Tape backup policies
Hello everyone. For those who are still backing up to tape... What do you guys have for tape backup policies? I'm curious as to how far back you are keeping tapes - 1 year? 5 years? I've typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
That's really a question for your management. Your business type and other laws/guidelines will tell you how long you need to keep your data, the media it's put on is irrelevant. When we were still backing up to tape we did a daily full backup 4 week rotation with a month end and then kept the year end forever. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Friday, June 03, 2011 8:12 AM To: NT System Admin Issues Subject: Tape backup policies Hello everyone. For those who are still backing up to tape... What do you guys have for tape backup policies? I'm curious as to how far back you are keeping tapes - 1 year? 5 years? I've typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
OK I am over cautious, and we have a small data store in comparison to many on the list. I am just in the process of converting old backup tapes. Our normal backup procedure is Monthly tapes, one for each month, for our offsite backup. Onsite we use smaller tapes and do a weekly backup. Again these tapes are kept for 12 months and 52 weeks respectively. However we also do a Fiscal Year Backup and a Calendar Year Backup. These tapes are kept as long as possible. I started with DDS Tapes and progressed through DDS3 tapes, we then switched to VXA tapes. I took all the DDS tapes I could read, wrote them back to disk then back to VXA Tapes. We are in the process of switching to LTO for our platform, so I have just read in all the VXA tapes from Year End and FY End backups, wrote them back to disk. I will shortly spin them off to LTO tapes. However in about 6 months I will have to pull them back off this tape and write it again as we are again changing backup software. I have gone through 4 different backup programs over the life of this project and many tapes. I do have backups of Year end and Fiscal Year end back to 1995. There are a couple of incomplete backups in there as the old DDS tapes just couldn't be read. And yes I have been asked to pull data off the old backups and look at it. We had an error a few years ago that needed to be researched as to when it started and whose fault it was. Being a Govt agency we had to research it and pull any information we could. We were able to pull all needed data from our backups and prove error was not ours, even though we were blamed. The other agency giving us the data could only go back 12-24 months to supply data. But again I am lucky that we have a small data store so far. From: David Mazzaccaro [david.mazzacc...@hudsonmobility.com] Sent: Friday, June 03, 2011 8:12 AM To: NT System Admin Issues Subject: Tape backup policies Hello everyone. For those who are still backing up to tape… What do you guys have for tape backup policies? I’m curious as to how far back you are keeping tapes – 1 year? 5 years? I’ve typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
.as well as what's being backed up. It might be a SQL DB that the business unit wants backed up twice daily for faster recovery purposes. Most places I've worked at did the 2-week rotation, with a perm monthly tape like you mentioned. A lot of factors to take into consideration, involving other BUs and mgmt. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: N Parr [mailto:npar...@mortonind.com] Sent: Friday, June 03, 2011 9:22 AM To: NT System Admin Issues Subject: RE: Tape backup policies That's really a question for your management. Your business type and other laws/guidelines will tell you how long you need to keep your data, the media it's put on is irrelevant. When we were still backing up to tape we did a daily full backup 4 week rotation with a month end and then kept the year end forever. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Friday, June 03, 2011 8:12 AM To: NT System Admin Issues Subject: Tape backup policies Hello everyone. For those who are still backing up to tape... What do you guys have for tape backup policies? I'm curious as to how far back you are keeping tapes - 1 year? 5 years? I've typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
On 6/3/2011 9:12 AM, David Mazzaccaro wrote: Hello everyone. For those who are still backing up to tape… still :-) I think that tape is still - by far - the majority of backup targets ... What do you guyshavefor tape backuppolicies? I’m curious as to how far back you are keeping tapes–1 year? 5 years? I know we literally have tapes stored offsite from the mid 90s ... otherwise, I know we've never erased a month end or other such archived tape. I’ve typically seen a 10 tape rotation w/ a monthly tapeput inoffsitestorage. We did a 2 month rotation, and every EOM tape stored offsite. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Nice utility for those using ESX VM's
Check out RVTools utility at the following site. http://www.robware.net/ Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Nice utility for those using ESX VM's
Seen that a while back. Nice overview of whether servers have CD drives mounted, snapshots enabled, etc. On 3 June 2011 14:51, Ziots, Edward ezi...@lifespan.org wrote: Check out RVTools utility at the following site. http://www.robware.net/ Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
I have 12 weekly tapes (9 daily tapes, 3 full backup tapes). That gives me 2 weeks of daily backups and 3 full backups on weekends, then a month end tape is used so I have plenty to fall back on in the event of data loss or corruption (or in our case, server hardware failure which has occurred once). I transport them myself in a Turtle Case. I have 72 month end tapes, kept in Turtle Cases. 72 months = 5 years. Off site storage is my kitchen. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: 03 June 2011 09:12 To: NT System Admin Issues Subject: Tape backup policies Hello everyone. For those who are still backing up to tape. What do you guys have for tape backup policies? I'm curious as to how far back you are keeping tapes - 1 year? 5 years? I've typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary -- richard David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote on 06/03/2011 08:12:08 AM: Hello everyone. For those who are still backing up to tape? What do you guys have for tape backup policies? I?m curious as to how far back you are keeping tapes ? 1 year? 5 years? I?ve typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Hide windows libraries
Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
Exactly problem we faced, our solution was to read tapes on old drive and write again on new drive. However if you have multiple drives and the right type of software you can archive directly from one tape to another. -Original Message- From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, June 03, 2011 8:54 AM To: NT System Admin Issues Subject: Re: Tape backup policies Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary -- richard David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote on 06/03/2011 08:12:08 AM: Hello everyone. For those who are still backing up to tape... What do you guys have for tape backup policies? I'm curious as to how far back you are keeping tapes - 1 year? 5 years? I've typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
I used these Hive HKEY_CLASSES_ROOT Key path CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder Value name Attributes Value type REG_DWORD Value data 0xA9400100 (2839544064) Hive HKEY_CLASSES_ROOT Key path CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder Value name Attributes Value type REG_DWORD Value data 0xB090010D (2962227469) They were set via GPO in Preferences | Windows Settings | Registry I also used a custom base profile to set the AppData\Roaming\Microsoft\Windows\Libraries folder so that there were only specific locations allowed in each user's Documents Library and Pictures Library On 3 June 2011 15:12, Tom Miller tmil...@hnncsb.org wrote: Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
+1 In addition to this excellent point, it should be noted that an excessively long retention period could be as bad as having too short of a retention period, as it opens you up to greater electronic discovery in the event of legal action. Choose wisely, and work with senior management and legal counsel to develop the right data management policies. Barring conflicts with regulatory requirements, I typically try to work towards the following: -- Daily Backups maintained for up to 15 days -- Weekly Backups maintained for up to 5 weeks -- Monthly backups for up to 12-24 months -- Annual backups for up to 2 or 3 years (optional if maintaining 24 monthly backups) Some systems might have more stringent retention, for example a key database system maintaining 30 daily and 52 weekly backups. Whatever the configuration, it should be documented. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market... * On Fri, Jun 3, 2011 at 9:22 AM, N Parr npar...@mortonind.com wrote: That's really a question for your management. Your business type and other laws/guidelines will tell you how long you need to keep your data, the media it's put on is irrelevant. When we were still backing up to tape we did a daily full backup 4 week rotation with a month end and then kept the year end forever. -- *From:* David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] *Sent:* Friday, June 03, 2011 8:12 AM *To:* NT System Admin Issues *Subject:* Tape backup policies Hello everyone. For those who are still backing up to tape… What do you guys have for tape backup policies? I’m curious as to how far back you are keeping tapes – 1 year? 5 years? I’ve typically seen a 10 tape rotation w/ a monthly tape put in offsitestorage. Is this still common practice? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
