Jump to content
merlino

Strange occurence

Recommended Posts

The strange occurence is that a number of workstations running KAV for Workstations suddenly have no network activity since they uninstalled sophos and installed KAV.

 

No network activity includes no browsing and/or pop3 email.

Disabling Real-Time protection gives them access to all the above services but defeats the scope of KAV :huh:

 

If during this period, outlook is opened for send/receiving mail or a browser is opened to browse, Realtime protection is re-activated, browsing remains good as far as no further browser windows are opened. If they are, browsing within them is not allowed. Strange ?! :blink:

 

The suspected application which could be causing the confict here is NetIQ MailMarshal but we haven't drilled it down to it yet.

No firewall is running on the machines, and Sophos was uninstalled cleanly.

 

Any ideas what could be going on ?

 

Thank you.

Share this post


Link to post

How about running 'netstat -an' in a DOS-box, and see the output of ports.

 

As you might know, in a managed environment, the Kaspersky Network agent uses ports 13000 and 14000 to communicate with the administration server. If these ports are occupied by NetIQ's MailMarshall... I wouldn't know what happens.

 

And how about disabling the real-time options 1-by-1 instead of turning the complete application on/off. Just select/deselect: 'Enable RealTime File Protection', "Enable RealTime Macro Protection', Enable RealTime Mail Protection' and 'Enable RealTime Script Protection'.

 

The issue is more likely to be found in one of the RealTime protection modules...

Share this post


Link to post

Attached to this message are the netstat results. Notice the different results obtained with the realtime protection disabled and enabled!

 

Attached are the ping results when it is enabled. What is strange is that the IP in parenthesis seems to be corrupted.

 

Any insight on this problem will greatly help. :huh:

netstat.txt

ping.txt

Share this post


Link to post

Thanks conslider for your help.

Indeed I will see what effect this will have on the affected machines.

 

Will post results.

Share this post


Link to post

Still no resolution to this problem after i ran the utility. The problem is becoming quite urgent.

Share this post


Link to post

Problem resolved. I am posting what was done to remove it.

 

It was apparently some adware on the stations in "C:\Program Files\NewDotNet\NEWDOT~2.DLL" registered as a network service. KAV blocks it, but it could not delete it without the users intervention.

 

1) The file was added to the trusted list

2) then deleted from safe mode, restarted again

3) ran a KAV utility for full removal

 

Thanks you KAV Technical Support :D

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.