Forefront Client Security & Windows Defender debugging

If you experience problems with Forefront Client Security (or Windows Defender) and likely also the new free Microsoft antivirus, here are some tips for debugging it;

Look for the file called;

MpCmdRun.exe

On Forefront Client Security this is found in;

C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware

If you go to a command prompt and run this command with a -? you will get a bunch of debugging commands, there are among others restore commands that will reset the configuration of the client etc etc..

One likely useful command to debug performance issues is;

MpCmdRun.exe -trace

However I have been unable to determine how to decode the .bin file created!?  So if you have any suggestions please let me know!?  However if you look in the .log file in the same directory you will get some historic information which may prove useful.  Also, there is still the good old utils from Sysinternals (eg filemon) to assist you.

All very useful..

Here are the switches for Forefront Client Security;

   -Scan [-ScanType]

        0  Default, according to your configuration
        1  Quick scan
        2  Full system scan

   -Trace [-Grouping] [-Level]

        Begins tracing Microsoft Forefront Client Security's actions.
        You can specify the components for which tracing is enabled and

        how much information is recorded.
        If no component is specified, all the components will be logged.
        If no level is specified, the Error, Warning and Informational levels
        will be logged. The data will be stored in the support directory
        as a file having the current timestamp in its name and bearing
        the extension BIN.

        [-Grouping]
        0x1    Service
        0x2    Malware Protection Engine
        0x4    User Interface
        0x8    Real-Time Protection
        0x10   Scheduled actions

        [-Level]
        0x1    Errors
        0x2    Warnings
        0x4    Informational messages
        0x8    Function calls
        0x10   Assertions

   -GetFiles
        Gathers the following log files and packages them together in a
        compressed file in the support directory
        - Any trace files from Microsoft Forefront Client Security
        - The Windows Update history log
        - All FCSAM or FCSAMRtp events from the
          System and Application event log
        - All relevant Microsoft Forefront Client Security registry locations
        - All software information from Software Explorer

   -RemoveDefinitions
        Restores the last set of signature definitions

   -RemoveDefinitions -All
        Rolls the signature definitions back to the default signature set
        and removes any installed signature and engine files.Use this
        option if you have difficulties trying to update signatures.

   -RestoreDefaults
        Resets all configuration options to their default values; this is the
        equivalent of running Microsoft Forefront Client Security setup
        unattended.

   -GetSWE
        Exports the contents of Software Explorer into a file named MPSWE.txt
        in the support directory

40 year old tapes of Lunar landing rediscovered

It would appear that I am not the only person capable of misplacing things, NASA apparently ‘misplaced’ the original recordings of the lunar landing for 40 years, and just recently rediscovered them.

It would appear that what we have been watching these past 39 years was nothing more than a video camera re-recording of the original footage.  But now NASA plan on restoring the the tapes and releasing them.  Nice..

http://www.express.co.uk/posts/view/110442/WORLD-EXCLUSIVE-NASA-finds-missing-moon-landing-tapes

Commercial gathering

Every once in a while you tend to come across something really cool, today was such a day..

A while back I added a “Commercials no thank you!” on my mailbox (in Denmark most companies respect these), and what a relief   earlier I would carry 1-2 plastic bags down to the recycling bin every week filled with commercials, and I actually only read a fraction of these.  On the down side, now the few commercials I actually DID read I have no access to any more   so it was a bitter sweet victory.

Along with a random browsing for whatever came http://minreklame.dk/ and THIS is smart, someone has actually taken the time to gather electronic versions of the printed commercials and put them on a central site, and furthermore made them search-able.  Clever clever stuff.

Microsoft Security Essentials – Beta (Now Available)

Yes it is here “Microsoft Security Essentials”, the Beta for Microsoft’s new free anti virus (previously codenamed morro) and the replacement for One Care Live a paid anti virus solution Microsoft attempted earlier which reached eol in June 2009.

We use Forefront Client Security (Microsoft’s corporate anti virus solution) at work, and it works quite well.  The malware and anti virus part is just as good as any I have tried, but the corporate management part is somewhat lagging I would say.  But as Microsoft Security Essentials is a standalone product this is not an issue, and I would suspect the engine etc. to be the same as Forefront Client Security so all in all I expect this to be an excelent product.

