So I updated the install files and they show in my Cylance. It runs and completes with a success message, but when I look at the output, this it what show.
“This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.”
Event viewer doesn’t show any errors at all.
The file gets copied, but does not run/install.
Tried running via Powershell and CMD with various different iterations of the script, and I don’t get any error (it just goes to the next line ready for more commands).
Attached are my settings, and you can see a result on the right.
Not sure what I’m doing wrong?

Screen Shot 2022-03-14 at 11.48.25 PM2270×708 105 KB

You are not telling msiexec where the msi file is. Setting the destination path for the file does not tell PS that’s where you should be working.

Jimmie’s got it. You may also need to either change your script type to Batch file or make it more powershell friendly. You can get some odd results with launching things with arguments in powershell as it tries to interpret things in powershell form. Powershell: Installing MSI files

Sorry, I forgot to mention that I had also tried the following script syntax and it didn’t help:

msiexec /i c:<file to path>\CylanceProtect_x64.msi /qn PIDKEY= LAUNCHAPP=1 PROTETIONPATH=1

Any more thoughts? Sorry, I promise I’ll get this stuff sooner or later. HA!

Here is ours We block all powershell and do in BAtch

mkdir c:\util
cd c:\util
mkdir cylancedeploy
msiexec /i c:\util\cylancedeploy\CylanceProtect_x64.msi /qn PIDKEY=XXXXXXXXXXXXXXX LAUNCHAPP=1

See my script below. Works like a charm.

Import-Module $env:SyncroModule

Cylance Installer

Path for the workdir

$workdir = "c:\ITDepartment\Cylance"

Check if work directory exists if not create it

If (Test-Path -Path $workdir -PathType Container)
{ Write-Host “$workdir already exists” -ForegroundColor Red}
ELSE
{ New-Item -Path $workdir -ItemType directory }

Start the installation

msiexec /i “$workdir\CylanceProtect_x64.msi” PIDKEY=XXXXXXXXXXXXXX /L*v C:\Windows\Temp\install.log /qn

image853×384 7.87 KB

Here’s my script. I have a very long one, as I check and recheck things… :)…trust but verify
Also, I use a lot of variables that I store for each customer (i wish we could get MSP Level, but…)

<#
Powershell Script to install Cylance
CMP Consulting Services - Carlos Perez - cperez@cmpcs.com

Expecting to receive the following parameters
- $BillRMMTicket - Customer custom field checkbox
- $CylanceZone - Cylance Zone - Customer custom field
- $CylanceUninstallPwd - Cylance uninstall password
- $LicenseKey - Cylance PIDKEY - customer custom field
- $CustomerSkipDeploy - Customer Custom field to deploy for client checkbox
- $AgentSkipDeploy - Checkbox to skip deployment on agents - asset custom field checkbox

CylanceSvc - Main Unified agent Service
CyOptices - Cylance Optics - will only be present if INSTALLOPTICS=1.  But since it's controlled by policy, it's ok to leave on, and disable by policy.

# Remove Protect - CylancePROTECTx64.msi UNINSTALLKEY="MyUninstallPassword" /uninstall
# Remove Optics - CylanceOpticssetup.exe -q -uninstall
#>

#$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'
#[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

Import-Module $env:SyncroModule
#Unified Agent
$fileurl64 = "https://xxxxx/Cylance/CylanceUnifiedSetup_x64.msi"
$fileurl32 = "https://xxxxx/Cylance/CylanceUnifiedSetup_x86.msi"
$file = "CylanceUnified.msi"
$localfolder = "$Env:Windir\Temp\CMPRMM"
$installerpath = "$localfolder\$file"
$Arguments = "/i {0} /qn PIDKEY=""{1}"" LAUNCHAPP=1 VENUEZONE=""{2}"" INSTALLOPTINCS=1" -f $installerpath, $LicenseKey, $CylanceZone
$ProductName = "Cylance"
$ServiceCheck = "CylanceSvc","CyOptics"
$ServiceTotal = $ServiceCheck.Count
$TicketSubject = "Cylance Protect & Optics Installation"
$TicketType = "Software"
$TicketTime = "15"
$NewTicket = Create-Syncro-Ticket -Subject $TicketSubject -IssueType $TicketType -Status "New"
$TicketID = $NewTicket.ticket.id
$TicketUser = "cperez@cmpcs.com"
$startAt = (Get-Date).AddMinutes(-$TicketTime).toString("o")

