Forefront Client Security – problems updating

,

ffcsI have just had a few servers that somehow has failed to update their Forefront Client Security client software 🙁  The problem seem to be that Forefront cannot seem to stop the FCSAM service while updating, the service is stuck on “Stopping” and neither taskkill og any other utility seem to be able to kill it.

The errors in the eventlog go something along these lines;

Microsoft Forefront Client Security Antimalware Service
Error 1921. Service  'Microsoft Forefront Client Security
Antimalware Service' (FCSAM) could not be  stopped.

I have tried uninstalling, rebooting and reinstalling but this did not help.

The workaround suggested is to set the service FCSAM to manual, reboot, upgrade and then setting the service back to automatically – however this only works for now and thus only postpones the problem.

I have found this article on a similar problem which I will try tomorrow, this includes some additional cleanup steps;
Eg. issuing the command; sc delete fcsam

I will also try to slipstream the installation of Forefront Client Security before I retry the re-installation, description on how to do here (mind you use the latest update and not the one the article refer to);

/by

GFI WebMonitor 2009 Freeware

, ,

WEBMON2009---Box-874-900If you have ever worked with Microsoft ISA server you may have heard of “GFI WebMonitor”, “GFI WebMonitor” is an add on to the ISA server (it does also exist as a standalone server application) that will allow for Malware, Virus scanning along with traffic analysis and extended logging of HTTP traffic thus protecting workstations against ‘drive by infections’ and other script dangers while surfing.

The news part is that GFI now offer a freeware version, the freeware version is however limited to logging and statistics thus the Malware and Virus protection is turned off in the freeware version after 30 days.  But still the logging and statistics functionality is not half bad for free.

So if you are looking for traffic logging and analysis this may be worth a look.

Get it here;
http://www.gfi.com/internet-monitoring-software

/by

Peerblock to replace PeerGuardian 2

, ,

peerblock-1For those of you that has been using PeerGuardian 2 in the past (PeerGuardian 2 is a Firewall / blacklist that can block certain IP’s based upon lists you subscribe to) here is some good news 🙂

As you may know PeerGuardian 2 has not been supported for the past 1-2 years, and is (to say it mildly) not very stable on Windows Vista/7 etc.  Well some nice people has decided to continue the project under a new name Peerblock, and I do mean continue as the first version is based upon the source from the last PeerGuardian.

As with PeerGuardian the Peerblock application is free (although donations are greatly appreciated).

Get  it here

/by

3G Cell phone encryption weakened

,

listenThe A5/1 encryption used to protect GSM phone conversations has long since been broken, actually just last year it was made possible to eavesdrop encrypted GSM in realtime – hence GSM telephony is today to be considered utterly insecure.  Scientists have thus begun working on the 3G variant A5/3, and it would appear that a “breakthrough” has been made, not quite allowing for realtime decryption but weakening the cipher quite considerably.

Read the scientific repport here;
http://eprint.iacr.org/2010/013

/by

AV slowdown comparison

,

AV comparison, www.av-comparatives.org has made a rather interesting comparison of how much different AV products slow down your machine, besides the technical comparison they also offer some general advices on how to optimize your experience with AV products in general..  Interesting reading, get their PDF here

A summery of their findings (higher is better);

  • AVIRA AntiVir Premium 9.0 – 199 point
  • Kingsoft Antivirus 9 Plus – 196 point
  • F-Secure Anti-Virus 2010 – 195 point
  • Kaspersky Anti-Virus 2010 – 193 point
  • Sophos Anti-Virus 9.0.1 – 193 point
  • Microsoft Security Essentials 1.0 – 190 point
  • avast! Free 5.0 – 188 point
  • Symantec Norton AntiVirus 2010 – 188 point
  • ESET NOD32 Antivirus 4.0 – 183 point
  • McAfee VirusScan Plus 2010 – 174 point
  • Norman Antivirus & AntiSpyware 7.30 – 169 point
  • AVG Anti-Virus 9.0 – 164 point
  • BitDefender Antivirus 2010 – 154 point
  • G DATA AntiVirus 2010 – 152 point
  • eScan AntiVirus 10.0 – 137 point
  • Trustport Antivirus 2010 – 125 point
    • /by

    Bitlocker “broken/cracked” well sort of!?

