Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
bizarre issue: windows 7 regularly re-downloading installation file
bermovick
Our department did a mass installation of a new piece of software last week to about 50 systems. Installation was done by putting the setup file on a fileserver, then remote desktop'ing to each client and installing over the network -- there was no msi file, and no option for a silent install.
Monday the software started being used, and a lot of latency/disconnects were reported. Network traffic was pretty low except for the occasional large spike on the system I monitored. After a couple days back-and-forth I decided to setup an RSPAN session and watch wireshark, and I'm seeing the weirdest thing.
Every 10-11 minutes, every machine that this was done on reaches back and downloads the 80MB setup.exe via SMB2. The weird thing is, those that had prior versions installed on it (for demo, testing, etc) are attempting to get the setup file from those versions as well!
I'd originally thought this was something with the program -- then with perhaps the program's installer script not cleaning itself afterwards, but by chance one of the captures showed a system trying to retrieve the setup file for a completely different program! I'm starting to think this is either windows itself (unlikely) or some other completely unrelated software (also seems unlikely)
For all I know this has actually been going on for a while, but due to either the install files being relatively small and/or removed, its presence has been small enough to be beneath notice.
Has anyone seen ANYTHING remotely like this, or have any suggestions on tracking this down further?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
MCITBound
Is the other program related to the deploying program? My first thought would be some support files that the original program is designed to look for in that location. I know Autodesk has some crazy file retrievals going on. It'll even look for files that either don't exist or files on a path not even remotely close to even be a legit path for Autodesk.
bermovick
No, the 2 programs are completely unrelated (as far as I know).
We just tested on a system that 1) had program 2 but not program 1 installed on it, and 2) had program 2 installed over the network, and program 2 is regularly downloading its install file too.
This was probably just never noticed as program 2's install file is only 1.5MB, so it doesn't even register as a blip - I just happened to run a capture on a computer that had both installed and happened to see both request their installer.
For the moment we've just renamed/moved the installer files, but personally I don't consider this a fix or even a workaround (at least not yet).
About7Narwhal
Are offline files enabled for these computers?
Do the user settings or application configurations get reset after the download? (or do the users have disconnection problems after the download?)
Is the time they download the same or predictable?
Does this issue occur from a local install? (non-rdp/installer on client)
Can you recreate the issue with another application? (aside from program 1 and program 2)
Is the server an SMS server or do you have an SMS server on site? (or are the clients running Capinst.exe)
**EDIT**
Also, just out of curiosity, what happens if you rename another installer to match program1 or program2? It would be interesting to see if the application installs.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
