| Subcribe via RSS

Check Point SecureClient Vista and Windows 7 64-bit

June 1st, 2010 | No Comments | Posted in Security, Software

Check Point just announced public Early Availability for their new VPN client “Discovery”.
Which is going to replace SecureClient. With Discovery comes support for XP, Vista and Windows 7 for both 32-bit and 64-bit.

Read Check Point SE Patrick Waters’ full blog post here:
http://fireverse.org/?p=468

And download the Migration Guide here:
http://www.fireverse.org/Discovery/Check_Point_EA_Discovery_MigrationGuide.pdf

Why You Should Migrate to Discovery (copied from the Migration Guide)
Check Point recommends that all customers upgrade from SecureClient to Discovery as soon as possible, because Discovery has these capabilities:
–  Supports both 32 and 64 bit Windows Vista and Windows 7
–  Uses less memory resources than SecureClient
–  Automatic disconnect/reconnect as clients move in and out of network range
–  Seamless connection experience while roaming
–  Automatic and transparent upgrades, with no administrator privileges required
–  Supports most existing features of SecureClient, including Office Mode, Desktop Firewall, Secure
Configuration Verification (SCV), Secure Domain Login (SDL), and Proxy Detection
–  Supports many additional new features, and will support even more new features in the near future
–  Does not require a SmartCenter server upgrade
–  Discovery and SecureClient can coexist on client systems during migration period

Tags: , , ,

Trend Micro OfficeScan 8.0 Windows 7 Support

January 26th, 2010 | 2 Comments | Posted in Security, Software, Trend Micro

With the newest patch, OfficeScan 8.0 supports Windows 7.

This is Trend Micro OfficeScan 8.0 SP1 Patch 5

Full readme can be found here:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch5_en_readme.txt

It’s important to notice that only the following drivers are compatible with Windows 7:

Virus Scan Engine (8.952 or higher)
Virus Cleanup Engine (6.2.1016 or higher)
Anti-rootkit Driver (2.8.1063 or higher)
Common Firewall Driver (NSC) (5.8.1092 or higher)

Virus Scan Engine and Virus Cleanup Engine can be updated from the Active Update server.

Anti-rootkit Driver and the Common Firewall Driver (NSC) are included in this patch.

I haven’t had time to test if this actually works on Windows 7. If anyone has, please feel free to leave a comment. I will test it as soon as I can.

Tags: , , ,

Trend Micro: Rollback of VSAPI Version 9.000 from ActiveUpdate

November 24th, 2009 | No Comments | Posted in Security, Software, Trend Micro

Some of might have noticed this, but I’m writing a post about it any way.

Trend Micro is now rolling back the VSAPI 9.000 from ActiveUpdate. Reason: “There have been reports of issues on the following products scanning certain malformed PDF files”.

The version available through ActiveUpdate is now 9.100.1001, this is essentially version 8.952.

The products affected are:
OfficeScan
ServerProtect
Worry-Free Business Security (WFBS)

Earlier, they sent out an advisory about VSAPI 9.000 and problems with Windows NT (think it was OfficeScan 7.3 and ServerProtect). The problems resulted in the Scan Engine being unable to load the pattern files.

Read the entire Customer Notification here:

CUSTOMER NOTIFICATION Rollback of VSAPI Version 9.000 from ActiveUpdate

Tags: , , , , , , , ,

Finjan how-to: Install Vital Security 9.2 on NG Appliance

November 24th, 2009 | No Comments | Posted in Finjan, Security

You might have  read the release notes for Finjan Vital Security 9.2, and found that the instructions doesn’t make much sense. E.g.:

– The files are not available

– The notes are referring to files not available on the Finjan web site

– The instructions are incomplete, and doesn’t work.

(http://www.finjan.com/objects/NGupdates/OSupdates/vs_ng_os_update_9.2_release_notes.htm)

Here are working instructions on how to install Vital Security v. 9.2 on a NG-appliance.

More »

Tags: , , , ,

0-day SMB remote exploit in Windows 7 and Windows Server 2008 R2

November 13th, 2009 | No Comments | Posted in Security, Windows

There is a new 0-day remote exploit available for Windows 7 and Windows Server 2008 R2.
This only works on R2 of Windows Server, but it work even with all the latest patches applied.

Exploitation of the exploit crashes the system. This is done by sending a NetBios header that specifies that the SMB-packet is 1, 2 or 4 bytes larger or smaller than what it actually is.

When the system crashes, there is no BSOD, the system simply freezes. And there is no traces in the event logs (after reboot).

When the system receives the packet, it goes into an infinite loop.

The crash itself happens in KeAccumulateTicks() due to NT_ASSERT()/DbgRaiseAssertionFailure() (which is caused by an infinite loop).

The vulnerability could possibly be exploited through IE.

And the proof of concept works by:

1. Running the python code on a *nix box, and ensuring port 445 is open.
2. Connecting through SMB to the *nix box.

Read more:
http://isc.sans.org/diary.html?storyid=7573
http://blog.trendmicro.com/new-smb-zero-day-exploit/
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html

Tags: , , , , ,

Trend Micro VSAPI 9.000 soon available through ActiveUpdate

November 9th, 2009 | No Comments | Posted in Security, Software

If you didn’t get the latest Technical Advisory from Trend Micro
Here is a brief summary.