#Convert Parameters to boolean (yes fake, but Syncro Module Parse-Bool function will fix
If ($BillRMMTicket -eq "yes") {
    $BillRMMTicket = "true"
} ElseIf ($BillRMMTicket -eq "no"){
    $BillRMMTicket = "false"
}

function Service-Check-Exists ($servicetocheck) {
    if (Get-Service $servicetocheck -ErrorAction SilentlyContinue) {
        Write-Output "Service $servicetocheck found"
        return $true
    }
    Write-Output "Service $servicetocheck not found"
    return $false
}

function Check-If-OpticsInstalled ($apptofind) {
    If ($apptofind -eq "Cylance OPTICS") {
        return $true
    }
    return $false
}

function Check-If-ProtectInstalled ($apptofind) {
    If ($apptofind -eq "Cylance PROTECT") {
        return $true
    }
    return $false
}

function Check-If-UnifiedInstalled ($apptofind) {
    If ($apptofind -eq "Cylance Unified Agent") {
        return $true
    }
    return $false
}

function InstallCheck () {
Write-Output "Starting service check"
$ServicesFound = 0
Foreach ($service in $ServiceCheck)
{
    If (Service-Check-Exists ($service)) {
        #Service Exists
        Write-Output "$ProductName Service $service Exists"
        $ServicesFound++
        } else {
        Write-Output "$ProductName Service $service Does not exist"
        }
}
#Check if we found all the services
If ($ServicesFound -eq $ServiceTotal) {
    Write-Output "$ProductName All Services Found"
} else {
    Write-Output "$ProductName All Services Not Found"
    return $false
}
#Check Application
#Check if installed or not
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $SoftwareName }) -ne $null

If(-Not $installed) {
    Write-Output "$ProductName Software Installation not found in Program List"
    return $false
} else {
    Write-Output "$ProductName Installation found in Program List"
    return $true
}
#If we get here not sure what happened
Write-Output "Check Script not sure how we got here..."

} #end function InstallCheck

#If Deploy not enabled for client, let's exit
If ($CustomerSkipDeploy -eq "yes") {
    Create-Syncro-Ticket-Comment -TicketIdOrNumber $TicketID -Subject "Update" -Body "Customer's $ProductName Skip Deploy Checked" -Hidden "true" -DoNotEmail "true"
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "RMM Issue"
    Write-Output "Customer Skip Deploy is set"
    exit 1  
}

#If Skip Deploy for Agent is enabled, let's exit
If ($AgentSkipDeploy -eq "yes") {
    Create-Syncro-Ticket-Comment -TicketIdOrNumber $TicketID -Subject "Update" -Body "Agent's $ProductName Skip Deploy Checked" -Hidden "true" -DoNotEmail "true"
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "RMM Issue"
    Write-Output "Asset Skip Deploy is set"
    exit 1  
}

#If License Key is empty, let's exit
If ($LicenseKey -eq "") {
    Create-Syncro-Ticket-Comment -TicketIdOrNumber $TicketID -Subject "Update" -Body "$ProductName License Key not set" -Hidden "true" -DoNotEmail "true"
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "RMM Issue"
    Write-Output "LicenseKey is not set"
    exit 1  
}

#If ClientCode is empty, let't note it and keep going.  Chances are it will end up in unzoned
If ($CylanceZone -eq "") {
    Create-Syncro-Ticket-Comment -TicketIdOrNumber $TicketID -Subject "Update" -Body "$ProductName Zone not set" -Hidden "true" -DoNotEmail "true"
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "RMM Issue"
    Write-Output "$ProductName Zone not set"
}

#If Uninstall Password is empty, let't note it and keep going.  Uninstall will simply fail, and product will be found.
If ($CylanceUninstallPwd -eq "") {
    Write-Output "Cylance Uninstall Password not set..continuing installation"
}

#Prepare for download
$localfolder = "$Env:Windir\Temp\CMPRMM"
If ((Test-Path -Path $localfolder) -eq $False) {
    New-Item -Path $localfolder -ItemType "directory"
}


if ((Get-WmiObject win32_operatingsystem | select osarchitecture).osarchitecture -like "64*") {
    (New-Object System.Net.WebClient).DownloadFile($fileurl64, $installerpath)
} else {
    (New-Object System.Net.WebClient).DownloadFile($fileurl32, $installerpath)
}

