All Does anyone know what program might be blocking the ability to run or copy "setup.exe" from remote drives yet allow you to copy a bit-for-bit identical copy named XXsetupXX.ZIP, rename it (locally) to "setup.exe", and run it locally?
System in question is an XP SP2 box running McAfee VirusScan Corporate v7 and McAfee VS 8.0.x on both a Windows 2000 server and another Windows XP workstation. The VS8 access-protection log does NOT block actions and the log file doesn't show it interfering with copying the file. This cost my client an hour or so of my time this morning; the system is not "mine" but is maintained by someone providing GPS-in-golf-carts to a golf course, and I'm involved because we've interfaced the GPS to some golf-tourney software by a third-party ... I disabled OnAccess scanning and still couldn't copy the file: ------- Included Stuff Follows ------- C:\TEMP> dir v:\downloads\*setup* 01/04/2008 08:43 AM 5,407,371 setup.exe 01/04/2008 08:43 AM 5,407,371 XXsetupXX.ZIP C:\TEMP> copy v:\downloads\setup.exe Access is denied. 0 file(s) copied. C:\TEMP> copy v:\Downloads\XXsetupXX.ZIP 1 file(s) copied. --------- Included Stuff Ends --------- Running processes on the system which can't copy files, as shown by PSList: ------- Included Stuff Follows ------- PsList 1.23 - Process Information Lister Copyright (C) 1999-2002 Mark Russinovich Sysinternals - www.sysinternals.com Process memory detail for basestation: Name Pid VM WS WS Pk Priv Faults NonP Page PageFile Idle 0 0 16 0 0 0 0 0 0 System 4 1876 212 2020 28 6530 0 0 0 smss 604 3544 352 448 144 220 0 5 144 csrss 668 26236 2464 3868 1712 4840 5 54 1712 winlogon 692 60340 1508 11992 9372 13253 31 64 9372 services 736 36608 5188 5188 2024 1860 7 39 2024 lsass 748 41724 7268 7348 3944 2984 9 40 3944 svchost 908 62500 5120 5164 2796 1618 6 39 2796 svchost 984 34704 4128 4136 1740 1212 13 37 1740 svchost 1072 97696 21236 31520 13256 25442 52 108 13256 svchost 1108 29768 3248 3272 1232 908 3 29 1232 svchost 1272 37484 4320 4320 1864 1633 5 36 1864 spoolsv 1420 41388 4652 4660 3052 1322 4 39 3052 AWHOST32 1528 192632 8988 10248 3880 7750 8 170 3880 OPHALDCS 1564 12868 1352 1364 340 341 1 32 340 ibguard 1676 27372 2652 2888 664 989 2 26 664 ibserver 1732 55040 16124 16360 12948 51532 8 32 12948 ramaint 1760 29408 3148 3156 1084 804 2 30 1084 LogMeIn 1812 74108 9904 9932 8888 13228 38 57 8888 FrameworkSe 1960 50460 6928 7192 3408 7026 6 43 3408 Mcshield 1980 106884 53628 57396 52436 116407 8 38 52436 VsTskMgr 2012 47876 316 4012 3868 2366 4 34 3868 naPrdMgr 2020 42608 984 3272 3408 2312 3 38 3408 TAService 256 60584 8608 8712 3708 7253 38 46 3708 WinVNC 440 37480 3396 3632 1036 1182 4 29 1036 AdLinkServi 524 101508 16784 16784 11680 4988 8 53 11680 alg 2152 32636 3452 3460 1120 899 5 35 1120 explorer 3016 62088 17848 18224 12324 20045 7 55 12324 hkcmd 3300 30204 3784 4020 1480 1140 3 31 1480 shstat 3308 40780 1860 3772 3452 3860 3 35 3452 UpdaterUI 3352 38876 220 4048 1100 19373 3 37 1100 LogMeInSyst 1432 41716 5520 9884 2036 3957 4 42 2036 GEMService 2432 87424 6380 6468 3448 5953 45 41 3448 Tracker 2876 65412 35080 61840 30372 16913 4 35 30372 PersistentS 3660 37436 4932 5048 1380 1653 4 32 1380 TIM 3676 28572 3056 3292 772 958 2 28 772 PinPlacemen 3792 27432 5200 7344 1816 4008 4 23 1816 RecorderUti 2956 32140 3764 3880 932 1065 3 31 932 Logger 3424 29324 3304 3532 752 1110 3 30 752 Upgrader 2536 36852 4604 7324 1236 3264 4 33 1236 OrderLink 3236 32888 4388 4504 1172 1311 6 32 1172 VPTMC 3564 39316 2224 5372 1572 2157 6 34 1572 VPGolf3 3936 201312 5552 22344 13316 464665 9 81 13316 --------- Included Stuff Ends --------- ibguard and ibserver are parts of Interbase Server, which is installed on the system, not some sort of protection system. TIA for any ideas... Angus ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~