Shavlik Technologies has released updated XML files for Shavlik HFNetChkPro.
XML data version = 1.1.2.105 
Last modified on 5/31/2004

 This update includes the following changes:
 – Added detection for Exchange Server 2003 SP1

(we are still testing the deployment instructions for this SP, thus the package
is not available for download and deployment at this time.  We will release an
updated XML file when this SP is available for download and deployment via Shavlik
HFNetChkPro.)

– Added detection and deployment for ISA Server 2000 SP2

I’m not surprised that the Exchange file is not ready to deploy.  I’ve seen some people having a bit issues with the install and it needs the GZIP patch prior to installation.  Plus post installation we need to adjust some settings.

 

11 Responses to Shavlik posts that it’s updated it’s XML file

  1. Just ran BSA on SBS2k3 with SQL and ISA.

    Scan date: 03/06/2004 2:11 AM

    Scanned with MBSA version: 1.2.3316.1

    Security update database version: 2004.6.2.0

    Office update database version: 11.0.0.6517

    Security assessment: Severe Risk (One or more critical checks failed.)

    And obtained the above even after a sucessful installation of

    Successful May 28, 2004 Critical Update for SQL Server 2000 Desktop Engine (Windows) on Windows Server 2003 (KB829358)

    DO I really want to install what they reccomend?

    MS03-031 Cumulative Patch for Microsoft SQL Server (815495) File version is less than expected. [C:\Program Files\Microsoft SQL

    Server\MSSQL\binn\console.exe, 2000.80.194.0 < 2000.80.818.0]

    PLEASE LET ME KNOW.

    Thanks to all the contributors. These pages have been very helpful.

  2. The answer is NO.

    All of my testing has been on a newly built sytem using

    the March 2004 relase of SBS2k3 and the MSDN Dowload of Premium

    CD on May 25,2004

    SQL installation succesful

    SBSmonitoring Instance Failed. Monitoring was not setup yet

    Sharepoint Instance failed.

    The system became unstable after this install. Certificates could not be created.

    System was rebuilt from backup.

  3. Susan says:

    I think something else went on there. There is a timing issue with sharepoint

    840685 – An event ID 1000 error message is logged to the application event log when you restart Windows Small Business Server 2003:

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;840685

    But patching that instance should not cause your server to fall over like that.

  4. Fred Andreone says:

    The 840685 Regedit works well. The first install from your Blogs.

    The Certificate instability noted is caused by using PPOE aand ISA. When the work-around is finalized it shall be reported.

    The recommended BSA patch is older then the patch that had been installed.

    SQL2000-KB815495-8.00.0818-ENU.exe Date Published: 8/11/2003 Version: 8.0

    SQL2000-KB829358-8.00.0884-ENU.exe Date Published: 1/20/2004 Version: 2000

    Therefore the installation fails but only on the SQL Sharepoint Instance

    The installation passes on the SQL, SQL SBSMonitoring Instance

    SQL SP3A was reinstalled successfully but KB829358 still failed.

    No confidence in a successful removal of SQL Sharepoint with Add-Remove becuase of the number of left over entries in registry and elsewhere.

  5. HiltonT says:

    Shavlik also falsely report when scanning a completely up-to-date Windows XP system that I have one missing patch – TOOL03-039, deemed to be critical. This tool is far from critical, and Microsoft even say that it won’t be needed unless Nachi and/or Blaster was detected on the system.

    I have spoken to Shavlik about this "false positive" and they still insist that it is a needed tool. The alternative suggestion was to ignore this report.

    Neither of these are correct.

    If the tool isn’t critical nor required, Shavlik’s HFNetChk Pro should **NOT** report it as critical and missing. This is poor coding. Nothing else.

    I am waiting for this to be addressed, and if not, they will be added to the ThreatCode.com site for falsely reporting missing tools. (And yes, it is a tool, not a patch.)

    – HiltonT

  6. Susan says:

    I disagree Hilton, you do a WU on that system and it will say that it’s missing too. Shavlik is just doing what WU would do.

    I pushed those down to my machines.

  7. HiltonT says:

    I *always* do a WU, and it has never suggested that tool. Never. Not once.

    Actually, Microsoft does not recommend that this tool is installed regardless of its need. If you have a look at http://support.microsoft.com/?kbid=833330 in the "Download and setup information" section you will see where Microsoft clearly states "Note If you use Automatic Updates, this update will be automatically installed if it is needed. You do not have to take any additional action".

    I have not found anywhere on the Microsoft website nor in any of their documentation that I have here – including their Security Bulletins – where Microsoft recommends that this tool (it is not a patch, it is a worm removal tool) be installed regardless of whether the computer has previously been infected. If you can find some recommendation by Microsoft, I’d be glad to see it. Shavlik was unable to provide any proof of this.

    Shavlik therefore falsely report that this tool is critical and missing. It is neither.

  8. Susan says:

    I’ve seen it on WU.

  9. HiltonT says:

    Yes, but, as per the Microsoft KB article I referenced, this will only appear if the machine had previously been infected by Nachi and/or Blaster. If that is not the case, then Microsoft clearly states that the tool is unnecessary and far from critical.

    Shavlik need to learn to read the KB articles more closely, and report the facts, not their version of them.

  10. Susan says:

    No I’ve gotten that on machines that never had either.

    I’d rather have the tools there than not there. Sorry but they can stick that KB on my machines. Protection in any form is wise these days.

  11. HiltonT says:

    Hi Susan,

    That tool provides no protection. None whatsoever. All it does is remove crud left over after Blaster/Nachi has been disabled.

    Also, Microsoft clearly state in that KB that this tool will *only* be offered if one of these two worms has been detected (and removed). No other time will tyhe tool be offered in WU. I’d say, then, that these machines must have been infected and you didn’t know it. Microsoft says that is the case, and in this aprticular instance, I believe them. 🙂

    Again, if a tool is unnecessary, then I’d rather not install it. Simple security reasoning here.