Remove From My Forums

HP Synaptics keylogger vulnerability- anyone deploying a fix successfully with SCCM?

Question
0

Sign in to vote

So HP announced a keylogger vulnerability on most of its laptops:

https://support.hp.com/us-en/document/c05827409

I have downloaded their driver update, SP81836, and there is no silent install option. In fact, when you try to run it with -s it throws up a dialog box that tells you to first uninstall the previous version and then reboot (thanks a lot HP!)

How are others handling this? Does anyone have a script that can be deployed with SCCM that they are willing to share? I was thinking maybe a task sequence that does the uninstall, reboot, and then installs the new one but if someone has a simpler solution & wouldn't mind sharing it I'd love to hear it.

Thanks,

FP

Thursday, December 14, 2017 4:00 PM

Answers

1

Sign in to vote
Hi,

Yes just finished putting this one together, one of the installs was the very same softpaq.

You need to extract the exe to a new folder using winrar or 7zip. Then call the new setup.exe with /S

You can do a /? on the extracted exe for more options.

I created a task sequence with groups and used WMI filtering based on model and windows version.

Each group consisted of a command line step that runs the uninstall first.

rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",SilentUninstall_CallerWillReboot

This doesn't seem to close though so I set the timout to be 5 minutes, ignore errors. (tried calling it with PS too, same behaviour)

Next step is a reboot.

Next step is install driver via package using the extracted source as above with setup.exe /S

The machine then requires a second reboot for the applet in control panel to work properly with the driver and show the additional synaptic tabs.

You should also see an entry in programs and features.
- Edited by Richard.Knight Thursday, December 14, 2017 4:44 PM
- Marked as answer by Filthy_Pierre Thursday, December 14, 2017 5:09 PM
- Unmarked as answer by Filthy_Pierre Thursday, December 14, 2017 5:09 PM
- Marked as answer by Filthy_Pierre Thursday, December 14, 2017 5:10 PM
Thursday, December 14, 2017 4:35 PM

All replies

1

Sign in to vote
Hi,

Yes just finished putting this one together, one of the installs was the very same softpaq.

You need to extract the exe to a new folder using winrar or 7zip. Then call the new setup.exe with /S

You can do a /? on the extracted exe for more options.

I created a task sequence with groups and used WMI filtering based on model and windows version.

Each group consisted of a command line step that runs the uninstall first.

rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",SilentUninstall_CallerWillReboot

This doesn't seem to close though so I set the timout to be 5 minutes, ignore errors. (tried calling it with PS too, same behaviour)

Next step is a reboot.

Next step is install driver via package using the extracted source as above with setup.exe /S

The machine then requires a second reboot for the applet in control panel to work properly with the driver and show the additional synaptic tabs.

You should also see an entry in programs and features.
- Edited by Richard.Knight Thursday, December 14, 2017 4:44 PM
- Marked as answer by Filthy_Pierre Thursday, December 14, 2017 5:09 PM
- Unmarked as answer by Filthy_Pierre Thursday, December 14, 2017 5:09 PM
- Marked as answer by Filthy_Pierre Thursday, December 14, 2017 5:10 PM
Thursday, December 14, 2017 4:35 PM
0

Sign in to vote

Thanks for posting those details Richard! I was working on the uninstall string but yours works great. I'm stealing it.

Too bad the reboot is required on this...

Thursday, December 14, 2017 5:12 PM
1

Sign in to vote

The silent install string appears to be:

SilentInstall="setup.exe" -s -SMS -f2%temp%\syntpad.log -E

You can get that from the CVA file (for any of the EXE files listed on the website, just replace the .EXE at the end with .CVA to get it)

SSM (http://ftp.hp.com/pub/caps-softpaq/cmit/HP_SSM.html) looks like the best way to do this - it's designed to let you put a bunch of updates in a location and then the ssm process automagically works out which one(s) needed and installs without rebooting

It looks as if it should work but I'm hitting 2 snags.

The first is that the HP list referenced above is wrong for at least a few laptops (eg Z Book 14 G2 is listed as needing SP81836 on the vulnerability page but the main drivers page lists sp84139).

The second is that even if you get the right driver but there's a newer one installed then the process just hangs - run it interactively and you can see the message that the driver you're trying to install is older than the one installed.