    , ,

    13851-250x161crop0According to the Danish online newsletter/magazine www.newz.dk (via link) Bitlocker encryption has been broken/cracked, or at least it has become possible to discover the passwords rather quickly using a third party tool Passware Password Recovery –  http://www.lostpassword.com/kit-forensic.htm

    And sure enough if you visit their website you will find this statement;
    “Recovers encryption keys for hard drives protected with BitLocker in minutes New”

    Although this indeed sounds very interesting there seem to ba a catch, you need a memory image on which to apply the Passware Password Recovery utility.  Read more here

    /by

    Proxy bypass basic URL filtering etc.

    ,

    screenshotproxyImagine this; You are at a public wifi spot, and they have locked down what pages you may visit by simple DNS or URL filtering, and you just have to visit Rapidshare.com where one of your friends have send you this important file!?  What to do?  Well actually you have to do this before you wind up in this mess, but once it’s done you can use it anywhere anytime to combat situations like this.

    The thing you are looking for is PHProxy and the link is;
    http://sourceforge.net/projects/poxy/

    Basically what this will do is to setup a proxy website that you can browse through, easy as pie.

    You need a server or webhotel that supports PHP, you upload the PHProxy files (about 3 files is all it takes), and once you connect to the site where these files are hosted you get your own Proxy start page. It works like this, once you enter the URL on the PHProxy start page then the server on where the PHProxy php files are stored will go get your page for you and display it, from your end it looks like you are just visiting www.YOURSITE.com (the name of the site where you uploaded the PHProxy files) while the content on this site is actually Rapidshare, Facebook or whatever is blocked.

    It is utterly simple to setup and use, mind you though not all pages work perfectly with this solution 🙁 but what can you expect from 3 php files 🙂  never the less it is simple, free and work for your basic pages.

    /by

    Avast amok

    ,

    The popular Avast antivirus went amok yesterday after a bug in a definition file, it started detecting hundreds of files as infected with Win32:Delf-MZG.

    For cleanup instructions and explanation go here;
    http://forum.avast.com/index.php?topic=51647

    /by

    F-Secure antivirus boot cd 3.11

    , ,

    fsceureWhen trying to get rid of a virus it often a good idea to scan using a boot CD, some viruses / rootkits bury themselves so deep that even the best antivirus cant detect them.  Sadly very few CD’s are commercially available, and most often requires regular updates to always have the latest definitions.

    A friend of mine Mr. Grøn, Torben pointed out that he had just stumbled across;

    http://www.f-secure.com/linux-weblog/2009/09/22/rescue-cd-311/

    Now this is interesting, F-Secure is an old player on the AV marked and usually makes good stuff, and it would appear this is no exception.  It is a Linux boot CD that can scan NTFS partitions, and the clever part is that it actually downloads the latest definition files before it begin scanning – clever..  One minor “issue” though, it will rename file extensions to .virus if a file is infected, and this is also true for system files – thus you can ‘damage’ your windows installation and make it non bootable which can be a problem for novice users.

    Other than that it offer some extra recovery utilities for pictures etc.  Absolutely worth a look.

    Update;
    You may also want to give this a spin, I just learned about this;
    http://trinityhome.org/Home/index.php?wpid=1&front_id=12

    /by

    Panda Cloud Antivirus. Version 1.0 is finally here!

    ,

    From Panda’s Cloud Antivirus blog

    cloudav-10

    First of many thanks to the millions of beta testers and specifically to those who have given us feedback and helped improve the product. We think we have fixed all the issues you have reported.

    If you have any of the previous versions installed (Beta1, Beta2 or Beta3) do the following:
    1- Uninstall your current version.
    2- Reboot your computer.
    3- Download version 1.0 from http://www.cloudantivirus.com and install.
    4- If you already have an account from Beta3, you can use the same one. Otherwise the installer will prompt you to create a Cloud Antivirus account.

    As a reminder, don’t forget to use the Panda Cloud Antivirus Technical Support Forum for posting any issues you might experience.

    Thanks again for helping us create this great free antivirus !!!

    /by