Hi Kevin, Kevin Landers wrote: > I have just started playing with wpkg. I have created a samba share and > loaded 7zip via the client. So far, I am impressed and pleased. Pleased to hear about. > I am curious as to how wpkg deals with firewalls and other programs that > are installed to protect against installation of spyware. For example, I > could foresee a huge issue with firewall software such as Comodo > Firewall with Defense+ running. WPKG does not "deal" in any way with Antivirus or Firewall programs. Instead it's the other way around. Firewalls and Antivirus have to deal with WPKG. WPKG Client is running as a background service using SYSTEM privileges. Therefore when it runs any command (like the remote wpkg.js script) it will be run with SYSTEM privileges as well. Up to now I have not seen any Firewall/HIPS system which somehow intercepts calls done by services or other programs running with SYSTEM privileges. I think most (all) of these tools are there to prevent the user from doing mistakes. So if you run wpkg.js manually using a local account with administrator privileges, then it might ask some "questions". But usually services are allowed to proceed. Regarding Firewalls it is just needed for WPKG Client to access the package share (SMB/CIFS share). It is very unlikely that an administrator within a corporate environment blocks SMB/CIFS traffic on clients since they would also not be able to use any kind of Windows file sharing. If you're using WPKG web (yet unsupported) then you might need to allow access to HTTP ports (port 80) from your client to the WPKG web service too. However this is entirely optional. Personally I am fine with the Windows built-in firewall and any Antivirus program (successfully used Avira AntiVir free/pro, MCAfee and NAV). Using one of this "Internet Security" suites might cause some problems as some of them are for home-use and do not care about file sharing access and the likely. However always when I see such a bloatware package I tend to uninstall it immediately in favor of the Windows firewall and a lightweight Antivirus tool. I rather prefer to do some extensive filtering and scanning on servers instead of trying to secure all clients too much (which usually also has some usability drawbacks to the users). > In a normal installation of software by a user, Comodo Firewall has to > be set to treat the installer as an actual installer and prompts the > user for permission to do so. I don't know this Comodo Firewall in detail but it might be some kind of "custom UAC" or HIPS system. Well, this usually does not affect the SYSTEM account which is used by WPKG client. So if you run wpkg.js manually on the client (using any interactive account with administrator privileges) then Comodo might pop up a prompt for each installer wpkg.js is executing. However I assume that this will not be the case if WPKG client running with SYSTEM privileges runs wpkg.js in the background (non-interactive). > How does wpkg handle such things? See above. > Do people have problems with firewalls/virus scanners/etc when using > wpkg to deploy remote installs? As I wrote above I never had issues with that. WPKG only uses very very basic technology like SMB/CIFS access which is usually allowed within the local network by all firewalls. It would be a very bad idea for any administrator to disable these protocols. > Thanks for a great program. I look forward to hearing from the masses > and learning more about this wonderful solution. Great to hear some success stories :-) br, Rainer |