// pkgprobe blog

Installer intel.
Written by practitioners.

Deep dives on Windows installer analysis, endpoint security, software deployment, and the open-source tooling behind pkgprobe.

All Posts 🔍 Analysis 🛡️ Security ⚙️ Deployment 🧰 Tooling 📦 Open Source 📡 CVE Intel

// featured

$ pkgprobe analyze SuspiciousApp.msi

publisher ⚠ Unverified

signature ✗ Not signed

network 37.220.90.x (RU)

cve_matches CVE-2024-1234 HIGH

⚠ 3 risk flags raised

Security Analysis Jan 28, 2025

By Tijan McClain

What MSI Metadata Actually Tells You About an Installer's Risk

Most teams deploy MSIs without looking past the filename. We break down every metadata field pkgprobe extracts — from publisher certificates to embedded network telemetry — and show exactly what a malicious or misconfigured installer looks like before it touches your endpoints.

Read article → ⏱ 8 min read

// recent posts

⚙️

Deployment Jan 15, 2025

Silent Install Switches: Stop Guessing, Start Probing

By Tijan McClain

A practical breakdown of how pkgprobe auto-extracts /quiet, /norestart, and TRANSFORMS flags from MSIs — and why SCCM admins should never manually hunt for them again.

SCCM / Intune ⏱ 5 min

🛡️

Security Jan 08, 2025

Integrating pkgprobe into a Vulnerability Management Workflow

By Tijan McClain

How to wire pkgprobe's CVE output into Tenable or Rapid7 ticket workflows — so vulnerable software is flagged before it's approved for deployment.

CVE Intel ⏱ 7 min

📦

Analysis Dec 22, 2024

MSIX vs MSI vs EXE: What Each Format Reveals (and Hides)

By Tijan McClain

A technical comparison of what pkgprobe can extract from each installer format — and why MSIX's containerized model changes the analysis game entirely.

Deep Dive ⏱ 10 min

🗂️

Tooling Dec 10, 2024

Auditing Registry Writes Before Deployment with pkgprobe

By Tijan McClain

Every MSI leaves a registry footprint. Here's how to use pkgprobe to capture that footprint in advance and build change control documentation automatically.

Registry ⏱ 6 min

📊

Open Source Nov 28, 2024

Why We're Building an Open Installer Intelligence Dataset

By Tijan McClain

The vision behind pkgprobe's community data moat — and why a shared, open corpus of installer analysis data benefits every IT and security team on the planet.

Community ⏱ 4 min

🚀

DevOps Nov 14, 2024

Validating Installer Artifacts in CI/CD with pkgprobe's Python API

By Tijan McClain

A step-by-step guide to dropping pkgprobe into a GitHub Actions or Azure DevOps pipeline to gate installer artifacts on signature validity and CVE score.

GitHub Actions ⏱ 9 min

Installer intel.Written by practitioners.

New posts. No noise.

Installer intel.
Written by practitioners.