I downloaded Microsoft's Antigen for Exchange last night and installed it on a server to remove some old virus's that were stuck in the mail store (there is no scheduled scan of the mailstore as realtime desktop and smtp scanning is now used for virus protection). Although the product did the job of deleting the mail, the whole admin interface is awful to use and the support on the Microsoft website is non existant - there are NO documents in the technet database on Antigen version 9. With the various quirks in the admin interface and no support, this software really should be released as a beta. I'd only say beta due to the fact that it did remove the virus's otherwise I'd recommend alpha status.
The extended entry contains my 22 points that I would provide as bug reports if it was in beta status.
Recently in AntiVirus Category
I'm not impressed. The product ships with virus definitions dated the 12th July and running Liveupdate says there are no new defs to install (but did install product updates the first time I ran it). However the pc upstairs running Nav2005 has definitions dated the 20th July. This might not be too bad on its own if it wasn't for the fact that NAV constantly complains that the defs are out of date and to run live update. This complaining takes the form of popup messages in the corner of the screen and a yellow coloured caution bar containing a triangle and Norton in the bottom right of the screen next to the system tray. Why they couldn't have just put the application in the system tray like everyone else I don't know. Right click on Norton status and select Move to System Tray.
The one plus point to having the bar is that when the application silently crashes you can tell because the bar disappears which is more noticable than having an icon in the systray disappear (which can happen with xp hiding icons when it feels like it). Yes, Nav has already crashed on me once and the only reason I noticed was because my email server refused to connect to any of my pop3 accounts yet I could ping them ok. Nav crashing had taken out the forwarding part of the proxy service but was still capturing the outgoing traffic - just not forwarding it onto the mail server. As the bar had vanished I realised what the problem was and restarted the application (and said YES I KNOW THE DEFS ARE OUT OF DATE)
Another plus point is that I can now use Google Desktop search again as it is compatible with Nav - it wasn't with Nod32 although this isn't really a plus point to be honest.
The beta only lasts another 14 days (although their website says 30) and I'm glad as so far the product is really awful. The initial scan of my hard disk took 6 hours for the 100gb of data (how did i get that much so quickly?) and the machine was pretty much unusable at this time as the response time was awful. It wasn't too bad if only one application was used but switching applications would take at least 60 seconds before the new one was available.
I have posted these points to Symantec with at their feedback page and had no response back from them whatsoever. I think a beta program really should have a feedback forum so that it is possible to tell if anyone else is having the same problem and provide an ongoing support conversation with Symantec.
Signup for the beta of Nav2006. It only lasts 30 days though.
I've been using nod32 on the home pc for the past week as I was having issues with my previous av software and gsak. Both avg and ca's free av software do not give you the ability to exclude a directory from realtime scanning (or a lot of other so-called advanced features). This means gsak runs really slow.
I wasn't about to install Nortons or Mcaffee on the pc (despite the pc coming with a free version of Norton (but that is another rant - wants the point of a "free" 90 day version of software? It's not really free as it just encourages the poor sucker to go and buy the full version and think they are covered ok) ) so I downloaded the trial version of nod32. Yes ok this is similar to the free idea I just ranted about, but at least they are upfront in that it really is a trial version.
However, when I tried to download SIW, a system information gathering tool, nod decided it might be a virus as it has been packed with an executable packer. The file has now been submitted for analysis so it will be interesting to see a) how long it takes to come back with an answer and b) what their conclusion is. My gut feeling is that its been flagged due to the exe packing as a lot of virus use this method to try and escape detection.
Incidentally I got the tip off about this software from PC Doctor who really should allow commenting instead of trackbacks!
Update I guess they fixed it as I can download it ok today. Didn't get an email from nod though.
TR/dldr.delf.CB.1*2
BDS/Haxdoor.BH*3
TR/dldr.small.ait
TR/Drop.Funweb.A
Drop.Small.NK
BDS/Haxdoor.BH.1*2
PMS.WildTangent.B.1
Interestingly Norton had already detected and deleted a couple of these files but didn't detect any of the others. I had to boot from a Windows UltimateBootCD, download new dats for avpersonal and then run a scan. The Avpersonal only took 30 minutes to run, the Trendmicro one has been going for about an hour and is still going. Its a good job I don't charge by the hour.
