CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 11 of 11

Thread: Upgrade your ABRA devices to R70.1

  1. #1
    Join Date
    2009-11-22
    Location
    Israel
    Posts
    21
    Rep Power
    0

    Default Upgrade your ABRA devices to R70.1

    Abra R70.1 Client Automatic Upgrade Package
    https://supportcenter.checkpoint.com...=&fileid=11602


    Introduction
    Thank you for using Abra, Check Point's virtual portable workspace technology made available on a
    SanDisk USB Flash drive. This release contains new features and enhancements and resolves various
    issues for Abra.

    What's New

    New features and enhancements in this release include:
     Improved security, stability, and performance.
     Support for 64 bit platforms for Windows 7 and Windows Vista.
     Full localization to Japanese and simplified Chinese.
     A new tool makes it easy to update your Abra Secure Workspace Manager within SmartDashboard.
     Enhanced application control by software vendor. You can easily choose to allow all applications from a
    specific vendor.
     New, more secure password reset option. A new challenge includes the Device ID.
    Requirements and Information
    This section describes the requirements necessary to deploy this release.

    System Requirements

    These are the minimum system requirements for the host computer on which Abra can be used:
    RAM: 512 MB
    Processor: Pentium 1 GHz and higher
    Windows Explorer: 2 free drive letters
    Supported End User Platforms
    Abra is supported on these Windows platforms on a regular computer or on VMware Workstation version
    6.5 and above:
    Windows Edition
    XP 32-bit only, Home and Professional editions, SP3 and above
    Vista 32-and 64 bit, Home and Professional editions, SP2 and above
    7 32-and 64 bit, Home Premium, Enterprise, and Ultimate editions
    Endpoint Security Expert at Check Point, Israel
    http://il.linkedin.com/in/alexturovsky

  2. #2
    Join Date
    2010-08-06
    Location
    UK (Surrey)
    Posts
    48
    Rep Power
    0

    Default Re: Upgrade your ABRA devices to R70.1

    Thanks

    any idea if an 'off-line update' is possible? the package contains two files, AbraUpdater.exe and speed_updater_ver.txt Deploying these on the gateway works OK for auto client update, but from what I could see an off-line update (by double clicking the EXE) didn't work ...

    ..I was looking for an easy way to update multiple Abra devices before handing them out to users; otherwise you have to get them to connect to the Gateway and wait for the on-line update ~30MB. Plus you get IWS version errors etc.

    When I run it against the Abra drive locally, it says "your Abra cannot be updated with the current Abra updater. Please contact technical support in order to update it."

    Also tried unpacking AbraUpdater.exe and running Update.exe directly with Abra in USB slot.

    Stock version R70 build 133

    Also is there a way to roll back an updated device for testing? if Abra is running R70.1 and you want to take that back to R70 build 133 for test purposes - is this possible?

    rgds

  3. #3
    Join Date
    2009-02-13
    Posts
    87
    Rep Power
    11

    Default Re: Upgrade your ABRA devices to R70.1

    Manual update are not supported anymore. The correct and official way to deploy is by connecting to VPN GW and upgrading the device.

  4. #4
    Join Date
    2010-11-08
    Location
    Newbury, UK
    Posts
    17
    Rep Power
    0

    Default

    It's no longer possible to rollback Abra from one version to another. You can't even re-image a device with the same version currently installed. Check Point added additional security in to this update to secure the device from being tampered with or having non-Check Point firmware installed.

  5. #5
    Join Date
    2010-03-18
    Posts
    29
    Rep Power
    0

    Default Re: Upgrade your ABRA devices to R70.1

    Hello
    I've follow the instructios, the manual says:
    To upgrade an Abra device or provision a new Abra device:
    1. When a new version of the software is available, verify that the filename is AbraUpdater.tgz (case
    sensitive).
    2. Run tar xzf AbraUpdater.tgz on the gateway in $FWDIR/conf/extender/CSHELL.
    When users connect Abra devices to the gateway, the devices detect the new version, download it and
    upgrade automatically.

    Now I have the Abra_R70.1_Updater.exe in $FWDIR/conf/extender/CSHELL.but when i connect the ABRA to the GW via EndPoint Connect, i have the next message:
    unsupported policy version 3.7, required 3.6
    Please help

  6. #6
    Join Date
    2009-02-13
    Posts
    87
    Rep Power
    11

    Default Re: Upgrade your ABRA devices to R70.1

    I guess you should upgarde your SmartConsole with "Abra R70.1 Secure Workspace Manager Upgrade Utility" (can be downloaded from checkpoint site).

  7. #7
    Join Date
    2010-08-06
    Location
    UK (Surrey)
    Posts
    48
    Rep Power
    0

    Default Re: Upgrade your ABRA devices to R70.1

    anyone know why R70.1 release notes do not specify support for Win7 Professional 64-bit? I have tested on Win7 Enterprise 64-bit and it works OK.

