At times, the third-party patches fail to download in GFI LanGuard due to various reasons.
This article clarifies the failures involved while downloading the patches for remediation and also provides the available solutions and workarounds.
All versions and builds
When you have an issue with downloading an update(s), you need to check a couple of things:
- First, you need to make sure that you are on the latest patch management definitions by performing program updates.
- The next thing you need to do is to check the error message that is listed in the LanGuard Console > Activity Monitor > Software Updates Download.
- You may need to scroll to the right of this screen to view the download link and the error for the file. Generally, the error message seen is either Not Found or The file was downloaded but the file size did not match the expected size.
- The most commonly seen issue is just a notice that the patch failed to download. Occasionally, it is due to the communication failures within the internal network, such as the ISP is down, and for this, there is not much we can do.
- Alternatively, there are occasions where the download link has moved since the patch definitions were updated, or the definition was provided with a broken link:
- Right-click on the failed update, and select Retry download.
- If it is successful, proceed back to Remediation and Patch Deployment.
- If it fails again, copy the URL and verify if the download is successful directly within a browser.
- This indicates if there is a communication failure outside of LanGuard, or if the link has moved.
- If the download is successful outside of LanGuard, see the workaround listed below.
- Another common issue which we see is that the definitions are out-of-date.
- If a scan is run from prior to a definition update, the link may have changed, and as a result, the link provided for the patch from the last scan is no longer the most up-to-date.
- In this case, there will be an indication of such an error as seen in the screenshot below:
The file URL points to a different file than expected. Try rescanning with the latest Patch definitions.
- To resolve this error, verify if you have the latest definitions by running a Program Update.
- After verifying the latest definitions are installed, run a fresh scan of the machine.
- After the new scan is completed, perform remediation on the affected device, which uses the latest patch definitions and downloads using the latest links.
- If the error is Not Found, it is because there is no download prompt when going to the link – either because of something the vendor added to the download page or them removing the download itself from the location.
If the error is about a mismatch, then you need to check the version of the patch you are downloading and the version listed in the download.
- If the download is for UVNC 22.214.171.124, make sure the download specifies it and is not listed incorrectly. There are cases where we put the patch we are looking at as version 1.2, but the download link is for 1.1.
- Alternatively, if it is a generic download, i.e., if we are looking for an old version of an Adobe product, but the download link is something like
http://www.adobe.com/adobe.exe. In this case, the generic download is a newer version than what we are looking for, which causes the mismatch.
- A workaround you can use is to place the file that LanGuard is looking for into the repository. E.g., If LanGuard is looking for aXTHAYHRWA=ultravnc.126.96.36.199.exe, place this file in the repository (LanGuard console > Configuration tab > Software Updates > Patch Auto-Download > Patch Repository).
- You can manually download the requested file, place it into the repository, and run the remediation job.
- LanGuard should detect that the file is in the repository and attempt a deployment.