This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IBM Fix Packs (CSD) installations recognised as applications

swannd
By
Level 4

We are finding that the installation of IBM Fix Packs is leaving .swidtag file evidence that is interpreted installation of applications. Typically this is fine as the application already exists - however if the fix pack is installed when the application is not installed, the recognition is inaccurate. 

I am wondering if anyone has experienced this, and if so, the mitigation strategy. The default fix pack location path is 

C:\Program Files\IBM\source\

Possibilities include:

  • Forcing removal of these fix packs once applied
  • Exclude scanning of 'C:\Program Files\IBM\source\'

 

‎Nov 13, 2023 06:49 PM

(4) Replies

mfranz
By Level 17 Champion
Level 17 Champion

Well, isn't the original issue then that the fix pack swidtag is recognized as the base application and the ARL needs to be updated?

‎Nov 14, 2023 01:05 AM

swannd
By
Level 4
In response to mfranz

This is the trick as the tag file is the same as the one used when installing the application(s). The only difference is the directory path. I don't see how this can be fixed in the ARL when file path attribute is not available for file evidence rules on Windows based OS.

‎Nov 16, 2023 05:39 PM

0 Kudos

mfeinman
By
Level 8

What I don't follow is how the fixpack gets installed when the application itself isn't there! How does a fixpack get installed if the application being "fixed" doesn't exist?

--Mark

‎Nov 14, 2023 09:58 AM

swannd
By
Level 4
In response to mfeinman

I am keen to follow this up too.

‎Nov 16, 2023 05:39 PM

0 Kudos