AP fails install KB941569. Affects: EVERYO...
palisade
26 Jul 2008
The 941569 patch is never applied successfully when AP tries to silently install it. Open applications such as Windows Live Messenger (MSN IM), IE6 or IE7, and explorer.exe (not just explorer windows, the actual desktop that exists on explorer) keep the patch from completing its install. As a result the system looks like it has 941569 installed but the proper files were never replaced and the patch was unsuccessful leaving the system unpatched without the knowledge of the user. Belarc Advisor can detect this because it verifies the files, PSI Secunia will not detect it as unpatched because it verifies the install record.
The solution:
1) The user must manually download WindowsXP-KB941569-x86-ENU.EXE from Microsoft's website:
http://download.microsoft.com/download/5/8...569-x86-ENU.EXE
2) Run the exe, not in silent mode. Do not hit Next at this point, continue to step 3.
3) Close MSN IM (Windows Live Messenger), IE6 or IE7, and any other applications.
4) Bring up the Task Manager (CTRL ALT DEL) by right clicking the toolbar and clicking Task Manager.
5) Find all instances of explorer.exe in the list and right click them and click End Process. At this point your desktop should vanish, do not close the Task Manager, leave it open.
6) Now click through the screens provided by the KB941569 patch and install it. If the patch suggests you close a particular application, do so before continuing.
7) Once the install is complete, click Finish.
8) Now in the Task Manager click the File menu and New Task (Run...), then type explorer and click OK. Your desktop will now reappear.
I would suggest for the next version of AP that additional rules be provided for certain patches to give AP the ability to kill certain processes automatically if necessary for this sort of situation.
I hope this helps everyone. I wish I had caught it sooner.
The solution:
1) The user must manually download WindowsXP-KB941569-x86-ENU.EXE from Microsoft's website:
http://download.microsoft.com/download/5/8...569-x86-ENU.EXE
2) Run the exe, not in silent mode. Do not hit Next at this point, continue to step 3.
3) Close MSN IM (Windows Live Messenger), IE6 or IE7, and any other applications.
4) Bring up the Task Manager (CTRL ALT DEL) by right clicking the toolbar and clicking Task Manager.
5) Find all instances of explorer.exe in the list and right click them and click End Process. At this point your desktop should vanish, do not close the Task Manager, leave it open.
6) Now click through the screens provided by the KB941569 patch and install it. If the patch suggests you close a particular application, do so before continuing.
7) Once the install is complete, click Finish.
8) Now in the Task Manager click the File menu and New Task (Run...), then type explorer and click OK. Your desktop will now reappear.
I would suggest for the next version of AP that additional rules be provided for certain patches to give AP the ability to kill certain processes automatically if necessary for this sort of situation.
I hope this helps everyone. I wish I had caught it sooner.
James
26 Jul 2008
Hi palisade
Thanks for reporting your findings. So that we can better understand what is happening here, can you please let us know what version of Media Player you have, as well as all AntiVirus, AntiSpyware/AntiMalware and anti-IE hijacking software you may have running. Any other media players present (e.g. iTunes, Firefox plugins)? I assume from the thread you are posting in, that your OS is XP-SP3?
I need to firm this up because my records show that I have at least one successful fully silent install of KB941569 on XP-SP2, WMP9 (verified by file version) back in January. At the time, no AV/AntiSpyware/AntiMalware was running nor was IE or any version of Messenger. However the Desktop (i.e. the explorer.exe process) was fully functional.
MSFT's update process can usually manage quite well if files are in use: all you save by killing processes off is a reboot. Your reference to the Desktop also surpriises me as the explorer.exe process does not load, nor does it maintain handles to either wmasf.dll or wmvcore.dll. Did you verify dll's in memory with Process Explorer or anything else?
I understand the difference between Belarc and PSI detection, but there are documented cases of Belarc being wrong. Does anything from Microsoft support your experience of which one of these third-party tools is correct (e.g. WSUS, MBSA, WU, MU)?
At what point did you reboot?
