https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/808400#M24201 Thanks for pointing out that statement. I have to explain why the files should stay to qualify for a waiver, or delete them. This will help.<BR /> Mon, 18 Apr 2022 19:36:44 GMT CarlZeigler 2022-04-18T19:36:44Z https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/787786#M23590 <P>In a few other posts there were notes about SAS EG and other desktop applications are not affected by the log4j vulnerability. However, when I run the suggested search I do find a log4j file under SAS Deployment Manager. The manual resolution for this file on the server is to zip the file up. Can this file be simply deleted on the desktop to remediate the vulnerability? I do see there is a windows version of&nbsp;loguccino.&nbsp;&nbsp;Is it necessary to have administrator rights to a workstation to run this tool?</P> Thu, 30 Dec 2021 15:20:32 GMT https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/787786#M23590 DJWanna 2021-12-30T15:20:32Z https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/787977#M23591 <P>I too found log4j files in Deployment Manager. I think it is safe to follow the server instructions to use <A href="https://github.com/sassoftware/loguccino" target="_blank">loguccino</A> to remove the offending software.</P> Sat, 01 Jan 2022 08:35:16 GMT https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/787977#M23591 SASKiwi 2022-01-01T08:35:16Z https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/787998#M23592 I agree. While SAS Deployment Manager is a client-side tool and not associated with any running service that might be vulnerable to these exploits, I understand the desire to make all log4j jar files show as "clean" in scans. So it should be safe to use the provided tools to remediate. Sat, 01 Jan 2022 20:14:48 GMT https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/787998#M23592 ChrisHemedinger 2022-01-01T20:14:48Z https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/807789#M24185 The sas supplied loguccino scanner is finding log4j vulnerabilities in the M7 SAS Depot. If I use the patch step to fix these files, an install later fails with invalid checksums…. Is there a workaround? Thu, 14 Apr 2022 12:42:00 GMT https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/807789#M24185 CarlZeigler 2022-04-14T12:42:00Z https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/807794#M24186 <P>Hi Carl.&nbsp; Please see the "Directories to Target" section of the Instructions for Loguccino.&nbsp; Specifically the "Caution" statement.</P> <P>&nbsp;</P> <P><A href="https://go.documentation.sas.com/doc/en/log4j/1.0/p1pymcg1f06injn10rho5mkmmhe4.htm" target="_blank">https://go.documentation.sas.com/doc/en/log4j/1.0/p1pymcg1f06injn10rho5mkmmhe4.htm</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 14 Apr 2022 12:59:57 GMT https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/807794#M24186 ronf_sas 2022-04-14T12:59:57Z https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/808400#M24201 Thanks for pointing out that statement. I have to explain why the files should stay to qualify for a waiver, or delete them. This will help.<BR /> Mon, 18 Apr 2022 19:36:44 GMT https://communities.sas.com/t5/Administration-and-Deployment/Log4j-Vulnerability-for-SAS-Deployment-Manager/m-p/808400#M24201 CarlZeigler 2022-04-18T19:36:44Z