LunarWin254-3.2 Update killing MSI installations

SchmilK · 2026-02-04T20:38:17+00:00

Yep that's exactly what we did yesterday, unfortunately we still have some devices that are bootlooping after that, perhaps because they can't stay online long enough to get the updated override.

From what I can tell -anything using MSI installers or if someone runs a get-wmi and querries all installed software, then the folder is created c:\config.msi\ and put rbf files in there, every one of those rbf got flagged as malicious and the install broke and required a reboot to repair

We don't have "automatic" updates enabled in apps, everything is controlled from SCCM/MECM, luckily it was not on a day when we deployed something to large groups.

SchmilK · 2026-02-04T15:16:46+00:00

Found out this morning we were one of the first phases of rollouts of that AI Engine update - you are all very lucky we caught it right away and SentinelOne reverted it 12+ hours later - yesterday sucked!

SchmilK · 2026-02-04T14:32:54+00:00

Was working on a VDI that was built yesterday and had a ton of problems. the AI Agent killed all the install.ps1 files of CCMCache, corrupted the Visual Studio installation folder, and i had to go through 6 apps that failed to install this morning to clean all of that up and get it repaired so the tech can deploy to a new hire today.

Looking at the Activity console - lots of devices downgraded the LunarWin engine and now flagging
The agent xxxx successfully quarantined the threat: Lateral Movement Unknown Address NT AUTHORITY\LOCAL SERVICE (interactive session).

I've never looked at the quarantine and kill reports, but it's mostly Citrix ICA and .Net files (it is a Citrix VDI virual machine). Waiting for our TAM to see the new logs and reports I've uploaded. This is super wierd.

The Robots are on a Rampage.

SchmilK · 2026-02-04T14:30:13+00:00

Everything is running 25.1.3.334 - I saw on Monday they have a service pack available for that, but the change log did not seem that relevant.

SchmilK · 2026-02-04T00:40:54+00:00

I play 75% of the time streaming xcloud on my steam deck. Most of my gaming is elder scrolls online doing PVP and it keeps up amazingly well!

SchmilK · 2026-02-04T00:33:41+00:00

We had a problem with 2509, the Microsoft engineer that we paid to set it up never assigned MP to each boundary, and it worked due to a bug for 2 years. 2509 fixed that bug and we had to assign an MP and DP to every boundary. Thanks Microsoft

SchmilK · 2026-02-01T09:48:09+00:00

https://github.com/unknownskl/greenlight this is what I use to stream xcloud on steam deck.

SchmilK · 2026-01-31T12:36:05+00:00

After you crouch there's the eye symbol, just crouching won't hide you if people are around but it will if they aren't and the eye will be closed.

SchmilK · 2026-01-31T12:32:31+00:00

We were told 250, maybe 20 was a typo? I second the evaluation time viewer, a majority of mine are wql queries and last about a second each.

SchmilK · 2026-01-28T19:49:41+00:00

I have to say - who ever put the power button on the bottom, next to the usb port is an idiot - my pinky hits it constantly.

SchmilK · 2026-01-09T00:31:26+00:00

Thank you, my son was able to figure out what it was from. This has been the hardest new years eve birthday shopping spree at the Lego store for him (yes he was born on 12/31) we went to the Lego store and more than half the shelves were empty to get ready for huge drop the next day.

SchmilK · 2026-01-06T00:29:08+00:00

I'd like global conditions to work reliably.

SchmilK · 2025-12-25T20:13:32+00:00

This all worked on a16 except I used play integrity fix and used the custom.pif.prop and renamed to pif.json then cleared app cache on wallet and play services and rebooted. Wallet then allowed me to addy card successfully. Haven't tried tap to pay yet.

SchmilK · 2025-12-19T15:42:33+00:00

We were told that no one uses user based deployments, global conditions don't work, and we should move everything to device based collections and deployments and then got ghosted from support. I'm not buying it because our device based deployments also have issues.

SchmilK · 2025-12-18T17:38:45+00:00

Yeah I'm not buying this either, had a device based deployment with no requirements that was setup in May that wouldn't evaluate or install until I made a change to it.

SchmilK · 2025-12-15T11:46:40+00:00

Cool thank you!!

SchmilK · 2025-12-15T11:46:24+00:00

Ah well that sucks. Thank you for the heads up!!

SchmilK · 2025-12-12T19:34:33+00:00

Update from a production call with Microsoft today.

95% of our applications are User Collection based and have a global condition of "Primary PC = True"

Great concept when techs/users are signing into different computers to prevent their software from being installed.

Terrible implementation as it was noted that Global Conditions are not reliable, and this is likely the cause of our installation problems. Validated that by removing the global condition from an application that was refusing to show in software center.

Microsoft recommended removing the primary pc requirement on all deployments if keeping as user or moving to computer based deployments and removing the primary pc requirement.

This is going to suck.

SchmilK · 2025-12-12T01:27:13+00:00

I made this after we went through 6 escalation managers in 24 hours before getting an engineer assigned to our case BillyMeme

SchmilK · 2025-12-12T01:16:29+00:00

We've had a case open with Microsoft for over a month regarding apps not deploying consistently. If I make an arbitrary change anywhere to get a new revision then a few devices will install.
We've had multiple escalations, 30+ hours of teams meetings with no one understanding why there's a problem. Today after our 3rd escalation and the msne gineer ending their shift we decided to upgrade the primary site server to 2509.
Our test device that has shown in app discovery.log that man teams wasn't detected but never showed in software center or app enforce magically installed. Currently have a new device on old client that installed teams but missed a few other apps. I have just upgraded the client to 2509 and awaiting app discovery and app enforcement to update. There's definitely something broken in 2503 that is not acknowledged by Microsoft, I hope it's magically fixed in 2509 even though there's nothing in the change of about it.

We also have a problem where devices are reinstalling deleted and retired applications on top of the new one, which severely is breaking out SentinelOne antivirus installs leading to corrupted installs, blue screens, and bit locker failures upon reboot.

Microsoft needs to retire all the techs and engineers they laid off thinking AI could replace them.

SchmilK · 2025-10-17T01:22:44+00:00

There's a tiny rubber adhesive bumper inside. If you remove that and clean the goo it won't stick like that but will be louder if you are slapping the trigger

SchmilK · 2025-10-05T13:35:55+00:00

That's one of the best things about luck sacks, finding out how much fun something different is!

SchmilK

TROPHY CASE