2 of our clients have managed to get corrupt symantec antivirus definitions which means the services stop. As the services are stopped I am unable to update them with the console and I've disabled liveupdate. Unfortunately the symantec.com websites are unavailable (and so was msn search) (even though they are using the akamai network to protect against ddos). In the end I used the ftp service at ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/ to download the definitions onto the local pc.
Having said all that I spent about an hour trying various things to fix the client but in the end gave up. I've now uninstalled the software and moved across to our new corporate mcafee software instead. I'm not saying this is any better (I doubt it) but we'll see....
As I write this msn search and symantec are now available again.
Not having that much internet access and the time to blog, I've quickly gone through my feeds and pulled a couple of things out of them
- A WUS Wiki which sounds like a bad day for Jonathan Ross, but is actually a wiki for the new Windows Update Services.
- Links to video's of the Tsunami. This hit whilst we were on holiday and I never got to see any moving pictures of the wave itself - saw plenty of horrific news photos of the devastation afterwards though.
- I removed Norton AntiVirus off the home computer as the subscription had run out and I'm not impressed with the number of infections that have gotten past it this year. Instead I've tried the free home edition of Avast's Antivir software which looks ok. It certainly picked up on eicar when I downloaded it - will be interesting to see how it copes with email borne virus's
My parents-in-law pc licence for Norton Antivirus ran out a couple of days ago so they purchased the upgrade to 2005 which they downloaded but then couldn't work out how to install as it needed the old version (2002) uninstalling, and then setup running on the new version. I used ultravnc to do all the work on their machine until I had gone through all the setup and then clicked on the reboot option (for about the third time) and now I can't get back into the machine as the antivirus software comes with "worm protection" - a basic firewall that is now blocking access to their machine. I now have to wait until they get home and can see the email that I've sent asking for them to ring me so I can talk them through allowing me remote access to their machine.
I went to update AVG on Kristen's laptop, which hasn't been used for a long time and noticed that they are withdrawing support for version6 of the software at the end of the year. However, you can download version7 of AVG for free still and it is recommended that you do this before v6 expires as you don't want to be without a virus checker.
Looks like Symantec might be under a DOS attack or something is up with their ftp server. I've been trying to download the latest av signatures to load onto a loan machine thats just come back to the office. The 8mb download, on our 2mb adsl line is downloading at a dismal 1k/s228b/s speed.
Update Don't know what it was but I ultravnc'ed into my home pc and then got the update file from its 256k adsl line. I then used the file transfer option in ultravnc to drag the file back to the office. So the office adsl is unlikely to be at fault, and neither is the symantec connection - might be the demon link somewhere shrug of shoulders
In order to move our existing internet connectivity from leased line to broadband without disrupting email whilst dns changes take affect we're putting in a mail relay on the local lan and the easiest way to do this was to use Mcafee's email scanning server and use this as a relay. The problem is that the software is pants and everytime you save the configuration of the server it crashes and the machine has to be rebooted.
The hotfix that I had to install also had no installation routine - you had to download a zip file,extract it, determine that you needed to read hotfix8.txt which prompted you to stop the services, copy the files across and then restart them. Now surely it can't be that hard to write an install script to do that?
I really hope this is not an indication of the stability of the corporate version that I might have to rollout in the near future :-(
Well after posting about my upgrade to version 9 after the machine was rebooted and outlook started I received the message "The add-in "c:\program files\symantec_Client_Security\Symantec AntiVirus..." could not be installed or loaded. This problem may be resolved by using Detect and Repair on the Help menu (not that useful!) which is similar to the earlier vpmsec2.dll problem that I had the last time I upgraded Symantec. (You'd have thought they'd have coded a fix in for this by now). Thankfully a tool is now provided, fix tool that supposedly edits the old registry entries.
