I am currently testing KAV Administration Server Kit 6.0 for my company on an isolated part of my network before rolling it out for the whole company. Things are going swimingly with the exception of two problems, one of which I'll describe here, the other in another thread (just to keep the problems seperate, they shouldn't be related).
One of my issues is with the NDIS filter that is installed along side KAV Workstation 6.0. On most of the machines, it doesn't cause any problem whatsoever. However, on one machine, an ancient Dell Latitude D610, running XP, if the filter is enabled when the machine boots, the entire LAN connection dies. No packets sent, no packets recieved, just plain old dead. If you disable the filter, restart the computer, then enable it again, everything works fine.
Now, originally I thought it had to do with out of date signatures. How brilliant would that be if, with out of date signatures, the admin server just cuts the computer off to stop a potential risk? Though, now the admin server wouldn't be able to update the signatures anymore, since the computer is cut off. But even with the most up to date signatures, the problem occurs.
Doing some google searches, the recomendation of most people is to just turn off the NDIS filter, since XP doesn't need it. That doesn't sit right with me, because I don't know WHY I'm turning it off, and if KAV made it, it must be useful for something.
And through some trial and error testing on my part, I've come to find the problem doesn't occur if the server itself is powered down. So it has to be somehow related. Maybe I'm making a policy error?
Any boneheaded mistakes I'm making, please feel free to point out. I'd much rather make the mistake now and get laughed at for it then make the mistake later when everything goes into the production environment and bring down the whole system.
Full Version: NDIS Filter Problems
Under XP you needs this filter only under 64 Bit.
Read this FAQ.
Please create a remote installation package without this filter.
Please unzip this on the computer / server on which the AdminKit runs. Use as the target directory to the best C: \ kav \ WinWks. In the unzipped package you'll find two dummy files with 0 KB. Replace the MSI file with the "original" and the key file from your workstation Key.
In the file 'setup.ini' you can specify which components and tasks to be installed and how the computer during and after installation should behave. With'0 '/' no 'to disable a component, with'1' / 'yes' to activate it.
The file 'install_local.bat' calls the MSI file with the parameter 'NOKLIM5 = 1 / qn' on. This ensures that the NDIS filter is not installed (NOKLIM5 = 1) and that the installation runs completely silent (/ qn).
Create a next step in an installation package Administration Kit. To do this, please select the option "Install package for specified executable file and select the executable file 'install_local.bat' from. Set the hook still in "the entire folder into the package copy."
As a final step, a task for product installation with the package you just created on the computers are distributed.
Read this FAQ.
Please create a remote installation package without this filter.
Please unzip this on the computer / server on which the AdminKit runs. Use as the target directory to the best C: \ kav \ WinWks. In the unzipped package you'll find two dummy files with 0 KB. Replace the MSI file with the "original" and the key file from your workstation Key.
In the file 'setup.ini' you can specify which components and tasks to be installed and how the computer during and after installation should behave. With'0 '/' no 'to disable a component, with'1' / 'yes' to activate it.
The file 'install_local.bat' calls the MSI file with the parameter 'NOKLIM5 = 1 / qn' on. This ensures that the NDIS filter is not installed (NOKLIM5 = 1) and that the installation runs completely silent (/ qn).
Create a next step in an installation package Administration Kit. To do this, please select the option "Install package for specified executable file and select the executable file 'install_local.bat' from. Set the hook still in "the entire folder into the package copy."
As a final step, a task for product installation with the package you just created on the computers are distributed.
QUOTE(DJInvoke @ 7.07.2009 12:18) 
One of my issues is with the NDIS filter that is installed along side KAV Workstation 6.0. On most of the machines, it doesn't cause any problem whatsoever. However, on one machine, an ancient Dell Latitude D610, running XP, if the filter is enabled when the machine boots, the entire LAN connection dies. No packets sent, no packets recieved, just plain old dead. If you disable the filter, restart the computer, then enable it again, everything works fine.
Now, originally I thought it had to do with out of date signatures. How brilliant would that be if, with out of date signatures, the admin server just cuts the computer off to stop a potential risk? Though, now the admin server wouldn't be able to update the signatures anymore, since the computer is cut off. But even with the most up to date signatures, the problem occurs.
Doing some google searches, the recomendation of most people is to just turn off the NDIS filter, since XP doesn't need it. That doesn't sit right with me, because I don't know WHY I'm turning it off, and if KAV made it, it must be useful for something.
