search

ComodoSecurity / openedr

Open EDR public repository
Other
2.19k stars 434 forks source link

Testing the first release #2

Open ozercomodo opened 3 years ago

ozercomodo commented 3 years ago

Urgent help wanted to test first release, please also express your environment, test steps and expected result : success or failure

AppleSky6 commented 3 years ago

MSI Installation failed,windows7 x64

20201113-142537.338 0000061c [app ] [INF] Application: OpenEDR service [amd64] release-2.4.0.0/Sun Nov 8 20:15:34 2020 20201113-142537.338 0000061c [app ] [INF] Application start time: 2020-11-13T06:25:37.000Z 20201113-142537.338 0000061c [app ] [INF] OS boot time: 2020-11-13T02:24:53.383Z 20201113-142537.338 0000061c [app ] [INF] OS version: Windows 7 Ultimate (6.1.7601) 20201113-142537.338 0000061c [app ] [INF] CPU architecure: amd64, 2 core(s) 20201113-142537.338 0000061c [app ] [INF] Host: WIN-QNJIRBGVPQO 20201113-142537.338 0000061c [app ] [INF] Domain: 20201113-142537.338 0000061c [app ] [INF] Process Id: 844 20201113-142537.338 0000061c [app ] [INF] Config file: C:\Program Files\OpenEdr\EdrAgentV2\edrsvc.cfg 20201113-142537.338 0000061c [app ] [INF] Working directory: C:\Windows\system32 20201113-142537.338 0000061c [app ] [INF] Logging directory: C:\ProgramData\edrsvc\log 20201113-142537.338 0000061c [app ] [INF] Machine Id: b80d9c70d8b40e0e44572df3875ce6fc68d68c59 20201113-142537.338 0000061c [app ] [INF] Application working mode: enroll 20201113-142537.338 0000061c [app ] [INF] Command line: C:\Program Files\OpenEdr\EdrAgentV2\edrsvc.exe enroll --token=x64 20201113-142537.338 0000061c [app ] [INF] Checking component... 20201113-142537.338 0000061c [app ] [INF] Checking component... 20201113-142537.338 0000061c [app ] [WRN] Configuration file is missing. It is being repaired using the specified action. 20201113-142537.338 0000061c [app ] [INF] Removing file <C:\ProgramData\edrsvc\evm.cloud.src>... 20201113-142537.338 0000061c [app ] [INF] Checking component... 20201113-142537.338 0000061c [app ] [INF] Checking component... 20201113-142537.338 0000061c [app ] [INF] Checking component... 20201113-142537.338 0000061c [app ] [INF] Checking component... 20201113-142537.338 0000061c [app ] [INF] Current log level: 2 20201113-142537.338 0000061c [app ] [INF] Customer Id: 20201113-142537.338 0000061c [app ] [INF] Endpoint Id: 20201113-142537.338 0000061c [app ] [INF] Active machine Id: b80d9c70d8b40e0e44572df3875ce6fc68d68c59 20201113-142537.338 0000061c [winsvc ] [INF] Service is being started as an Application 20201113-142537.338 0000061c [winsvc ] [INF] Service is started 20201113-142537.338 0000061c [app ] [INF] Processing startup modules 20201113-142537.338 0000061c [core ] [INF] Process message 20201113-142537.338 0000061c [app ] [INF] Startup modules are processed 20201113-142537.338 0000061c [cloudsvc] [INF] Send configuration request 20201113-142537.338 0000061c [cloudsvc] [INF] Trying to get credentials using provided toked 20201113-142537.338 0000061c [cloudsvc] [INF] Trying to get credentials using provided toked 20201113-142537.338 0000061c [cloudsvc] [INF] Send identity request 20201113-142537.338 0000061c [winsvc ] [INF] Service is being stopped 20201113-142537.338 0000061c [app ] [INF] Application is shutting down - stage 20201113-142537.338 0000061c [core ] [INF] Process message 20201113-142537.338 0000061c [cloudsvc] [INF] CloudService is being stopped 20201113-142537.338 0000061c [cloudsvc] [INF] CloudService is stopped 20201113-142537.338 0000061c [app ] [INF] Global pools are being finished... 20201113-142537.338 0000061c [app ] [INF] Application is shutting down - stage 20201113-142537.338 0000061c [core ] [INF] Process message 20201113-142537.338 0000061c [app ] [INF] Application is shutting down - stage 20201113-142537.338 0000061c [winsvc ] [INF] Service is stopped 20201113-142537.338 0000061c [app ] [INF] Application shutdowned (0xE0020000)

svinson1121 commented 3 years ago

MSI failed to install, Windows 10 Pro X64 version 20H2

Loginsoft-Research commented 3 years ago

Failed on install - Windows 10 X64 - 19041.388 Here is the log for your reference 