    ..seems odd when "Home Premium", "Enterprise" and "Ultimate" are listed.
    A customer is trying on Win7 64-bit Pro and the secure workspace consistently fails to load (gets about 80% there...). Same Abra stick works fine on WinXP 32-bit of course.

    thanks
    PG

  8. #8
    Join Date
    2010-11-08
    Location
    Newbury, UK
    Posts
    17
    Rep Power
    0

    Default

    There should be no difference between Windows Pro and other versions. I would check two things:

    1. Has the customer enabled the online program advisor service in the Secure Workspace policy. The option to allow Trusted and unknown applications must be selected otherwise Abra prevents the 64-bit explorer.exe program from running and it fails to launch around the 80% mark. Even if it's not enabled I would enable the option tick the Allow trusted and unknown option and then disable the program advisor option - I've seen this issue still occur even if the Allow all applications option is enabled until the trusted and unknown option is enabled.

    2. Check to see if they have implemented the Microsoft patch identified in the article at https://supportcenter.checkpoint.com...tionid=sk61020. If so there are ways around this given in the article.

  9. #9
    Join Date
    2010-08-06
    Location
    UK (Surrey)
    Posts
    48
    Rep Power
    0

    Default Re: Upgrade your ABRA devices to R70.1

    Thanks for the response...

    I will check re 1
    The customer claims that they've already applied the HF as per sk61020 (which I notified them about in March) ... I will double check versions to be sure.

    Cheers
    PG

  10. #10
    Join Date
    2010-08-06
    Location
    UK (Surrey)
    Posts
    48
    Rep Power
    0

    Default Re: Upgrade your ABRA devices to R70.1

    just an update on this,

    @ambish, you were correct, it relates to the "Enable PA" settings in the SecureWorkspace Policy > App control tab. When PA is set to "Allow Trusted Only" it actively blocks the VDesk.exe from executing (which is the secure workspace)

    this was evident on Win7 x64 Enterprise & Pro (SP1)

    From RTFM the description of PA is that it will check (subject to internet access) any application that is listed in the App table, but does not have an MD5 hash. On inspection I could see that VDesk.exe plus all the other Abra related applications did not have any MD5 hash associated with them. The conclusion I am drawing is that PA must consider these as "unknown".

    It does raise the question, however, as to why Abra launches correctly on XP 32-bit SP3 when PA was still set to "allow trusted only"?

    these tests were run with GW R71.30 and Abra R70.1 w/ client HF1

    for reference the build numbers are

    Abra R70 830000133
    Abra R70.1 840000274
    Abra R70.1 client HF1 840000278

    Am I correct in thinking the only potential security risk with PA set to "allow trusted and unknown" is that a user could spoof one of the allowed apps in the app table (provided it does not have an MD5 hash)? Of course they'd need to know the EXE path & name etc in advance to overwrite the allowed exe with their own app. If the spoofed app was malicious, then there's a good chance PA would have it marked as "untrusted" in any case.

  11. #11
    Join Date
    2010-11-08
    Location
    Newbury, UK
    Posts
    17
    Rep Power
    0

    Default

    On an Abra stick that has been failing (and not rebuilt) check the denied_apps.txt file inside the Secure Workspace in \User\AppData\CheckPoint - a hidden directory. This will show which executable is being blocked and why. From memory I think the explorer.exe process was being terminated which would explain why it only happens on 64-bit machines as it will be different to 32-bit versions. I can only assume that the 64-bit explorer.exe does not have a valid MD5 within Program Advisor.

    This is similar to a bug on the known issues list numbered 00590987. This talks about connectivity issues to the Program Advisor server stopping Abra from launching if 'Allow Trusted Only' is enabled. I found though that on 64-bit machines this was only a problem if there was a network connection present - Abra would launch fine if the network cable was unplugged after which you could connect it again and carry on working.

    This could be a workaround for users who don't have access to a 32-bit machine in order to get the policy update. Simply disconnect or disable networking, launch Abra and then re-enable connectivity, launch the VPN and get the updated policy.

Similar Threads

  1. Abra - No Abra
    By tecuani in forum GO (The Product Formerly Known As Abra)
    Replies: 6
    Last Post: 2010-10-28, 05:00
  2. Abra Demo
    By Routerkid1 in forum GO (The Product Formerly Known As Abra)
    Replies: 9
    Last Post: 2010-08-27, 05:09
  3. USB-1 ABRA users - are there any?
    By varera in forum GO (The Product Formerly Known As Abra)
    Replies: 23
    Last Post: 2010-05-21, 20:10
  4. Abra is now officially GA
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 0
    Last Post: 2010-05-05, 02:57
  5. About This New Forum On Abra
    By Barry J. Stiefel in forum GO (The Product Formerly Known As Abra)
    Replies: 0
    Last Post: 2010-04-14, 17:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •