06-17-2004
|
#11 |
|
|
Re: Trendmciro - for minus 5 cents
> Jim, > > Also, go to Administrative Tooks, Services, and carefully review the list > for anything appearing Sygate. There was an older version that failed to > stop the service before uninstall, and thus the service was not removed. If > you find one, right-c****, Stop, and then right-c****, Properties, Startup > Type, Disabled. > > Allan > Allan, Thanks. This should keep me busy for a couple of days (especially since my evening hours are limited of late). I'll report back. I'm figuring I can leave the Motorola in the loop for the time being (aside from updating any firmware), as it will provide some protection if I can get on the 'net with low or no security from the Trend Micro product. -- Jim McDonald |
|
06-19-2004
|
#12 |
|
|
Re: Trendmciro - for minus 5 cents
> Jim, > > If disabling Trend's firewall didn't help, it's more likely another issue, > and I suspect the remains of another firewall, or the Layered Service > Provider in Winsock2. > > Check for latest drivers and firmware for Motorola and Netgear. Done and installed for the Netgear. The only updates for the Motorola were USB drivers for connecting to the PC. Not installed, since I didn't think they would be relevant. > > Next is LSPFix, which repairs and renumbers the Layered Service Provider > list (must be sequential) for Winsock2. If LSPFix doesn't find any bad LSP > entries to recommend repairing, and you dont see an entry that appears to be > Sygate-ish, c**** Finish, and it will renumber the list on exit. It's at > http://www.cexx.org/lspfix.htm Done. Nothing obviously from Sygate (mswsock.dll, winrnr.dll, rsvpsp.dll). Nothing was re-ordered. Also checked the running services, but again nothing obviously from Sygate. However, Internet Connection Firewall was showing as Started and Auto, even though the network settings checkbox has always been cleared. Stopped and set to Manual. > > Might also try installing and then removing the latest Sygate product, it > may clean-up after the older one. Particularly in the CLSID sections, > entries may not contain data recognizable by jv16 as being Sygate. Installed and removed. Ran LSPFix after the install, the only new entry was MxAVLsp.dll, which I'm sure does belong to System Suite. I still didn't see anything in services which looked like a VCOM/Sygate firewall. All to no avail. I submitted an email to Trend Micro support. There does appear to be a Hotfix (Solution ID 17794) that may be relevant, but the link to the Readme is broken. Presumably the support email will produce some info. > > Allan > -- Jim McDonald |
|
06-19-2004
|
#13 |
|
|
Re: Trendmciro - for minus 5 cents
MxAVLsp.dll belongs to Ontrack Systems Data Recovery. A list of LSPs is at http://www.angeltowns.com/members/zupe/lsps.html I'd like for you to download HijackThis and run it. It is a small program, and is the quickest way to fully do***ent selected protions of the system that might be exploited by spies and trojans. Run the program, press 'Scan', then 'Save log', and send me the logfile. Address is netsmith, ISP is bellsouth, and they are a net rather than a com. http://www.download.com/3000-2144-10227352.html Try this link to the Trend article - the link to the readme works here, but the fix is for version 11.10, and you should have 11.31 Build 3017 (Help, About, Version in Trend's System panel). You might get the patch and compare versions and dates on the files with the ones you have. I'd guess yours are later. http://kb.trendmicro.com/solutions/s...lutionID=17794 The USB drivers emulate an Ethernet card, as as such, install as an 'adapter', as would a NIC. Firewalls scan installed adapters to manage traffic. Might want to give the new drivers a try. Most wireless drivers have some sort of status monitor that will show whether the connection is active. Do you have such an indicator? Allan -- One asks, many answer, all learn. Plato - on the 'Forum' -- True Civility is when everyone gives to every other one every right that they claim for themselves. "Jim McDonald" <jamcdonald@nospam.excite.com> wrote in message news:4eLAc.126596$oQ6.1901@twister.rdc-kc.rr.com... > Allan Smith wrote: >> Jim, >> >> If disabling Trend's firewall didn't help, it's more likely another >> issue, and I suspect the remains of another firewall, or the Layered >> Service Provider in Winsock2. >> >> Check for latest drivers and firmware for Motorola and Netgear. > > Done and installed for the Netgear. The only updates for the Motorola were > USB drivers for connecting to the PC. Not installed, since I didn't think > they would be relevant. > >> >> Next is LSPFix, which repairs and renumbers the Layered Service Provider >> list (must be