External Package Signing

Software Vulnerability Manager allows you to export packages as Cabinet files (.cab) which can be used to publish signed cab files using the Software Vulnerability Manager Daemon. To enable this feature, you must run daemon.exe –S --publish-dir <PATH> after the Daemon has been installed. This will initiate a monitoring feature in the Daemon which will look for Cabinet files in the directory <PATH>/Flexera Software IO/.

Note: <PATH> must be an existing directory that is accessible by the user the Daemon is running as and the subdirectory Flexera Software IO is added by the Daemon for security reasons.

Select Enable External Package Signing on the configuration page and provide a path to where the packages will be exported. Similar to the Software Vulnerability Manager Daemon, a subdirectory (Flexera Software IO) will be added for security reasons.

Specify the recipients who will receive an email notification when a package is published or if it failed to do so.

If the External Package Signing option is enabled the SPS Package Wizard will by default select the Cabinet File (Export) option in Step 4.

An export will create a Cabinet file which includes the files required to patch applicable components.

To publish these packages, you must sign them and place them in the Daemon monitoring directory. The WSUS server must be set up correctly with the certificate used to sign the packages. Once a Cabinet file has been exported it can be signed using your favorite signing method. Then, after placing it in the directory monitored by the Daemon, it will be picked up and published to the WSUS server. You must ensure that the WSUS server can verify the certificate used for signing.

A notification email will be sent to the account email of the user running the Daemon to inform the user know about success or failure for published packages.

Note:The export and monitoring directories should not be the same since it will try to publish unsigned Cabinet files which will not be allowed.