We've got about 100 different models of HP laptop; I'm starting to think I need a massive script checking for model number and then trying to work out if the version I'm going to install is newer than the one already there. It won't be easy and it will certainly be messy!

I wonder if HP will ever work out how to make stuff that works in an enterprise???

Tuesday, December 19, 2017 2:50 PM
0

Sign in to vote
Nice info on the .cva I never knew this!

If you extract the nested setup.exe file and run a /? you will see there are lots of options.

One of the options (/F) will force the install rather than the default prompt.

You could create a collection of all the devices with a certain version installed then exclude them from the deployment.
I did find one of the model numbers wasn't listed on the site but was covered by one of the setup.exe files I already downloaded for another model.
- Edited by Richard.Knight Tuesday, December 19, 2017 8:43 PM
Tuesday, December 19, 2017 8:36 PM
0

Sign in to vote
The reboot seem to be required since SynTPEnhService is running during the uninstallation process so you could try stopping it with this line in Powershell:

Stop-Service -name SynTPEnhService

The service is located in C:\Program Files\Synaptics\SynTP and can also be stopped with this switch:

.\SynTPEnhService.exe -stop

I have only tested it on my lab comp so far but i am able to uninstall and reinstall the drivers as many times I wish without reboot.

Edit: I also found SynTPEnh.exe process active at times and it was opening a new process if the service was active. So after stopping the service you can go ahead and close the process.

Stop-Process -processname SynthEnh.exe
- Edited by ArtturiS Thursday, December 21, 2017 4:41 PM Edit
Thursday, December 21, 2017 10:53 AM
0

Sign in to vote

Hi, This what I have so far........

The only issue is that I get a rundll32 message stating uninstall not possible. When I press OK It does uninstall the driver. But I need to make sure the users don't get this message..........

Anyone else getting the message from the rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",SilentUninstall_CallerWillReboot

commmand ???

Using de PSAppDeployToolkit_v3.6.9 I wrote following script:
Function Get-CurDirectory
{
<#
.SYNOPSIS
Function that will resolve script path

.DESCRIPTION
The Get-ScriptDirectory will show the path from where the script is runned

.EXAMPLE
Get-ScriptDirectory

.NOTES
(no parameters required)

.LINK
http://www.skipdaflip.nl
#>

if (Test-Path variable:\hostinvocation){
Write-Output (get-item ($hostinvocation.MyCommand.path)).DirectoryName
}else{
Write-Output (get-item ((get-variable myinvocation -scope script).value.Mycommand.Definition)).DirectoryName
}
}

function Get-HardwareType {
$hardwaretype = Get-WmiObject -Class Win32_Computersystem |
Select-Object -ExpandProperty PCSystemType
If($hardwaretype -ne 2)
{
return $true
}
Else
{
return $false
}
}

Import-Module "$(Get-CurDirectory)\InstallFunctions\InstallFunctions.psm1"
Import-DLvariables

# POPUP FOR USER

# Variabelen die in de App Deploy Toolkit worden gebruikt ..
$appDeployMainScriptFriendlyName = "Synaptics Driver UnInstall"
$appDeployToolkitName = "SynapticsUninstall" + "#$env:Computername"
#App Deploy Toolkit License Microsoft Public License
#http://psappdeploytoolkit.codeplex.com/license
$scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition
# Dot source the App Deploy Toolkit Functions
."$scriptDirectory\AppDeployToolkit-defer\AppDeployToolkitMain.ps1"

#==============================#Voorbereidende acties#==================================
#Variabelen
#installer Variabelen

$deferDeadline = "2018-01-12 00:00:00z"


# set $OS to current OS
$OS = gwmi -query "select Caption, OSArchitecture from win32_OperatingSystem"


#Logging variabelen
$LogPath = "$env:systemroot\temp"
$LogName = "UnInstall_0000-HP-SynapticsDriver-EN_MAIN_$(get-date -f "yyyy-MM-dd_HH-mm-ss").log"
$log = $LogPath + "\" + $LogName

#check logdir and create if not exist
If (-not( Test-Path "$LogPath" )) { New-Item -path "$LogPath" -ItemType Directory}
#Create file and start logging
New-Item -Path $LogPath -Name $LogName –ItemType File
Add-Content -Path $Log -Value "[$([DateTime]::Now)] Started processing at [$([DateTime]::Now)]."
$strOS = $OS.OSArchitecture
Add-Content -Path $Log -Value "[$([DateTime]::Now)] OS architecture found $strOS"