For setting reg perms I used subinacl with the /subkeyreg switch Example below, which sets perms so that users can't rename My Computer or Recycle Bin subinacl /subkeyreg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID /grant=%userdomain%\%username%=R On 3 June 2011 15:12, Tom Miller tmil...@hnncsb.org wrote: Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
Does anyone know of a service to convert tape formats (i.e. LTO1 to LTO5)??? Or perhaps convert the data to some other media, such as DVD/Blueray/etc??? From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, June 03, 2011 9:54 AM To: NT System Admin Issues Subject: Re: Tape backup policies Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary -- richard David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote on 06/03/2011 08:12:08 AM: Hello everyone. For those who are still backing up to tape What do you guys have for tape backup policies? Im curious as to how far back you are keeping tapes 1 year? 5 years? Ive typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Hide windows libraries
It should be possible with W2k8 based GPO. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Friday, June 03, 2011 10:12 AM To: NT System Admin Issues Subject: Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFol der] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Friday, June 03, 2011 10:12 AM *To:* NT System Admin Issues *Subject:* Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
There are places that do that, just bing. I would think that DVD/BR wouldn't be the answer considering you can get 4TB on a hard drive these days. You can fit a ton of LTO1 tapes on one of those... On Fri, Jun 3, 2011 at 9:19 AM, John Aldrich jaldr...@blueridgecarpet.comwrote: Does anyone know of a service to convert tape formats (i.e. LTO1 to LTO5)??? Or perhaps convert the data to some other media, such as DVD/Blueray/etc??? From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, June 03, 2011 9:54 AM To: NT System Admin Issues Subject: Re: Tape backup policies Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary -- richard David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote on 06/03/2011 08:12:08 AM: Hello everyone. For those who are still backing up to tape… What do you guys have for tape backup policies? I’m curious as to how far back you are keeping tapes – 1 year? 5 years? I’ve typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Fake antivirus
I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
Google is your friend... *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market... * On Fri, Jun 3, 2011 at 10:19 AM, John Aldrich jaldr...@blueridgecarpet.comwrote: Does anyone know of a service to convert tape formats (i.e. LTO1 to LTO5)??? Or perhaps convert the data to some other media, such as DVD/Blueray/etc??? From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, June 03, 2011 9:54 AM To: NT System Admin Issues Subject: Re: Tape backup policies Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary -- richard David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote on 06/03/2011 08:12:08 AM: Hello everyone. For those who are still backing up to tape… What do you guys have for tape backup policies? I’m curious as to how far back you are keeping tapes – 1 year? 5 years? I’ve typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Hide windows libraries
If it's a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn't see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:24 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Friday, June 03, 2011 10:12 AM To: NT System Admin Issues Subject: Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFol der] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
Yeah... it was just a thought that came up when I read the original question. :D Not that I have a need for anything like that these days... our only tape drive is on the AS/400 and it's an LTO1. :D From: Steve Ens [mailto:stevey...@gmail.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Re: Tape backup policies There are places that do that, just bing. I would think that DVD/BR wouldn't be the answer considering you can get 4TB on a hard drive these days. You can fit a ton of LTO1 tapes on one of those... On Fri, Jun 3, 2011 at 9:19 AM, John Aldrich jaldr...@blueridgecarpet.com wrote: Does anyone know of a service to convert tape formats (i.e. LTO1 to LTO5)??? Or perhaps convert the data to some other media, such as DVD/Blueray/etc??? From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, June 03, 2011 9:54 AM To: NT System Admin Issues Subject: Re: Tape backup policies Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary -- richard David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote on 06/03/2011 08:12:08 AM: Hello everyone. For those who are still backing up to tape What do you guys have for tape backup policies? Im curious as to how far back you are keeping tapes 1 year? 5 years? Ive typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software. com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:24 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Friday, June 03, 2011 10:12 AM *To:* NT System Admin Issues *Subject:* Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If
RE: Fake antivirus
Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Hide windows libraries
I found a blog (don't remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:32 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.commailto:don.gu...@fiserv.com wrote: If it's a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn't see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. :) Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.commailto:don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.comhttp://www.fiserv.com/ From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:24 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.commailto:don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.commailto:don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.comhttp://www.fiserv.com/ From: Tom Miller [mailto:tmil...@hnncsb.orgmailto:tmil...@hnncsb.org] Sent: Friday, June 03, 2011 10:12 AM To: NT System Admin Issues Subject: Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Fake antivirus
We've noticed a rash of these redirects specifically when doing a Google Image search. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 03, 2011 10:35 AM To: NT System Admin Issues Subject: RE: Fake antivirus John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
We have had a LOT of success simply using Sys Restore to remove these programs... On Fri, Jun 3, 2011 at 9:34 AM, Ziots, Edward ezi...@lifespan.org wrote: John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Yeah...that's pretty much what I figure...and probably at least some of the hacked websites appeal to teenagers. :D I'll see if I can't get the user to upgrade to Vipre Home Premium. At least that should help. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 03, 2011 10:35 AM To: NT System Admin Issues Subject: RE: Fake antivirus John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Yeah...but don't you have to know how far back to restore to??? :D Plus, there's the whole problem of *getting* to System Restore...a lot of these fake antivirus apps will block most of your system tools. For example, I know this one won't let you add/remove programs. You can open add/remove programs (according to the user) but it won't let you *do* anything, because it doesn't display anything. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Friday, June 03, 2011 10:38 AM To: NT System Admin Issues Subject: Re: Fake antivirus We have had a LOT of success simply using Sys Restore to remove these programs... On Fri, Jun 3, 2011 at 9:34 AM, Ziots, Edward ezi...@lifespan.org wrote: John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Hi John, If you can get the fake AV's name -- I can likely shoot you some info. There is a new(ish) one on the block that hides files, folders, shortcuts and such. (windows recovery) If that is what you see -- let me know. We have a restore procedure to restore the hidden/moved files. Also don't nuke the temps [yet] because that is where all the shortcuts are. If MBAM quarantines it -- the quarantine is normally located here: (depends on OS) c:\documents and settings\USER_WHO_SCANNED\application data\malwarebytes\malwarebyte's antimalware\quarantine -- that dir has both the logs the quarantined items (xp/2k/2k3) C:\Users\USER_WHO_SCANNED\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\quarantine (vista/win7/win2k8) Please upload anything MBAM quarantines to us. http://www.sunbeltsecurity.com/threat Thanks John, Tammy -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