And through some trial and error testing on my part, I've come to find the problem doesn't occur if the server itself is powered down. So it has to be somehow related. Maybe I'm making a policy error?
Any boneheaded mistakes I'm making, please feel free to point out. I'd much rather make the mistake now and get laughed at for it then make the mistake later when everything goes into the production environment and bring down the whole system.
Now, originally I thought it had to do with out of date signatures. How brilliant would that be if, with out of date signatures, the admin server just cuts the computer off to stop a potential risk? Though, now the admin server wouldn't be able to update the signatures anymore, since the computer is cut off. But even with the most up to date signatures, the problem occurs.
Doing some google searches, the recomendation of most people is to just turn off the NDIS filter, since XP doesn't need it. That doesn't sit right with me, because I don't know WHY I'm turning it off, and if KAV made it, it must be useful for something.
And through some trial and error testing on my part, I've come to find the problem doesn't occur if the server itself is powered down. So it has to be somehow related. Maybe I'm making a policy error?
Any boneheaded mistakes I'm making, please feel free to point out. I'd much rather make the mistake now and get laughed at for it then make the mistake later when everything goes into the production environment and bring down the whole system.
The problem is essentially poor NDIS implementations from other vendors. We saw this same problem with a lot of machines in our rollout (which totals about 3000 nodes now), and KL told me that they often see issues with Broadcom NetXtreme NICs and other varieties because some OEM drivers are not written to the NDIS standard. KL claims their filter is, so it should work just fine with other devices that follow the standard too. One solution that may help is to find the latest drivers for the card in question (ie, go to Broadcom and get them) and not use the OEM. On many client PCs I saw with the issue, the NIC drivers were from about 2001. The newest drivers were out at the end of 2008 or early 2009. Updating them seemed to help in some respects, sometimes not.
Removing the NDIS filter off of the stack then transfers that packet filtering duty load to the CPU so there is a minor performance hit on removal. I haven't noticed it though in that regard. If you have any workstations that use programs that modify the stack (say, Cisco VPN Client's Deterministic Net Enhancer) then I highly recommend you do not install NDIS. Believe me when I say it will save you a lot of headaches, at least on XP machines. I use Vista Business with Cisco VPN and NDIS and have no issues. Not sure what to say about that one!
QUOTE(JustinLFS @ 8.07.2009 16:07)
The problem is essentially poor NDIS implementations from other vendors. We saw this same problem with a lot of machines in our rollout (which totals about 3000 nodes now), and KL told me that they often see issues with Broadcom NetXtreme NICs and other varieties because some OEM drivers are not written to the NDIS standard. KL claims their filter is, so it should work just fine with other devices that follow the standard too. One solution that may help is to find the latest drivers for the card in question (ie, go to Broadcom and get them) and not use the OEM. On many client PCs I saw with the issue, the NIC drivers were from about 2001. The newest drivers were out at the end of 2008 or early 2009. Updating them seemed to help in some respects, sometimes not.
Removing the NDIS filter off of the stack then transfers that packet filtering duty load to the CPU so there is a minor performance hit on removal. I haven't noticed it though in that regard. If you have any workstations that use programs that modify the stack (say, Cisco VPN Client's Deterministic Net Enhancer) then I highly recommend you do not install NDIS. Believe me when I say it will save you a lot of headaches, at least on XP machines. I use Vista Business with Cisco VPN and NDIS and have no issues. Not sure what to say about that one!
Removing the NDIS filter off of the stack then transfers that packet filtering duty load to the CPU so there is a minor performance hit on removal. I haven't noticed it though in that regard. If you have any workstations that use programs that modify the stack (say, Cisco VPN Client's Deterministic Net Enhancer) then I highly recommend you do not install NDIS. Believe me when I say it will save you a lot of headaches, at least on XP machines. I use Vista Business with Cisco VPN and NDIS and have no issues. Not sure what to say about that one!
That definitely fixed the problem. It was a bit of a struggle to convince the higher ups to allow the use of a driver not signed by Dell, but once they gave the go ahead, the Broadcom drivers fixed everything. Surprising that Dell doesn't have any drivers later than 2005, yet Broadcom's site has ones from 2008, but oh well. Thanks so much for you help on the matter.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.