--
Thanks for reporting your findings. So that we can better understand what is happening here, can you please let us know what version of Media Player you have, as well as all AntiVirus, AntiSpyware/AntiMalware and anti-IE hijacking software you may have running. Any other media players present (e.g. iTunes, Firefox plugins)? I assume from the thread you are posting in, that your OS is XP-SP3?
I need to firm this up because my records show that I have at least one successful fully silent install of KB941569 on XP-SP2, WMP9 (verified by file version) back in January. At the time, no AV/AntiSpyware/AntiMalware was running nor was IE or any version of Messenger. However the Desktop (i.e. the explorer.exe process) was fully functional.
MSFT's update process can usually manage quite well if files are in use: all you save by killing processes off is a reboot. Your reference to the Desktop also surpriises me as the explorer.exe process does not load, nor does it maintain handles to either wmasf.dll or wmvcore.dll. Did you verify dll's in memory with Process Explorer or anything else?
I understand the difference between Belarc and PSI detection, but there are documented cases of Belarc being wrong. Does anything from Microsoft support your experience of which one of these third-party tools is correct (e.g. WSUS, MBSA, WU, MU)?
At what point did you reboot?
--
Cristiano
26 Jul 2008
> that I have at least one successful fully silent install
you may count a few dozens with me. i always check for failed modules. maybe not this one, but all that shows also not installed. i always install all critical, noncritical and a few others (including wmp11) at once.
but keep in mind that i always let ap run alone. nothing else running at same time. since a few things may lock certain files, for sure that some issue may happend if you are running ap with another background thing running
[]s
you may count a few dozens with me. i always check for failed modules. maybe not this one, but all that shows also not installed. i always install all critical, noncritical and a few others (including wmp11) at once.
but keep in mind that i always let ap run alone. nothing else running at same time. since a few things may lock certain files, for sure that some issue may happend if you are running ap with another background thing running
[]s
palisade
27 Jul 2008
wmp11, xp sp3, antivir, ff3 (w/ adblock), ie7, spyware doctor, comodo firewall
I verified the patch was not correctly installed independently of Belarc/PSI by running the patch manually and discovering that it required me to close explorer.exe (after a fresh reboot) with no other software open (Firefox/MSN/IE/etc were all closed). Belarc verified that the files had not been updated, but the moment I killed explorer and installed the patch myself, Belarc detected the system as successfully patched.
Also, I always reboot after applying hotfixes.
It may only happen to a small percentage of people then, if I'm one of the rare cases and this hasn't been discovered yet. But, the unlikeliness of it happening does not preclude my previous suggestion that there be dependency rules that can allow patches given to apup the ability to shut down processes during a silent install and bring them back again afterward.
Sorry if I cried wolf here, I thought this affected everyone equally.
I verified the patch was not correctly installed independently of Belarc/PSI by running the patch manually and discovering that it required me to close explorer.exe (after a fresh reboot) with no other software open (Firefox/MSN/IE/etc were all closed). Belarc verified that the files had not been updated, but the moment I killed explorer and installed the patch myself, Belarc detected the system as successfully patched.
Also, I always reboot after applying hotfixes.
It may only happen to a small percentage of people then, if I'm one of the rare cases and this hasn't been discovered yet. But, the unlikeliness of it happening does not preclude my previous suggestion that there be dependency rules that can allow patches given to apup the ability to shut down processes during a silent install and bring them back again afterward.
Sorry if I cried wolf here, I thought this affected everyone equally.
James
28 Jul 2008
Thanks for your reply.
I don't think you are!!
I have no proof, from this remote distance, but I would regard spyware doctor with suspicion and would not want this running during updates/installs. One computer I repaired had spyware doctor + McAfee on it and was effectively unusable for about 6 minutes (or more) after switch-on each day.
It's a valid suggestion, but there are all sorts of difficulties here when Mr/Ms Average_user encounters this. Even MSFT steers well clear of this, even when it would make their life easier.
--
palisade, on Jul 27 2008, 03:20 AM, said:
Sorry if I cried wolf here, ...
