Packages reported as failed but everything works

[chupocro]

Now after #461 has been resolved the installation worked without errors but at the end of the installation half of packages were listed as failed although they are all installed and they do work well.

Here is the content of failed_packages.txt:

apktool.vm
wireshark.vm
dependencywalker.vm
cyberchef.vm
pestudio.vm
x64dbg.vm
vcbuildtools.vm
die.vm
7zip-15-05.vm
notepadpp.plugin.compare.vm
libraries.python3.vm
pebear.vm
de4dot-cex.vm
fakenet-ng.vm
capa.vm
idr.vm
shellcode_launcher.vm
peid.vm
hashmyfiles.vm
idafree.vm
x64dbgpy.vm
nasm.vm
processdump.vm
windbg.vm
innoextract.vm
bytecodeviewer.vm
hxd.vm
regshot.vm
sysinternals.vm
uniextract2.vm
notepadplusplus.vm
map.vm
dnspyex.vm
010editor.vm
dll-to-exe.vm
hollowshunter.vm
scdbg.vm
apimonitor.vm
explorersuite.vm
yara.vm
pesieve.vm
cygwin.vm
rundotnetdll.vm
codetrack.vm
floss.vm
ghidra.vm
x64dbg.ollydumpex.vm
cmder.vm
innounp.vm
x64dbg.scyllahide.vm

and here is the list of the installed packages:

C:\Users\xxxx>choco list
Chocolatey v2.0.0
010editor.vm 12.0.1
7zip-15-05.vm 15.5.0
apimonitor 2.13.0.20210213
apimonitor.vm 2.13.0.20220224
apktool 2.7.0
apktool.vm 2.7.0
autohotkey 1.1.36.2
autohotkey.install 1.1.36.2
Boxstarter 3.0.2
Boxstarter.Bootstrapper 3.0.2
Boxstarter.Chocolatey 3.0.2
Boxstarter.Common 3.0.2
Boxstarter.HyperV 3.0.2
Boxstarter.WinConfig 3.0.2
bytecodeviewer.vm 2.11.2
capa.vm 5.1.0.20230418
chocolatey 2.0.0
chocolatey-compatibility.extension 1.0.0
chocolatey-core.extension 1.4.0
chocolatey-dotnetfx.extension 1.0.1
chocolatey-visualstudio.extension 1.11.0
chocolatey-windowsupdate.extension 1.0.5
Cmder 1.3.21
cmder.vm 1.3.21
codetrack 1.0.3.301
codetrack.vm 1.0.3.20230526
common.vm 0.0.0.20230606
cyberchef.vm 10.4.0.20230614
Cygwin 3.4.6
cygwin.vm 3.4.6
de4dot-cex.vm 4.0.0.20230526
dependencywalker 2.2.6000.9
dependencywalker.vm 2.2.6000
die.vm 3.7.20230523
dll-to-exe.vm 1.1.0
dnspyex.vm 6.4.0
dotnetfx 4.8.0.20220524
explorersuite.vm 0.0.0.20230523
fakenet-ng.vm 1.4.11.20230418
flarevm.installer.vm 0.0.0.20230606
floss.vm 2.3.0
ghidra 10.3.0
ghidra.vm 10.3.0
GoogleChrome 114.0.5735.134
hashmyfiles.vm 0.0.0.20230524
hollowshunter.vm 0.3.6
hxd 2.5.0
hxd.vm 2.5.0.20230524
idafree.vm 7.6.20230418
idr.vm 0.0.0.20230606
innoextract.vm 1.9.0
innounp.vm 0.50.0
javaruntime 8.0.231
jre8 8.0.371
KB2919355 1.0.20160915
KB2919442 1.0.20160915
KB2999226 1.0.20181019
KB3033929 1.0.5
KB3035131 1.0.3
libraries.python3.vm 0.0.0.20230522
map.vm 12.20.21
nasm 2.16.1.20221231
nasm.vm 2.16.1.20230531
notepadplusplus 8.5.3
notepadplusplus.install 8.5.3
notepadplusplus.vm 8.5.3
notepadpp.plugin.compare.vm 2.0.1.20211225
npcap.vm 1.72.20230614
openjdk 20.0.1
openjdk11 11.0.16.20220913
pebear 0.6.5.2
pebear.vm 0.6.5.20230308
peid.vm 0.95.0.20221115
pesieve 0.3.6
pesieve.vm 0.3.6
pestudio.vm 9.52.0
processdump.vm 2.1.1.20220908
python3 3.9.13
regshot.vm 1.9.1
rundotnetdll.vm 2.2.0.20230526
scdbg.vm 12.7.22
shellcode_launcher.vm 0.0.0
sysinternals 2023.6.7
sysinternals.vm 2023.6.7
Temurin11 11.0.19.700
uniextract2.vm 2.0.0.20220113
vcbuildtools.vm 0.0.0.20230614
vcredist140 14.36.32532
vcredist2010 10.0.40219.32503
vcredist2015 14.0.24215.20170201
visualstudio2017buildtools 15.9.54
visualstudio2017-workload-vctools 1.3.3
visualstudio-installer 2.0.3
windbg.vm 0.0.0
wireshark 4.0.6
wireshark.vm 4.0.6
x64dbg.ollydumpex.vm 1.80.0
x64dbg.scyllahide.vm 0.0.0.20210823
x64dbg.vm 2021.5.8.20230418
x64dbgpy.vm 1.0.56.20211021
yara 4.3.2
yara.vm 4.3.2
102 packages installed.

