Backtrack:  
 
showing posts tagged with 'antivirus'
 
by lunarg on October 15th 2015, at 11:03
To properly uninstall TrendMicro OfficeScan 10.5 and have forgotten the uninstall password, you can very easily change it to something familiar, assuming you have administrative permissions on the computer.

Locate and open the INI-file Ofcscan.ini. By default this is located at:%PROGRAMFILES%\Trend Micro\OfficeScan Client\Ofcscan.iniNote that on 64-bit, the default install path will probably be %PROGRAMFILES(X86)%\Trend Micro\...

Search for the line beginning with:Uninstall_Pwd=!CRYPT!364EB2Although the password is encrypted in a hash, you can quite easily replace the hash with another hash of a password you do know. You can use this MD5 hash generator for it.

In the configuration file, r  ...
by lunarg on May 26th 2015, at 16:25
Some notes about my experience with the upgrade of a Trend Micro OfficeScan 10.6 to 11.0.

Check the version requirements before upgrading: Upgrade path to OfficeScan 11.0.

Basically, be sure to have the latest version of your current major version and service pack installed.

Upgrade considerations for OfficeSCan (OSCE) servers and clients/agents

Check the system and OS requirements, as they have changed since 10.6 and 11.0. When upgrading, it is also recommended to create a backup, in case something goes wrong during the upgrade.

Upgrading from a version prior to 10, you may have to workaround losing your defined scan methods. This is not required when performing an in-place upgrade fro  ...
by lunarg on May 8th 2015, at 14:29
The Trend Micro OfficeScan client can be installed on a workstation via the network (using an UNC-path) through the AutoPCC utility. The client can simply browse the OfficeScan server, locate the autopcc.exe utility, and run it, performing an installation of the OfficeScan client on the computer running the utility. By default, the installation of the client is not silent, meaning the user will see windows and dialogs appearing. Fortunately, it is possible to make AutoPCC to perform the installation completely silently, leaving the user almost unaware that an installation of OfficeScan is occurring.

To change this setting, log on to the OfficeScan server, and browse to the OfficeScan instal  ...
by lunarg on April 22nd 2015, at 12:58
The Trend Micro OfficeScan AEGIS engine may cause a desktop not to load during logon, resulting in a black screen with only the mouse cursor visible. The process explorer.exe is not loaded, nor can it be loaded through Task Manager.

The problem usually occurs on provisioned desktops, either through VDI (VMWare View) or some other 3rd party management solution (Dell Kace, etc). Various components of these solutions hook into key Windows components (Winlogon, Explorer extensions, etc), and are then being blocked by the Trend Micro Behavioral Analysis service (the AEGIS-engine).

A workaround is to either whitelist all the components, but this is often not a straight-forward solution. Another   ...
by lunarg on April 29th 2013, at 14:19
When migrating from McAfee to another antivirus, you need to uninstall McAfee Enterprise. When you have not installed it using GPO, it may become quite the task if you have a lot of clients to uninstall the product from. If you have a Windows Domain (optionally using GPO), you can do the uninstall via a logon script.

The installation can be performed by manually uninstalling the product using msiexec. This initiates a proper uninstallation procedure, and will result in a silent uninstall of McAfee Enterprise. Depending on the version you're using, adjust the GUID you see here:

VirusScan Enterprise 8.8:
msiexec /x {CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF} REMOVE=ALL REBOOT=R /q



VirusScan En  ...
by lunarg on March 22nd 2013, at 14:36
If you've lost the password to the Trend Micro OfficeScan web console, you can attempt to reset it to something known by editing a certain file using notepad.

Find the file C:\Program Files\Trend Micro\Officescan\PCCSRV\Private\ofcserver.ini. Open it with notepad and look for the parameter master_pwd. Change its value so the parameter reads:

master_pwd="!CRYPT!523F7DC2E525044E2800FCDEA7E5D78B70C0A4165387060525E3EE66D5D2D2F460EA361E712B5F871FD473C7A6C"

Using this hash changes the root password to trendmicro. Restart the OfficeScan Master service (via Services) to apply the new password.