I have no proof, from this remote distance, but I would regard spyware doctor with suspicion and would not want this running during updates/installs. One computer I repaired had spyware doctor + McAfee on it and was effectively unusable for about 6 minutes (or more) after switch-on each day.
palisade, on Jul 27 2008, 03:20 AM, said:
... there be dependency rules that can allow patches given to apup the ability to shut down processes during a silent install ...
--
palisade
28 Jul 2008
So far I haven't had any problems with spyware doctor. The only reason I'm using it is because it scored as one of the best anti-malware and Google recommends it. I have my doubts, I haven't seen it catch anything yet. Antivir on the other hand has caught viruses/malware that avast (my favorite) missed. As far as stability I haven't seen an issue, perhaps it was the combination with McAfee that was the problem. Next time there's an update I'll disable it and see if that helps matters.
Perhaps a better solution for apup is to make the patch non-silent if it requires termination of running tasks.
Perhaps a better solution for apup is to make the patch non-silent if it requires termination of running tasks.
James
30 Jul 2008
Interesting observations on the AV/AntiSpyware performance. I've seen Spyware Doctor catch stuff, but the owner was using IE not FF. The problem was not stability, Spyware Doctor + McAfee just took over the computer each day, with updating themselves and scanning. It was best to switch on and then go for coffee!
I agree, but if this is done for too many difficult installs AutoPatcher is going to look very messy.
--
palisade, on Jul 28 2008, 10:54 PM, said:
Perhaps a better solution ... is to make the patch non-silent if it requires termination of running tasks.
--
palisade
31 Jul 2008
I keep IE up to date, but I never actually use it. I only use FF3 w/ noscript, adblock, better gmail, keyscrambler, cslite, flash objection and ever since I haven't gotten malware (that I know of). But, being paranoid I run spyware doctor anyways. I also use Spybot S&D with host file blocking, but I don't think this could have caused a problem with the patch since I don't run the resident teatimer watchdog that comes with it (teatimer has caused instability for me in the past so I refuse to use it).
I've found a few other patches that Belarc is complaining about but my manual installs haven't corrected them, I'm still trying to sort that out. These may be the false positives you were talking about before. But, as far as the KB941569 patch, I'm certain it was never installed properly because of the silent install.
Well, the non-silent installs would be for rare circumstances where the patch has the possibility of failing to install if made silent. I don't think most patches fall under this category, as you mentioned before worst-case you have to reboot for some things to apply properly. But, in this situation, the patch couldn't do its job. There has to be a small percentage of people who have had the same problem as me and just don't realize it. Just one person is one too many for this to affect hehe.
I think a smarter autopatcher is good for everyone, the current version can't be adjusted remotely very well. If there are situations like this that come up in the future that are far more serious, there isn't anything that the autopatcher team can do about it except mention it on the forums and hope people resolve it themselves, or release a new version of autopatcher, which is an unreasonable expectation to have every time there's a unique patch problem to solve. That's why I think the dependency rules could solve all unforeseeable problems in the future.
I've found a few other patches that Belarc is complaining about but my manual installs haven't corrected them, I'm still trying to sort that out. These may be the false positives you were talking about before. But, as far as the KB941569 patch, I'm certain it was never installed properly because of the silent install.
Well, the non-silent installs would be for rare circumstances where the patch has the possibility of failing to install if made silent. I don't think most patches fall under this category, as you mentioned before worst-case you have to reboot for some things to apply properly. But, in this situation, the patch couldn't do its job. There has to be a small percentage of people who have had the same problem as me and just don't realize it. Just one person is one too many for this to affect hehe.
I think a smarter autopatcher is good for everyone, the current version can't be adjusted remotely very well. If there are situations like this that come up in the future that are far more serious, there isn't anything that the autopatcher team can do about it except mention it on the forums and hope people resolve it themselves, or release a new version of autopatcher, which is an unreasonable expectation to have every time there's a unique patch problem to solve. That's why I think the dependency rules could solve all unforeseeable problems in the future.
