Functionality update for Snow Inventory Agent for Windows
Published: March 21, 2018
Software version: 5.2.4
Installations of Snow Inventory Agent for Windows, of the versions from 5.1.0 to 5.2.3 and deployed using an MSI package built by Snow before March 16, 2018, are affected by a critical issue that could lead to loss of data on computers if the agent uninstallation is performed using the command line option “snowagent.exe uninstall”. The issue has been just recently discovered in a test environment and has its root cause in an error in the MSI package used to install the agent. The MSI package does not correctly set the InstallLocation property in the Windows Registry – a property used by the agent command line uninstall function. Uninstallation through the MSI technology (both scripted and non-scripted) works as expected.
In order to avoid this issue, use the same install and uninstall methods as recommended by the Snow Inventory documentation. No incidents of this issue occurring in a production environment have been reported, however, due to the potential consequences, we are treating this issue as a Severity 0. Please see the Affected Scenarios paragraph below for more information on when and where this error could potentially occur. Please refer to the How to mitigate paragraph for information on what steps are needed to safely update the agents.
This issue does not affect agent performance or functionality in normal operation.
Affected Software versions
The following software versions or editions are affected. Versions or editions that are not listed are not affected.
|Snow Inventory Agent for Windows||Critical|
Unwanted file removal
|Versions 5.1.0 through 5.2.3|
The only affected scenario is when the agent uninstall registry key has an empty InstallLocation property value, and the uninstallation is invoked by the agent command line option
“snowagent.exe uninstall” locally or remotely on the client machine.
The above scenario can only occur if all of the following statements are true:
- The agent is installed using an MSI package created before March 16, 2018.
- The agent has never been updated or reinstalled using the command line option.
- The agent has not been updated or deployed through the Snow Inventory Server functionality.
Every other deployment scenario is unaffected by this issue.
How to mitigate
First and foremost, do not use the agent command line “snowagent.exe uninstall” if the agent version is prior to 5.2.4.
If you are affected by the issue as described above, and wish to update the agent, use one of the following procedures:
- Request a new MSI package from Snow for your specific agent configuration. Re-deploy the MSI package using your preferred deployment method.
- Create an agent update through the Inventory Server administration console and distribute to all your endpoints.
Workaround (without updating the agent)
Any of the below workarounds will assure a safe future uninstallation of the agent.
- Run the agent command line “snowagent.exe install” to populate the InstallLocation registry key value.
- Two scripts are available through Snow Support to prevent the issue from triggering (these can be found here):
- A PowerShell script that can be deployed as an additional file to the Snow Inventory Agent. This script will be executed during the next scan.
- A PowerShell script that can be executed manually on the client computer.
If you are affected by the issue as described above, and wish to uninstall the agent, use one of the following procedures:
- Uninstall the agent using the MSI package.
- Uninstall the agent through Add/Remove Program in the Windows Control Panel.
I am not planning on uninstalling the agent using command line, do I need to do anything?
There is no risk in leaving the agent on your system, but to prevent future mistakes we recommend you update the agent to version 5.2.4 or later.
I re-deployed my agent using an MSI package created before March 16, 2018. Do I need to update the agent anyway?
Yes, you should update the agent according to the methods mentioned above.
If I want to update my agent, are there any special considerations due to this issue?
No, this issue has no impact on the update procedure of the agent.
I just installed the agent using a Snow provided MSI package built after March 16th,2018. Am I affected by this issue?
Packages built by Snow after March 16th are not affected by this issue.
Should I immediately remove the Snow Agent?
No, the agent works as expected with normal operation. The issue can only be triggered as part of the uninstall process in specific scenarios as stated above.
I am affected by this issue; how can I safely remove the Snow Agent?
Follow the process outlined in the document above by using the MSI package or through Add/Remove programs in the Windows Control Panel.
I believe I am at risk in this scenario, should I do something immediately?
There is no urgent need to act, but to avoid potential risks we recommend you update the agent to version 5.2.4 or later.
I have installed the agent using the Inventory Server Deploy method, do I have to act now?
No, you are not affected by this issue.
I installed the agent using an MSI package but have since then updated the agent using an Inventory Server Update, am I affected?
Once the agent has been updated on the target system using the Inventory Server Update, you are no longer vulnerable to this issue.
I am unsure on what to do, is there anyone that can help me?
Sure, contact Support and explain your concerns.
For further information please use this link to our support knowledge base system.