Deploy the Trend Worry Free Business Client via Group Policy

KB ID 0000491

Problem

Trend Worry Free is a nice product, though to deploy the client software out to your machines, you need them to be switched on, have the firewalls off, and the remote registry service running. You can of course connect the clients to the web portal and install the client on a machine by machine basis, (default https://servername:4343), but if you are rolling out a lot of machines this can get tedious.

So you can either script the install or use Group Policies.

Solution

1. Firstly you need to create the install file, on the server that Worry Free is installed navigate to;

[box]

Worry Free Version 7

C:\Program Files (x86)\Trend Micro\Security Server\Admin Utility Client Packager

Worry Free Version 8

C:\Program Files (x86)\Trend Micro\Security Server\PCCSRV\Admin Utility ClientPackager\

[/box]

Locate the ClnPack.exe file and run it.

2. We want a setup package, select your platform, I want it to install silently and NOT to do a prescan. Save the output file somewhere you can find it and click “Create”.

3. Note: If have x64 bit clients that you are also going to deploy software to, you will need to repeat the process and create another package for x64 bit installations as well.

How to Tell if Windows is 32 or 64 bit

You can use a WMI filter to make sure the right policies apply to the right clients;

Using 32 and 64 Bit WMI Filters For Group Policy

4. After a while it should say it was successful, close down the client packager.

5. Create a network share and allow the “Everyone Group” read access to it, then copy the setup file you created above into this share.

6. On a domain controller, Start > Administrative tools > Group Policy Editor > Either edit an existing policy or create a new one. (Remember it’s a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).

Navigate to:

[box] Computer Configuration > Policies > Software installation [/box]

And create a new package.

7. Browse to the UNC path of the setup file DO NOT browse to the local drive letter!

8. Set as “Assigned” > OK.

9. Make Sure: That if you have x64 bit clients, you open the advanced properties of this package, and remove the option to deploy this software to x64 bit clients.

10. Repeat the process for the x64 bit client if you also have x64 bit machines.

11. Close the policy and group policy editor window.

12.  Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Related Articles, References, Credits, or External Links

Original article written 11/08/11

Symantec AntiVirus Asks For Password During Uninstall

KB ID 0000894 

Problem

I was finishing off a domain migration this week and was changing the clients over to McAfee. On one machine I found it had Symantec AntiVirus. When I tried to remove it, it asked for a password.

One of the other machines had Symantec Endpoint Protection installed and this did the same.

As expected, no one knew what this password was, and the default password ‘symantec’ didn’t work.

Solution

The same fix worked for both of them, and its painfully easy. While still being asked for the password, do the following.

1. Launch Task Manager, (Press Ctrl+Alt+Delete, Or right click the taskbar, or simply run Taskmgr.exe).

2. Select the processes tab, Locate the MSIEXEC.EXE service. Note: There may be more than one, if so select the one that running under the user account that you a logged on as DO NOT select it is it is running under the SYSTEM account. End the process.

3. Now the password request box will have disappeared, and the uninstall process will complete on its own.

Related Articles, References, Credits, or External Links

NA

Testing Your Email AntiSpam and AntiVirus Systems

KB ID 0000972 

Problem

I’ve known about the Eicar test virus ever since I started installing CSC modules. But until recently I didn’t realise you could test your AntiSpam system as well.

Solution

Test Your AntiVirus Device/Software

1. Open a text editor and paste in the following text, (make sure you don’t add any extra spaces or formatting).

[box]X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*[/box]

2. Save the file as eicar.com (Note: If using notepad (as below), change the file type to ‘all files’, so it does not save as eicar.com.txt).

2. Then simply email that file to the recipient mailbox that is protected by the system you want to test.

Test Your AntiSpam Device/Software

1. Compose a new email message and and paste in the following text into the body of the message, (make sure you don’t add any extra spaces or formatting).

[box]XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X[/box]

2. Then simply send that email to the recipient mailbox that is protected by the system you want to test.

Related Articles, References, Credits, or External Links

NA

Outlook Error 0x800CCC0F – Using POP3 To Exchange – Behind a Cisco CSC (Trend InterScan) Module

KB ID 0000642 

Problem

I upgraded a clients firewall and CSC software a couple of weeks ago, and ever since “some” users saw the following errors,

Error 0x800CCC0F

Task ‘{email address} – Sending’ reports error (0x800CCC0F): #The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).’

Eventually it would time out altogether with the following error,

Error 0x800CCC0B

Task ‘{email address} – Sending’ reported error (0x800CCC0B): ‘Unknown Error 0x800CCC0B’

Solution

All I could discern from Googling the error, was that the AV (In this case the Trend Micro InterScan for Cisco CSC SSM), in the Cisco CSC Module) was probably the culprit.

I tried stopping the POP3 Service on the CSC that did NOT fix the error.

I confirmed that the CSC module was the root cause of the problem, by disabling the entire module with the following command on the Cisco ASA firewall;

[box]hw-module module 1 shutdown[/box]

Warning: If you do this, your CSC settings must be set to “csc fail-open” or web and email traffic will stop! Once you have confirmed this IS the problem you can re-enable the module with the following command.

[box]hw-module module 1 reset[/box]

I tried from my office and it worked fine, I could not replicate the error, I tried from various servers and Citrix box’s from other clients who kindly let me test from their network. Still I could not replicate the error! I went home and that was the first time I could see the same error their users were seeing. Sadly this led me on a wild goose chase, (I use Outlook 2007 at home and Outlook 2010 everywhere else so I (wrongly) assumed that was the problem).

Breakthrough!

As I could now replicate the error, I could at least do some testing, I attempted a send/receive and looked at the CSC Logging.

Note: To view CSC Logging, connect to the ASDM > Monitoring > Logging > Trend Micro Content Security > Continue > Enter the password > OK > View.

Every time it failed, I saw my public IP being logged with a RejectWithErrorCide-550 and RBL-Fail,QIL-NA. At last something I could work with.

This error indicates a problem with the Email Reputation system, I logged into the CSC web management console > and located this.

Then I disabled the ‘SMTP Anti-spam (Email Reputation)’, and everything started to work.

Conclusion

I understand the need for this system, but the nature of POP3 email clients, dictates they can connect in from anywhere, usually from a home ISP account on a DHCP address. I know from experience that major ISP’s IP ranges get put in RBL block lists (I checked by popping my IP in here, and sure enough it was blocked).

If you are going to use POP3 then you need to leave this system disabled, but to be honest, if you have Exchange, simply swap over to Outlook Anywhere and stop using POP3.

Related Articles, References, Credits, or External Links

Special thanks to Jenny Ames for her patience while I fought with this over a number of days.