Try System Restore as well. -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com _ From: James Rankin [mailto:kz2...@googlemail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 03 Jun 2011 09:30:50 -0500 Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Teenagers = their own crappy box to screw up + Disc Image of clean install + parental controls, BTDT John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the
Re: Hide windows libraries
Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don’t remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP**4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:32 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:24 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Friday, June 03, 2011 10:12 AM *To:* NT System Admin Issues *Subject:* Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Hide windows libraries
That would be the one! John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.orgmailto:john.c...@pfsf.org wrote: I found a blog (don't remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:32 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.commailto:don.gu...@fiserv.com wrote: If it's a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn't see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. :) Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.commailto:don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.comhttp://www.fiserv.com/ From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:24 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.commailto:don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.commailto:don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.comhttp://www.fiserv.com/ From: Tom Miller [mailto:tmil...@hnncsb.orgmailto:tmil...@hnncsb.org] Sent: Friday, June 03, 2011 10:12 AM To: NT System Admin Issues Subject: Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said
Re: Fake antivirus
They mainly block windows by using the title of the window to decide what to kill Just open the window on a separate desktop ( http://technet.microsoft.com/en-us/sysinternals/cc817881) or just boot to safe mode. Occasionally they will use the relevant group policy registry keys to block, but the window killing variants are more common, so they must have this functionality baked into a toolkit somewhere. On 3 June 2011 15:42, John Aldrich jaldr...@blueridgecarpet.com wrote: Yeah...but don't you have to know how far back to restore to??? :D Plus, there's the whole problem of *getting* to System Restore...a lot of these fake antivirus apps will block most of your system tools. For example, I know this one won't let you add/remove programs. You can open add/remove programs (according to the user) but it won't let you *do* anything, because it doesn't display anything. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Friday, June 03, 2011 10:38 AM To: NT System Admin Issues Subject: Re: Fake antivirus We have had a LOT of success simply using Sys Restore to remove these programs... On Fri, Jun 3, 2011 at 9:34 AM, Ziots, Edward ezi...@lifespan.org wrote: John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they
RE: Fake antivirus
Ours have one of those, plus a netbook. In the past 3-4 yrs, I've managed to only have to rebuild each, once *knock on wood*. They don't touch the parent's PC. :) Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenagers = their own crappy box to screw up + Disc Image of clean install + parental controls, BTDT John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Hide windows libraries
Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explorer.htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don’t remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:32 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:24 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Friday, June 03, 2011 10:12 AM To: NT System Admin Issues Subject: Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch
RE: Fake antivirus
Will do. Thanks! -Original Message- From: Tammy Stewart [mailto:copper...@personainternet.com] Sent: Friday, June 03, 2011 10:42 AM To: NT System Admin Issues Subject: RE: Fake antivirus Hi John, If you can get the fake AV's name -- I can likely shoot you some info. There is a new(ish) one on the block that hides files, folders, shortcuts and such. (windows recovery) If that is what you see -- let me know. We have a restore procedure to restore the hidden/moved files. Also don't nuke the temps [yet] because that is where all the shortcuts are. If MBAM quarantines it -- the quarantine is normally located here: (depends on OS) c:\documents and settings\USER_WHO_SCANNED\application data\malwarebytes\malwarebyte's antimalware\quarantine -- that dir has both the logs the quarantined items (xp/2k/2k3) C:\Users\USER_WHO_SCANNED\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\quarantine (vista/win7/win2k8) Please upload anything MBAM quarantines to us. http://www.sunbeltsecurity.com/threat Thanks John, Tammy -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
I think that it is high time MS gave us some GPOs to manage libraries. There will be many Win7 / 2008 R2 RDS deployments starting and we all know users who can't cope when something changes. Reg key hacks and stripping perms with subinacl really isn't a good way to be managing these sort of modifications to a new desktop environment, IMHO. On 3 June 2011 15:58, Tom Miller tmil...@hnncsb.org wrote: Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explorer.htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP**4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:46 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don’t remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:32 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:24 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Friday, June 03, 2011 10:12 AM *To:* NT System Admin Issues *Subject:* Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage,
RE: Hide windows libraries
Agreed. These things are particularly irritating when you are trying to create a locked-down profile. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 11:10 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I think that it is high time MS gave us some GPOs to manage libraries. There will be many Win7 / 2008 R2 RDS deployments starting and we all know users who can't cope when something changes. Reg key hacks and stripping perms with subinacl really isn't a good way to be managing these sort of modifications to a new desktop environment, IMHO. On 3 June 2011 15:58, Tom Miller tmil...@hnncsb.org wrote: Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explo rer.htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-librar ies-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don't remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:32 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it's a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn't see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:24 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Friday, June 03, 2011 10:12 AM To: NT System Admin Issues Subject: Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFol der] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/
Re: Hide windows libraries
I've started carrying around a portfolio of pre-built profiles from previous jobs and using them as required. Saves all the hassle happening repeatedly. On 3 June 2011 16:30, Mayo, Bill bem...@pittcountync.gov wrote: Agreed. These things are particularly irritating when you are trying to create a locked-down profile. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 11:10 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I think that it is high time MS gave us some GPOs to manage libraries. There will be many Win7 / 2008 R2 RDS deployments starting and we all know users who can't cope when something changes. Reg key hacks and stripping perms with subinacl really isn't a good way to be managing these sort of modifications to a new desktop environment, IMHO. On 3 June 2011 15:58, Tom Miller tmil...@hnncsb.org wrote: Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explorer.htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:46 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don’t remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:32 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:24 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* Tom Miller [mailto:tmil...@hnncsb.org] *Sent:* Friday, June 03, 2011 10:12 AM *To:* NT System Admin Issues *Subject:* Hide windows libraries Folks, What are you doing to hide the Windows Libraries feature from your users? We are moving to Win 7 and for now plan to keep it hidden. I know I can disable this via a registry key, but it won't apply via GPO/script since you have to manually change the key's permissions first. Or is there a way to change perms via a GPO? Key I am using is: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder] QueryForOverlay= HideOnDesktopPerUser= PinToNameSpaceTree= Attributes=dword:b080010d Suggestions appreciated. Tom Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Re: * Dramatic Overhaul of Windows GUI: Video