20201112-225431.567 00001200 [app     ] [INF] Command line: C:\Program Files\OpenEdr\EdrAgentV2\edrsvc.exe install
20201112-225431.567 00001200 [app     ] [INF] Checking <endpoint.cfg> component...
20201112-225431.567 00001200 [app     ] [INF] Checking <evm.cloud.src> component...
20201112-225431.567 00001200 [app     ] [WRN] Configuration file is missing. It is being repaired using the specified action.
20201112-225431.567 00001200 [app     ] [INF] Removing file <C:\ProgramData\edrsvc\evm.cloud.src>...
20201112-225431.567 00001200 [app     ] [INF] Checking <queuemgr.dat> component...
20201112-225431.567 00001200 [app     ] [INF] Checking <valkyriesvc.dat> component...
20201112-225431.567 00001200 [app     ] [INF] Checking <flssvc.dat> component...
20201112-225431.567 00001200 [app     ] [INF] Checking <signsvc.dat> component...
20201112-225431.568 00001200 [app     ] [INF] Current log level: 2
20201112-225431.568 00001200 [app     ] [INF] Customer Id: 
20201112-225431.568 00001200 [app     ] [INF] Endpoint Id: 
20201112-225431.568 00001200 [app     ] [INF] Active machine Id: <<REDACTED>>
20201112-225431.568 00001200 [winsvc  ] [INF] Service is being started as an Application
20201112-225431.568 00001200 [winsvc  ] [INF] Service is started
20201112-225431.568 00001200 [app     ] [INF] Processing startup modules
20201112-225431.568 00001200 [core    ] [INF] Process message <AppStarted>
20201112-225431.568 00001200 [app     ] [INF] Startup modules are processed
20201112-225431.569 00001200 [winsvcmg] [INF] Install service <edrsvc>
20201112-225431.575 00001200 [procmon ] [WRN] Injection DLLs not found in system directory. Use default directory.
20201112-225434.165 00001200 [winsvcmg] [INF] Install service <edrdrv>
20201112-225434.167 00001200 [winsvc  ] [INF] Service is being stopped
20201112-225434.167 00001200 [app     ] [INF] Application is shutting down - <AppFinishing> stage
20201112-225434.167 00001200 [core    ] [INF] Process message <AppFinishing>
20201112-225434.167 00001200 [procmon ] [INF] ProcMon controller is being stopped
20201112-225434.167 00001200 [procmon ] [INF] ProcMon controller already stopped
20201112-225434.167 00001200 [libsysmo] [INF] SysMon controller is being stopped
20201112-225434.167 00001200 [libsysmo] [INF] SysMon controller already stopped
20201112-225434.167 00001200 [app     ] [INF] Global pools are being finished...
20201112-225434.167 00001200 [app     ] [INF] Application is shutting down - <AppFinished> stage
20201112-225434.167 00001200 [core    ] [INF] Process message <AppFinished>
20201112-225434.167 00001200 [app     ] [INF] Application is shutting down - <shutdown> stage
20201112-225434.167 00001200 [procmon ] [INF] ProcMon controller is being shutdowned
20201112-225434.167 00001200 [procmon ] [INF] Finalize madCodeHook
20201112-225434.167 00001200 [procmon ] [INF] ProcMon controller is shutdowned
20201112-225434.168 00001200 [libsysmo] [INF] SysMon controller is being shutdowned
20201112-225434.168 00001200 [libsysmo] [INF] SysMon controller is shutdowned
20201112-225434.168 00001200 [winsvc  ] [INF] Service is stopped
20201112-225434.168 00001200 [app     ] [INF] Application shutdowned (0x00000000)

FYI. Upon installing the MSI in the mentioned directory, the files were created and auto-deleted from the folder

dtmsecurity commented 3 years ago

Same here tested OpenEDR-installation-2.0.0.0_x64.msi on Windows 10 Version 2004 (build 19041.450) and installer fails. See some logs generated in C:\ProgramData\edrsvc\log\ as per others. But the installation files end up being removed.

