Category Archives: Anti-Virus

How to create a Symantec AV installer KB10391964

How to make an installer to install Symantec AV when remote push fails.

Open the Symantec Console and login

Click “Home” then select “Install protection client to computers”  

 

1

 

Select “New Package Deployment” then “Next”

 

2

 

Accept the defaults on this page

 

3

 

Make sure to select “Save Package” then hit “next”

 

4

 

Specify the output location and hit “Next” and wait 

5

 

6

The blue bar will fill up, it takes 10 to 45 min, and it will tell you its done. Hit finish when you see the window below.

 

7

Please be sure to place the file in a share for IT use or on the desktop of the server. Label it correctly as well.

Transfer the installer to the client pc and install.

 

-finished-

 

How to check Trend Micro Seats/Licensing – KB10391778

KB10391778

How to check Trend Micro Cloud Seats

We need the website credentials to enter in here   https://tm.login.trendmicro.com

2

Un check the “Remember Me” box before hitting the Sign button

3

 

Click the “Open console” button

4

 

Click the “License Status” drop down button

5

Here you will see the “Seats Purchased” and “Seats In Use

You will also see next to the word “License Status” a color indicating the status. It works just like a traffic light.

If the status is anything but green or “Seats Purchased” has a smaller number than “Seats In Use” they may need more seats

If the “License Status” is red you will not be able to activate Trend

How to check Trend Micro Server Seats

Log in to the server.

Click “Start” “All Programs” “Trend Micro Worry-Free Business Security Server” “Worry-Free Business Security

1

You will get this page in a web browser

2

Go ahead and click “Continue to this website (not recommended)

Which brings you here where you can enter the password (usually the number 1 or the word ‘trend’ )

3

After you login go to Preferences Product Licenses

4

 

Click on “Product License

5

 

Here you will see the status, usage and expiration

You will also see a button with a color indicating the status. It works just like a traffic light.

If the status is anything but green or the text indicates a over usage of seats they may need to purchase more seats.

If the button is red you will not be able to activate Trend

Peachtree files to exclude from Anti-Virus scans – TrendMicro KB1039621

KB1039621

Description:  Peachtree files to exclude from Anti-Virus scans – TrendMicro

Common customer description:

TrendMicro is blocking PeachTree or is stopping PeachTree from working.
Sage 50 could not be started.
Company opens then closes.
Tax updates will not run.

Probing questions:

When did this start?
Is it affecting everyone?
Does TrendMicro pop up with any messages?

Steps to isolate:

Disable TrendMicro and see if the problem stops.

Steps to resolve: If you do discover that TrendMicro or another anti-virus software is stopping PeachTree from running or connecting to the server, here is a list of files to exclude from TrendMicro.

These are the files that need to be set to allow through the firewall and excluded from antivirus scans:

PEACHW.EXE
W3DBSMGR.EXE
W3LGO103.EXE
PEACHUPD.EXE
PEACHTREEPREFETCHER.EXE
AIS2.SERVER.CONSOLE.EXE
SmartPostingService2013.exe
The ports to have open on the firewall are Ports 3351 & 1583

Additional considerations: If you need further assistance please consult a tier two.

Windows Network Discovery won’t stay on KB1039350

KB1039350

Description:  Windows Network Discovery won’t stay on

Common customer description:

“Cannot view computers on the network even after we try turning on Network Discovery.”

Probing questions:

When did this start happening?
Is it just you or everyone?
Any changes made lately?
Any odd pop-ups or “weird” activity on the computer that isn’t there normally?

Steps to isolate:

Remotely connect to computer.
Check the Windows Firewall Advanced settings inbound and outbound port settings.  Are they all listed?

Steps to resolve:

If the customers computer has been or is infected the infection very well could have removed much needed default firewall port settings.  Under the “Group” heading you should have “Network Discovery” among several others.  If it is missing it needs to be repaired.  Click on Restore Default Policy.

firewall

If you receive an Error 3 or Error 5 you will need to run ServicesRepair.exe from ESET.  This tool restores the default settings and replaces the missing port rules.  After it has finished it will ask to reboot the computer.  After the reboot everything should now be back in working order.  Test by turning on “Network Discovery” and also check Windows Firewall Advanced Settings to see if the rules have returned.  If all is as it should be you are finished.  If still not working consult a Tier 2.

Additional considerations:

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

https://social.technet.microsoft.com/Forums/windows/en-US/78fbca5c-41ad-4fa6-8ccd-f52045333fdd/windows-7-firewall-fails-to-restore-default-policy-error-3?forum=w7itprosecurity

https://social.technet.microsoft.com/Forums/windows/en-US/5366225a-46e7-4d6c-a389-8bd18a5c3aad/windows-firewall-damaged-by-windows-7-antivirus-2012?forum=w7itprosecurity

Anti-Virus – Rogue KB1039154

KB1039154

Issue: Anti-Virus – Rogue

Common Description: “There is something on my screen telling me I am infected.”

“My computer is telling me I have viruses.”

“I keep getting pop-up windows about scanning my computer.”

Probing Questions: Do you recognize the program? When did this start? Does it lock you out of your computer? Are you able to surf the internet? Did you click a pop-up asking you to scan or repair your computer?

Resolution: If the client is unable to perform tasks freely enough to establish a connection, guiding the client through a safe boot may be necessary. Instruct the client to turn off the unit and repeatedly tap F8 until the advanced boot options appear. From this point select safe mode with networking. Once booted to safe mode you can connect normally.

Once a connection is established the goal is to run a variety of well-known trusted removal tools in order to quickly and efficiently clean the computer.

Some well-known scanners include:

-Malwarebytes                        -MBAR                       -Trend Micro

-Super Anti Spyware              -Hitman Pro                -Symantec

-Rogue Killer                          -TDSSKiller                -Windows Sec Essentials/Defender

After installation, the use of the majority of scanners is intuitive. Continue the scanning process until reports come back with no infections found.

Considerations: In order to minimize recurrence and ensure client satisfaction it is important to ensure the infection has been completely removed.