Alex Eckelberry Cell: 727-644-8830 Sent from my BlackBerry -Original Message- From: Mike Gill lis...@canbyfoursquare.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thu Jun 02 20:13:25 2011 Subject: RE: * Dramatic Overhaul of Windows GUI: Video Hmm, looks familiar: http://www.mosaicbytribune.com/ Not at sophisticated as what’s in that video, but it sure looks inspired by. -- Mike Gill From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Thursday, June 02, 2011 12:45 PM To: NT System Admin Issues Subject: * Dramatic Overhaul of Windows GUI: Video * Dramatic Overhaul of Windows GUI: Video At a press event in Taipei this week, Redmond showed the next version of Windows, unveiling a dramatically overhauled tiles-based interface that they hope will be competitive in the tablet world. Microsoft marketing people must have gotten their fingers in this pie, because it's called a reimagining of Windows. Win8 will run on all types of devices from small, touch-sensitive smart phone screens to traditional large-screen PCs, and Win8 can be used with or without a keyboard and mouse. Basically, the screen looks just like the new Windows smart phone screen. The application comes quickly to life as Windows fades to the background, said Michael Angiulo, Windows Planning VP. The tiles on the start screen are live -- they represent your people, your applications, your contacts, the information you care the most about, he said. You can group them, arrange them and name them as you like, so that first start screen experience is really personal. Win 8 still also provides the normal Windows desktop and backward compatibility with existing Windows apps. Microsoft President Steve Sinofsky stated: Windows 8 is example of coloring outside the lines. We have an approach that is different, but builds on the value of an OS that sells 400 million or so units a year. Laptops, slates, desktops can all run one operating system. I will be reporting about this a lot more in the future. Stay tuned. Here's how it looks! 4:34 Youtube video: http://www.youtube.com/watch?v=p92QfWOw88I http://www.youtube.com/watch?v=p92QfWOw88I Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
More Sony All The Time
http://www.computerworld.com/s/article/9217273/Sony_Pictures_falls_victim_to_major_data_breach http://www.computerworld.com/s/article/9217273/Sony_Pictures_falls_victim_to_major_data_breach *Sony itself characterized the PlayStation Network and Sony Online Entertainment intrusions as highly targeted and sophisticated cyberattacks. However, all of the publicly disclosed ones since then appear to have been the result of some fundamental security oversights on the part of the company.* Apparently, poor security is part of the corporate culture... *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market... * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
On 6/3/2011 9:53 AM, richardmccl...@aspca.org wrote: Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary Or drives .. I have a stand-alone SDLT320 and stand-alone SDLT600 tape drive, attached to a server other than my current backup server, specifically for the reason of reading old tapes. It becomes more aggravating when I need an old ArcServe tape, instead of more current Networker. That's why I have a separate machine that is a Networker storage ndoe, that also has ArcServe installed on it. So I can start whichever backup program I need, to do restores. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
Well, the number of tapes depends on how much data, really. Here, we send about 10TB to tape each week. But, we keep weekly backups for 6 weeks, and monthly backups for 400 days. Weeklies go to an office about 6 blocks away, and monthlies go to Iron Mountain. David Mazzaccaro david.mazzacc...@hudsonmobility.com 6/3/2011 6:12 AM Hello everyone. For those who are still backing up to tape... What do you guys have for tape backup policies? I'm curious as to how far back you are keeping tapes - 1 year? 5 years? I've typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: RE: Fake antivirus
Tammy, I ran into one a few weeks back that hid files and folders like what you described. I think I reversed everything it did, but is there any other info that you can share with the group aside from what you've posted here? Thanks, Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On Jun 3, 2011 10:43 AM, Tammy Stewart copper...@personainternet.com wrote: Hi John, If you can get the fake AV's name -- I can likely shoot you some info. There is a new(ish) one on the block that hides files, folders, shortcuts and such. (windows recovery) If that is what you see -- let me know. We have a restore procedure to restore the hidden/moved files. Also don't nuke the temps [yet] because that is where all the shortcuts are. If MBAM quarantines it -- the quarantine is normally located here: (depends on OS) c:\documents and settings\USER_WHO_SCANNED\application data\malwarebytes\malwarebyte's antimalware\quarantine -- that dir has both the logs the quarantined items (xp/2k/2k3) C:\Users\USER_WHO_SCANNED\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\quarantine (vista/win7/win2k8) Please upload anything MBAM quarantines to us. http://www.sunbeltsecurity.com/threat Thanks John, Tammy -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
I *love* the recent places feature... To me, the reverse of the problem you mention is worse. Much worse. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market... * On Fri, Jun 3, 2011 at 12:53 PM, Sam Cayze sca...@gmail.com wrote: Since we are the subject, is there any way for explorer to NOT remember the last folder where I saved something? Sometimes I save something very deep in the network… so that the next time I want to save something, to the desktop, I have to scroll ALL the way to the top to find desktop. PITA. Sam *From:* Sam Cayze [mailto:sca...@gmail.com] *Sent:* Friday, June 03, 2011 11:47 AM *To:* NT System Admin Issues *Subject:* RE: Hide windows libraries *NOTE:* If you have x64 there is one more step needed to remove them from the ‘Open/Save As’ dialog boxes as well. Otherwise you are only removing them from Explorer. http://www.sevenforums.com/tutorials/35627-libraries-folder-add-remove-navigation-pane.html In short: HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder To b090010d AND HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder To b090010d -Sam *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:34 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I've started carrying around a portfolio of pre-built profiles from previous jobs and using them as required. Saves all the hassle happening repeatedly. On 3 June 2011 16:30, Mayo, Bill bem...@pittcountync.gov wrote: Agreed. These things are particularly irritating when you are trying to create a locked-down profile. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 11:10 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I think that it is high time MS gave us some GPOs to manage libraries. There will be many Win7 / 2008 R2 RDS deployments starting and we all know users who can't cope when something changes. Reg key hacks and stripping perms with subinacl really isn't a good way to be managing these sort of modifications to a new desktop environment, IMHO. On 3 June 2011 15:58, Tom Miller tmil...@hnncsb.org wrote: Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explorer.htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:46 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don’t remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:32 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:24 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Actually I forgot, you can set registry permissions in Computer Config | Policies | Windows Settings | Security Settings | Registry, IIRC On 3 June 2011 15:25, Guyer, Don don.gu...@fiserv.com wrote: It should be possible with W2k8 based GPO. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise
Re: Hide windows libraries
Hence the need for the GPOs to keep all happy... Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Andrew S. Baker asbz...@gmail.com Date: Fri, 3 Jun 2011 12:56:24 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: Hide windows libraries I *love* the recent places feature... To me, the reverse of the problem you mention is worse. Much worse. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market... * On Fri, Jun 3, 2011 at 12:53 PM, Sam Cayze sca...@gmail.com wrote: Since we are the subject, is there any way for explorer to NOT remember the last folder where I saved something? Sometimes I save something very deep in the network… so that the next time I want to save something, to the desktop, I have to scroll ALL the way to the top to find desktop. PITA. Sam *From:* Sam Cayze [mailto:sca...@gmail.com] *Sent:* Friday, June 03, 2011 11:47 AM *To:* NT System Admin Issues *Subject:* RE: Hide windows libraries *NOTE:* If you have x64 there is one more step needed to remove them from the ‘Open/Save As’ dialog boxes as well. Otherwise you are only removing them from Explorer. http://www.sevenforums.com/tutorials/35627-libraries-folder-add-remove-navigation-pane.html In short: HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder To b090010d AND HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder To b090010d -Sam *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:34 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I've started carrying around a portfolio of pre-built profiles from previous jobs and using them as required. Saves all the hassle happening repeatedly. On 3 June 2011 16:30, Mayo, Bill bem...@pittcountync.gov wrote: Agreed. These things are particularly irritating when you are trying to create a locked-down profile. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 11:10 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I think that it is high time MS gave us some GPOs to manage libraries. There will be many Win7 / 2008 R2 RDS deployments starting and we all know users who can't cope when something changes. Reg key hacks and stripping perms with subinacl really isn't a good way to be managing these sort of modifications to a new desktop environment, IMHO. On 3 June 2011 15:58, Tom Miller tmil...@hnncsb.org wrote: Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explorer.htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:46 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries-feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don’t remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. *John W. Cook* *System Administrator* *Partnership For Strong Families* *5950 NW 1st Place* *Gainesville, Fl 32607* *Office (352) 244-1610* *Cell (352) 215-6944* *MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4* *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:32 AM *To:* NT System Admin Issues *Subject:* Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it’s a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn’t see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Friday, June 03, 2011 10:24 AM *To:* NT System Admin Issues *Subject:* Re: Hide