20201113-093800.527 000011ec [winsvc  ] [INF] Service is being started as an Application
20201113-093800.527 000011ec [winsvc  ] [INF] Service is started
20201113-093800.527 000011ec [app     ] [INF] Processing startup modules
20201113-093800.527 000011ec [core    ] [INF] Process message <AppStarted>
20201113-093800.527 000011ec [app     ] [INF] Startup modules are processed
20201113-093800.530 000011ec [libsysmo] [INF] SysMon controller is being shutdowned
20201113-093800.530 000011ec [libsysmo] [INF] SysMon controller is shutdowned
20201113-093800.531 000011ec [cloudsvc] [INF] Send <uninstall> report
20201113-093800.531 000011ec [cloudsvc] [INF] Trying to get credentials using provided toked
20201113-093800.531 000011ec [cloudsvc] [INF] Trying to get credentials using provided toked
20201113-093800.531 000011ec [cloudsvc] [INF] Send identity request
20201113-093800.531 000011ec [winsvc  ] [INF] Service is being stopped
20201113-093800.531 000011ec [app     ] [INF] Application is shutting down - <AppFinishing> stage
20201113-093800.531 000011ec [core    ] [INF] Process message <AppFinishing>
20201113-093800.531 000011ec [procmon ] [INF] ProcMon controller is being stopped
20201113-093800.531 000011ec [procmon ] [INF] ProcMon controller already stopped
20201113-093800.531 000011ec [libsysmo] [INF] SysMon controller is being stopped
20201113-093800.531 000011ec [libsysmo] [INF] SysMon controller already stopped
20201113-093800.531 000011ec [cloudsvc] [INF] CloudService is being stopped
20201113-093800.532 000011ec [cloudsvc] [INF] CloudService is stopped
20201113-093800.532 000011ec [app     ] [INF] Global pools are being finished...
20201113-093800.532 000011ec [app     ] [INF] Application is shutting down - <AppFinished> stage
20201113-093800.532 000011ec [core    ] [INF] Process message <AppFinished>
20201113-093800.532 000011ec [app     ] [INF] Application is shutting down - <shutdown> stage
20201113-093800.532 000011ec [procmon ] [INF] ProcMon controller is being shutdowned
20201113-093800.532 000011ec [procmon ] [INF] Finalize madCodeHook
20201113-093800.532 000011ec [procmon ] [INF] ProcMon controller is shutdowned
20201113-093800.532 000011ec [libsysmo] [INF] SysMon controller is being shutdowned
20201113-093800.532 000011ec [libsysmo] [INF] SysMon controller is shutdowned
20201113-093800.532 000011ec [winsvc  ] [INF] Service is stopped
20201113-093800.532 000011ec [app     ] [INF] Application shutdowned (0x00000000)
AppleSky6 commented 3 years ago

I found a solution:

  1. From openedr-installation-2.0.0.0_ X64 extract installation files (You can't upload the attachment here. You need to search the Internet by yourself. Software like this, MSIExtractor.exe)
  2. start cmd.exe, startup parameter: edrsvc.exe install
  3. then, startup parameter: edrsvc.exe start
  4. then, fltmc load edrdrv (On Windows 7, a signature verification error may occur. Please install a test signature for this driver)
  5. then, sc start edrsvc
  6. Enjoy it
pkorshak commented 3 years ago

OpenEdr .msi parses its name to get a token, everything after symbol '_' is interpreted as a token. This token is used to enroll on comodo servers. For opensource version token is redundent and msi must not contain a token in its name.

The names of the released msi have been updated and now it should work. Anyone who has downloaded msi with old names may not download them again and just remove "_x64_win32" from the names.

ozercomodo commented 3 years ago

Thanks to all, it is now fixed, you should be able to install it successfully.

dr4lekhine commented 3 years ago

Installation with success on Windows 10 Pro 20H2 (build 19042.630), x64

=== Logging stopped: 13/11/2020 14:53:40 === MSI (c) (A8:40) [14:53:40:691]: Note: 1: 1707 MSI (c) (A8:40) [14:53:40:691]: Product: EDR Agent v2 -- Installation completed successfully.

MSI (c) (A8:40) [14:53:40:692]: Windows Installer installed the product. Product Name: EDR Agent v2. Product Version: 2.0.0.0. Product Language: 1033. Manufacturer: OpenEdr. Installation success or error status: 0.

MSI (c) (A8:40) [14:53:40:694]: Grabbed execution mutex. MSI (c) (A8:40) [14:53:40:694]: Cleaning up uninstalled install packages, if any exist MSI (c) (A8:40) [14:53:40:700]: MainEngineThread is returning 0 === Verbose logging stopped: 13/11/2020 14:53:40 ===

cikgufatah commented 3 years ago

Success on Windows 10 Pro 20H2 (Microsoft Windows [Version 10.0.19042.630])

20201205-142301.892 00007014 [app ] [INF] Application: OpenEDR service [amd64] release-2.4.0.0/Sun Nov 8 20:15:34 2020 20201205-142301.892 00007014 [app ] [INF] Application start time: 2020-12-05T06:23:01.000Z 20201205-142301.892 00007014 [app ] [INF] OS boot time: 2020-12-04T13:58:19.000Z 20201205-142301.892 00007014 [app ] [INF] OS version: Windows 10 Pro 2009 (10.0.19042) 20201205-142301.892 00007014 [app ] [INF] CPU architecure: amd64, 8 core(s) 20201205-142301.892 00007014 [app ] [INF] Host: BLACKBOX-PC 20201205-142301.892 00007014 [app ] [INF] Domain: 20201205-142301.893 00007014 [app ] [INF] Process Id: 25148 20201205-142301.893 00007014 [app ] [INF] Config file: C:\Program Files\OpenEdr\EdrAgentV2\edrsvc.cfg 20201205-142301.893 00007014 [app ] [INF] Working directory: C:\Windows\system32 20201205-142301.893 00007014 [app ] [INF] Logging directory: C:\ProgramData\edrsvc\log 20201205-142301.893 00007014 [app ] [INF] Machine Id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 20201205-142301.893 00007014 [app ] [INF] Application working mode: start 20201205-142301.893 00007014 [app ] [INF] Command line: C:\Program Files\OpenEdr\EdrAgentV2\edrsvc.exe start 20201205-142301.893 00007014 [app ] [INF] Checking component... 20201205-142301.893 00007014 [app ] [INF] Checking component... 20201205-142301.893 00007014 [app ] [WRN] Configuration file is missing. It is being repaired using the specified action. 20201205-142301.893 00007014 [app ] [INF] Removing file <C:\ProgramData\edrsvc\evm.cloud.src>... 20201205-142301.893 00007014 [app ] [INF] Checking component... 20201205-142301.893 00007014 [app ] [INF] Checking component... 20201205-142301.893 00007014 [app ] [INF] Checking component... 20201205-142301.894 00007014 [app ] [INF] Checking component... 20201205-142301.894 00007014 [app ] [INF] Current log level: 2 20201205-142301.894 00007014 [app ] [INF] Customer Id: 20201205-142301.894 00007014 [app ] [INF] Endpoint Id: 20201205-142301.894 00007014 [app ] [INF] Active machine Id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 20201205-142301.894 00007014 [winsvc ] [INF] Service is being started as an Application 20201205-142301.894 00007014 [winsvc ] [INF] Service is started 20201205-142301.894 00007014 [app ] [INF] Processing startup modules 20201205-142301.894 00007014 [core ] [INF] Process message 20201205-142301.894 00007014 [app ] [INF] Startup modules are processed 20201205-142301.895 00007014 [winsvcmg] [INF] Starting disabled service 20201205-142302.953 00007014 [winsvc ] [INF] Service is being stopped 20201205-142302.953 00007014 [app ] [INF] Application is shutting down - stage 20201205-142302.954 00007014 [core ] [INF] Process message 20201205-142302.954 00007014 [app ] [INF] Global pools are being finished... 20201205-142302.954 00007014 [app ] [INF] Application is shutting down - stage 20201205-142302.954 00007014 [core ] [INF] Process message 20201205-142302.954 00007014 [app ] [INF] Application is shutting down - stage 20201205-142302.954 00007014 [winsvc ] [INF] Service is stopped 20201205-142302.954 00007014 [app ] [INF] Application shutdowned (0x00000000)