topic Re: How to tell which blades are installed in EPS.msi in Endpoint

How to tell which blades are installed in EPS.msi

MildMcHaggis — Thu, 22 Oct 2020 19:45:45 GMT

Hi,

We are trying to determine whether or not our Desktop MSI files contain the Full Disk Encryption blade or not. The version we are trying to install is 83.20.3692.

The team that is providing this install to us is giving us two MSIs - one is "WithFDE" (for laptops) and the other is "WithoutFDE" (for Desktops). However... we are getting reports from our techs that desktop hard drives are being encrypted.

Both MSI files are the exact same size, and when using Orca to view the properties, I can see that the "FeaturesIncluded" property has a value of "DA,ME,FDE" in both MSIs.

Is there another way we can tell if the FDE blade is included in our MSI file?

Re: How to tell which blades are installed in EPS.msi

Chris_Atkinson — Thu, 22 Oct 2020 22:33:44 GMT

It sounds possibly like the source should double check their Virtual Groups & Deployment rules as seperate from the Endpoint Security Policy. Are they in fact crafting the relevant portions in each based on machine?

Note knowing the version of Endpoint Policy Manager may also be beneficial here.

Re: How to tell which blades are installed in EPS.msi

jcortez — Fri, 23 Oct 2020 13:32:31 GMT

You were close. The best way to see which software blades are included and will be installed in the EPS.msi package is using Orca. When you open our EPS.msi package in Orca you will see a Table in the left hand pane named 'Property'. Click on the 'Property' table and in the right hand pane look for 'USERINSTALLMODE'. This 'USERINSTALLMODE' will show you the Blade Mask of the EPS.msi package.

For example, I have a EPS.msi package I exported/created from my R80.30 EP MGMT Server with the Anti-Bot, Anti-Ransomware/Forensics and Threat Emulation Blades. So that is our client DA + 3 Software Blades. If I follow the same process above using Orca I can see that my 'USERINSTALLMODE' Blade Mask value is: 200705

With that you can then look at SK69040 and if you add up the Blade Mask value for each of those blades you get: 200705 (DA + Anti-Bot, Forensics & Threat Emulation)

This will definitely tell you with each EPS.msi package you have exported which blades will be installed. Please let me know if you have any other questions.