If you have PDF-XChange Editor, please be careful with their new version 11.0.0

Posted by AlternativeMark4293@reddit | sysadmin | View on Reddit | 30 comments

Our company is using PDF-XChange Editor, it has been solid until today, a major new version 11.0.0 comes out and got deployed to our machines today.. (We use an automation tool to deploy software updates, for PDF software like PDF-XChange Editor, it will be auto deployed)

Suddenly our users are reporting that their PDF-XChange Editor loses license and start to showing the trial watermark when the users editing PDFs.

I have to redeploy the keys on most of our users's machines. The PDF-Xchange Editor become licensed again but I was wondering why?? what was causing the software losing license after the ugprade (our license expires in a year)?

I finally figured out, after back and forth with their support, they confirmed that the registry path where the key lives has been changed in the version 11.0.0.

New location for the key in the registry for version 11.0.0

HKEY_LOCAL_MACHINE\SOFTWARE\PDF-XChange\Vault\

Previous versions, the key is in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Tracker Software\Vault\

So if you are using machine level key deployment, please be aware of this change and the potential impact of losing your license status when PDF-XChange Editor got updated to 11.0.0

Also, if you are using XCVault.exe, the path has been changed

from:

C:\Program Files\Tracker Software\Vault\XCVault.exe

to:

C:\Program Files\PDF-XChange\Vault\XCVault.exe

[-]

Kreiger81@reddit

Thank you for the heads up! We use PDF exchange but we dont update automatically.

Uh, what tool do you use? might be nice.

[-]

AlternativeMark4293@reddit (OP)

you mean the update automation? We use Action1.

[-]

Kreiger81@reddit

Thanks! I'm the sysadmin for a smallish manufacturing firm. under 100 main workstations in the admin office(engineers, accounting, sales, exec team, etc), some other assembly stations that wont need updates. This looks neat and considering under 200 endpoints is free, thats also very attractive.

[-]

heisenbergerwcheese@reddit

PDQ is also a really nice tool for automation for small support staff. You pay per sysadmin account, not per end-node. So when i was a loner support 3500 end-users at a cheap ass place, it was a lifesaver

[-]

tarentules@reddit

+1 for PDQ, I quite literally use deploy & inventory daily and would honestly be lost without them now.

[-]

Kreiger81@reddit

Oh thats good to know. Its pretty much just me and my boss the IT Manager, like 200 total employees and most of them are assembly/machine shop. I can look at it as well.

[-]

smileymattj@reddit

Man, they couldn’t have picked a more suspicious looking name could they.

“Tracker Software”

[-]

smilaise@reddit

shit like this is why I made my own PDF editor https://pdf.killertools.net

let me know what new features I should add so we never have to deal with this crap ever again.

[-]

hankhalfhead@reddit

Nice! Have you considered (or already implemented) splitting, merging and page reordering?

[-]

smilaise@reddit

Yep, you can do all three - merge multiple PDFs, split/extract pages, and drag-and-drop reordering!

[-]

hankhalfhead@reddit

Awesome well done

[-]

TurnItOff_OnAgain@reddit

Not sure why, but NextDNS has your domain blocked by its AI threat detection.

[-]

smilaise@reddit

oh I'll check it out. I've had to submit my apps to about a dozen different AV companies and beg Microsoft to stop blocking me. it's been an adventure. most likely it's just because the domain is fairly new and has killer in the name.

[-]

creamersrealm@reddit

Really sweet collection of web tools Steve.

[-]

skydiveguy@reddit

Just use Adobe.

[-]

4kVHS@reddit

You are ok with your PDF software modifying your hosts files so that it can phone home?

[-]

Brilliant-Advisor958@reddit

Look at the rich guy over here...

[-]

skydiveguy@reddit

Plot twist: I work for a school district and all teachers have access to the full Adobe suite.
So yeah I guess we are the richest school district in the world.

[-]

paul_33@reddit

Yeah Adobe never breaks things in updates. Not at all /s

[-]

AlternativeMark4293@reddit (OP)

We switched from Adobe to PDF-Xchange...

Adobe is EXPENSIVE and also have issues with certain releases. I mean nothing is perfect but I was just disappointed that PDF-XChange did not give any heads up on the changes in the major version release and also don't list out the potential change/impact to business users.

[-]

Harbor733@reddit

BOO THIS MAN!!!

[-]

Physics_Prop@reddit

fuck Adobe

[-]

SecureNarwhal@reddit

just a suggestion but break your devices into update groups and update each group over time. That way you can catch issues but only with it affecting a smaller group of users and devices.

Ideally you'll have a dev environment to test updates before rolling them out into production. But I used to work at a nonprofit and that wasn't realistic with our resources and time. So I just asked for a couple of volunteers to guinea pig updates with me before we rolled it out to the rest of staff. But now I'm in a bigger organization and we have a dev environment to test updates.

[-]

Tymanthius@reddit

1) Why are you autodeploying ANY software w/o vetting

2) What does their change notes say? Might tell you this was going to happen as it's going from 10.x to 11.

[-]

AlternativeMark4293@reddit (OP)

That's on me, I should have configured some pilot group or new software update.
There release note/change note does not mention anything about the registry change or file path change

[-]

dirufa@reddit

Did they even test this shit before releasing wth

[-]

SolidKnight@reddit

It also comes with new features and there are no ADMX templates for them yet. E.g., AI integrations with third parties. I'm holding off on upgrading until they support v11 more.

[-]

Different-Race6715@reddit

It is an extremely bad idea to use latest releases.

Every org must follow a cooldown period which maybe somewhere between 2-7 days. Only then that update should be used.

Look at all the recent compromised campaigns - axios, shai-hulud and many more were detected within 48 hours. So a 50 hours or more cooldown could have saved millions.

All major package managers - dependabot, npm, pypi, nuget have this feature and could be configured. Must do !

[-]

CPAtech@reddit

That's what pilot groups are for.

[-]

AlternativeMark4293@reddit (OP)

I was really upset because I was super busy with different issues and then the users suddenly started to compalin about losing license on PDF-XChange on a Friday afternoon! Have to spend a lot of time redeploying the keys and also spent a lot of time going back and forth with PDF-XChange support. To them, apprently there is no need to communicate the change of the file path or registry path in their release or documentation. As a matter of fact, their documentation is not up to date for the new changes in the version 11.0.0.

I fear that PDF-XChagne is becoming more and more like Adobe. All sorts of new features, fancy functions and becomes more and more expensive and cluncky...