RE: Fake antivirus
Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files). Gene Giannamore -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
+1 for combofix at home. -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Friday, June 03, 2011 12:05 PM To: NT System Admin Issues Subject: RE: Fake antivirus Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files). Gene Giannamore -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Hide windows libraries
You are starting to sound like a conslutant! J Webster From: James Rankin [mailto:kz2...@googlemail.com] Subject: Re: Hide windows libraries I've started carrying around a portfolio of pre-built profiles from previous jobs and using them as required. Saves all the hassle happening repeatedly. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
As to tricks... Often there is something hidden somewhere that downloads something else. It is this second download that gets flagged. Meanwhile, the original whatever is still there, so it continues to download the same thing (or a variant). Since this person is a VIPRE customer, be prepared to call their support. Not that you can't handle it yourself with the advice given in the string, but they may save considerable time (and may be aware of some of these hidden process which are continuing to download infections). ps - perhaps a long wait time for the call, but they are very very good! -- richard John Aldrich jaldr...@blueridgecarpet.com 06/03/2011 09:27 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
+1 on the documentation! Last read-through of PCI standards, there were not that many specifics as to how many, how long, how often, etc. What was explicit, though, was that a written policy be in place, that it is adhered to, and that the destruction of old media be documented. -- richard Andrew S. Baker asbz...@gmail.com 06/03/2011 09:18 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject Re: Tape backup policies +1 In addition to this excellent point, it should be noted that an excessively long retention period could be as bad as having too short of a retention period, as it opens you up to greater electronic discovery in the event of legal action. Choose wisely, and work with senior management and legal counsel to develop the right data management policies. Barring conflicts with regulatory requirements, I typically try to work towards the following: -- Daily Backups maintained for up to 15 days -- Weekly Backups maintained for up to 5 weeks -- Monthly backups for up to 12-24 months -- Annual backups for up to 2 or 3 years (optional if maintaining 24 monthly backups) Some systems might have more stringent retention, for example a key database system maintaining 30 daily and 52 weekly backups. Whatever the configuration, it should be documented. ASB (Professional Bio) Harnessing the Advantages of Technology for the SMB market... On Fri, Jun 3, 2011 at 9:22 AM, N Parr npar...@mortonind.com wrote: That's really a question for your management. Your business type and other laws/guidelines will tell you how long you need to keep your data, the media it's put on is irrelevant. When we were still backing up to tape we did a daily full backup 4 week rotation with a month end and then kept the year end forever. From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Friday, June 03, 2011 8:12 AM To: NT System Admin Issues Subject: Tape backup policies Hello everyone. For those who are still backing up to tape? What do you guys have for tape backup policies? I?m curious as to how far back you are keeping tapes ? 1 year? 5 years? I?ve typically seen a 10 tape rotation w/ a monthly tape put in offsite storage. Is this still common practice? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Vipre/ MS Malware conflicts
In Vipre's control panel, if you go to the properties of the policy, then go down under Agent to Communication, there is a place to disable Windows Defender, and to incorporate Vipre into the Windows Security Center. That might solve at least some of your problems. David On Fri, Jun 3, 2011 at 7:30 AM, Level 5 Lists li...@levelfive.us wrote: We have vipre rolled out at one of our clients, its working okay, but we recently had to turn it from medium to low because it was severly hampering internet browsing. What we also found was that MS Anti-Malware was running on several computers and even though security center is reporting vipre is in control if I turn off the MS product and goto Action Center and change the settings Im still getting popups on the desktops stating your system is not protected click Start Now … We are 2008r2 domain with all Win7 pro desktops. Im going to see if I can deploy a GPO to handle disabling MS Malware , should be easy enough but not positive about the security center warning pop ups .. This just started happening within the past 2 weeks, possibly a viper update issue? I know we had some issues with one of the versions but thought we moved past that already… ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ *The right to be let alone – the most comprehensive of rights and the right most valued by civilized men.* – Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Hide windows libraries
My soul hasn't been quite sold to the devil yet :-0 Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Webster carlwebs...@gmail.com Date: Fri, 3 Jun 2011 12:25:22 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Hide windows libraries You are starting to sound like a conslutant! J Webster From: James Rankin [mailto:kz2...@googlemail.com] Subject: Re: Hide windows libraries I've started carrying around a portfolio of pre-built profiles from previous jobs and using them as required. Saves all the hassle happening repeatedly. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Yeah... these things aren't *generally* a big deal to clean.. usually either Malware Bytes or Vipre Rescue... Never seen something that one or both wouldn't clean. :D From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, June 03, 2011 1:30 PM To: NT System Admin Issues Subject: Re: Fake antivirus As to tricks... Often there is something hidden somewhere that downloads something else. It is this second download that gets flagged. Meanwhile, the original whatever is still there, so it continues to download the same thing (or a variant). Since this person is a VIPRE customer, be prepared to call their support. Not that you can't handle it yourself with the advice given in the string, but they may save considerable time (and may be aware of some of these hidden process which are continuing to download infections). ps - perhaps a long wait time for the call, but they are very very good! -- richard John Aldrich jaldr...@blueridgecarpet.com 06/03/2011 09:27 AM Please respond to NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com To NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Press this button if the To is a fax number. Enter in the fax number like 123-456-7890. cc Subject Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
+2, either at home or at the office. Combofix (be careful where you get it -- the BleepingComputer site is the most reliable), Malwarebytes, and Vipre. Vipre seems to take the longest to run. David On Fri, Jun 3, 2011 at 10:23 AM, Maglinger, Paul pmaglin...@scvl.comwrote: +1 for combofix at home. -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Friday, June 03, 2011 12:05 PM To: NT System Admin Issues Subject: RE: Fake antivirus Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files). Gene Giannamore -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ *The right to be let alone – the most comprehensive of rights and the right most valued by civilized men.* – Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
PowerBroker application - FOLLOW-UP Question
