Skip to main content

Duo Authentication for Windows - UpdateDeployUninstall

Purpose

This solution assists in setting the latest DUO detection and updating older DUO installations on agents based on the latest version detection. It was created to ensure DUO is patched for CVE-2024-20292; however, this will keep the application up to date consistently in the future.

Associated Content

ContentTypeFunction
Internal Monitor - DUO Authentication - Latest Version DetectionMonitorThis internal monitor is created to fetch the latest version of the application.
Script - Application - Latest Version Detection [Winget]ScriptThis script is designed to gather the latest version of applications supported by Winget, which is provided in the Internal Monitor - DUO Authentication - Latest Version Detection.
Internal Monitor - DUO Authentication - Install/UpdateMonitorThis monitor is designed to update DUO Authentication on computers where the outdated application is detected.
Script - DUO Install & Upgrade - Latest VersionScriptThis script will install or update DUO if the currently installed instance is older than the latest released version. It matches the hash of the installer from the official website before deploying it. This script downloads the latest installer from https://dl.duosecurity.com/duo-win-login-latest.exe.
△ Custom - Execute Script - Application Latest VersionAlert TemplateThis alert template is designed to be used with the Internal Monitor - DUO Authentication - Latest Version Detection to run the script Application - Latest Version Detection [Winget].
△ CUSTOM - Execute Script - DUO Install & Upgrade - Latest VersionAlert TemplateThis alert template is designed to run the script DUO Install/Upgrade - Latest Version with the Monitor - DUO Authentication - Install/Update.

Optional Content

ContentTypeFunction
CWM - Automate - Script - Uninstall DUOScriptUninstalls DUO from Windows machines.
CWM - Automate - Internal Monitor - Uninstall DUOMonitorDetects machines where DUO is installed and Duo Exclusion EDFs are selected.
△ Custom - Execute Script - Uninstall DUOAlert TemplateExecutes the script CWM - Automate - Script - Uninstall DUO against the machines detected by the internal monitor.

Implementation

  1. Import the following content using the ProSync Plugin:

  2. Reload the system cache: Reload System Cache

    Run the script against any online Windows machine with the Set_Environment parameter set to 1 to create the EDFs used by the solution.
    Run Script

  3. Navigate to Automation → Monitors within the CWA Control Center and set up the following:

    • Monitor - DUO Authentication - Latest Version Detection
      • Set up with the alert template △ Custom - Execute Script - Application Latest Version
      • Ensure the monitor is running monthly and not at a more frequent interval.
      • Right-click and Run Now, then Reset Monitor after applying the alert template.
    • Monitor - DUO Authentication - Install/Update
      • Apply the alert template △ CUSTOM - Execute Script - DUO Install & Upgrade - Latest Version
      • NOTE: Make sure to confirm the Latest Version Detection monitor has run and completed before enabling this monitor.
        • Right-click and Run Now after applying the alert template.

Optional - Uninstall

Use the content below if the partner wants to uninstall DUO on Windows agents automatically. This will remove the application if the exclusion box has been checked on either the location or computer levels.

Import the following content using the ProSync Plugin:

Configure the solution as outlined below: