ZCM Agent Verifier 2.0
Overview: The ZCM Agent Verifier is a utility designed to help determine if all of the files that comprise the ZCM agent are properly installed and updated on a given device. "Agent Verifier" consists of two main components. The first is AgentBaseline.exe, which can be used to build a template from which other devices can be compared. The second is AgentCheck.exe, which will locate any files which are missing, have the incorrect version number, or an incorrect MD5 checksum based upon the values stored in the Baseline.txt file generated by AgentBaseline.exe. The discrepancies are stored in the errors.dat generated by the AgentCheck.exe.
Initially, Create a Baseline.dat file for the version for a specific version of the ZCM agent.
To do this:
- Copy the AgentBaseline.exe and the Exclude.txt from AgentVerify20.zip to a working directory on a device with a known good copy of the ZCM Agent that matches the version of the agent for which a Baseline.dat is desired.
- Execute AgentBaseline.exe to generate baseline.dat in the working folder containing AgentBaseline.exe and Exclude.txt.
- Save "baseline.dat" for use later on the potentially problematic devices.
(Note: Exclude.txt includes a list of folders in the ZENworks Agent Directory that do not need to be compared in this process. Additional Folders can be added to the exclusion list if desired. Individual Files cannot be excluded at this time, though they can manually be removed from the Baseline.dat file that is generated. Also, %ZENWORKS_HOME% needs to be properly defined for the process to properly complete.)
Once the Baseline.dat is generated:
- Copy this file along with AgentCheck.exe to a working directory on a device to be examined.
- Execute AgentCheck.exe. A progress meter will appear.
- When complete, the file errors.dat will be generated.
Discrepancies with EXEs, DLLs, or Jars should be the primary concern. The Baseline.dat may still include some data files which may differ between devices and can be manually removed if desired.
The three types of results in Errors.dat are shown below:
“C:\Program Files\Novell\ZENworks\BIN\HANDLERS\CONF\FILEFORMATMAPREGISTRY.EXML is Missing.”
Incorrect Version Number:
“C:\Program Files\Novell\ZENworks\BIN\HANDLERS\ZENWORKSIPRINTPROVIDER.DLL. Version Mismatch: 18.104.22.168203 Found. 22.214.171.124204 Expected.”
Incorrect MD5 Checksum:
C:\Program Files\Novell\ZENworks\BIN\HANDLERS\ZENWORKSPRINTERPROVIDER.DLL. MD5 Mismatch: 0x6132083F12F1B54C2C649DEB58DC2A9B Found. 0X7132083F12F1B54C2C649DEB58DC2A9BExpected.
Content of AgentVerify20.zip
- AgentBaseline.exe – Used to Create Baseline.dat
- AgentCheck.exe – Used to Generate Errors.dat
- Exclude.txt – Default Directories Excluded in Baseline.dat
Note: These utilities were written using "AutoIT". https://www.autoitscript.com/site
It is not uncommon for AV vendors to flag EXEs generated by AutoIt as potentially infected since all AutoIT EXEs will share some common code, causing potential false positives.
The MD5 for the 2 EXEs in the zip are the following.
- 0058bea239e04c0eb7089b1fb18c9fb6 AgentBaseline.exe
- 680a3b5f5c3659358d5bf828044405b4 AgentCheck.exe
These files have not been updated since 2015 and should be free of any malware. Part of my "To Do" list is to re-write this tool in "PowerShell", but that list tends to expand more than shrink.
Note: This tool can be used on a "Windows Primary" and the "Exclude.txt" has been written to generally account for this, but the use of the ZDC should be the primary tool for checking a Primary.
To find other articles by Craig Wilson simply follow the link below:
👍 If you find this article useful, please be sure to give it a like at the bottom of the page! 👍