Ok, so I get that it is probably hard to keep the ESAP working with every single AV and FW solution out there. I get that. But, what I don't get is how a popular version of software (Norton 16.5 and AVG 8.5 for example) can be broken for so long. And, what's worse, they don't share any fixes with us on the site (that I can find), and they put us all through the normal, "go to your user, get this log file...ok, now send me this file... ok we need to find registry entries/processes/etc to work around". I, for one, do not like dealing with my users to this extent. Some of them barely know their way around a computer. I believe that once they find these workarounds if they would share the love, our lives would be much easier. So, since I have been complaining about it and I even talked to my Sales Engineer about it, I thought I'd go ahead and do something. Below you will find how I worked around the Norton 16.5 and AVG 8.5 issues on ESAP 1.4.7. Use these at your own risk, if you have something to add to them, then please, contribute. This works for me. I still would like to be able to detect if Norton is actually running like I can with AVG, so if someone knows the magic for that, please add it. Norton 16.5 - I couldn't figure out the registry entries that were involved to prove that it was actually "ON". Every time i turned the AV off or on, Process Monitor only showed what looked like a bunch of "RegAddValue" with an equal number of "RegDelValue"s... effectively leaving nothing to track. Policy Name: Norton_2009_fix RULE1 Name: Norton_Process Type : Process Summary: -Process Name: ccsvchst.exe -required RULE2 Name: vista_definition_file type : Files Summary: -required -C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\definfo.dat -File modified less than 7 days ago. Custom Requirement: Norton_Process AND vista_definition_file AVG 8.5 (fixes vista and XP) Policy Name: AVG_85_fix RULE1: vista_definition_file Type: Files Summary: -required -C:\Program Files (x86)\AVG\AVG8\sc.dat -File modified less than 7 days ago. RULE2: xp_definition_file Type: Files Summary: -required -C:\Program Files\AVG\AVG8\sc.dat -File modified less than 7 days ago. RULE3: windows_32bit_reg Type: Registry Settings Summary: -Key/Subkey: \System\CurrentControlSet\Services\AvgMfx64\Parameters\Params -DWORD; 0x8403 -Minimum Version RULE4: vista_64bit_reg_for_resident_shield Type: Registry Settings Summary: -Key/Subkey: \System\CurrentControlSet\Services\AvgMfx64\Parameters\Params -DWORD; 0x8403 -Minimum Version Custom Requirement: (windows_32bit_reg or vista_64bit_reg_for_resident_shield) and (xp_definition_file or vista_definition_file) Message Edited by tdempsey on 04-02-2009 05:58 AM Message Edited by tdempsey on 04-02-2009 05:59 AM Message Edited by tdempsey on 04-02-2009 06:03 AM ... View more

Does anyone support this AV?  We use a host checker policy to check for an AV and that its defintion file is not older than 7 days.  I have a customer using Webroot Spy Sweeper with Antivirus 5.5.7.124.  He's having problems loging in because his definition time reports back as 2008.04.28 which is way older than 7 days.  I don't use Webroot, but I found some docs on manually updating the defintion file.  He did this and it told him there were no updates.  Are any of you using Webroot?  What is your version and the date of your latest defintion file? Thanks, -Tommy ... View more