January 26th, 2010
With the newest patch, OfficeScan 8.0 supports Windows 7.
This is Trend Micro OfficeScan 8.0 SP1 Patch 5
Full readme can be found here:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch5_en_readme.txt
It’s important to notice that only the following drivers are compatible with Windows 7:
Virus Scan Engine (8.952 or higher)
Virus Cleanup Engine (6.2.1016 or higher)
Anti-rootkit Driver (2.8.1063 or higher)
Common Firewall Driver (NSC) (5.8.1092 or higher)
Virus Scan Engine and Virus Cleanup Engine can be updated from the Active Update server.
Anti-rootkit Driver and the Common Firewall Driver (NSC) are included in this patch.
I haven’t had time to test if this actually works on Windows 7. If anyone has, please feel free to leave a comment. I will test it as soon as I can.
Tags: OfficeScan, OfficeScan 8, Trend Micro, Windows 7
Posted in Security, Software, Trend Micro | No Comments »
November 24th, 2009
Some of might have noticed this, but I’m writing a post about it any way.
Trend Micro is now rolling back the VSAPI 9.000 from ActiveUpdate. Reason: “There have been reports of issues on the following products scanning certain malformed PDF files”.
The version available through ActiveUpdate is now 9.100.1001, this is essentially version 8.952.
The products affected are:
OfficeScan
ServerProtect
Worry-Free Business Security (WFBS)
Earlier, they sent out an advisory about VSAPI 9.000 and problems with Windows NT (think it was OfficeScan 7.3 and ServerProtect). The problems resulted in the Scan Engine being unable to load the pattern files.
Read the entire Customer Notification here:
CUSTOMER NOTIFICATION Rollback of VSAPI Version 9.000 from ActiveUpdate
Tags: ActiveUpdate, OfficeScan, OSCE, Serverprotect, Trend Micro, VSAPI, VSAPI 9.000, WFBS, Worry Free Business Security
Posted in Security, Software, Trend Micro | No Comments »
November 24th, 2009
You might have read the release notes for Finjan Vital Security 9.2, and found that the instructions doesn’t make much sense. E.g.:
- The files are not available
- The notes are referring to files not available on the Finjan web site
- The instructions are incomplete, and doesn’t work.
(http://www.finjan.com/objects/NGupdates/OSupdates/vs_ng_os_update_9.2_release_notes.htm)
Here are working instructions on how to install Vital Security v. 9.2 on a NG-appliance.
Read the rest of this entry »
Tags: Finjan, Finjan Appliance Image, Finjan Vital Security, NG-5000, VS 9.2
Posted in Finjan, Security | No Comments »
November 13th, 2009
There is a new 0-day remote exploit available for Windows 7 and Windows Server 2008 R2.
This only works on R2 of Windows Server, but it work even with all the latest patches applied.
Exploitation of the exploit crashes the system. This is done by sending a NetBios header that specifies that the SMB-packet is 1, 2 or 4 bytes larger or smaller than what it actually is.
When the system crashes, there is no BSOD, the system simply freezes. And there is no traces in the event logs (after reboot).
When the system receives the packet, it goes into an infinite loop.
The crash itself happens in KeAccumulateTicks() due to NT_ASSERT()/DbgRaiseAssertionFailure() (which is caused by an infinite loop).
The vulnerability could possibly be exploited through IE.
And the proof of concept works by:
1. Running the python code on a *nix box, and ensuring port 445 is open.
2. Connecting through SMB to the *nix box.
Read more:
http://isc.sans.org/diary.html?storyid=7573
http://blog.trendmicro.com/new-smb-zero-day-exploit/
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
Tags: 0-day, 0day, SMB remote exploit, vulnerability, Windows 7, Windows Server 2008 R2
Posted in Security, Windows | No Comments »
November 9th, 2009
If you didn’t get the latest Technical Advisory from Trend Micro
Here is a brief summary.
On November 16, 2009, Trend Micro will make the VSAPI 9.000 available through ActiveUpdate (AU).
It will be released for the following products:
- OfficeScan
- Client Server Messaging Suite / Client Server Suite
- Worry Free Business Security
- ServerProtect for NT
- Trend Micro Control Manager
And it will include the following new features:
- Support for the detection of files that contain known PDF exploits
- Support for shellcode detection
- Recognition of the following additional file types:
- Flash Video (FLV)
- Microsoft Document Imaging (MDI)
- Moving Picture Experts Group (MPEG)
- QuickTime (MOV)
- RIFF
- SITX
- ZIP64
- Support for the detection of exploits to Microsoft Office vulnerabilities
Edit: The entire Advisory has been posted on the TCSE community - from ACAPacific blog.
