Tuesday, August 26, 2008

Week 35 Article 03 - Cannot login to Symantec Endpoint Protection Manager Console Aaargh!! But I solved it at last

The latest Symantec Corporate Antivirus product in the market is Symantec Endpoint Protection v11. Since almost all my customers are using Symantec for Antivirus protection, this year, as part of their upgrades, Symantec Endpoint Protection (SEP) was installed.

SEP is Symantec's attempt at controlling the client pcs using policys as found in Windows domains. If you were to look at the policy structure, it looks so familiar to the group policy found in Windows 2000.

Now, lately I have noticed that I am unable to login to the Symantec Endpoint Protection Manager (SEPM). This is the administration console for SEP, where you can monitor and roll out new clients, just to name a few functions. The message shown when I try logging on is as follows



Investigating further, I found that the Symantec Endpoint Protection Manager service was stopped. I restarted this but within a few seconds, it stopped again. Looking through the Windows event logs I found the following entries
EventID: 4096 Source: SemSrv
The Java Virtual Machine has exited with a code of -1, the service is being stopped.

EventID: 5 Source: SemSrv
The semsrv service has stopped.


After countless hours of trolling google for answers, I finally managed to get this solved myself. And as for Symantec support, well it would be good if they knew they product abit better!!

Listed below are the steps to rectify this problem.
1. Ensure that you have a copy of the SEPM installer
2. Be aware that you will have to re-add all clients to the server. Dont worry you dont have to reinstall the antivirus client. There is an easier way and I will tell you that towards the end of this document.
3. Check your IIS on the server hosting SEPM to see what website is currently using tcp port 80 for incoming traffic. The fix forces SEPM to use tcp port 80, thereby disrupting any other websites that might be expecting traffic on the same tcp port.
4. Go to Add/Remove Programs and click on Change beside Symantec Endpoint Protection Manager. When the uninstaller starts, click on Remove.
5. During the next few screens you will be asked if you want to remove the database files and the backup files. Leave these unticked.
6. Once the uninstall has finised, start the installer for SEPM.
7. When you come to the selection for selecting a Web Site, Use the default Web site is selected by default. Choose the one below that choice, which is Create a custom website.
8. Follow through with the default settings for the rest of the choices.
9. Once installed, you will be able to login to SEPM.
10. Now you have to go into IIS and change the listening port for the website that was originally listening on port 80. Once you have changed it, start this website and check to ensure that it comes up alright. If you still get an error saying that some other program is using the new tcp port but you are sure that none is (you did a netstat -a -o), then in the website properties, click on advanced beside the IP address to ensure that that website is not listening on multiple ports.
11.Now, you have to re-add all the clients back into your SEPM domain. This can be done using the steps listed in document found at http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082009543848?Open&seg=ent

Have fun and yeah you can always email me your thanks at nivleshc@yahoo.com or just leave a nice comment.

Cya

Monday, August 25, 2008

Week 35 Article 02 - The wonderful world of Google Docs

Week 35 Article 01 - How to Clean the dreaded Trojan.Vundo virus

Hi to you all

Trojan.Vundo has to be one of the most annoying virus/Trojan that I have encountered for a long time now. More because, yours truly got his personal computer infected hehe. Well I took it to be more of a positive than a negative. Now, how I got infected, you ask?

For months now, I have been running without any Antivirus software on my PC. The ones that I did trial were too buggy and memory/CPU intensive and I just could not be bothered with them anymore. So when my Norton IS subscription ran out, I just resorted to plain old common sense to keep my computer free from the baddies. Well it all went to plan until I had to download a program that I really needed. Unknown to me, it was laced with Vundo!! Once I had unzipped the download and started the install, then only did I realise I had been HAD. My desktop shrunk to 60% of it size because the folder details screen was taking the 40% of it now. My taskbar now displayed Virus Alert!

Well it took me some time but I finally got it out (would have been less time consuming to just reinstall but I just didnt want to give in to a virus/trojan .. its a pride thing hehe.

BTW here is the article from Symantec about this trojan and how to remove it
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=2

Listed below are the steps I followed.
1. Did a System Restore of my computer to a point before the virus infection.
2. Downloaded SuperAntispyware and did a full system scan and cleanup
3. Downloaded TweakXP and went through all the policies that the trojan had applied on my pc (the trojan disables access to the Task Manager, Control Panel among other other applets> and removed them.
4. Went into the Regional Settings of my computer and removed the prefix Virus Alert! that the trojan had put in the time/date formats
5. Installed McAfee Internet Suite trial and performed a full scan

After having Norton on my system for a year, I had come to a point where I despised all Antivirus software because they just made my computer crawl to a standstill! My own opinion about antivirus is that it should run in the background with such a light foot that you hardly notice it, be it a brand new pc or one a year or two old. I had tried McAfee couple of years back and it was the same. But I do confess I had let my prejudice about McAfee run wild and had not tried it for ages. My recent excursion with McAfee has left me with nothing but smiles. I hardly notice McAfee running on my computer apart from its icon in my task bar. I have also tried TrendMicro Internet Security in the past and I loved it as well.

My advice, stay as far away as possible from Norton. Give McAfee or TrendMicro a try and I am sure you will not regret it. I am in the last few days of my trial, after which I will buy a years worth of subscription.

Have a great day.