AVG and Norton "Workarounds"

tdempsey_ · ‎04-02-2009

Ok, so I get that it is probably hard to keep the ESAP working with every single AV and FW solution out there. I get that. But, what I don't get is how a popular version of software (Norton 16.5 and AVG 8.5 for example) can be broken for so long. And, what's worse, they don't share any fixes with us on the site (that I can find), and they put us all through the normal, "go to your user, get this log file...ok, now send me this file... ok we need to find registry entries/processes/etc to work around". I, for one, do not like dealing with my users to this extent. Some of them barely know their way around a computer. I believe that once they find these workarounds if they would share the love, our lives would be much easier. So, since I have been complaining about it and I even talked to my Sales Engineer about it, I thought I'd go ahead and do something. Below you will find how I worked around the Norton 16.5 and AVG 8.5 issues on ESAP 1.4.7. Use these at your own risk, if you have something to add to them, then please, contribute. This works for me. I still would like to be able to detect if Norton is actually running like I can with AVG, so if someone knows the magic for that, please add it.

Norton 16.5

- I couldn't figure out the registry entries that were involved to prove that it was actually "ON". Every time i turned the AV off or on, Process Monitor only showed what looked like a bunch of "RegAddValue" with an equal number of "RegDelValue"s... effectively leaving nothing to track.

Policy Name: Norton_2009_fix

RULE1 Name: Norton_Process

Type : Process

Summary:

-Process Name: ccsvchst.exe
-required

RULE2 Name: vista_definition_file

type : Files

Summary:

-required

-C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\definfo.dat
-File modified less than 7 days ago.

Custom Requirement:

Norton_Process AND vista_definition_file

AVG 8.5 (fixes vista and XP)

Policy Name: AVG_85_fix

RULE1: vista_definition_file

Type: Files

Summary:

-required
-C:\Program Files (x86)\AVG\AVG8\sc.dat
-File modified less than 7 days ago.

RULE2: xp_definition_file

Type: Files

Summary:

-required
-C:\Program Files\AVG\AVG8\sc.dat
-File modified less than 7 days ago.

RULE3: windows_32bit_reg

Type: Registry Settings

Summary:

-Key/Subkey: \System\CurrentControlSet\Services\AvgMfx64\Parameters\Params
-DWORD; 0x8403
-Minimum Version

RULE4: vista_64bit_reg_for_resident_shield

Type: Registry Settings

Summary:

-Key/Subkey: \System\CurrentControlSet\Services\AvgMfx64\Parameters\Params
-DWORD; 0x8403
-Minimum Version

Custom Requirement:

(windows_32bit_reg or vista_64bit_reg_for_resident_shield) and (xp_definition_file or vista_definition_file)

Message Edited by tdempsey on 04-02-2009 05:58 AM

Message Edited by tdempsey on 04-02-2009 05:59 AM

Message Edited by tdempsey on 04-02-2009 06:03 AM

keith_ · ‎04-03-2009

I raised a support case with Juniper this week about AVG 8.5 on ESAP 1.4.7. Without running any tests, this is what the engineer told me:

'There is a known problem with this version and currently we are in the process of including this version support in future ESAP 1.4.8. The ETA for 1.4.8 is 10th of this month, (ie April '09).

The current workaround to support this version is to use a custom process check other than using the pre-defined AV check. The processes to be included in the HC policy are avgcsrvx.exe, avgnsx.exe, avgrsx.exe, avgtray.exe and avgwdsvc.exe.'

This now works, but is obviously a very poor alternative, as it doesn't check when the user last updated.

Keith

tdempsey_ · ‎04-03-2009

Yeah, that was my probelm. If you'll notice, my avg check above checks the date on the definition file. It's a static link, and isn't all that great, but it at least does the check. I, too, was told that the fix for AVG and Norton would be in 1.4.8, but i'm not holding my breath.

Message Edited by tdempsey on 04-03-2009 07:16 AM

drl_ · ‎04-04-2009

Thanks. Good information.

Had the same issues on ESAP 1.4.7 (and various earlier versions). We created a trouble ticket on ESAP 1.4.7 and AVG 8.5 and were strung along, running diagnostic utilities, and collecting information for submission; they acted like we were the only ones experiencing this issue when even we knew otherwise. They seem reluctant to simply download the AVG 8.5 trial and test the issue themselves. Finally, after several days they simply told us to wait for ESAP 1.4.8 (in a few weeks). Not sure they can keep going on this way with the more popular virus platforms such as Norton and AVG. It's frustrating because even our end users are wondering what is going on from ESAP to ESAP.

tdempsey_ · ‎04-06-2009

That is exactly my problem. My customers don't care that it takes JTAC a couple days to "look at logs" only to come back and ask for something else... and then come to find out we have to wait for the next esap. Who knows what the next esap will break. I let my sales engineer know that I would like to see them sharing workarounds with us more on the site in some form or fashion if they can't keep from breaking stuff. Maybe if more people request this feature, they will actually listen. Or, if we keep the communication up ourselves, that could also work.

Dean_ · ‎08-25-2009

Same issue with Norton (16.5.0.135) in ESAP 1.5.1. You'd think this would be resolved by now? And I too don't really want to contact JTAC becuase I don't like having to go to the users to get settings, configs, logs, etc.

AVG and Norton "Workarounds"

AVG and Norton "Workarounds"

Re: AVG and Norton "Workarounds"

Re: AVG and Norton "Workarounds"

Re: AVG and Norton "Workarounds"

Re: AVG and Norton "Workarounds"

Re: AVG and Norton "Workarounds"