Overview: The ZCM Agent Verifier is a utility designed to help determine if all of the files that comprise the ZCM agent are properly installed and updated on a given device. "Agent Verifier" consists of two main components. The first is AgentBaseline.exe, which can be used to build a template from which other devices can be compared. The second is AgentCheck.exe, which will locate any files which are missing, have the incorrect version number, or an incorrect MD5 checksum based upon the values stored in the Baseline.txt file generated by AgentBaseline.exe. The discrepancies are stored in the errors.dat generated by the AgentCheck.exe.
Initially, Create a Baseline.dat file for the version for a specific version of the ZCM agent.
To do this:
(Note: Exclude.txt includes a list of folders in the ZENworks Agent Directory that do not need to be compared in this process. Additional Folders can be added to the exclusion list if desired. Individual Files cannot be excluded at this time, though they can manually be removed from the Baseline.dat file that is generated. Also, %ZENWORKS_HOME% needs to be properly defined for the process to properly complete.)
Once the Baseline.dat is generated:
Discrepancies with EXEs, DLLs, or Jars should be the primary concern. The Baseline.dat may still include some data files which may differ between devices and can be manually removed if desired.
The three types of results in Errors.dat are shown below:
“C:\Program Files\Novell\ZENworks\BIN\HANDLERS\CONF\FILEFORMATMAPREGISTRY.EXML is Missing.”
Incorrect Version Number:
“C:\Program Files\Novell\ZENworks\BIN\HANDLERS\ZENWORKSIPRINTPROVIDER.DLL. Version Mismatch: 22.214.171.124203 Found. 126.96.36.199204 Expected.”
Incorrect MD5 Checksum:
C:\Program Files\Novell\ZENworks\BIN\HANDLERS\ZENWORKSPRINTERPROVIDER.DLL. MD5 Mismatch: 0x6132083F12F1B54C2C649DEB58DC2A9B Found. 0X7132083F12F1B54C2C649DEB58DC2A9BExpected.
Content of AgentVerify20.zip
Note: These utilities were written using "AutoIT". https://www.autoitscript.com/site
It is not uncommon for AV vendors to flag EXEs generated by AutoIt as potentially infected since all AutoIT EXEs will share some common code, causing potential false positives.
The MD5 for the 2 EXEs in the zip are the following.
These files have not been updated since 2015 and should be free of any malware. Part of my "To Do" list is to re-write this tool in "PowerShell", but that list tends to expand more than shrink.
Note: This tool can be used on a "Windows Primary" and the "Exclude.txt" has been written to generally account for this, but the use of the ZDC should be the primary tool for checking a Primary.
To find other articles by Craig Wilson simply follow the link below:
If you find this article useful, please be sure to give it a like at the bottom of the page!