Cloverleaf 19.1 alert not working

Tagged: Alert whitelist 19.1 powershell

This topic has 5 replies, 3 voices, and was last updated 4 years, 7 months ago by Brian.

Creator

Topic
April 3, 2020 at 4:17 pm #116236
Brian
Participant
I just upgraded from Cloverleaf 6.2 to 19.1 (Windows 2012 server) and my alert is now giving me an error msg and I cannot save the alert.

The alert uses action: EXEC and this is the command I have in 6.2, which works fine.

powershell.exe “&{D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1}”

shows in the default.alrt file as;

{ exec {powershell.exe “&{D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1}”} }

After the upgrade, I go into the alert and when I try to save, I get the error msg;

Command ‘{powershell.exe “&{D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1}”}’ failed on command whitelist validation. Please contact your administrator.

I did notice that in my Netconfig, I had to change all of my fileset-local paths from a backslash to a forward slash

IE: C:\Import\PDF to C:/Import/PDF

I tried the same on the alert and even added additional {} to the front/back of the command.
Creator

Topic

Viewing 4 reply threads

Author

Replies
- April 4, 2020 at 1:47 am #116237
  Charlie Bursell
  Participant
  Did you upgrade or install a new version of windows?
  
  Check this out:
  
  https://www.andreafortuna.org/2018/07/11/application-whitelisting-on-critical-windows-systems-useful-or-not/
  
  I never use powershell so I can’t help more.
- April 6, 2020 at 2:06 pm #116247
  Brian
  Participant
  Nothing has changed to the windows install. 2012 Server.
  
  The last windows update was 3/3/20, and the CL upgrade was 4/3/20.
  
  When I say upgrade, I first unistalled (control panel) 6.2 and rebooted.
  
  Doesn’t appear to be related to powershell, but the EXEC command from the alert. I tried entering a path to a command file, same issue.
  
  cmd /c D:\\Qdx_work\\custom_scripts\\QdxInterfaceRecycle.cmd
  
  then tried the path to notepad.exe. same issue.
  
  I do see a DB file called whitelist in the bin folder. C:\gehc-it\ccg\quovadx\cis19.1\integrator\bin\whitelist.db
  
  When I compared this to a 6.2 server I have, I don’t have this file.
  
  The Date/time of the file matches the CL install date.
  
  I tried to rename the file, but the warning msg says it’s in use by the HCIaccess.exe. Stopped the monitor daemon and then was able to rename the file.
  
  I still get the error when trying to save my alert using an EXEC command.
  
  I closed CL GUI and then was able to rename the file to .old. Go back to CL and try to edit my alert and I get the same error, and the whitelist.db file gets created in the bin folder.
  
  My 6.2 server (windows 2016) is still working fine and on the same domain as the Windows 2012 server with CL 19.1.
  
  Not sure if this is a domain issue since both servers are on the same domain.
- April 7, 2020 at 3:27 am #116253
  Charlie Bursell
  Participant
  I would suggest you open a Support case.
- May 5, 2020 at 6:55 am #116666
  Bryan
  Participant
  Brian,
  
  I don’t know if you’re still looking for a solution but I was having the exact same problem. The issue definitely has to do with 19.1 and new “Command Whitelist” functionality. In the server admin tool, there is now a “Command Whitelist” tab. Add the scripts you’d like to run from your alerts and the error should go away.
- May 5, 2020 at 11:44 am #116672
  Brian
  Participant
  Yes, I opened a ticket with Infor and found out about this.
  
  However, the path I was using for PS1 and CMD is no longer working, you now have to enter the full path. And, CMD is not working at all, but I was able to get CMD to work using the call to PS1.
  
  Here are my notes.
  
  Alert Issues after upgrading to Cloverleaf v19.1:
  
  Tested with Win2012 and Win2016
  
  Issue is that you can no longer add a CMD or PS1 EXEC to an alert without getting a “Whitelist” error. If the alert was upgraded, it will be in the alert file, but if you try to save the alert you will get the Whitelist error.
  
  In order to add to the alert, you first must add the *.exe to the “Whitelist”.
  
  For v19.1, it appears that only Powershell is working, CMD is not, but you can call the PS1 exe instead.
  
  If you do not have the Whitelist configuration and run the alert, the hciMonitord.log shows error: Illegal command …. Skip it
  
  First, find the install path for powershell.
  
  Select the Windows Key from the taskbar> Type Powershell> Right click “Windows Powershell”. Do not select the ISE or any of the x86 versions.
  
  Select Open file location. This will be the shortcut icon.
  
  Right click the icon and select properties
  
  Remember the value for “Target”. this is the path you will enter in the Whitelist configuration.
  
  Select the Windows Key from the taskbar> Navigate to the Infor section and choose “Server Administration”
  
  Select the tab “Command Whitelist”.
  
  Select Add> Single command.
  
  For the name, enter “Powershell.exe”
  
  For the Path, Navigate to the path for the powershell.exe. IE: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  
  Select OK
  
  Select Save
  
  Close the Server Administration
  
  Restart the Infor Service.
  
  Reonfigure the Cloverleaf Alert
  
  Open any alert that uses the Alert Action EXEC.
  
  Change the action to include the full path of powershell and the full path of the script file.
  
  PS1 script:
  
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe “&{D:\Qdx_work\Custom_Scripts\CloverleafInterfaceRecycle.ps1}”
  
  CMD script:
  
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe “&{D:\Qdx_work\Custom_Scripts\QdxInterfaceRecycle.cmd}”
Author

Replies

Viewing 4 reply threads

You must be logged in to reply to this topic.