psfalcon icon indicating copy to clipboard operation
psfalcon copied to clipboard
verified publisher icon CrowdStrike

[ BUG ] `update_check.json` denied when installed as administrator, can it be disabled?

Open c3rberus opened this issue 7 months ago • 2 comments

Using the latest v2.2.8 PSFalcon module from PowerShell Gallery, when installed using PowerShell session that is running as administrator, so that we can install the module for all users with the Scope AllUsers switch, the module is placed inside C:\Program Files\PowerShell\Modules\PSFalcon\2.2.8 as expected.

The issue is, now when I try to run this as a regular user (non-admin), I get this error:

Out-File: C:\Program Files\PowerShell\Modules\PSFalcon\2.2.8\private\Private.ps1:783
Access to the path 'C:\Program Files\PowerShell\Modules\PSFalcon\2.2.8\update_check.json' is denied.

The same issue was reported here and was closed out with no good explanation: Issue 468

We do this all the time with various modules, the issue is only with PSFalcon, it should not be writing out that update_check.json file back in the source folder it was installed in. Can we disable the update check? Would something like this work...

{"psgallery_connection":false,"timestamp":1747166351926,"version":"2.2.8"}

c3rberus avatar May 20 '25 19:05 c3rberus

I apologize for closing the earlier issue. I didn't understand that update_check.json was the problem based on your description. I closed it because PSFalcon was working as designed; it was operating from the Program Files folder when installed under the AllUsers scope.

Yes, if the psgallery_connection property is false (i.e. the connection fails) it won't try again. If you create the update_check.json file before your initial import it will never check for updates and prevent that error from occurring.

Install-Module -Name PSFalcon -Scope AllUsers
@{ psgallery_connection = $false } | ConvertTo-Json -Compress >> 'C:\Program Files\PowerShell\Modules\PSFalcon\2.2.8\update_check.json'

We do this all the time with various modules, the issue is only with PSFalcon, it should not be writing out that update_check.json file back in the source folder it was installed in.

I disagree with this. I don't have an efficient way to let the user know that new modules are available beyond this mechanism, and I don't think it's correct to write this file to any folder other than the module folder. Do you have a better solution?

bk-cs avatar May 20 '25 20:05 bk-cs

Your issue gave me a couple of ideas of how I could prevent it from trying to create the update_check.json file if it didn't have access. I've made changes to the internal function that checks for updates for the next release which should prevent the attempted creation of update_check.json when it won't be possible.

If you'd like to update your local module before release, you can replace private\Private.ps1 using the steps outlined below.

Import-Module -Name PSFalcon
$ModulePath = (Show-FalconModule).ModulePath
(Invoke-WebRequest -Uri https://raw.githubusercontent.com/CrowdStrike/psfalcon/refs/heads/dev/private/Private.ps1 -UseBasicParsing).Content > (Join-Path (Join-Path $ModulePath private) Private.ps1)

Please ensure that you close and re-open PowerShell and re-import PSFalcon before testing. If you turn on verbose output before import, you'll see a verbose message that indicates that update_check.json is ignored:

$VerbosePreference=2
Import-Module -Name PSFalcon
...
15:02:26 [Invoke-UpdateCheck] Unable to create update file.
...

bk-cs avatar May 20 '25 22:05 bk-cs

This fix was included in the 2.2.9 release. Closing issue now that the release is available.

bk-cs avatar Sep 13 '25 01:09 bk-cs