Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

We Need Help!! 2

Status
Not open for further replies.

Guest_imported

New member
Jan 1, 1970
0
We are having a problem with a few users stopping the epo agent from running using msconfig and regedit, unfortunately these users need regedit and msconfig to modify and run the programs they a writing.

If anyone has any suggestions or knows of a way to run naimag32 and naimas32 on startup. please help.

We have tried to run the exe's in a login script but we can only get naimas32.exe to run naimag32 will not run in the script however it does run in a batch file..

All suggestions and comments would be greatly appreciated
 
wonder if you could use the script to cause it to run from a batch file from a network share? hmmm.. FatesWebb

if you do what I suggested it is not my fault...
 
We have tried calling a batch file from the login script but it still will not start naimag32.exe we think that it might use some windows components that don't run untill the scriped has fineshed running.

We even tried a 15 second time delay on the batch file so that it would give windows a chance to load up but the login script waited for the batch file to finish before it went throught to the end.
 
have you tried this?

Open the ePO console.
Under 'Directory', click once on your site to highlight it.
Look to the right side of the window. On the 'Policies' tab, click the plus sign next to 'ePolicy Orchestrator Agent'.
Click 'Configuration'.
If there is a check mark next to 'Inherit', remove it.
Take the check out of 'Show Agent Tray Icon'.
Click 'Apply'


or this wont fool them?? (hide the agent) FatesWebb

if you do what I suggested it is not my fault...
 
Why not just run Policy Editor and restrict the use of REGEDIT and MSCONFIG?

I'm not sure there's a way to prevent the services from being unloaded via these options.

AVChap
 
is this nt? cant you use regedit to protect registry keys? hmm. I dont recall if it works if you have local admin. FatesWebb

if you do what I suggested it is not my fault...
 
No all the offending PC's are on 98. Not very good for security I know but when you struggle to get new monitors to replace ones that have broken you learn to stick with what you have got.

We did try to hide the icon on the taskbar but they still kill the av software. We are going to have another crack at it today so i'll post my findings (if we have any).
 
make a rule that if you close the av, and you get a virus it is automatic termination, and you have to pay for the time it takes to clean it off. hehe maybee they will stop... FatesWebb

if you do what I suggested it is not my fault...
 
Sounds good to me... Personaly I would like to shoot them all for making our job 10 times harder than it already is.
 
McAfee has recently stop testing/supporting Win95 OS and this may be the reason why Win95 machines are experiencing these problems.
 
Sounds like a good security policy is needed here. One that includes AV software, of course.

I monitor our computers with ePO. If I notice a computer that hasn't been connected within a week or has had the AV software removed, I contact management. They enforce the requirement that all corporate computers connected to the corporate infrastructure has virus scan software installed. So far this has been working for us. I very rarely have anyone who messes with the AV settings on their PC.

As far as stopping the service, you can use some policy editor settings to help. Also I have set a password on the Virus Scan software so that they can't monkey with the settings without the password.

Anyone who get to the task manager, can manage to stop the ePO client. Management has to let the clients know that this is a big NO-NO and can result in disciplinary actions.

As far as bringing the PC to a grinding slow pace, etc., we run half our workstations on Win98. We don't experience that problem at all. Could be how the policies are set up that causes some of those problems. As far as Norton goes, the corporate versions do not allow you to make specific settings at the desktop level as you can in McAfee. It does less scanning at the desktop level as it anticipates that most scanning is done at the server, e-mail and gateway levels. You can do some real-time scanning, but not as much as you can with McAfee.

Since the majority of the activity is on the desktop level, we do more scanning there than at higher levels. Seems we catch more there than at the other levels.

Best of luck to you in stopping your clients from halting their AV software. I think it is time management lets them know that this is not appropriate.

Mary Pierson
 
I've stumbled across this thread because I was searching for info on NAIMAS32. I am tech support rather than IT, and reality has forced me to view AV software as a potential cause for trouble - ranging from frequent crashes, hangs and bad performance to outright failure to run - and investigate accordingly when I have to solve problems on the computers in my care.

I have the extra complication of looking after computers - which vary wildly in terms of age, configuration and manufacturer - in far-flung locations on other people's networks, which means I have no control over AV software installation.