#Check of er een Synaptics installatie aanwezig is
$CheckIfInstalled=test-path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey"

If ($CheckIfInstalled -eq $true)
{
$GetCurrentVersion=Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey" | Select-Object DisplayVersion
$strSynapticVersion = $GetCurrentVersion.DisplayVersion
Add-Content -Path $Log -Value "[$([DateTime]::Now)] Current Version is: $strSynapticVersion"
If ($GetCurrentVersion.DisplayVersion -eq "19.0.19.63")
{
Add-Content -Path $Log -Value "[$([DateTime]::Now)] No Uninstall Required"
[int32]$mainExitCode = 0
Exit-Script -ExitCode $mainExitCode
}
}
Else
{
Add-Content -Path $Log -Value "[$([DateTime]::Now)] No Uninstall Required"
[int32]$mainExitCode = 0
Exit-Script -ExitCode $mainExitCode
}

#==============================#Eind Voorbereidende acties#==================================

#==============================#Verwijder bestaande Synaptics Driver #==================================

If ($GetCurrentVersion.DisplayVersion -ne "19.0.19.63")
{
#User popups to warn for reboot
If (Get-HardwareType)
{
#Desktop
Add-Content -Path $Log -Value "[$([DateTime]::Now)] Uninstall required"
Add-Content -Path $Log -Value "[$([DateTime]::Now)] $Env:ComputerName is a Desktop - show Desktop popup"
Show-InstallationWelcome -AllowDefer -DeferDeadline "$deferDeadline"
Show-InstallationProgress "Dé-Installatie van de Synaptics touchpad Drivers... Het kan enkele minuten duren alvorens deze klaar is.`nLET OP! Een herstart van de computer is vereist en wordt automatisch uitgevoerd."
}
Else
{
#Laptop
Add-Content -Path $Log -Value "[$([DateTime]::Now)] Uninstall required"
Add-Content -Path $Log -Value "[$([DateTime]::Now)] $Env:ComputerName is a Laptop - show Laptop popup"
Show-InstallationWelcome -AllowDefer -DeferDeadline "$deferDeadline"
Show-InstallationProgress "Dé-Installatie van de Synaptics touchpad Drivers... Het kan enkele minuten duren alvorens deze klaar is.`nLET OP! Een herstart van de computer is vereist en wordt automatisch uitgevoerd."
}
}

#Prepare for Uninstall
#Kill Synaptics Processes if running


If ($GetCurrentVersion.DisplayVersion -ne "19.0.19.63")
{
$process = Get-Process SynTPEnh -ErrorAction silentlycontinue
if ($process)
{
$PrcName = "SynTPEnh"
Get-Process $PrcName | Stop-Process -Force -ErrorAction SilentlyContinue
}

$process = Get-Process SynTPEnhService -ErrorAction silentlycontinue
if ($process) {
$PrcName = "SynTPEnhService"
Get-Process $PrcName | Stop-Process -Force -ErrorAction SilentlyContinue
}

$process = Get-Process SynTPHelper -ErrorAction silentlycontinue
if ($process) {
$PrcName = "SynTPHelper"
Get-Process $PrcName | Stop-Process -Force -ErrorAction SilentlyContinue
}

#==============================#Start UnInstall#==================================

#==========================X86 Uninstall================================================
if($OS.OSArchitecture -match '32-bit')
{
Add-Content -Path $Log -Value "OSArchitecture match x86"

#dpinst /d no longer supported / ignored by OS (Windows 7) use pnputil to remove OEM Drivers
#Vendor to look for
$strVendor="*Synaptics*"

#Get the OEM Drivers and create a "usable" Array
$test = (pnputil.exe -e) | Select-String -pattern "Gepubliceerde naam","Leverancier van stuurprogrammapakket"
$test = $test -split (“`r`n”)
$test = $test -replace "Gepubliceerde naam: ",""
$test = $test -replace " Leverancier van stuurprogrammapakket: ",""
$test = $test -replace ".inf",".inf VENDOR: "
$test = $test -replace "oem","`n OEM: oem"
$test = '@"' + $test + "`n" + '"@'
$ArrDrivers= $test -split "`n" | Select-String -pattern "OEM:","VENDOR:" | Foreach-Object {$_ -split "`n"}