#Let's make sure the file is there
If ((Test-Path -Path $localfolder\$file -PathType leaf) -eq $False) {
    # File didn't download
    Create-Syncro-Ticket-Comment -TicketIdOrNumber $TicketID -Subject "Update" -Body "$ProductName File Download Failed" -Hidden "true" -DoNotEmail "true"
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "RMM Issue"
    Write-Output "$ProductName Download Failed"
    exit 1
}   Write-Output "$ProductName Downloaded"

Write-Output "Starting Installation of $ProductName"
Start-Process C:\Windows\System32\msiexec.exe -ArgumentList $Arguments -Wait
Sleep 60

#Lets check the services are there
$ServicesFound = 0
Foreach ($service in $ServiceCheck)
{
    If (Service-Check-Exists ($service)) {
        #Service Exists
        Write-Output "$ProductName Service $service Exists"
        $ServicesFound++
        } else {
        Write-Output "$ProductName Service $service Does not exist"
        }
}
#Check if we found all the services
If ($ServicesFound -eq $ServiceTotal) {
    Create-Syncro-Ticket-TimerEntry -TicketIdOrNumber $TicketID -StartTime $startAt -DurationMinutes $TicketTime -Notes "$ProductName Installation Completed." -UserIdOrEmail $TicketUser -ChargeTime $BillRMMTicket
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "Resolved"
    Write-Output "$ProductName Installation Completed"
    exit
} else {
    Create-Syncro-Ticket-Comment -TicketIdOrNumber $TicketID -Subject "Update" -Body "$ProductName Service(s) not found" -Hidden "true" -DoNotEmail "true"
    Update-Syncro-Ticket -TicketIdOrNumber $TicketID -Status "RMM Issue"
    Write-Output "$ProductName Services not all found"
    exit 1
}

I am still struggling with this stupid install. Sorry all, I’m just not a programmer, although this shouldn’t be hard. @ssheridan and @mike10 after running either of your scripts. User is admin on the machine while I’m testing, so that rules that out. My question is (see the attached screenshot)…on your scripts, what do you have here?

Cylance Install1276×992 37.8 KB

I’m getting this error most of the time “This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.”

Would need to see your script to know. If your installer path has spaces in it makes sure you surround with quotes. If your script doesn’t download the installer you need to add it as a required file in Syncro and then add the file to the script itself with the Add Required File button.

My Destination path name in full is this:

c:\ITDepartment\Cylance\CylanceProtect_x64.msi

Note: Make sure to upload your .MSI file in Syncro Scripts “Add New File”.

image978×548 22.8 KB

Good info here with the variables! That will be nice for large rollouts!

Thank you so much, @mike10! I got it to finally work! Next step…CylanceOPTICS install.

Thank you all so much for your help on this. Things are starting to click in my head.

Just install the unified with Optics. If there’s no Optics policy active, it doesn’t do anything. It’s much easier…

@cperez , I use Solutions Granted as my Cylance reseller and support and we’ve had issues with the Unified Agent in instances, so we’ve decided to go with individual installs as of now. They even changed their official stance on installing the product this way.

We also use SGI, and i’ve been using my script for many months without any issues. I’ll check with Allie/Cory and see what may have changed. We were using the unified for a long time. Maybe that’s why they are suggesting different versions of agent levels…

Just wondering, but why prevent powershell if you allow batch… batch can be just as dangerous

The vast majority of our machines are in zero trust environment. We have not moved to whitelisting the hash in Cylance or TL yet but will in the future.

I’ll be interested to hear what they tell you. Would be pretty infuriating to have them tell two different customers different things. The unified agent was working great.

@cperez did you find anything out from SGI about the unified agent? I’m having the same issues installing Optics by itself as well. Not sure what I’m doing wrong.

@mike10 , @cperez , @isaacg - Good morning all. Back at it now that I have more time and need to get Optics installed as well. Same error I initially got with Protect (c:\sheldonitsolutions already exists error> Start : This command cannot be run due to the error: The system cannot find the file specified. error> At C:\ProgramData\Syncro\bin\ae38febb-0e0f-48ea-873c-b00d90f97438.ps1:15 char:1 error> + Start the installation error> + ~~~~~~~~~~~~~~~~~~~~~~ error> + CategoryInfo : InvalidOperation: ( [Start-Process], InvalidOperationException error> + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand error> This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.)

Attached is my script that I used to deploy Protect successfully and then am trying to use to deploy Optics with. Thank you all SO much for your help! I appreciate it more than you could ever know!

Optics1064×714 38.2 KB