Huntress Development Notes: Updating the Updater

If you’ve ever taken a look inside the Huntress Agent directory you may have noticed the file wyUpdate.exe . This executable is wyUpdate, the third party update utility we use as part of the agent update process. Our small team had plenty of work ahead of us when we first started developing the Huntress agent in 2015, so we decided to find something we could quickly adapt and integrate to perform updates. wyUpdate fit the bill perfectly; Windows support, the ability to update a Windows service¹, and it didn’t break the bank.

While wyUpdate is reliable and easy to use, one of the downsides for us has always been its .NET requirement. Since we support everything from Windows Vista² to Windows Server 2019, we can’t rely on a standard version of .NET everywhere. As such, the Huntress Agent installer includes two wyUpdate.exe files, one for .NET2 and another for .NET4. The installer decides which version of wyUpdate.exe to install based on the version of Windows.

The .NET version requirement became an issue recently when we started to move to TLS 1.2. Older versions of .NET do not support TLS 1.2 and newer versions require a registry modification to enable it. Since we can’t require all of our partners to upgrade their .NET installations we had to find an alternate solution.

As it turns out, wyUpdate is open source and the author published the specification. We originally purchased a license for the wyUpdate build tool (used to create the update packages), but ultimately ended up using the specs to develop our own build tool that we could better into the agent/installer build process. While we couldn’t leverage the build tool code in a new updater (the build tool it is written in Python and we needed a compiled executable to ship), the experience developing it helped with the new development. The Huntress Agent is written in GoLang, so re-writing the wyUpdate functionality in GoLang was a no-brainer. In keeping with the open source spirit of wyUpdate, we have released our implementation as open source.

We’ll be testing the new updater extensively over the next few weeks and plan to roll it out later this year once testing is complete.

[1] Updating Windows services is tricky because the service can’t be running when the update is applied. wyUpdate was designed with that in mind. The service starts the wyUpdate process, the wyUpdate process then terminates the service, updates the service executable, re-starts the service, and finally exits.

[2] Yes, the Huntress Agent still works on Windows Vista, but that doesn’t mean we recommend using it. The same goes for Windows 7 and Windows Server 2008; Microsoft is ending support for these operating systems in January 2020, however, the Huntress Agent will continue to operate on these operating systems for the foreseeable future. That said, we highly recommend moving to an operating system that is currently supported by Microsoft.