#Loop through Array and Find the Vendor OEM Driver Files
Foreach ($i in $ArrDrivers)
{
If ($i -like $strVendor)
{
$i=$i.trim("OEM: ")
$i=$i.ToString()
$oem=($i).Split(' ')[0]
Add-Content -Path $Log -Value "[$([DateTime]::Now)] Synaptics Driver found in: $oem"
$Param = "-f -d "+ $oem
Add-Content -Path $Log -Value "[$([DateTime]::Now)] PnpUtil Params: $Param"
$status = Start-Process "pnputil.exe" -ArgumentList $Param -PassThru
$status.WaitForExit()

}
}

#Uninstall The Synaptics software through the installer
$Param = '"C:\Program Files (x86)\Synaptics\SynTP\SynISDLL.dll",SilentUninstall_CallerWillReboot'
$status = Start-Process "rundll32.exe" -ArgumentList $Param -PassThru
$status.WaitForExit()
if ($status.ExitCode -ne 0)
{
$strStatus=$status.ExitCode
Add-Content -Path $Log -Value "[$([DateTime]::Now)] ERROR EXIT CODE: $strStatus"
exit $status.ExitCode
}
}

#==========================X64 Uninstall================================================
if($OS.OSArchitecture -match '64-bit')
{
Add-Content -Path $Log -Value "OSArchitecture match x64"

#dpinst /d no longer supported / ignored by OS (Windows 7) use pnputil to remove OEM Drivers
#Vendor to look for
$strVendor="*Synaptics*"

#Get the OEM Drivers and create a "usable" Array
$test = (pnputil.exe -e) | Select-String -pattern "Gepubliceerde naam","Leverancier van stuurprogrammapakket"
$test = $test -split (“`r`n”)
$test = $test -replace "Gepubliceerde naam: ",""
$test = $test -replace " Leverancier van stuurprogrammapakket: ",""
$test = $test -replace ".inf",".inf VENDOR: "
$test = $test -replace "oem","`n OEM: oem"
$test = '@"' + $test + "`n" + '"@'
$ArrDrivers= $test -split "`n" | Select-String -pattern "OEM:","VENDOR:" | Foreach-Object {$_ -split "`n"}

#Loop through Array and Find the Vendor OEM Driver Files
Foreach ($i in $ArrDrivers)
{
If ($i -like $strVendor)
{
$i=$i.trim("OEM: ")
$i=$i.ToString()
$oem=($i).Split(' ')[0]
Add-Content -Path $Log -Value "[$([DateTime]::Now)] Synaptics Driver found in: $oem"
$Param = "-f -d "+ $oem
Add-Content -Path $Log -Value "[$([DateTime]::Now)] PnpUtil Params: $Param"
$status = Start-Process "pnputil.exe" -ArgumentList $Param -PassThru
$status.WaitForExit()

}
}

#Uninstall The Synaptics software through the installer
$Param = '"C:\Program Files\Synaptics\SynTP\SynISDLL.dll",SilentUninstall_CallerWillReboot'
$status = Start-Process "rundll32.exe" -ArgumentList $Param -PassThru
$status.WaitForExit()
if ($status.ExitCode -ne 0)
{
$strStatus=$status.ExitCode
Add-Content -Path $Log -Value "[$([DateTime]::Now)] ERROR EXIT CODE: $strStatus"
exit $status.ExitCode
}

}

# Close Progress bar and show restart options
$strStatus=$status.ExitCode
Add-Content -Path $Log -Value "[$([DateTime]::Now)] All Done EXIT CODE: $strStatus"
#Close Progess bar
Close-InstallationProgress
Add-Content -Path $Log -Value "Now Initiating RebootPrompt"
Show-InstallationRestartPrompt -CountdownNoHideSeconds 5400



}
else
{
Add-Content -Path $Log -Value "UnInstall skipped version is already OK"
}



#-------------------------------------------End UnInstall---------------------------------------------------------------------

Tuesday, January 9, 2018 9:54 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

HP Synaptics keylogger vulnerability- anyone deploying a fix successfully with SCCM?

Question

Answers

All replies