I didn't test all programs from the list of failed packages but I tested quite a few and they do work well.

Environment:

VirtualBox 6.1 + Guest Additions, 6 GB RAM, 2 CPUs, 80 GB HDD
Windows 10 Pro 22H2 build 19045.2965
Experience Pack 120.2212.3920.0
Defender disabled by Defender Control

[mr-tz]

I wonder if it's another artifact of the recent changes or a separate issue, maybe here https://github.com/mandiant/VM-Packages/blob/10b474abbe76263e1b0ae36b39b41d8a255cba80/packages/flarevm.installer.vm/tools/chocolateyinstall.ps1#L42-L70

[torabi12]

Looks like I have the same issue:

[Ana06]

I can't reproduce the error. Can you provide the logs (the one in yellow the screenshoot) and provide some details about the system (ideally everything we ask for in the bug issue template) and how you installed FLARE-VM?

[torabi12]

I am sending the chocolatey logs: chocolatey.log

and the environment details: VM-Get-Host-Info.txt

It is a latest Windows 10 Pro x64 running in VMware Workstation Pro 17.0.2 build-21581411

I went through the installation prerequisites on the main page and I started: .\install.ps1 -password <password> -noWait -noGui -noChecks

in admin PS.

[Ana06]

I think https://github.com/mandiant/VM-Packages/pull/465 may fix this issue. I have just merged it. It should take some minutes until the package (flarevm.installer.vm version 0.0.0.20230626) is pushed. Can you retry later and let us know if the issue is fixed?

[torabi12]

I think mandiant/VM-Packages#465 may fix this issue. I have just merged it. It should take some minutes until the package (flarevm.installer.vm version 0.0.0.20230626) is pushed. Can you retry later and let us know if the issue is fixed?

Yes I will try again soon.

[torabi12]

Installation is going on, I got this at the beginning:

but let's wait for the final stage.

[torabi12]

This is the end:

and the chocolatey log: chocolatey.log

Could you please check it?

[Ana06]

@torabi12 from your result this issue has been fixed as that is the expected result. I see 2 .vm packages failing that our daily test has already detected: https://github.com/mandiant/VM-Packages/wiki/Daily-Failures Note that some packages use the same URL for different versions, so every time a new version is released, the download hash fails breaking the package. The hash needs to be updated to fix the package and we do not always have time to fix them when this happens. Once a week we update packages using GH actions, which fixes some of these issues after we merge the PR. I have just trigger it manually: https://github.com/mandiant/VM-Packages/pull/468 After we merge it most of the issues will be fixed. But we are only able to fix packages that use GitHub releases or chocolatey community packages. So pestudio, which uses a different non-standard way, won't be fixed. See https://github.com/mandiant/flare-vm/issues/468

So closing this issue. If you have any idea to improve how we do this, please send an issue/PR and we can discuss further. A PR to update the hash of pestudio would also help (like the one here https://github.com/mandiant/VM-Packages/pull/232)

[googlercolin]

Hi, I faced a similar issue whereby I was given the VM Installation Complete dialog, but I had a few packages that failed to install. I tried to follow the instruction to choco install -y wireshark npcap.vm sfextract.vm (and tried individually too), but there were dependency issues.

Any ideas on how I should fix this?