Recent content by bugguy51

Molenski: SetupVSE.exe loads the appropriate language pack before starting the .msi, as the installer is designed to use the workstation default. I'm sure you noticed that, when you ran VSE850.msi, the buttons in the installer splash were labeled with object labels rather than button...

Also got a subscriber MichaelYork who purports to be a Symantec support tech. You can find him on the Symantec/Norton Antivirus Forum, i.e., Thread 742-1534041--The Bug Guy

Lots of ways around that, but first you need to define your environment a little better. Are you using ePO to manage your A/V clients, or is each just running independent with a scheduled job to update daily? If they're all running independent, where are they connecting to for their updates...

Actually, a lot of the affected workstations across my Enterprise DID defend themselves very well against a safe-mode boot--about the time the boot attempted to process MUP.SYS, the workstation restarted again on its own, makeing a safe-mode impossible. Be aware, also, that I've caught this...

Well, no...Wasn't much interested in talking to them after I'd cleaned up about a dozen users' workstations. In addition to creating its own app directory, XP 2008 Antivirus drops an .exe into \SYSTEM32 which loads and locks on startup. It also hides the Display Properties>Desktop and...

The original DOJ complaint trojan's been around for a couple of months, so if you just got blipped by this one yesterday, you probably got the new variant described here: http://vil.nai.com/vil/content/v_142478.htm We got an emergency notification/profile release at midnite, based on detection...

Dennis: It's an added "undocumented security feature"--wouldn't want a miscreant running around uninstalling your security suite....Solution and a link to Symantec's uninstall utility are provided in thread742-1438798.--The Bug Guy

mrlar: Depending on how it's priced and what their support is like, F-Secure A/V is a capable product, and their engineers very proactive. When we were evaluating alternative Enterprise A/V solutions about 2 years ago, their product tested very positively. They only lost out because their...

And they've made a liar of me yet again! After Gold Level told me to go fish 'til 8.5 Patch 4 is released in mid-October, I found Patch 3 posted on the Service Portal today. Someone needs to get their stuff together...... The Bug Guy

Nope, that's NOT a typo. I pounded on Gold Support again today, as a couple of issues that were addressed in "Patch 2" are holding up planning a deployment of 8.5 for me. Reply was that Patch 4 is a roll-up of everything that was supposed to be addressed in 2 & 3. Release date is...

What you're looking at there is one cycle of your Deployment task. That ran okay, but all it's supposed to do is install client applications. You need to search the log for a run of your update task (search by task name as it appears in your ePO task list)--it will appear in the first line of...

The contents of the agent activity log will tell you why updates are failing. It generally lives at \Documents and Settings\All Users\Application Data\McAfee (or Netrowk Associates)\Common Framework\DB\Agent_(machine name).xml. My suspicion is that every update that occurs ends with an "unable...

Yeah, I had considered handing it off to a vendor, but, thinking it through to its logical conclusion, I'll eventually be managing it, so I need to make a lot of the platform policy decisions. Improves my chances of correcting the problem the day that it quarantines a half-dozen production...

McAfee also has another product called Policy Enforcer (additional license, more licensing $$$, but still much cheaper than most NAC solutions) that snaps into ePO 3.5 and above called Policy Enforcer--am currently doing a proof-of-concept of it. When an unmanaged rogue device is discovered on...

Sorry, got interrupted while reading your post and replied before I finished reading. Pretty much every compliance tool I've seen will inventory everything on the network that has a MAC address and/or IP. Generally, the real malicious intruder on your network will disable NetBIOS and hard-code...