18 January 2008

SEP 11: virus definition folder takes too much disk space

For those who did not give up trying to deploy Symantec Endpoint Protection 11.

On client computers you might notice that virus definition folder (by default it is located in C:\Program Files\Common Files\Symantec Shared\VirusDefs) takes up large amounts of disk space. In my case - more than 5 Gb. When you open VirusDefs folder you can see a lot of temporary folders called tmpXXXX.tmp, where XXXX are hexadecimal characters.

The cause of the problem is that virus definitions may be corrupted.

To solve this issue, follow the steps below:

1. Stop the Symantec Management Client service:

  • Start -> Run
  • Type "smc –stop" (without qoutes) and click OK

2. Stop the Symantec Endpoint protection Service in services snap-in

3. Go to "Virusdefs" folder. Delete all ".tmp" files and folders AND any numbered folders (such as "20070820.048", "20080115.021" etc.)

4. Install new definitions manually using the Intelligent Updater:

  • Follow this link: http://www.symantec.com/avcenter/defs.download.html
  • Select the language and for the product, select Symantec Endpoint Protection
  • Click "Download Updates" button
  • Select the correct file to download for Symantec Endpoint Protection 11 depending on whether it is for 32-bit or 64-bit OS
  • Click the ".exe" file specified for Symantec Endpoint Protection 11, download to your hard drive and run it

5. Start the Symantec Endpoint Protection Service

6. Start the Symantec Management Client service:

  • Start -> Run
  • Type "smc –start" (without qoutes) and click OK
Source: http://youradmin.blogspot.com/

16 January 2008

Internet Explorer 7 (IE7) deployment - New white paper

Microsoft just released a new version of their IE7 deployment paper. The document has 156 pages. IE7 deployment can get tricky. Try to read this document before deployment, if you haven’t done it yet. It might be a useful reference if you run into problems.

09 January 2008

Things that Virtual PC needs to be run as Administrator for...

For the most part Virtual PC is able to happily run when you are using a non-administrative user account and everything will work. There are - however - a couple of things that will not work correctly unless Virtual PC is run under an Administrative account:

  1. Using ping (or other ICMP based tools) over shared networking.

    In order to create ICMP packets (as opposed to standard TCP/IP packets) that appear to originate from the virtual machine when using shared networking - we need to access Windows APIs that are restricted to only being accessed by administrators.

    The reason why these APIs are restricted is that there are a number of known ICMP based network attacks that malicious software could try to utilized on your computer.

    The impact of this is that you will simply be unable to ping other computers from a virtual machine. Note that this does not affect virtual machines that are using a direct connection to the physical network adapter.

  2. Using or converting linked virtual hard disks.

    Linked virtual hard disks require us to open a handle to the raw physical disk object (and bypass the Windows file system). As this mechanism could also be used to bypass file system security it is restricted to administrative processes only.

    If Virtual PC is not running as an administrative process you will be unable to create linked virtual hard disks, convert linked virtual hard disks or boot virtual machines with linked virtual hard disks connected to them.

  3. Accessing copy protected CDs.

    Virtual PC attempts to access the physical CD by using a handle to the raw disk (like with linked virtual hard disks) but if that fails it will fall back to using the Windows file APIs to access the CD.

    The Windows file APIs work fine for accessing normal data off of CDs - but is unable to provide the information necessary to support the use of copy protected CDs inside of virtual machines.

    If Virtual PC is not running as an administrative process access to normal CDs will function correctly - as will data access to copy protected CDs - however any software that attempts to check the authenticity of a copy protected CD will fail.

  4. Configuring the Virtual PC security options.

    Configuring the Virtual PC security options requires that we change registry keys stored in the Local Machine registry hive. The values are stored here so that non-administrative users cannot undo security settings changes made by an administrative user.

    If Virtual PC is not running as an administrative process the settings on this options page will be disabled.

Now remember that under Windows Vista Virtual PC will be running as a non-administrative process even if you are using an administrative account. To get these features to work under Vista you need to right click on the Virtual PC icon in the start menu and select 'Run as administrator' (with the exception of the Virtual PC security options where we will prompt you to give administrative approval if you are not running as administrator).