I installed Symantec Corporate Edition 9 on the laptop this afternoon to test it before rolling out across the network. Most of the user interface looks the same as the version 8 client, but it now has the ability to check for malware, adware, trojans and other nasty software. I ran it on the laptop and it found 8 spyware remnants on the pc, some of them in a directory called .old after I cleared up after my last spyware infection, and some more in my system directory - these things are persistent little wotsits.
The good thing is that I can still run the version 9 client in my version 8.5 corporate lan which means I can evaluate before having to install it on the master server.
Apparently the other good thing is that there is the ability to block the pc on the network if the dat files are not uptodate. Not sure how this works (probably similar to the way MS will do it) but if it works it will make my life easier in keeping the clients uptodate but will really annoy those managers users who won't update their machines or download games.
Seeing as though we were caught out with old definitions from Nav, despite running Liveupdate at 4am in the morning each day (which doesn't detect if there are new NON-Liveupdate downloads) I wrote the following script to get the latest updates from Symantec at 6am, 12:30pm, 4.30pm and 9.30pm. Using wget it downloads the navup8.exe file (if its newer), runs it and then copies the .xdb files to the NAV directory. Hopefully by running it several times a day the traffic is light (as it only downloads if newer) and we shouldn't be more then a few hours out of date and ahead of any virus infection is the idea. The only thing I can't work out is how not to run the .exe file if the download didn't actually happen. I guess I could log the download and search for a "file is same date" string and run the .exe on this condition.....thats next weeks project for when I'm in the office.
c:
cd\scripts\symantec
wget -N ftp://ftp.symantec.com/ public/ english_us_canada/ antivirus_definitions/ norton_antivirus/ static/ navup8.exe
navup8.exe
move *.xdb c:\progra~1\nav >>c:\scripts\symantec\log.txt
I installed the CA Antivirus firewall on the parents-in-law computer. The firewall is almost identical to zonealarm. I've not used zonealarm for several months/years now so I can't tell if it is the same as the newer versions, but all the popup dialog boxes and the traffic meters in the taskbar are practically identical. The Antivirus is different and also includes spyware and popup blockers so it will be interesting to see how good they are - i'm sure I'll have plenty of practise as I've already removed lop from the computer twice, amongst many other spyware infections on it. I've also installed SpywareGuard which aims to stop the driveby installations (and i've also installed firebird for my own surfing)
Computer Associates are again launching free antivirus and a firewall too for a year. They stopped their innoculan a while back but have got back in the business again. Might put this on Kristens laptop.
AVG caused a boot failure on Kristen's machine this afternoon with a "Causeway error 09: Unrecoverable exception - program terminated" error message which caused Win98 to either hang completely or to run incredibly slowly. Looking on google, causeway is a dos extender program written yonks ago. In the end I booted into safe mode and uninstalled avg.Rebooted and the machine is ok. I'm now downloading Bitdefender which I have mentioned in the past but never got round to using.....until now.
when you open your first email after starting Outlook, you see the error message Error: "VPMSECE.DLL could not be installed or loaded. It may be missing or there may not be enough resources." The error message may or may not reference a location, as in: "C:\Program Files\NavNT\vpmsece.dll could not be installed or loaded. It may be missing or there may not be enough resources."
The documented solution is to uninstall the symantec security client, delete extend.dat (search your computer for this file) and start outlook. If this doesn't work, reinstall outlook (in my case office). There is no way I was going to uninstall office and then reinstall it so I went hunting.
10 minutes later I had a solution.
A quick search on the registry for vpmsece.dll comes up with LDVP under hklm\software\microsoft\exchange\client\extensions. Disabling LDVP under tools/options/other/Advanced Options/AddInManager and restarting Outlook and everything was ok. Re-enabling the extension and the problem re-occurs.
Deleting the registry entry hklm\software\microsoft\exchange\client\extensions\LDVP and restarting outlook means I don't get the error message and the LDVP addon is not listed in the registry.
I then installed Symantec Client Security again and all seems to be ok. The cryptic LDVP has been replaced with SavCorp810 in the extension manager which is a lot easier to work out what the extension is.
