TRAPS VDI Tool - CSV file upload failed

ATB-Adm · ‎05-14-2018

ESMCore: 4.1.4

ESMConsole: 4.1.4

Agent: 4.1.4

VDI Tool: 4.1.4

SigCheck: 2.60

Hi there,

we followed the TRAPS manual for the installation on a VDI Master Image (Windows 10 v1709 Enterprise).

We used the TRAPS VDI Tool to upload the generated SigCheck CSV file, but it shows an error:

Parsing of CSV file failed! Please validate the file content.

We checked the file, but nothing is wrong with it.

We repeated the upload, but the error persists.

Is this a known issue?

ElasticSkyX · ‎05-18-2018

Hi there,

First thing to confirm: are you running the TrapsVDITool from the client where you created the files signatures from?

The tool needs to verify the existence of the files and if it cannot “see” any of the files then it reports an error when validating the CSV. I use a bit of PowerShell to modify the CSV to have UNC paths so I can run the verdicting from a machine with the Traps agent installed (also a requirement but the agent needs to be stopped).

Sorry if this is covering old ground but worth asking and verifying before suggesting other things 😉

Kind regards.

ATB-Adm · ‎05-30-2018

Hi Glen,

yes, we're running the Tool inside the client, where the signatures are created.

ElasticSkyX · ‎05-30-2018

Hi there,

The error you are getting is indicating that the tool cannot verify any of the files in the CSV. It does this by confirming the files exist.

We could try one thing before looking at other options but could you confirm that you are running TrapsVdiTool with the "Run as administrator" option? You should get a different error (Required registry access is not allowed) if this was the case but would like to confirm 🙂

After that lets try something really simple. On the client you are verdicting, put the sigcheck64.exe binary in a folder and just create the CSV for just this one file. Once created run the TrapVdiTool to verdict just this one file.

Let us know how this goes,

Kind regards.

ATB-Adm · ‎05-31-2018

Hi Glen,

we tried running the TrapsVDITool with the "Run as administrator" option, same result, "Parsing failed".

We also tried checking only the sigcheck64.exe and uploading the CSV file, also same result, "Parsing failed"

😞

ElasticSkyX · ‎05-31-2018

Could you confirm the switches that you used on sigcheck when creating the hashes?

Kind regards.

ATB-Adm · ‎06-04-2018

Hi Glen,

we used the cmd switches described in the PaloAlto Traps 4.1 Administrator Guide.

sigcheck /s /c /e /h C:\ > C:\temp\outfilename.csv

or

sigcheck /s /c /e /h C:\sigcheck\sigcheck64.exe > C:\temp\outfilename.csv

ElasticSkyX · ‎06-04-2018

Could I be as bold to ask if you could upload the output file here? Just the one which has the sigcheck hashes contained in it.

Kind regards.

ATB-Adm · ‎09-17-2018

Hi Glen,

I'm really sorry for the long waiting time, we got really important steps to do till today.

We upgraded to Traps 4.2.1 but the issue remains the same.

I upload the .csv file here now.

ElasticSkyX · ‎10-28-2018

Hi there,

Sorry tried to download the file but it doesn't appear to be available. Yes I know I was slow answering this thread and apologise for that 🙂

Kind regards.

TRAPS VDI Tool - CSV file upload failed

TRAPS VDI Tool - CSV file upload failed

Show your appreciation!