This article provides information on the LanGuard Program Update Process Workflow and troubleshooting guidelines.
On a surface, Program Updates enable GFI LanGuard to detect the latest vulnerabilities and maintain its scanning performance. By default, LanGuard is configured to auto-download updates and check for newer builds. This is handled by the internal Program Update Tool - update.exe.
But there's more to this - practically all LanGuard modules (including the update.exe itself) are updated through the same Program Update procedure. The same tool, update.exe, is also used by the LanGuard Agents to download the definition updates from the LanGuard Server.
Note: The updated definitions are only provided to the latest versions of the product that are released.
Essentially this means, that Program Updates issue can be the root cause for problems down the road - scans failing or not detecting missing updates, remediation jobs failing due to outdated Agent version, etc.
Refer to LanGuard Program Updates for more information about Program Updates Tool and general troubleshooting.
Program Updates Workflow
Program updates for the LanGuard Server are downloaded by default every day at 15:00 and/or at application startup in the following way:
- Update.exe checks the configuration file %ProgramData%\GFI\LanGuard 12\toolcfg_updates.xml.
- Update.exe connects to the configured location using the HTTP protocol.
- The index.txt is downloaded to the %ProgramData%\GFI\LanGuard 12\Update directory. This file contains the version number of lnss12updateinfo.xml.
- If the version number in index.txt is higher than the one in toolcfg_updates.xml, then lnss12updateinfo.xml is downloaded to the Update directory, otherwise, the stored locally lnss12updateinfo.xml will be used. This file contains version information of all the program update files.
- The version information of the update files is compared using lnss12updateinfo.xml and the toolcfg_updates.xml.
- Any files that need to be updated are downloaded and installed.
- Toolcfg_updates.xml is updated to reflect the version of the new files.
For Agent computers, the only changes are:
- The update is automatically run at least once a day, and before any scan.
- These automated update checks are performed via a proxy to the LanGuard server and will pull the update from the Relay (if configured) or the Server (if no Relays assigned to this Agent).
Program updates relevant debugging information from logs can be found in %Data%\GFI\LanGuard 12\DebugLogs\ folder. Relevant log names for LanGuard 12.5 (numbers would be based on the customer version) are:
- lanss_v125_configtools.csv - debug log for various modules, including Program Updates
- lanss_v125_attendantservice.csv - debug log of the Attendant service
It is also possible to find the update process initiation from other log files, for example, Agent scan will leave the corresponding lines in lanss_v125_securityscanner.csv:
Troubleshooting and Following the Logs
Any errors with checks, file downloads, unpacking, copying, and installation can be found following the update process workflow through the logs. Locate the anomaly and proceed triaging from there. Every environment is different, and many variables can contribute to issues with Program Updates.
- Was there a problem with a particular file download? Antivirus or the security appliance present in the environment could block it.
- Was there a problem with unpacking file? Check with 7zip, look through A/V log.
- Is there a problem with copying the file? Check whether there is enough space, A/V exclusions, verify whether customer tried Updating LanGuard Manually
Following Program Updates through lanss_v125_configtools.csv is straightforward, just filter by updateapi.dll as a source.
1. The update process is initialized and will report how it was called. For example, from LanGuard console:
or by the Agent update session:
2. Update checks if the proxy should be used:
3. Next is the connectivity test:
4. Reading remote index.txt:
5. Comparing with the currently installed version:
6. Downloading (if needed) and comparing lnss12updateinfo.xml:
7. And calculating packages and files that need to be updated:
8. Any files, definition databases, and modules that need to be updated are downloaded and installed. Here another module, Cabber, can join the process. For example:
9. ... Once all the files are installed and the configuration records updated, the update process finishes.
Cab error codes
During the installation of Program Updates, LanGuard makes use of the Cabber module which extracts the content of the .cab files and moves the file(s) to their final destination. If this process fails, the configtools.csv displays an error message like:
Below is a list of codes the Cabber module can return and what they mean:
- 0 - Cab unpacked successfully
- 1 - Exception caught
- 2 - Cab file not found
- 3 - Encryption failed
- 4 - Unable to copy
Below are some examples of tickets were agents are using the process knowledge and logs analysis results to identify issues and probable root causes: