[ BUG ] `Invoke-FalconDeploy` incorrect execution order when queued about psfalcon HOT 4 OPEN

Interesting report! Thank you for submitting it.

I'll talk with the RTR engineering team and see if I can uncover an effective solution.

It also looks like the Expand-Archive command is happening after the execution of runfile.exe too...

from psfalcon.

In testing, it appears that PSFalcon is simply too fast for the CrowdStrike APIs. ;)

I submitted a queued job using Invoke-FalconDeploy for a single device and the commands were issued within about 2 seconds. The RTR queue API doesn't have millisecond accuracy when commands are issued, so issuing commands as fast as PSFalcon does means that the queue has the potential to pass them to the target device out of order.

The only solution is to add a delay to Invoke-FalconDeploy to ensure that no two commands are given in the same second. I'll add that in for the next release.

from psfalcon.

I've implemented the fix for the next release.

Could you try updating public\psf-real-time-response.ps1 in your local module, test Invoke-FalconDeploy and let me know if it resolves your issue? You can update your module using the commands below.

Import-Module -Name PSFalcon
$ModulePath = (Show-FalconModule).ModulePath
(Invoke-WebRequest -Uri https://raw.githubusercontent.com/CrowdStrike/psfalcon/d824c1cb1a96a540bfad6d06af4b7652e1d1b8e5/public/psf-real-time-response.ps1 -UseBasicParsing).Content > (Join-Path (Join-Path $ModulePath public) psf-real-time-response.ps1)

from psfalcon.

Hey Awesome thanks a lot for the feedback, i didn't expect one so quick, you rock !
I tried the fix but ended up with some (but fewer than previously) unordered execution of queued commands.
I edited your fix with a 2 seconds delay and it works perfectly.
if ($QueueOffline -eq $true) { Start-Sleep -Seconds 2 }

It seems a 2 seconds delay is necessary.

from psfalcon.