search

jymcheong / OpenEDRclient

Open Endpoint Defense & Response
Other
0 stars 1 forks source link

Checksum failed for reinstallation #11

Closed jymcheong closed 3 years ago

jymcheong commented 3 years ago

Root Cause

install.ps1 does not overwrite existing C:\installer.zip

When the endpoint was previously installed with remote download means with a command similar to the following:

$SFTPCONFURL='http://<YOUR_IP_ADDRESS>:8888/sftpconf.zip'; Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/jymcheong/openedrClient/master/install.ps1'))

installer.zip is written to C:\ (for the first time), but if we re-run the above line again, it will skip line 63 of install.ps1 & goes straight to checksum comparison which will fail if install.ps1 has a newer checksum.

jymcheong commented 3 years ago

Since offline/air-gap installation is unlikely to put install.ps1 & installer.zip in C:\, easy way out is just assume C:\installer.zip is written by non-offline method.

That being the case, just test existence of C:\installer.zip & delete it for redownload.