PsExec stopped working :(

BatchPatch Forums Home Forums BatchPatch Support Forum PsExec stopped working :(

Viewing 18 posts - 1 through 18 (of 18 total)
  • Author
    Posts
  • June 30, 2017 at 4:46 pm #8978
    pchamorro
    Participant

    PsExec stopped working since some days ago. BatchPatch is not working anymore for me 🙁 Is someone having this same issue?

    June 30, 2017 at 4:58 pm #10526
    doug
    Moderator

    First I would recommend testing psexec at the command prompt (start > run > cmd). You can try a command such as:

    psexec \targetComputer IPCONFIG

    If you determine that this command does not work, then you should look at making sure you can access the target computer’s admin$ share. Go to ‘start > run’ and then type:

    \targetComputeradmin$

    If you are not able to connect, that would indicate the source of your problem is due to this share being disabled on target computers.

    Another place to look would be at any security policies that might have been enacted in your environment, which includes Anti-Virus applications or Host Intrusion Prevention/Protection applications that might be blocking psexec.

    I would also suggest that you review the steps outlined in the BatchPatch Troubleshooting Guide to help further narrow down the source of your problem. You posted in this forum posting that you were receiving the same error that’s described in that posting (Windows Update: Error 1611: 5. Failure). As noted in that same posting, this would indicate a permissions issue on target computers. If it’s stopped working all of a sudden on all of your target computers, it would imply that a security policy was applied to your environment that is blocking the psexesvc from running on target computers.

    -Doug

    June 30, 2017 at 6:23 pm #10510
    pchamorro
    Participant

    I’m testing using a domain account. It’s working on member servers but it’s failing on users computers. That’s all for the time been. The admin$ share is accesible on both.

    I can’t test on users computers using local accounts because they are disabled in those machines.

    June 30, 2017 at 6:41 pm #10511
    pchamorro
    Participant

    Well, I found this (translated from Spanish):

    “Blocked by access protection rule. The rule Rules defined by user: Rule protec C:WindowsSystem32Task** has blocked the access to object C:WINDOWSPSEXESVC.EXE.”

    The only thing left to do is to know what change was made. Thank you.

    June 30, 2017 at 7:08 pm #10512
    pchamorro
    Participant

    Ohh.. It’s the antivirus (“source: McLogEvent”)

    June 30, 2017 at 7:34 pm #10513
    doug
    Moderator

    Glad you figured it out.

    -Doug

    June 30, 2017 at 7:43 pm #10515
    pchamorro
    Participant

    Thank you 🙂

    June 30, 2017 at 9:29 pm #10516
    pchamorro
    Participant

    PsExec was blocked by the antivirus vendor as a protection against new ransomware. What might be done if the ban is not lift?

    June 30, 2017 at 9:37 pm #10517
    doug
    Moderator

    Add an exception in your antivirus configuration that allows the service to install/run. The antivirus product should have whitelist capability.

    June 30, 2017 at 9:41 pm #10518
    pchamorro
    Participant

    For what service please? It’s a big restriction. I wish there would be an option for a global whitelist, I mean to run PsExec in any computer for any task, e.g. for running a simple ipconfig.

    June 30, 2017 at 10:46 pm #10519
    doug
    Moderator

    On the BatchPatch computer psexec.exe needs to be able to run. On the target computers psexesvc.exe is what needs to be able to run. To confirm that the antivirus software is the cause of the problem you should disable or uninstall the antivirus software and then test the application. If that appears to resolve the issue then the next step would be to whitelist those applications in the antivirus software. If you have trouble whitelisting those, you should reach out to your antivirus vendor for instructions.

    I hope this helps.

    -Doug

    July 1, 2017 at 1:27 am #10497
    doug
    Moderator

    One other option to try is in BatchPatch ‘Tools > Settings > Remote Execution > ‘Use PsExec -r switch to specify remote service name’ and then you can specify a custom name, which might cause your anti-virus software to not block it, but I don’t know whether or not it would be likely to work, so you’d have to test it and see.

    -Doug

    July 4, 2017 at 3:30 pm #10501
    pchamorro
    Participant

    I tried psexec -r test \remote-pc -u domainadmin-user -p password ipconfig but didn’t work. The antivirus is the one is causing the blocking. Confirmed by the antivirus provider. Expecting for the last word about the whitelistening option from the antivirus provider. Thank you 🙂

    July 4, 2017 at 3:37 pm #10502
    doug
    Moderator

    Thanks. Keep me posted.

    -Doug

    July 4, 2017 at 4:23 pm #10503
    pchamorro
    Participant

    I tried again, and it seems it works! (PsExec -r). Now, it could be possible to include the fix in BatchPatch? Thank you.

    July 4, 2017 at 4:32 pm #10504
    doug
    Moderator

    As noted in my previous posting from 3 days ago, the psexec -r switch is already included in BatchPatch under ‘Tools > Settings > Remote Execution > ‘Use PsExec -r switch to specify remote service name’

    July 4, 2017 at 4:40 pm #10505
    pchamorro
    Participant

    Ok, it’s working. Thank you very much 🙂

    July 4, 2017 at 5:16 pm #10506
    doug
    Moderator

    Excellent.

  • Author
    Posts
Viewing 18 posts - 1 through 18 (of 18 total)
  • You must be logged in to reply to this topic.