AppV_Manage is a free tool from TMurgent used to test newly sequenced App-V 5 application packages. Versions 3.1 and 3.2 have added integrations to round out this phase of the packaging experience.
Automation When Citrix announced the end of life for Citrix Streaming (See What’s a Citrix Streaming Customer to do now?) there was a need for a tool to help customers convert their packages to App-V. Last week at their annual customer show Synergy, Citrix’s David Wagner and Mohit Dwahan showed off a new tool they are releasing soon to help. [UPDATE: Citrix has released this tool: See blog. ] While repackaging directly into App-V from the original installer might be a better choice, if you have a large inventory Citrix Streaming packages you could leverage this tool and test to see what works. Their idea is to use the tool with a PowerShell script and the PowerShell interface to the App-V Sequencer to automate the creation process.
Citrix asked me if AppV_Manage could be used with an automation script as part of converting Citrix Streaming packages to App-V packages. What they wanted was a command line that could be run via PSExec from another machine and return an error code indicating if the package was good or not. It is a great idea, and could also be used in automating App-V 4 package conversion, or even as part of a packaging service.
Adding in a command line to accept a package, and to automatically add and publish was the trivial part. I also wanted to launch the apps. All of these steps might create App-V errors which I already track, so detecting issues short of app launch failures from the App-V end was easy. But I wanted more.
So after launching all of the shortcuts, all on-screen text elements (dialog box titles or text boxes) are scanned and passed through a set of filters. The first filter is an exclusion filter. If a text item contains an exclusion string, the item is ignored. The second filter is a error filter. If a remaining text item contains this string, we declare a failure.
These filters are configurable via registry. The installer pre-populates a set of strings for the filters based on some limited testing that I performed. Hopefully I will get some feedback and we can improve the filters over time.
No amount of automation can possibly detect all errors. The way that apps express errors could be more numerous than the kinds of bugs that lurk in them. But this is a quick start. Although AppV_Manage will exit to return a code to a potentially waiting script, it does leave the virtual apps running. This allows for a human to now step in, connect to the VM, and test the app further.
Details on the command line syntax and filters may be found in the online documentation here: Automated Testing.
Antivirus/AntiMalware We need to sequence on a machine without Antivirus/Antimalware software enabled. Because the .AppV file is an archive format with an extension not generally recognized by AV software, certain kinds of bad things can be contained in the AppV file and not detected immediately.
This doesn’t mean that the malware can be run on a machine with a good AV product running; it is only a question of when the detection occurs. I wanted to be able to find all (or at least as many as practical) kinds of malware as early as possible and as simply as possible.
The best way to do this is a full file system scan with every knob that the vendor provides enabled. But even on a clean VM with just one package, this can take a long time to complete.
Publishing the package to a client machine will help, as it eliminates the unknown archive layer. But, unfortunately, streaming is implemented in a way that the bits are not scanned (by any of the AV vendors I have yet tested) on the way down to the cache. Instead, they are scanned when accessed.
Some AV vendors support command line scanning, which allows us to request a scan of just a specific file, or sometimes folder. Some do not.
AppV_Manage will now detect the presence of a number of AV products. The results of this detection is displayed on the Tool Config tab. If you hover the mouse over the AV Vendor result field, a tooltip will tell you what kind of support is available.
Meanwhile, on the Publishing tab, there is a new button called “AV SCAN”, located just to the right of the Mount button. After you add and publish, you should mount the package and then click the “AV SCAN” button. Based upon the AV vendor support, the button will do the best it can to get your AV vendor to detect any malware without triggering a full disk scan.
For some of these vendors, the scan is complete and yet very fast. Because I assume this VM is already clean before the package is added, we’ll skip the scanning of memory first when supported.
For more information on this, see the online documentation AV Scan.
What’s in Your Package? The Publishing tab also has an “analyze” package button, added in 3.1. This analysis determines and displays all of the various “extensions” contained within the package. Unfortunately the sequencer only tells us about a few of these, like shortcuts and file type associations (but not even all of those!). This display helps you to understand how the application integrates with the OS, the user, and with other applications.
ACE Integration When it is necessary to edit the dynamic Configuration XML files, you need a good tool. Notepad is easy, because it is always on the OS, but the client parsing of the XML is extremely picky; if you use notepad you will destroy your file in an unrecoverable way because you will not be able to find the error.
The folks over at VirtualEngine have created a good, and free, editor for these configuration files called ACE that is specifically for editing these files in a nice easy GUI.
In 3.1 I modified AppV_Manage to detect if ACE is installed, and to add a new “edit configuration file” right click option that calls ACE. You need only to install the latest version of ACE on the client system and it will be detected. You find this on the Publishing tab of AppV_Manage. Select your package, locate the detected configuration file in the details pane, and right click for the menu. The 3.2 release fixes an issue when your package name or path includes a space.