For my purposes, AV software is an unstable resource hog that doesn't play well with others. I've seen my programmer coworkers have to turn of AV software in order to get sufficient resources to compile large programs. I even worked in an office myself once where nearly everyone turned of the AV software because otherwise the computers would either barely run, or not even start a program we needed to do our job. The fact that I've seen computers get network-borne viruses while supposedly protected, safe and sound, by full-blown corporate AV software and procedures makes me dubious of its merits in protecting against network-borne viruses - which are the only viruses the computers I troubleshoot are ever going to get.

Anyway, the point of this is - spend at least one second wondering why you have the problem of people turning off AV software. Some people do it just out of general contrariness or actual malicious intent. However, in all likelihood, the vast majority are doing so in desperate efforts to get their computers to run right. Rather than paint them all as stupid and/or evil souls who should be shot or fired, pick up the phone or stop by their desk and ask them why they're doing it, and help them solve the issues they're probably having. Many of them have enough knowledge to try this step, but not enough to diagnose and fix what the real problem is.

We can joke about end users, but just consider for a moment that some of the problems start from IT. The only reason that I, someone with no formal background in computers, got involved in this field at all is because there was a time at a company I once worked at where IT was never available and somehow the role of practical support fell on me.

The real crime is not people taking improper steps in trying to get their computers to run right; it's in forcing end users to that drastic step because there's no help and no alternative. If that's what's causing widespread anti-AV use at your facility, look inward for a solution.
 
Like what? Developing your own AV solution? Forcing a very stringent IT policy on the users? That doesn't work.

The solution here is education. If we educate the users on the advantages of having an AV program installed AND running, rather than the alleged disadvantages, there shouldn't be any problems. Miseducation is the main cause of problems being reported -- wrong configuration, old version, un-updated (?) signature files.

Yes, AV programs can be a memory hog. But it's a necessary evil that we should all have to live with. Try running a computer without an AV program for a week and connecting to the Internet, chances are you'd get infected browsing a website (i.e. JS/IEStart.gen, etc.) are high. That's why we advocate that users DO NOT turn off AV programs. It's not that we don't trust them, we'd rather take the responsibility of managing the AV from them and centralizing it to the administrator.

BTW, regarding your problem with NAIMAS32, the best solution for it is to talk to the Tech Support people. They're the best resource you can get. If you don't like their suggestions, tough. Most probably, the people here who answer questions will say the same thing.

AVChap
 
Just some support for Coaltown. I'm an IT admin using ePO. I've let some of our employees disable our AV sware because they are unable to run their computer's with it on - they are into heavy development of embedded software and the AV sware just will not work with it. We've come to an agreement where they run a virus check (something like a free one on the web at least a couple of times a week). This seems to make everyone happy and we get very few viruses. When I was at university we frequently had to disable the virus software because the policies were very restrictive - we couldn't even connect to another machine which is kinda crucial when you're developing network software...
 
Rather than disabling the AV, why not just add the folders/directories where you compile/save your programs/code to the Exclusion list? Running a regular check is reactive, as opposed to having an on-access scanner proactively protecting the machine.

We may look at the problem in different ways so it's still up to your comfort level whether you deem the AV as "too restrictive".

AVChap
 
Hi, people.
We're a company with about 1000 client and about 20 servers. I'm responsible for the implementation of a secure AV solution. I have been testing ePO. I have managed to setup and configure the server, but I need a site or place where I can get detailed information on actual implementation. Could anybody please help? And another thing could you please tell me what the login scripts are, and what other options I have?
Thanking you before hand,

JustMe.
 
The best resource is to talk to your SE about this. They would have some scripts to use and they also have a "best practices" document you can peruse.

AVChap
 
Leave 'em be. If they stop it from running, there must be a reason for that. The virus scan is a resource HOG. If they are smart enough to know how to stop it, they are smart enough to protect their machines from viruses. You could probably learn from them!
 
Sorry for saying this but that's a stupid way of looking at it. Yes any anti-virus software can be a "Hog" on system resources but just because somebody can stop it doesn't automatically mean that they know how to or even want to protect their work pc's from viruses
 
Sorry for saying this but that's a stupid way of looking at it. Yes any anti-virus software can be a "Hog" on system resources but just because somebody can stop it doesn't automatically mean that they know how to or even want to protect their work pc's from viruses
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top