Read more;
http://www.microsoft.com/security_essentials/ 
Here you can also get the beta (if you are eligible)

http://hacktolive.org/wiki/Microsoft_Security_Essentials
Here you can also get the beta (if you are not eligible )

A pretty good walkthrough here;
http://www.winsupersite.com/win7/mse_beta.asp

Some random posts;
http://www.addictivetips.com/windows-tips/microsoft-security-essentials-review-with-screenshots/
http://www.pcworld.com/article/167160/is_microsofts_morro_malware_in_disguise.html

GPS surviliance for the family

Want to keep track of your car, kids, wife or whatever, well there are tons of solutions for this today.  I just read about one called www.inanny.de (www.inanny.dk for Danes), this seem to be quite an organized setup and thus perhaps more reliable than some of the discount solutions on the marked.  So if you are in the marked for some GPS tracking, maybe the www.inanny.desite is worth a visit. I how done no research into pricing (the unit seem cheap enough however ther may be some monthly fee or what not)..

Uptime – when was a server restarted

Ever wanted to know just how long a Windows 2003 server has been running (or rather when it was last restarted)?  In unix and many other os’s you can simply type uptime and hit enter and viola you have the answer, however not in Windows 200x…  But winding time back to the good old Windows NT4 days, Microsoft actually thought of this and created a small commandline that would do just this, however afterwards it was abandoned or forgotten…

But it’s actually still there (if you know where to look), so download it here and put it on your Windows box, and then you can simply goto a command prompt and type uptime   nice..

Download here;
http://download.microsoft.com/download/winntsrv40/install/uptime_1.01/nt4/en-us/uptime.exe

UPTIME, Version 1.01
(C) Copyright 1999, Microsoft Corporation

Uptime [server] [/s ] [/a] [/d:mm/dd/yyyy | /p:n] [/heartbeat]
[/? | /help] server  Name or IP address of remote server to process.
/s  Display key system events and statistics.
/a  Display application failure events (assumes /s).
/d:  Only calculate for events after mm/dd/yyyy.
/p:  Only calculate for events in the previous n days.
/heartbeat  Turn on/off the system's heartbeat
/? Basic usage. /help  Additional usage information.

Source;
http://frankdzedzy.com/2008/06/06/check-windows-uptime-stats-w-uptimeexe/

Lo-tech Waterskiing

If you are into waterskiing but don’t own a speedboat, well you should have a look here, now you no longer need that expensive speedboat to get the rush   Crazy stuff…

Addthis – yes sir…

So I wanted to implement some easy way to share content from my blog, and came across www.addthis.com and just by adding a few lines of code to my php pages it was up and running..  They have a plugin for Wordpress, but that is really not nessesary - you just add a few lines of code  to the right places in your .php pages and it’s up and running.

The service is free and it seem to have an ok gui and work fairly well.  So give your blog a Facebook etc. overhaul

.

Faulty usb hub caused errors in photo and video transfer

For a while I have had problems when transferring photo and video from my camera and video camera, some pictures and most videos had errors in them – strange lines or on videos it was like it lost sync for a second.  Actually I thought my video camera may be defective and blamed Vista for the photo issues (I thought that it might have been caused by Vista trying to create thumbnails while transferring)…  But by pure accident I came to look at my usb cable and discovered that I actually had one with a magnetic protector near the usb plug, I plugged this into the front and viola all noise and errors was gone, but it turns out that it’s actually my usb hub that somehow is messing things up – I suspect it’s because it’s an unpowered version and it may be draining too much power!?

But it’s an important debug step to remember, try a different usb cable in a different usb port..  it may just be your lucky day

(The picture represent how the error in pictures would manifest).

Geographical IP information

Interested in working with identifying where an IP originates from geographically?  Maybe for your website (you could localise the display or whatever) or maybe for your applications?  Actually I heard about this in connection to how the Conficker worm/virus works, Conficker actually use this database to orient itself, yeah I know it’s a crazy world out there

Both a free and a payable version is available, I haven’t looked into the API yet – but if you are into web development then this is not likely to ruin your day.

http://www.maxmind.com/app/geolitecountry