sequential) for Winsock2. If LSPFix doesn't find any bad >> LSP entries to recommend repairing, and you dont see an entry that >> appears to be Sygate-ish, c**** Finish, and it will renumber the list on >> exit. It's at http://www.cexx.org/lspfix.htm > > Done. Nothing obviously from Sygate (mswsock.dll, winrnr.dll, rsvpsp.dll). > Nothing was re-ordered. Also checked the running services, but again > nothing obviously from Sygate. However, Internet Connection Firewall was > showing as Started and Auto, even though the network settings checkbox has > always been cleared. Stopped and set to Manual. > >> >> Might also try installing and then removing the latest Sygate product, it >> may clean-up after the older one. Particularly in the CLSID sections, >> entries may not contain data recognizable by jv16 as being Sygate. > > Installed and removed. Ran LSPFix after the install, the only new entry > was MxAVLsp.dll, which I'm sure does belong to System Suite. I still > didn't see anything in services which looked like a VCOM/Sygate firewall. > > All to no avail. I submitted an email to Trend Micro support. There does > appear to be a Hotfix (Solution ID 17794) that may be relevant, but the > link to the Readme is broken. Presumably the support email will produce > some info. > >> >> Allan >> > > > -- > Jim McDonald |
|
06-20-2004
|
#14 |
|
|
Re: Trendmciro - for minus 5 cents
Jim,
Try one other thing - disable PC-cillin's e-mail virus scanning. I found a couple of reports that with both McAfee and Norton, e-mail virus scanning somehow causes logon problems to Roadrunner Cable. I never heard of such a thing, but its worth a quick try. Allan -- One asks, many answer, all learn. Plato - on the 'Forum' -- True Civility is when everyone gives to every other one every right that they claim for themselves. "Jim McDonald" <jamcdonald@nospam.excite.com> wrote in message news:4eLAc.126596$oQ6.1901@twister.rdc-kc.rr.com... > Allan Smith wrote: >> Jim, >> |
|
06-20-2004
|
#15 |
|
|
Re: Trendmciro - for minus 5 cents
Allan Smith wrote:
> Jim, > > MxAVLsp.dll belongs to Ontrack Systems Data Recovery. A list of LSPs is at > http://www.angeltowns.com/members/zupe/lsps.html > [snip] > > Allan > Allan, I've got it working. I will be sending you an email explaining what I did, and perhaps you can figure out why it worked! -- Jim McDonald |
|
06-20-2004
|
#16 |
|
|
Re: Trendmciro - for minus 5 cents
(repeated here for general information)
The 'Low' setting of the Firewall Profiles, Security Level tab slider permits any incoming and outgoing, unless explicitly blocked. The 'Medium' level permits any outgoing, unless blocked, and only permits 'Allowed' incoming. "High" blocks in _both_ directions unless explicitly allowed, and will alert you for any outogoing violations, asking what to do. If you allow it, it will be automatically added to the operative profile. All slider positions scan network traffic for viruses and trojans If you really want to tighten PC-cillin up, add a new named profile and set the level to High on the Security Level tab. You'll have to add an exception to permit _any_ traffic, in _either_ direction, and will receive alerts for outbound violations. You'll probably want to check all the checkboxes for the default rules. If you have set Windows to synch the system time with an external source, add a permitted bi-directional UDP port 123 for the Network Time Protocol. If you are sharing resources, you'll want to permit outgoing TCP port 135 (do not permit incoming unless necesary). That said, "Direct Connection" is well-secured, and as long as you can still use your LAN, I'd stick with it. If not, go to 'Office Network' profile or create the one above. In either event, be sure and check Secure Web if you use https sites, and add the two rules mentioned above, if required. You will want to do XP SP2 at formal release, if not now. I have RC2 of it and depend on its integrated firewall. I only use "Home Network" in Trend, as it is "Low", and thus only scans for network viruses and trojans, letting Windows Firewall do all the firewall work. Allan -- One asks, many answer, all learn. Plato - on the 'Forum' -- True Civility is when everyone gives to every other one every right that they claim for themselves. "Jim McDonald" <jamcdonald@nospam.excite.com> wrote in message news:KW2Bc.17635$WX1.17370@twister.rdc-kc.rr.com... > Allan Smith wrote: >> Jim, >> >> MxAVLsp.dll belongs to Ontrack Systems Data Recovery. A list of LSPs is >> at http://www.angeltowns.com/members/zupe/lsps.html >> > [snip] >> >> Allan >> > > Allan, > > I've got it working. I will be sending you an email explaining what I did, > and perhaps you can figure out why it worked! > > -- > Jim McDonald |
Linear Mode
