1 Reply Latest reply on Mar 26, 2014 1:53 PM by chrisgoettl

    Shavlik Agent installed on laptops expiring (Big security problem)


      Hello, We have been using Shavlik for over 5 years to patch all our desktop computers that are connected to our network 24/7.  We have a growing number of Laptop users who may never connect directly to our network so we started installing the agent on them about a year ago so they would get patched.  I just noticed that one of the laptops I installed the Agent on about 4 months ago had expired.  I immediatly looked at a few other laptops and found the Agent had expired and no longer working and patchng these laptops which leaves these computers and our network at risk.  For testing purposes today I reinstalled the agent on one of these laptops using the shavlik version 9 console to install the agent.  On the laptop I went to help - about to verify and it said the new version of the agent (9) was installed but it would be expiring May 10th 2014 !!!!  This is a huge problem for us as we have 100 laptops that had the Agent installed and are now expired.  And not only that in the previous version of Shavlik (8.5) we would at least get the results of these Agents in the Results log on the shavlik console to verify the agent is in fact working. Last week I submitted a post on this forum asking about why the Agents were no longer showing up in the Results on the Shavlik console version 9 and was informed that Shavlik had removed this feature.  This is very troubling for us as we could have laptop that are running the Agent and is no longer working because the license is expired. (We are current on our Shavlik License and in fact have spent thousands over the years).  What has caused our Agents license to expire and how do we fix it?  Where can I get a version of the Agent that does not expire or give me instructions on how to fix this?  There could be other Shavlik customers out there that have installed and are usign the Agent but no idea the agent license has expired. This is a major security flaw with the Shavlik Agent and we need to get this problem solved as soon as possible. Thanks, Tom Farrell Hennepin County Library

        • 1. Re: Shavlik Agent installed on laptops expiring (Big security problem)
          chrisgoettl SupportEmployee



          A couple of things that could be of help here.  Some is clearing up misinformation and others are just ways the product work and new features that will help you overcome those limitations. 


          First, lets discuss the Agent Results showing in 9.0.  So as a scan record of its own on the left navigation and under Manage Items, that is correct, BUT from the Machine View you can see the latest result for any machine.  Also in reports if you do a report on the latest result you would get the Agentless or Agent result whichever was latest.  Agent results are still very much in the console so, out of context, I believe you were miss informed.  I would need see details of that conversation to understand where you may have been steered wrong. 


          Second, agent expiration.  Our agent is setup to be on a 45 day schedule for its license lease.   As long as it checks-in successfully even once in that 45 day period it renews its license.  In 9.0 if you go beyond that 45 day limit the agent should stay installed for an additional 90 days and still check-in periodically.  If it comes back on network and checks in before the 45 + 90 day timeframe and your console has a seat lease available the agent would resume.  IF you exceed the 45 + 90 days the agent would uninstall itself. 


          We have a new feature in Protect 9.0 called the Cloud Agent. This gives you the ability to register your Protect Console in the ProtectCloud (hosted by Shavlik) and then you check a box in your agent policy to allow any agents under that policy to check-in through the cloud.  The process would take you all of about 5 minutes to configure and you now have secure communication between Agent and Console from anywhere they can get a Internet connection without opening additional ports on your agent or network firewall.  The communication and results are all encrypted and the ProtectCloud cannot decrypt any policy or result.  So, unless you shut down a machine and put it in a closet for 135 days you have the ability to ensure that the issue you spoke of would never happen again. 


          Let me know if you have any questions regarding this.  I would be more than happy to discuss this with you further to ensure you are satisfied.  We have a lot of customers who are equally concerned about relinquishing agent licenses in a reasonable timeframe as we have customers who need to ensure their agents stay licensed and functional in the field for prolonged periods of time.  We always try to balance that out to the best of our ability. 




          Chris Goettl

          Product Manager

          Shavlik Protect Team, LANDESK

          1 of 1 people found this helpful