 11 updates including MS14-045 (KB2976897 and KB2982791) to my own Windows 7 x64 system on Wednesday morning without issue. So, while this is not an epidemic affecting all deployments of the Kernal-Mode Driver patch, it should prompt Admins to take a little extra time to test if possible.



July Patch Day Round-Up

PatchWithoutBorderOracle has released their quarterly Critical Patch Update.  There is a long list of products with updates coming and at the top of that list from a severity standpoint is Java.  With a CVSS base score of 10.0 on some of the vulnerabilities, the 20 new security fixes for Java SE are definitely in need of some immediate attention.  All 20 of the vulnerabilities in Java could be remotely exploited without authentication.  This means exploitable over a network without the need for a username and password.

Oracle Database server may only have 5 vulnerabilities being resolved, but one or more of those have a CVSS base score of 9.0.  Several other products like Fusion, Virtualization, and Retail Applications have CVSS base scores of 7.5 and the rest start to fall steadily from there, but one fairly common theme is the remotely executable without the need for authentication.  Companies running a lot of Oracle software should take some time on Tuesday and review what solutions they have and where they are to see if immediate action is necessary.  Again, for Java, the urgency is going to be far greater.  If you don’t have a breaking dependency on a specific version it would be a good idea to roll out ASAP.

With Oracle’s CPU today Java should be added to the top of the priorities list this month.   Three updates in particular should be considered a top priority as you are conducting your monthly maintenance.  Flash Player, the IE Cumulative Update, and Oracle Java.  The July Patch Tuesday update to IE to resolve 23 memory corruption vulnerabilities, one of which was publicly disclosed, appears to be a continuation of the very large IE Cumulative update from June which had over 50 fixes to memory corruption vulnerabilities.  The Adobe Flash player update resolves three vulnerabilities that allow an attacker to bypass security features.  Adobe Flash has had critical release every month in 2014, and on Patch Tuesday for six of seven months.  It is looking to be a permanent fixture for IT Admins to prioritize each month.  If you haven’t been keeping it up to date, there is ample cause to do so.