Antivirus: December 2007 Archives

Yet Another SEP11 problem

I wrote last week how my Vista tablet cratered shortly after I installed Symantec Endpoint Protection 11. I've rebuilt that computer, and decided not to do any more testing with SEP for a while. If I didn't have Symantec coming in sometime soon for a NAC demo I'd be evaling McAfee Total Protection Enterprise.

Today I came in after a few days off and found that my desktop is out of hard drive space. After looking around I found 18.6 GB of files in c:\program files\common files\Symantec shared\. Most of these files were in directories named *.tmp. Now I know this sort of thing happened in previous version of Symantec as well, but it hadn't happened to me. and it hadn't happened within weeks of installation.


By Roger on December 18, 2007 9:31 AM | | Comments (0) | TrackBacks (0)

USCERT: Active Exploitation Using Malicious Microsoft Access Databases

http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment

US-CERT is aware of a stack buffer overflow vulnerability in the way that Microsoft Access handles specially crafted database files. Opening a specially crafted Microsoft Access Database (e.g., .MDB) can cause arbitrary code execution without requiring any additional user interaction. Microsoft Access files are considered to be high-risk, so it may be possible to execute arbitrary code without using a vulnerability in Microsoft Access.

US-CERT is aware of active exploitation using malicious Microsoft Access databases.

To help protect against this type of attack, US-CERT recommends the following:

Do not open attachments from unsolicited email messages
Block high-risk file attachments at email gateways

By Roger on December 11, 2007 12:30 PM | | Comments (0) | TrackBacks (0)

"I've got issues"

Ok, so the title is an inside joke.

On Monday I began having some issues on my Vista Tablet.


  • The computer isn't able to obtain an IP address from the DHCP server

  • An error: error 56 the cisco systems, inc vpn service has not been started

  • Unable to uninstall SEP11

  • Unable to perform a rollback to a previous snapshot

  • Unable to open tcp/ip properties because supposedly another dialog was already open

I'm blaming Symantec Endpoint Protection 11. That was the last change to the system.

By Roger on December 11, 2007 9:22 AM | | Comments (3) | TrackBacks (0)

Symantec Liveupdate November 21

I noticed today that Liveupdate on my home computer wasn't working. The definitions were at November 21, 2007. When I attempted to run liveupdate manually I received an error " LU1825: LiveUpdate could not understand how to install this update. You may need to get the latest version of LiveUpdate before you can install this update."

I'd previously been following threads about this problem over at Broadband Reports and at the Symantec Forums.

I followed the advice here to either reboot or restart the Symantec Antivirus service. I restarted the SAV service and immediately liveupdate worked. I've had this problem on SAVCE 10.1.6 and 10.0.1, but I've seen postings from users of Symantec AV consumer products as well.

By Roger on December 8, 2007 6:39 PM | | Comments (0) | TrackBacks (0)
« Antivirus: November 2007 | Main Index | Archives | Antivirus: January 2008 »

Search