Symantec

Symantec Tamper Protection a waste of time?

Since I’ve been using Microsoft’s Virtual Server every time that I start the server up I get an error message from Symantec Corporate Edition entitled Symantec Tamper Protection Alert. Apparently the vmh.exe file is triggering the tamper protection and is allegedly being blocked by symantec….. However, the server seems to behave quite perfectly with having its .exe files blocked and the only visible side effect is a very annoying popup box that insists on being the topmost window complaining about the attempts (96+ per launch) I’ve not found anything on the web or google about this although I know I’m not the only one to have the error message

Nav2006 first impressions

I’m not impressed. The product ships with virus definitions dated the 12th July and running Liveupdate says there are no new defs to install (but did install product updates the first time I ran it). However the pc upstairs running Nav2005 has definitions dated the 20th July. This might not be too bad on its own if it wasn’t for the fact that NAV constantly complains that the defs are out of date and to run live update. This complaining takes the form of popup messages in the corner of the screen and a yellow coloured caution bar containing a triangle and Norton in the bottom right of the screen next to the system tray. Why they couldn’t have just put the application in the system tray like everyone else I don’t know. Right click on Norton status and select Move to System Tray.
The one plus point to having the bar is that when the application silently crashes you can tell because the bar disappears which is more noticable than having an icon in the systray disappear (which can happen with xp hiding icons when it feels like it). Yes, Nav has already crashed on me once and the only reason I noticed was because my email server refused to connect to any of my pop3 accounts yet I could ping them ok. Nav crashing had taken out the forwarding part of the proxy service but was still capturing the outgoing traffic – just not forwarding it onto the mail server. As the bar had vanished I realised what the problem was and restarted the application (and said YES I KNOW THE DEFS ARE OUT OF DATE)
Another plus point is that I can now use Google Desktop search again as it is compatible with Nav – it wasn’t with Nod32 although this isn’t really a plus point to be honest.
The beta only lasts another 14 days (although their website says 30) and I’m glad as so far the product is really awful. The initial scan of my hard disk took 6 hours for the 100gb of data (how did i get that much so quickly?) and the machine was pretty much unusable at this time as the response time was awful. It wasn’t too bad if only one application was used but switching applications would take at least 60 seconds before the new one was available.
I have posted these points to Symantec with at their feedback page and had no response back from them whatsoever. I think a beta program really should have a feedback forum so that it is possible to tell if anyone else is having the same problem and provide an ongoing support conversation with Symantec.

Norton Antivirus causes pc to freeze

The PIL computer has Norton Antivirus 2004 on it and in the past month and a half the machine has been hanging occasionally with the active task (logging, web browsing or emailing) coming up with the hour glass cursor. Killing the process goes through an endless loop of informing MS about the problem and being unable to kill the process. Over the past week and a half I’ve been trying to diagnose the problem by changing bits and pieces on the config and I think I’ve finally tracked it down. The problem is that we need to leave the pc unattended for a period of a day or so to ensure that the problem is fixed (as it often seems to have occured whilst we’ve been away at the computer). It turns out that Symantec have a kb article 2001101111334406 – Computer stops responding when Automatic LiveUpdate runs. Their workaround is to stop liveupdate running and getting the virus updates automatically (which kind of defeats the point of having av updates!) but it does seem to have worked. The computer has been stable for a day and a half and we have had an update warning pop up and the defs downloaded. What annoys me is that they have known about this problem since 2001 and have not fixed it yet.

VPN connections fixed at last

For the past week I’ve had agro from two of our users who have recently had new laptops and been unable to vpn into our network. The vpn connection is established but no traffic is passed through to the lan. The weird thing is that the wireless card on one of the machines would pass traffic but the lan connection wouldn’t. I spent about 5 hours troubleshooting this last week and thought I had a working solution until the next morning when it stopped working again.
This morning I spent an hour systematically working through symantecs troubleshooting guide and finally found this document:- Symantec VPN Client connectivity problems on IBM ThinkPad Laptops and guess what these new laptops are?
Turns out that IBM include some special software that automatically work out where you are connected and fiddle with the tcpip stack appropriately. As soon as I removed the IBM access software from running tasks I was able to ping the network – I was SOOO relieved as I really was starting to get worried about how I was going to fix this problem.

symantec updates

2 of our clients have managed to get corrupt symantec antivirus definitions which means the services stop. As the services are stopped I am unable to update them with the console and I’ve disabled liveupdate. Unfortunately the symantec.com websites are unavailable (and so was msn search) (even though they are using the akamai network to protect against ddos). In the end I used the ftp service at ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/ to download the definitions onto the local pc.
Having said all that I spent about an hour trying various things to fix the client but in the end gave up. I’ve now uninstalled the software and moved across to our new corporate mcafee software instead. I’m not saying this is any better (I doubt it) but we’ll see….
As I write this msn search and symantec are now available again.