With newer versions (10.0), you may also have to edit the file C:\Program Files\Trend Micro\O  ...
by lunarg on March 22nd 2013, at 12:25

If you don't know the password of your Trend Micro OfficeScan client, you can still do the uninstallation by changing a value in the registry.

  1. As an elevated user, start up regedit.
  2. Navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
  3. Find the value Allow Uninstall and set it to 1.

You should be able to uninstall the client without a password prompt.

by lunarg on February 22nd 2013, at 13:03

Although unsupported, it is possible to install Microsoft Security Essentials on a Windows Server 2012.

To do this, set the compatibility of the downloaded file to Windows 7, then start that file with the parameter /disableoslimit.

The installation goes without a problem, and as far as I can tell, there are no compatibility issues.

by lunarg on June 22nd 2012, at 16:04

A note of warning I read on the Avast Forums: if your Avast subscription runs out, the Exchange Information Store no longer starts and bails out with an error "failed to start virus scan". Very annoying indeed...

Source: http://forum.avast.com/index.php?topic=92162.0

by lunarg on June 22nd 2012, at 16:00
We updated Avast to the latest version on a client's server running SBS 2011. The update apparently included antispam. All of a sudden, the Transport service kept failing, and all messages (in both directions) landed in the Poison Queue. Restarting the Transport service did not fix the issue, and there was nothing we could do.

Googling around, we found that the trouble was indeed related with Avast. Disabling the Antispam Shield did not resolve the issue, but disabling the transport agent in Exchange, via Powershell was the fix:

disable-transportagent "avast antispam for exchange"

After disabling the agent, everything came to life again.

@ Avast: you should really start  ...
by lunarg on July 8th 2011, at 10:33

A new type of rootkit has recently been seen. While most modern rootkits use the MBR and unused sectors of a harddrive, this one also misuses NTFS metadata to inject malicious code into a running OS.

Full article: http://www.securelist.com/en/blog/517/Cybercriminals_switch_from_MBR_to_NTFS

by lunarg on June 27th 2011, at 11:59

In case of an infection with phony anti-spyware software (such as Anti Spyware 2009), where the EXE file association has been corrupted, use these Registry fixes to reset them to default behaviour.

Notice
Be sure to select the right file for your system. XP, Vista and 7 all have different settings.

 

by lunarg on April 19th 2011, at 15:55
The latest trend in virii is the use of MBR rootkits to settle themselves in the unused (hidden) sectors of your harddrive, safe from any formatting or reinstallation of Windows. They cannot be removed by an antivirus as the rootkit directly interacts with the kernel upon boot, long before any antivirus system drivers are being loaded. The rootkit does not patch actual files or drivers, but rather does this dynamically upon booting Windows. A complete format of your system would not get rid of the MBR as it is hosted in the first sectors of your hard drive and therefore survive a format of a single partition.

More information can be found here: http://www2.gmer.net/mbr/.

There  ...
by lunarg on March 11th 2011, at 12:01

Currently, the official Avast for Mac Edition available for download is still at version 2.74, released somewhere in 2007.
This version still has many annoyances and bugs that have not yet been resolved (one of these issues is the ability to run automatically in the background, without the main window popping up at start up each time).

Luckily, the Avast Forum has a post, providing a new release candidate is available for download for some time now. The build is also a bit outdated but has at least many fixes that aren't present in the official release.

The direct download link is: http://public.avast.com/~cimbal/avast.3.11.zip.

by lunarg on April 16th 2010, at 10:52
Had a problem with an XP (SP2) computer and Avast Internet Security. Upon installing the product (and its subsequent reboot), the computer freezes right after startup. The mouse still moves, but keyboard does not respond, no applications get started.

After a search on the Avast forum, I came across this post, claiming there's a problem with certain applications and Avast on XP:

Quote
This is caused by a bug in Windows XP function ImageEnumerateCertificates( ) which is being called by firewall service when a process tries to access the net. This function (unpatched in all version of XP) hangs with certain corrupted files and LogitechDesktopManager.exe is one of them.

It will be fixed in th  ...
 
showing posts tagged with 'antivirus'
 
 
« January 2017»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« Debating Windows vs. Linux vs. Mac is pointless: they all have their merits and flaws, and it ultimately comes to down to personal preference. »
Me