On November 16, 2009, Trend Micro will make the VSAPI 9.000 available through ActiveUpdate (AU).

It will be released for the following products:
– OfficeScan
– Client Server Messaging Suite / Client Server Suite
– Worry Free Business Security
– ServerProtect for NT
– Trend Micro Control Manager

And it will include the following new features:
– Support for the detection of files that contain known PDF exploits
– Support for shellcode detection
– Recognition of the following additional file types:
– Flash Video (FLV)
– Microsoft Document Imaging (MDI)
– Moving Picture Experts Group (MPEG)
– QuickTime (MOV)
– RIFF
– SITX
– ZIP64
– Support for the detection of exploits to Microsoft Office vulnerabilities

Edit: The entire Advisory has been posted on the TCSE community – from ACAPacific blog.

Tags: , , , , , , ,

Trend Micro OfficeScan 10 – Some thoughts

September 1st, 2009 | 48 Comments | Posted in Security, Software

So, just some thoughts about Trend Micro OfficeScan 10. Its been some months now, since the GM build release of OfficeScan 10. And most people should have had enough time to test it properly. So what are the current pros and cons? Should you upgrade, or wait a bit longer? Anyone?

In my opinion:
It depends on your values.
You should upgrade if the new features appeals to you. The Device Control, and the Smart Network stuff.

But, performance wise, there are still some issues. E.g.: Extracting a Windows XP cd (from an ISO file) takes at least 50% more time with OfficeScan 10 (using Winrar). This is with conventional scan mode, I get about the same results with Smart Scan, but you can’t really compare it, since its not cached.

In addition, the Trend Micro Unauthorized Change Prevention Service (tmbsrv.exe) is a nice feature, but I believe it requires a bit more resources than the old Watchdog service.

So what about the stand alone scan server? I haven’t had time to test this one properly, at least not performance wise. So if anyone has done any real performance testing, with 100-500+ clients, I would really like to know. At least Trend Micro managed to get something right with the new Smart Scan feature. If what I’m seeing is correct, the impact on the network is really low. Sending those hashes back and fourth doesn’t consume that much bandwidth. Yay!

And just one last tip: When you install OfficeScan 10, install the integrated scan server. Even though you`re not planning to use it. Why? Because its really complicated to install it after you`ve finished the installation of the OfficeScan server. Just install it, and remove it from the list of scan servers in the GUI.

Anyway, if my sense of time is correct, its about two weeks left, until the Service Pack 1 of OfficeScan 10 is released to the public. The beta looked okay, but I`m really curious whether or not they managed to fix some of those performance issues.

Tags: , , ,

Windows 7 RC1 and Trend Micro OfficeScan 10

May 18th, 2009 | 12 Comments | Posted in Security, Software

Don’t try it. It will install. But it slows the system down. Really, it took me 25 minuts to log in. 10 minuts to just write the password.

I will try to find a workaround and share it. If anyone finds a solution, feel free to leave a commen!

Tags: , , ,

Trend Micro Product Documentation

May 6th, 2009 | No Comments | Posted in Security, Software

A collection of links to Trend Micro Product documentation for the following products:

Trend Micro Control Manager 5.0 (TMCM 5.0)
Trend Micro OfficeScan 8.0 (OSCE 8.0)
InterScan Mail Security Suite 7.0 (IMSS 7.0)
InterScan Mail Security Virtual Appliance 7.0 (IMSVA 7.0)
InterScan Web Security Suite 3.1 (IWSS 3.1)
InterScan Web Security Virtual Appliance 3.1 (IWSVA 3.1)
ScanMail for Microsoft Exchange 8.0 (SMEX 8.0)

If you aren’t that familiar with the Trend Micro product pages, finding this information may be hard. More »

Tags: , , , , , , , , , , , , , , ,

Howto: Reset password Trend Micro Control Manager 5.0

April 16th, 2009 | No Comments | Posted in Security, Software

Forgot the password to you root/admin account to Trend Micro Control Manager 5.0 (TMCM)?

How to reset the password to one of your Trend Micro Control Manager 5.0 accounts:

1. Stop the TMCM services:
2. Launch the SQL Server manager of choice.
3. Open the “tb_Account” table of your Trend Micro Control Manager database.
4. Find the user you want to reset, and note down the GUID of the user.
5. Find and open the “tb_UserInfo” table.
6. Find the account you want to reset the password for (using the GUID you located earlier).
7. Modify the “password” field for the user, and set it to: “96e79218965eb72c92a549dd5a330112”
8. Start the TMCM services.

And log in with the account you modified using the password: “111111”

Find more information about this topic in the Trend Micro Knowledge base:
http://esupport.trendmicro.com/Pages/Resetting-the-password.aspx
http://esupport.trendmicro.com/Pages/Resetting-TMCM-password-with-OSQL-commands.aspx

Tags: , , , , , , ,
technoblog@trap.threatobs.com