I was just on the phone with a reseller for the Scriptlogic product, and he mentioned Group Policy Preferences for what I'm trying to do. Does anyone know if permission elevation for installing specific software is possible through GPP? How is everyone out there handling users installing specific software without making them local admins? This will be a 2008R2/Win7 environment, so would request that answers be based on that, if possible. What we do with older technology isn't necessarily what we can/will do with newer. Also, I know about, and am looking into the BeyondTrust, Scriptlogic and Viewfinity products, so no need to respond with those options, unless you have a big selling point on any of them. As always, I appreciate all help/advice/tips. Joseph Heaton jhea...@dfg.ca.gov 5/26/2011 4:24 PM Has anyone used this product, from BeyondTrust? Looks like it would be useful to minimize permission levels on Win 7 boxes. We're looking at using Applocker, and this seems to be a good fit to go along with that, to automatically raise perm levels for apps in Applocker, so normal users can install whitelisted applications. Any personal experiences would be most appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: PowerBroker application - FOLLOW-UP Question
Group Policy Preferences can run as a specific user. Not sure whether software installation gpos come under that though. Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Joseph Heaton jhea...@dfg.ca.gov Date: Fri, 3 Jun 2011 10:50:20 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: PowerBroker application - FOLLOW-UP Question I was just on the phone with a reseller for the Scriptlogic product, and he mentioned Group Policy Preferences for what I'm trying to do. Does anyone know if permission elevation for installing specific software is possible through GPP? How is everyone out there handling users installing specific software without making them local admins? This will be a 2008R2/Win7 environment, so would request that answers be based on that, if possible. What we do with older technology isn't necessarily what we can/will do with newer. Also, I know about, and am looking into the BeyondTrust, Scriptlogic and Viewfinity products, so no need to respond with those options, unless you have a big selling point on any of them. As always, I appreciate all help/advice/tips. Joseph Heaton jhea...@dfg.ca.gov 5/26/2011 4:24 PM Has anyone used this product, from BeyondTrust? Looks like it would be useful to minimize permission levels on Win 7 boxes. We're looking at using Applocker, and this seems to be a good fit to go along with that, to automatically raise perm levels for apps in Applocker, so normal users can install whitelisted applications. Any personal experiences would be most appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
That is one of the sources of the re-directs that I have seen also (Basically poisoning the google cache) there are others, but a lot of it is based on video, or images. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Friday, June 03, 2011 10:38 AM To: NT System Admin Issues Subject: RE: Fake antivirus We've noticed a rash of these redirects specifically when doing a Google Image search. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 03, 2011 10:35 AM To: NT System Admin Issues Subject: RE: Fake antivirus John, A lot of this Fake AV is also coming from legitmate but hacked websites, and drive-by malware. There has been more and more sites hit with Web application attacks, which are imbedding malicious Iframe, and other goodies which are making links going to their malware sites and not the link they thought they was going too. Been seeing Fake-AV popping up as well, along with Target Phishing attacks, and the big fun of seeing the Military and Govt Entities being phished by the Chinese ( or so the US Govt says) just underlies how sensitive and secret information and communications are being sent over public email, which is pretty silly IMHO... Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
Better Yet, heck with the OS, make them learn Linux and Boot to a LiveCD on a thumb drive.. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenagers = their own crappy box to screw up + Disc Image of clean install + parental controls, BTDT John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/
RE: Fake antivirus
LOL!!! H3ll, I can hardly get my Son to take out the garbage twice a week! Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 03, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Fake antivirus Better Yet, heck with the OS, make them learn Linux and Boot to a LiveCD on a thumb drive.. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenagers = their own crappy box to screw up + Disc Image of clean install + parental controls, BTDT John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Fake antivirus
:D I like that! -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 03, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Fake antivirus Better Yet, heck with the OS, make them learn Linux and Boot to a LiveCD on a thumb drive.. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenagers = their own crappy box to screw up + Disc Image of clean install + parental controls, BTDT John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
RE: Fake antivirus
LOL don't make me get all military and come down there and show you how to put him on KP duty. He will think choices are a god-send compared to that. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 2:26 PM To: NT System Admin Issues Subject: RE: Fake antivirus LOL!!! H3ll, I can hardly get my Son to take out the garbage twice a week! Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, June 03, 2011 2:19 PM To: NT System Admin Issues Subject: RE: Fake antivirus Better Yet, heck with the OS, make them learn Linux and Boot to a LiveCD on a thumb drive.. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: John Cook [mailto:john.c...@pfsf.org] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenagers = their own crappy box to screw up + Disc Image of clean install + parental controls, BTDT John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Guyer, Don [mailto:don.gu...@fiserv.com] Sent: Friday, June 03, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Fake antivirus Teenage (or young) users = must have parental controls! I can't imagine how many weekends I'd have to spend rebuilding home machines without it. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: RE: Fake antivirus Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. As I have not yet seen the problem, I don't know if it's going to be easy or difficult. Hopefully MBAM and Vipre won't have any problem with it. :D Thanks again! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:31 AM To: NT System Admin Issues Subject: Re: Fake antivirus May be time to invest in some UAT (user awareness training). Continual re-infestation either means he is unlucky, or gung-ho in his browsing. I've had some fake AVs recently which were ridiculously easy to get rid of (kill process, delete files, remove autorun entry). Others have been more stealthy - such as killing targeted windows like Task Manager. Booting into safe mode usually prevents these extra features from bothering you. But as with everything - a reimage may be the only way to be sure. On 3 June 2011 15:26, John Aldrich jaldr...@blueridgecarpet.com wrote: I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of
RE: Hide windows libraries
I hear ya. I think it would be great for MS to redesign so that FAV folders stayed PINNED to the window so they were always avail I shouldn't have to scroll up each time to find them. I mean, they are FAVORITES, shouldn't they always be accessible, isn't that the point? Rant over :) From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, June 03, 2011 11:56 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I *love* the recent places feature... To me, the reverse of the problem you mention is worse. Much worse. ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Harnessing the Advantages of Technology for the SMB market... On Fri, Jun 3, 2011 at 12:53 PM, Sam Cayze sca...@gmail.com wrote: Since we are the subject, is there any way for explorer to NOT remember the last folder where I saved something? Sometimes I save something very deep in the network. so that the next time I want to save something, to the desktop, I have to scroll ALL the way to the top to find desktop. PITA. Sam From: Sam Cayze [mailto:sca...@gmail.com] Sent: Friday, June 03, 2011 11:47 AM To: NT System Admin Issues Subject: RE: Hide windows libraries NOTE: If you have x64 there is one more step needed to remove them from the 'Open/Save As' dialog boxes as well. Otherwise you are only removing them from Explorer. http://www.sevenforums.com/tutorials/35627-libraries-folder-add-remove-navig ation-pane.html In short: HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder To b090010d AND HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{031E4825-7B94-4dc3-B1 31-E946B44C8DD5}\ShellFolder To b090010d -Sam From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:34 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I've started carrying around a portfolio of pre-built profiles from previous jobs and using them as required. Saves all the hassle happening repeatedly. On 3 June 2011 16:30, Mayo, Bill bem...@pittcountync.gov wrote: Agreed. These things are particularly irritating when you are trying to create a locked-down profile. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 11:10 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I think that it is high time MS gave us some GPOs to manage libraries. There will be many Win7 / 2008 R2 RDS deployments starting and we all know users who can't cope when something changes. Reg key hacks and stripping perms with subinacl really isn't a good way to be managing these sort of modifications to a new desktop environment, IMHO. On 3 June 2011 15:58, Tom Miller tmil...