Tags: Client Server Messaging Suite, Client Server Suite, OfficeScan, Serverprotect, Trend Micro, VSAPI, WFBS, Worry Free Business Security
Posted in Security, Software | No Comments »
October 29th, 2009
Woho, VMware released Workstation 7.0 and Fusion 3.0 a couple of days ago.
VMware Workstation 7.0 Release notes:
http://www.vmware.com/support/ws7/doc/releasenotes_ws7.html
VMware Fusion 3.0 New Features:
http://communities.vmware.com/docs/DOC-10957
A list of the most interesting new features in VMware Workstation:
Read the rest of this entry »
Tags: vmware, vmware fusion, vmware workstation
Posted in Software | No Comments »
September 7th, 2009
If you want to install Windows XP Professional on a Dell XPS M1330 laptop, its enough to set the S-ATA controller to “ATA”-mode in the BIOS (yes, disable ACHI, and remember to disable the flash cache thingy too).
Tags: Dell XPS M1330, Installing Windows XP, Windows XP
Posted in Windows | No Comments »
September 1st, 2009
So, just some thoughts about Trend Micro OfficeScan 10. Its been some months now, since the GM build release of OfficeScan 10. And most people should have had enough time to test it properly. So what are the current pros and cons? Should you upgrade, or wait a bit longer? Anyone?
In my opinion:
It depends on your values.
You should upgrade if the new features appeals to you. The Device Control, and the Smart Network stuff.
But, performance wise, there are still some issues. E.g.: Extracting a Windows XP cd (from an ISO file) takes at least 50% more time with OfficeScan 10 (using Winrar). This is with conventional scan mode, I get about the same results with Smart Scan, but you can’t really compare it, since its not cached.
In addition, the Trend Micro Unauthorized Change Prevention Service (tmbsrv.exe) is a nice feature, but I believe it requires a bit more resources than the old Watchdog service.
So what about the stand alone scan server? I haven’t had time to test this one properly, at least not performance wise. So if anyone has done any real performance testing, with 100-500+ clients, I would really like to know. At least Trend Micro managed to get something right with the new Smart Scan feature. If what I’m seeing is correct, the impact on the network is really low. Sending those hashes back and fourth doesn’t consume that much bandwidth. Yay!
And just one last tip: When you install OfficeScan 10, install the integrated scan server. Even though you`re not planning to use it. Why? Because its really complicated to install it after you`ve finished the installation of the OfficeScan server. Just install it, and remove it from the list of scan servers in the GUI.
Anyway, if my sense of time is correct, its about two weeks left, until the Service Pack 1 of OfficeScan 10 is released to the public. The beta looked okay, but I`m really curious whether or not they managed to fix some of those performance issues.
Tags: Antivirus, OfficeScan, OfficeScan 10, Trend Micro
Posted in Security, Software | 34 Comments »
August 7th, 2009
Just something I stumbled over, Visio stencils for Cisco devices. And its free!
http://www.cisco.com/en/US/products/prod_visio_icon_list.html
Posted in Cisco, Software | No Comments »
July 3rd, 2009
Open the following configuration file: /etc/apt/apt.conf.d/70debconf
And add:
Acquire::http::proxy “http://<IP_TO_PROXY>:<Proxy_Port_WEB>”;
Acquire::ftp::proxy “ftp://<IP_TO_PROXY>:<Proxy_Port_FTP>”;
If authentication is required, add this instead
Acquire::http::proxy “http://<username>:<password>@<IP_TO_PROXY>:<Proxy_Port_WEB>”;
Acquire::ftp::proxy “ftp://<username>:<password>@<IP_TO_PROXY>:<Proxy_Port_FTP>”;
<IP_TO_PROXY> = The IP address of the proxy, e.g.: 192.168.1.10
<Proxy_Port_WEB> = The proxy web port, e.g.: 8080
<Proxy_Port_FTP> = The proxy ftp port, e.g.: 2121
If authentication:
<username> and <password> (doh, no need to explain).
Done!
Tags: apt-get, proxy, Ubuntu
Posted in Linux, Software | 1 Comment »