Category Archives: 8087

Sunbelt Vipre users struck by false positives, downing computers…

If you're running Sunbelt's Vipre product, you'll want to monitor the support forums for more information.  Information from several sources are indicating today as Black Monday, having to run system repair for get Vista and XP machines working again.  The majority of the issues are affecting Lenovo computers, due to the way Lenovo installs additional utilities that aren't necessarily needed to function correctly.  Vipre is recognizing utility executables as virus-infected files or malware and deleting them from the file system.


 


Support forum:  http://supportforums.sunbeltsoftware.com/categories.aspx?catid=23&entercat=y

Doc updated today, 5/22/2009 – Guidelines for Anti-Virus Exclusions for Microsoft Applications – myITforum.com

 

The purpose of this document is to provide guidelines for anti-virus configuration parameters, depending on the software installed on a server. These guidelines are based on Microsoft Knowledge Base, Microsoft Premier Support as well as collective field experience from Microsoft Services.

Guidelines for Anti-Virus Exclusions for Microsoft Applications – myITforum.com

AV-Comparatives Web Site

On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get tested by us, vendors must fulfill various conditions and minimum requirements.
To stay informed about current tests and releases, please also have a look to our Weblog.
Some antivirus products are presented in our forum  by the various vendors.

AV-Comparatives

Symantec Awarded $12 Million Judgment in Counterfeit Software Case

Symantec Awarded $12 Million Judgment in Counterfeit Software Case
Wednesday, December 17, 2008 – myITforum.com

Symantec

CUPERTINO, CA–(Marketwire – December 17, 2008) – Symantec Corp. (NASDAQ: SYMC) today announced it was awarded $12 million in damages against a distributor selling counterfeit Symantec software throughout North America. The ruling constitutes one of the largest single judgments awarded to Symantec in a software piracy case.

The verdict was handed down by the United State District Court for the Central District of California in Los Angeles in favor of Symantec against Carmelo Cerrelli of Interplus Online, a Canadian-based organization selling software in the United States and Canada.

"The size of the judgment against Interplus indicates how big their operation was throughout North America," said Marc Brandon, director, Symantec Global Brand Protection. "We were particularly encouraged by the Court's finding that the infringement was willful, so that Interplus' owner, Mr. Cerrelli, faces heightened personal exposure. Shutting down their ability to move counterfeit Symantec software is a tremendous step towards protecting unsuspecting end-users from the security threats posed by counterfeit software."

The case was filed in civil court and included claims from Symantec alleging that Interplus engaged in copyright and trademark infringement involving Symantec products such as Norton SystemWorks, Norton AntiVirus, Norton Ghost, and Symantec pcAnywhere.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.


myITforum.com, Inc.

AVG’s fix for destroying Windows XP…

http://www.avg.com/faq.num-1575#faq_1575

 

In case you you are not able to run your Windows XP operating system after AVG 8.0 virus definition update (DB: 270.9.0/1777) and you do not have Windows XP installation CD, please proceed as follows in order to resolve this situation:

We have prepared an utility which can fix the issue mentioned above. You can use the following boot media: either CD-ROM or USB flash drive. If you decide to use CD-ROM, please follow the instructions in part A), in case of USB flash drive follow the steps in part B). When finished it is necessary (in both cases) to follow additional instructions described in part C).

A. CD-ROM instructions (recommended):

1. Please download the CD image.
2. Use your favorite CD burning software to burn the downloaded image (IMPORTANT NOTE: Please use the "Burn CD from image"* option).
3. Insert the CD into the CD-ROM drive of the affected computer and restart the computer. It should boot up from the CD. If not, please see the user's manual for you motherboard to find out how to let the computer boot from a CD.
4. Continue with instructions in section C).

B. USB flash drive instructions (available only for computers supporting USB boot function):

1. Please download the USB flash archive (rescue.zip).
2. Extract the content of the "rescue.zip" archive to your USB flash drive.
3. IMPORTANT: go to the root of the flash drive.
WARNING: take care to do the next step only when you are located on the flash drive. Doing the step on the local disk can DESTROY BOOT FILES ON YOUR HARD
DRIVE!

4. Please run the "makeboot.bat" batch (pay attention that it is the one on the USB flash drive) and follow the instructions.
5. Connect the USB flash drive to the affected computer and restart the computer. It should boot up from the USB flash drive. If not, please see the user's manual for you motherboard to find out how to let the computer boot from a USB flash drive. Please note that this function is not supported on all motherboards.

C. Additional instructions:

1. Boot the computer from the CD-ROM or USB flash drive as described in steps A) and B).
2. Follow the rescue process.
3. Please login to Windows as Administrator.
4. Update the AVG program (Open AVG User Interface and click the "Update now" button)
5. Rename the file "avgrsx.exe_off" to "avgrsx.exe". This file is located in the AVG 8.0 Program folder (C:\Program Files\AVG\AVG8 by default)´.
6. Rename the file "avgsched.dll_off" to "avgsched.dll". This file is located in the AVG 8.0 Program folder (C:\Program Files\AVG\AVG8 by default)
7. Remove the boot media (CD-ROM or USB flash drive) and restart your computer.

* The name of the function may vary depending on used software.

Recommendations for antivirus exclusions in MOM 2005 and OpsMgr 2007

Exclusions by process executable:

Creating exclusions based on the executable can potential be very dangerous in that it limits the control of scanning potentially dangerous files handled by the process.  For this reason, unless absolutely necessary, we do not recommend relying on exclusions based on any process executables for MOM or OpsMgr servers.  However with that said, if you do decide that you need to make exclusions based on the process executables for whatever reason they are listed below:

MOM 2005 – momhost.exe
OpsMgr 2007 – monitoringhost.exe

Exclusions by Directories: The following includes real-time, scheduled scanner and local scanner directory specific exclusions for Operations Manager.  The directories listed here are default application directories.  You may need to modify these paths based on your specific environment.  Only the following MOM\OpsMgr related directories should be excluded. 

Important Note: When a directory to be excluded is greater than 8 characters in length, add both the short and long file names of the directory into the exclusion list. To traverse the sub-directories, this is required by some AV programs.

SQL Database Servers:
These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  To exclude these by directory, exclude the directory for the LDF and MDF files:

Examples:
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
D:\MSSQL\DATA
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log

MOM 2005 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager\

OpsMgr 2007 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
C:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store

Exclusion of File Type by Extensions: The following includes real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager. 

SQL Database Servers: These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb. 

Examples:
MDF, LDF

MOM 2005 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
WKF, PQF, PQF0, PQF1

OpsMgr 2007 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
EDB, CHK, LOG.

Note: Page files should also be excluded from any real time scanning.

Source:  The Manageability Team Blog