05-14-2018 05:00 AM
VDI Tool: 4.1.4
we followed the TRAPS manual for the installation on a VDI Master Image (Windows 10 v1709 Enterprise).
We used the TRAPS VDI Tool to upload the generated SigCheck CSV file, but it shows an error:
Parsing of CSV file failed! Please validate the file content.
We checked the file, but nothing is wrong with it.
We repeated the upload, but the error persists.
Is this a known issue?
05-18-2018 10:31 PM
First thing to confirm: are you running the TrapsVDITool from the client where you created the files signatures from?
The tool needs to verify the existence of the files and if it cannot “see” any of the files then it reports an error when validating the CSV. I use a bit of PowerShell to modify the CSV to have UNC paths so I can run the verdicting from a machine with the Traps agent installed (also a requirement but the agent needs to be stopped).
Sorry if this is covering old ground but worth asking and verifying before suggesting other things 😉
05-30-2018 04:00 AM
yes, we're running the Tool inside the client, where the signatures are created.
05-30-2018 01:06 PM
The error you are getting is indicating that the tool cannot verify any of the files in the CSV. It does this by confirming the files exist.
We could try one thing before looking at other options but could you confirm that you are running TrapsVdiTool with the "Run as administrator" option? You should get a different error (Required registry access is not allowed) if this was the case but would like to confirm 🙂
After that lets try something really simple. On the client you are verdicting, put the sigcheck64.exe binary in a folder and just create the CSV for just this one file. Once created run the TrapVdiTool to verdict just this one file.
Let us know how this goes,
05-31-2018 01:11 AM - edited 05-31-2018 01:12 AM
we tried running the TrapsVDITool with the "Run as administrator" option, same result, "Parsing failed".
We also tried checking only the sigcheck64.exe and uploading the CSV file, also same result, "Parsing failed"
05-31-2018 04:48 AM
Could you confirm the switches that you used on sigcheck when creating the hashes?
06-04-2018 01:06 AM
we used the cmd switches described in the PaloAlto Traps 4.1 Administrator Guide.
sigcheck /s /c /e /h C:\ > C:\temp\outfilename.csv
sigcheck /s /c /e /h C:\sigcheck\sigcheck64.exe > C:\temp\outfilename.csv
06-04-2018 01:34 AM
Could I be as bold to ask if you could upload the output file here? Just the one which has the sigcheck hashes contained in it.
09-17-2018 04:49 AM - edited 09-17-2018 04:51 AM
I'm really sorry for the long waiting time, we got really important steps to do till today.
We upgraded to Traps 4.2.1 but the issue remains the same.
I upload the .csv file here now.
10-28-2018 07:47 PM
Sorry tried to download the file but it doesn't appear to be available. Yes I know I was slow answering this thread and apologise for that 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!