@hnncsb.org wrote: Thanks, another option. I was able to use the original key below after modifying the perms for the key's subfolder, as suggested by James. I was using this link (left Favorites, hid Libraries): http://www.petri.co.il/remove-libraries-and-favorites-from-windows-explorer. htm John Cook john.c...@pfsf.org 6/3/2011 10:50 AM That would be the one! John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 tel:%28352%29%20244-1610 Cell (352) 215-6944 tel:%28352%29%20215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:46 AM To: NT System Admin Issues Subject: Re: Hide windows libraries Something like these? http://www.howtogeek.com/howto/21462/how-to-enable-or-disable-the-libraries- feature-in-windows-7/ On 3 June 2011 15:37, John Cook john.c...@pfsf.org wrote: I found a blog (don't remember where at the moment) that had 2 simple scripts that would either disable or reenable Libraries. Simple double click and it was done. John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 tel:%28352%29%20244-1610 Cell (352) 215-6944 tel:%28352%29%20215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, June 03, 2011 10:32 AM To: NT System Admin Issues Subject: Re: Hide windows libraries I didn't have to do it on mine, I admit. On 3 June 2011 15:30, Guyer, Don don.gu...@fiserv.com wrote: If it's a Computer GPO, is it even necessary to modify perms? When I Googled real quick, I didn't see any info regarding having to change perms. Just curious, cuz I may have to do this in the future. J Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 tel:1-800-523-7282%20x%201673 Fax: 610-233-0404 http://www.fiserv.com/ www.fiserv.com From: James Rankin
RE: Fake antivirus
If it is the fake AV/HDD tool that hides all the files/folders moves the shortcuts to %temp% combofix is not recommended because one of the things combofix does is empty out all temp folders which is where the start menu icons are. Regards, Tammy _ From: David [mailto:blazer...@gmail.com] Sent: Friday, June 03, 2011 1:50 PM To: NT System Admin Issues Subject: Re: Fake antivirus +2, either at home or at the office. Combofix (be careful where you get it -- the BleepingComputer site is the most reliable), Malwarebytes, and Vipre. Vipre seems to take the longest to run. David On Fri, Jun 3, 2011 at 10:23 AM, Maglinger, Paul pmaglin...@scvl.com wrote: +1 for combofix at home. -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Friday, June 03, 2011 12:05 PM To: NT System Admin Issues Subject: RE: Fake antivirus Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files). Gene Giannamore -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ The right to be let alone - the most comprehensive of rights and the right most valued by civilized men. - Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
So beyond Vipre, what other rescue tools would you recommend, Tammy? Dave On Fri, Jun 3, 2011 at 1:02 PM, Tammy Stewart copper...@personainternet.com wrote: If it is the fake AV/HDD tool that hides all the files/folders moves the shortcuts to %temp% combofix is not recommended because one of the things combofix does is empty out all temp folders which is where the start menu icons are. Regards, Tammy -- *From:* David [mailto:blazer...@gmail.com] *Sent:* Friday, June 03, 2011 1:50 PM *To:* NT System Admin Issues *Subject:* Re: Fake antivirus +2, either at home or at the office. Combofix (be careful where you get it -- the BleepingComputer site is the most reliable), Malwarebytes, and Vipre. Vipre seems to take the longest to run. David On Fri, Jun 3, 2011 at 10:23 AM, Maglinger, Paul pmaglin...@scvl.com wrote: +1 for combofix at home. -Original Message- From: Gene Giannamore [mailto:gene.giannam...@abideinternational.com] Sent: Friday, June 03, 2011 12:05 PM To: NT System Admin Issues Subject: RE: Fake antivirus Had very good luck so far using combofix, Malwarebytes, and viper. Although 1 computer running XPsp3 is now very slow and the user does not want a wipe. I found combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix here. I do not follow the directions completely; I don't post the log file to any forum. I do, disable AV, run updated combofix, enable AV, run malwarebytes. If there is anything still going on, I'll do a quick scan with superantispyware then investigate manually (registry, running processes, files). Gene Giannamore -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 7:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ *The right to be let alone – the most comprehensive of rights and the right most valued by civilized men.* – Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ *The right to be let alone – the most comprehensive of rights and the right most valued by civilized men.* – Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
We have a data retention policy driven by lawyers. Our offsite backups are tape via Disk-to-Disk-to-Tape. These tapes are explicitly NOT to be used for long term retention, ie our tapes are rotated in about a year. Our policy drives what is kept long term and short term. Where they are kept doesn't matter but we have a separate fileshare with Permanent Archives and Interim Archives. The perm archives are kept indefinitely (pretty much construction drawings only). Our Interems are kept for various timeframes based on type - with a max of 5 years ... then they get deleted. FYI We are considering some online backup systems for offsite DR but we need more work to pay for it. hth, Devin On Fri, Jun 3, 2011 at 8:12 AM, David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote: Hello everyone. For those who are still backing up to tape… What do you guys have for tape backup policies? I’m curious as to how far back you are keeping tapes – 1 year? 5 years? I’ve typically seen a 10 tape rotation w/ a monthly tape put in offsitestorage. Is this still common practice? . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
Ok. I'm on-site. I don't see the fake antivirus. I did find and disable a coupon toolbar (damn those things are tough to disable!) I don't have access to the add/remove programs because when I open that up, there's nothing there. I'm running a MBAM scan right now. I don't have a lot of time to stay on-site as I have to head out shortly. Wondering if anyone knows what might cause the Add/Remove Programs to show up as empty? This is on XP Media Center, FWIW. Antivirus is Vipre Home, version 4.0.4194. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Tape backup policies
Why not do a one-time restore of really old backups to your newer backup medium? That way you can always use your current SW for a restore from any time frame. Dave -Original Message- From: Mike Leone [mailto:oozerd...@gmail.com] Sent: Friday, June 03, 2011 9:25 AM To: NT System Admin Issues Subject: Re: Tape backup policies On 6/3/2011 9:53 AM, richardmccl...@aspca.org wrote: Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary Or drives .. I have a stand-alone SDLT320 and stand-alone SDLT600 tape drive, attached to a server other than my current backup server, specifically for the reason of reading old tapes. It becomes more aggravating when I need an old ArcServe tape, instead of more current Networker. That's why I have a separate machine that is a Networker storage ndoe, that also has ArcServe installed on it. So I can start whichever backup program I need, to do restores. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Previous Version snapshots causing locked files
Is this file server underlying location on a SAN? If so, what brand? Robert On Fri, Jun 3, 2011 at 3:48 AM, Oliver Marshall oliver.marsh...@g2support.com wrote: Hi chaps, One one of our servers some people are reporting problems with files being locked “by another user” during the time of the daily previous version snapshots. This only appears to happen on a small number of spreadsheets (3 so far) out of tens of thousands of files across hundreds of users here. Those 3 files are in a folder on our main 2003 64 bit file server. I’m not aware of the previous version feature causing file lockouts, but it does appear to be related. If we change the time of the snapshots in windows then the locked file issues change time as well. Keep retrying to between 1 to 15 mins and it goes away. Anyone seen this before? Any idea why it would be only a few files out of so many on the same server? Olly ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Tape backup policies
David, This is why we moved to online archives only. It requires more disk space and periodic review, but disk space is cheap and so is my time! We had DDS1 tapes written in Palindrome Network Archivist, some from the late 80's or so, we had DDS2, DDS3, DDS4, DLTIV, DLT S320 and now DLTS4. We even had some archive CD's that could not be read, lucky we had offsite copies of the CD's which were readable. I guess I can't store them on my dashboard :-). On Fri, Jun 3, 2011 at 4:32 PM, David Lum david@nwea.org wrote: Why not do a one-time restore of really old backups to your newer backup medium? That way you can always use your current SW for a restore from any time frame. Dave -Original Message- From: Mike Leone [mailto:oozerd...@gmail.com] Sent: Friday, June 03, 2011 9:25 AM To: NT System Admin Issues Subject: Re: Tape backup policies On 6/3/2011 9:53 AM, richardmccl...@aspca.org wrote: Here is something I don't recall being discussed... LTO1 may be read by an LTO3 drive. Our LTO3 tapes supposedly can be read by our new LTO5 drive... What I'm getting at is, keeping forever may require moth-balling machines so they can be read if necessary Or drives .. I have a stand-alone SDLT320 and stand-alone SDLT600 tape drive, attached to a server other than my current backup server, specifically for the reason of reading old tapes. It becomes more aggravating when I need an old ArcServe tape, instead of more current Networker. That's why I have a separate machine that is a Networker storage ndoe, that also has ArcServe installed on it. So I can start whichever backup program I need, to do restores. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: RE: Fake antivirus
Hi Johnathan all, Sorry - been a busy one today. Based on what we all have found, this has been working quite well as long as the temps have not been emptied out: If the rogue is still running nothing is seeing it normally it will be found: (where random.exe is a random name executable) Normally 2 of them. XP: C:\documents and settings\all users\application data\random.exe Vista\Windows7: C:\programdata\random.exe One will be a random set of numbers the other will be a random set of upper/lower letters. Taskkill /im filename /f Works well then rename the extensions so they don't load again or delete files. This should get most if not all the shortcuts back and unhide everything it hid. (it will also end up unhiding windows patch install directories application data folders) http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76 http://supportforums.sunbeltsoftware.com/messageview.aspx?catid=76threadid =7944enterthread=y threadid=7944enterthread=y There will be some additional registry stuff that needs fixing to repair some IE settings that can leave the system vulnerable to getting hit again. Additional info here: (reg/file info at bottom of page) http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery Regards, Tammy _ From: Jonathan [mailto:ncm...@gmail.com] Sent: Friday, June 03, 2011 12:55 PM To: NT System Admin Issues Subject: Re: RE: Fake antivirus Tammy, I ran into one a few weeks back that hid files and folders like what you described. I think I reversed everything it did, but is there any other info that you can share with the group aside from what you've posted here? Thanks, Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On Jun 3, 2011 10:43 AM, Tammy Stewart copper...@personainternet.com wrote: Hi John, If you can get the fake AV's name -- I can likely shoot you some info. There is a new(ish) one on the block that hides files, folders, shortcuts and such. (windows recovery) If that is what you see -- let me know. We have a restore procedure to restore the hidden/moved files. Also don't nuke the temps [yet] because that is where all the shortcuts are. If MBAM quarantines it -- the quarantine is normally located here: (depends on OS) c:\documents and settings\USER_WHO_SCANNED\application data\malwarebytes\malwarebyte's antimalware\quarantine -- that dir has both the logs the quarantined items (xp/2k/2k3) C:\Users\USER_WHO_SCANNED\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\quarantine (vista/win7/win2k8) Please upload anything MBAM quarantines to us. http://www.sunbeltsecurity.com/threat Thanks John, Tammy -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, June 03, 2011 10:26 AM To: NT System Admin Issues Subject: Fake antivirus I'm going to go to a former co-worker's this afternoon to clean his system (again) from another fake antivirus infestation. I've already got Vipre Rescue and Malware Bytes on a memory stick. I've also got RKILL. I haven't had to deal with any fake antivirus in a few weeks. Just wondering if they have developed any new tricks recently that I should be aware of? Oh, this user had Vipre Home on his PC, and got infested anyway. Should I submit samples to Sunbelt (assuming I can find where they're quarantined)??? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Fake antivirus
On 3 Jun 2011 at 10:34, John Aldrich wrote: Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. Have him either get the kids their own computer or set up a VirtualBox for them to run in his computer. That way they'll only trash their own stuff. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: from Cornelia
On 2 Jun 2011 at 15:44, Stu Sjouwerman wrote: Will Kill. Been seeing spam here regularly, 1-5 msgs/week. Not Good. Do you have a Captcha in your subscribe mechanism? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Vipre/ MS Malware conflicts
Thanks dave we did that during the install of viper many months ago. In security center it shows viper is registered for virus and spyware, which is why we are confused as to why ms malware is complaining and running in automatic. From: David [mailto:blazer...@gmail.com] Sent: Friday, June 03, 2011 1:43 PM To: NT System Admin Issues Subject: Re: Vipre/ MS Malware conflicts In Vipre's control panel, if you go to the properties of the policy, then go down under Agent to Communication, there is a place to disable Windows Defender, and to incorporate Vipre into the Windows Security Center. That might solve at least some of your problems. David On Fri, Jun 3, 2011 at 7:30 AM, Level 5 Lists li...@levelfive.usmailto:li...@levelfive.us wrote: We have vipre rolled out at one of our clients, its working okay, but we recently had to turn it from medium to low because it was severly hampering internet browsing. What we also found was that MS Anti-Malware was running on several computers and even though security center is reporting vipre is in control if I turn off the MS product and goto Action Center and change the settings Im still getting popups on the desktops stating your system is not protected click Start Now ... We are 2008r2 domain with all Win7 pro desktops. Im going to see if I can deploy a GPO to handle disabling MS Malware , should be easy enough but not positive about the security center warning pop ups .. This just started happening within the past 2 weeks, possibly a viper update issue? I know we had some issues with one of the versions but thought we moved past that already... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ The right to be let alone - the most comprehensive of rights and the right most valued by civilized men. - Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fake antivirus
What about using open dns for a few bucks a year ? you can turn on simple blocking of known malware sites and a few other things and keep it pretty clean. -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Friday, June 03, 2011 8:02 PM To: NT System Admin Issues Subject: Re: Fake antivirus On 3 Jun 2011 at 10:34, John Aldrich wrote: Thanks... This particular user is unlucky enough to have teenagers who use his computer. My guess is they are visiting infected/hostile/0wned sites and that's how he's getting infected. Never really had a problem when he was working here, so I'm suspecting it's some of his grandkids that are causing the problem. Have him either get the kids their own computer or set up a VirtualBox for them to run in his computer. That way they'll only trash their own stuff. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Vipre/ MS Malware conflicts
I would call Vipre support, they've always been eager to help. ** sent slowly via DroidX ** On Jun 3, 2011 5:34 PM, Level 5 Lists li...@levelfive.us wrote: Thanks dave we did that during the install of viper many months ago. In security center it shows viper is registered for virus and spyware, which is why we are confused as to why ms malware is complaining and running in automatic. From: David [mailto:blazer...@gmail.com] Sent: Friday, June 03, 2011 1:43 PM To: NT System Admin Issues Subject: Re: Vipre/ MS Malware conflicts In Vipre's control panel, if you go to the properties of the policy, then go down under Agent to Communication, there is a place to disable Windows Defender, and to incorporate Vipre into the Windows Security Center. That might solve at least some of your problems. David On Fri, Jun 3, 2011 at 7:30 AM, Level 5 Lists li...@levelfive.usmailto: li...@levelfive.us wrote: We have vipre rolled out at one of our clients, its working okay, but we recently had to turn it from medium to low because it was severly hampering internet browsing. What we also found was that MS Anti-Malware was running on several computers and even though security center is reporting vipre is in control if I turn off the MS product and goto Action Center and change the settings Im still getting popups on the desktops stating your system is not protected click Start Now ... We are 2008r2 domain with all Win7 pro desktops. Im going to see if I can deploy a GPO to handle disabling MS Malware , should be easy enough but not positive about the security center warning pop ups .. This just started happening within the past 2 weeks, possibly a viper update issue? I know we had some issues with one of the versions but thought we moved past that already... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ The right to be let alone - the most comprehensive of rights and the right most valued by civilized men. - Supreme Court Justice Louis Brandeis, Olmstead v. U.S., 277 U.S. 438 (1928) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin