Category: Antivirus

McAfee ePO SQL credentials lost

McAfee ePO SQL credentials lost:

While I was searching for the solution what if I lost McAfee ePO admin password and there were no additional accounts configured, some of the blogs on the internet mentioned that go to https://ServerName:8443/core/config and reset the ‘Admin’ password. This is not the correct solution to reset the ‘Admin’ password.

https://ServerName:8443/core/config is useful to reset the SQL credentials for connecting McAfee ePO 4.x and 5.x to the database. 

Step- by-step procedure to reset the SQL credentials:

Open a web browser and go to https://localhost:8443/core/config-auth
(Where 8443 is the port for the console communication) (see
Image-1)

Image- 1
Image- 1

Log on with ePO credentials. ( See Image-2)

Image- 2
Image- 2

Type ‘sa’ in the User name field. Click on the change password.

For a minute minimize this window and go startà All Programs à MS SQL Server 2008R2 àclick on SQL Server Management Studio, below is shown window will appear ( see Image-3)

Authentication, select ‘Windows Authentication’, click Connect

Image-3
Image-3

Expand SecurityLogins and double-click the ‘sa’ account (or) right click on ‘sa’ click on ‘Properties (see Image-4)

Image-4
Image-4

Type and confirm a password in the General tab under Login name section. 

Click on ‘OK’

Open McAfee ePO web console window (see Image-2)

Type ‘sa’ in the User name field. Click on the change password.

Type the password for ‘sa’ account into the User password and Confirm password fields.

Click Test Connection.

Click Apply, if the test is successful.

Below is shown window will open (see Image-5), restart the McAfee ePO server.

Image- 5
Image- 5

That’s it.

 Happy computing!!

 IMPORTANT: Please follow the same sequence above mentioned. After changing the SQL password if you try to open the ePO web console https://ServerName:8443/core/config it won’t open at all. Even though if you lost the SQL password, still you can open the McAfee web console https://ServerName:8443/core/config, then follow the steps in same sequence.

Source: McAfee

McAfee ePO Admin password lost

McAfee ePO Admin password lost:  

Some time ago I started attending trainings and discussions with industry experts, on McAfee ePO and started learning many things from them. During these sessions I came across some issues with McAfee 4.x and 5.x installation. I have uploaded solutions to some of these issues on my blog, please refer the following link:

https://lakkireddymadhu.wordpress.com/2014/01/16/mcafee-epo-installation-errors/

          One fine morning all of sudden I got a doubt, what if I lost McAfee ePO admin password and there were no additional accounts configured. I opened my laptop and started Googling for the solution. There were more blogs describing this issue, but none had a satisfied solution. After a rigorous search on the Internet, I found two good and easy solutions.

Solution–1: 

We believe that only one account, i.e. Admin account, is configured in McAfee ePO. But by default one more account exists in the McAfee ePO User Management, named system. This account is disabled by default. User ‘system’ account has administrative rights (see the Image-1).

Image- 1
Image- 1

This user (system) is by default non-editable through the web console (see the Image2)

Image- 2
Image- 2

We have to enable the user ‘system’ through MS SQL.

Go to start –> All Programs –> MS SQL Server 2008R2 –> click on SQL Server Management Studio, expand Databases -> expand ePO Database –> expand Tables –>go to dbo.OrionUsers –> right click on dbo.OrionUsers –>click on Edit Top 200 Rows.One window will open on the right side (see the Image-3)

Image- 3
Image- 3

Under the OrionUsers Table –>following changes will need to be done for the user ‘System’

Under Disabled –> default setting will be True, change it to False  (click enter)

Under Interactive –>default setting will be False, change it to True  (click enter)

Minimize the SQL window and Open the McAfee ePO web console and type username: system, Password:system

It will allow you to login. Click on MenuàUnder User Management –>click on Users –>Admin –>Rightside down click on Actions –>click on Edit (see the Image-4& Image -5)

Image- 4
Image- 4
Image- 5
Image- 5

Click on Change Authentication or Credential

Type Password and confirm Password and save (see the Image-6)

Image- 6
Image- 6

Log off and Login with Admin credentials. That’s it.

Now Open SQL and make the same changes in OrionUsers Table (Exactly as shown in the Image-7)

Image- 7
Image- 7

Under Disabled –>change it to True  (click enter)

Under Interactive –> change it to False  (click enter)

Solution–2:

In solution 1, enabling of the user system’ account through MS SQL resets Admin the Password.

In Solution -2, we will create a new account with Administrative rights using MS SQL and through new account  will reset the Admin password.

Go to start –> All Programs –> MS SQL Server 2008R2 –>click on SQL Server Management Studio, expand Databases –> Click on ePO Database –> open a New Query, run the following query and execute

INSERT INTO [dbo].[OrionUsers]

(Name, AuthURI, Admin, Disabled, Visible, Interactive, Removable, Editable)
VALUES (‘epoadmin‘,’auth:pwd?pwd=7LTSeirrzM8EjqttaozV4cSiPGQWi8w3′,1,0,1,1,1,1)

It will create a new user epoadmin, with the password: epoadmin

Open the McAfee ePO web console with username and password epoadmin

It will allow you to login.Click on Menu –>Under User Management –>click on Users –> Admin –> Rightside down click on Actions –> click on Edit and reset the Admin Password

Log off and Login with Admin credentials. That’s it.

NOTE: Use the above solutions when you don’t have any other option. Be sure you have got the required skills to modify SQL serverYou can break your ePO server if you don’t know what you are doing. Don’t   hold me responsible for your actions; think before you act and always make sure you have a backup 🙂

IMPORTANT: McAfee recommends that you implement account and password management policies such as:

  • Maintaining a backup administrator account
  • Creating individual accounts for each administrator
  • Adhering to corporate requirements for accounts and passwords

Happy computing!!

Source: thegid, cupfighter, McAfee

McAfee ePO Installation errors

McAfee ePO Installation errors:

I had encountered three problems when installing McAfee ePO 4.5, 4.6 & 4.6.6 on Windows 2008 server standard edition R2.

Problem 1: SQL2005 backward compatibility:
McAfee ePO comes with SQL 2005 express, however you will encounter a problem of unable to install the SQL 2005 backward compatibility on Windows 2008 server R2 standard edition. You have to install SQL 2008 otherwise ePO installation cannot be preceded.

Problem 2: 8.3 naming convention was disabled:

8.3 naming error

You need to modify the registry to enable the 8.3 convention. 8.3 naming is needed for the tomcat service.

computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation from 2 to 0

regedit-naming-convention

Another method which is easier – is to use fsutil.exe.

set-8dot3-naming-cmd

NOTE:  While installing McAfee ePO 5.0, it won’t throw 8.3 naming convention error.

Problem 3: Setup is unable to access UDP port 1434:

This problem will arise while installing all versions of McAfee ePO 4.5, 4.6. 4.6.6 and 5.0.

SQL error

To resolve above error, we have to start SQL server browser service. By default SQL server browser is disabled. SQL Server Network Configuration protocols TCP/IP to be enabled, this protocol also by default disabled.

Go to Start -> All programs -> MS SQL Server 2008R2 ->Configuration Tools ->click on Configuration Manager (for details see the image given below)

SQL server config Manager

SQL sever config Manager 2

SQL sever config Manager 3

Once  changes done we have to restart the SQL server service (see the below image)

SQL sever config Manager 4

That’s it, further click Next… Next finish the installation.

Happy computing….

From here forward, McAfee will be known as Intel Security.

Intel_McAfee_Security

Source: Microsoft, cyruslab, McAfee, McAfee community

 

2012 Norton Cyber Crime Report

2012 Norton Cyber Crime Report, a worrying scenario:

This report covers different technologies including social networking and mobile reporting the impact on final customers in economic terms.

The report involved 13018 participants across 24 countries aged 18-64 and a pool of expert collaborators.

The impact of cybercrime is worrying with 556 million of victims per year, 2 on 3 adults have been victims of on line illegals in their lifetime and the total economic loss is 110 Billion with an average cost per victim of $197.

The Asian region is the most affected by cybercrime, the global price tag of consumer cyber crime for China amounts to 46 Billion, followed by US with 21 Billion and European Area with 16 Billion.

The highest numbers of cyber crime victims were found in Russia (92 percent), China (84 percent) and South Africa (80 percent).

The technologies that have suffered the major increase in cybercrime are social networking and mobile.

It has been registered an increase in cybercrime which takes advantage of social networks and mobile technology. Mobile users are very vulnerable to attacks, 2/2 adults use a mobile device to access the internet and the mobile vulnerabilities doubled in 2011 respect previous year.

44% of users aren’t aware of the existence of solutions for mobile environments, and 35 of adults have lost their mobile device or had it stolen.

Of particular concern is an improper use of social networks, wrong management of sessions, absence of validation of visited links and a total ignorance of any security setting expose users to fraudulent activities.

15 percent of users have had their account infiltrated, and 1 in 10 have been victims of fake links or scams.

Other behaviour extremely worrying is the way in which people use public networks and operate on it, for example accessing to private services such as email.

The email accounts are one of the most appetible targets for cybercriminals because they represent a simple way to access to sensible information.

“When using public connections, 67 percent access email, and 63 percent use social networking and 24 percent access their bank account, according to the report.”

40% people don’t use complex passwords or change their passwords regularly.

Conclusion: 

Source: symantec,securityaffairs

Browsing only safe Internet web pages

McAfee SiteAdvisor software is an award-winning, free browser plug-in that gives safety advice about Websites before you click on a risky site.

How it works:

With SiteAdvisor software installed, your browser will look a little different than before. It adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives.

 It puts coloured icons next to your search results so you know the status of the site before you click on the link. Sites that are considered safe get a small green icon, sites that may be unsafe are labelled with a yellow icon to indicate caution, and sites known to be risky are marked with a red label. McAfee tests the sites for spyware, drive-by downloads, spam, scams, phishing, and other risks to determine their security rating.

These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats (detailed below). The result is a guide to Web safety.

And it doesn’t collect any personally identifiable information.

McAfee rates more than 95% of the Web for safety.

  • Protects you from adware, spyware, spam, viruses and online scams.
  • Advises you about the safety of sites using a coloured button in your browser toolbar.
  • Enhances your online search by placing site ratings next to search results.
  • Warns you about dangerous sites and search results with clear messages.
  • Provides you with detailed test results for every site.
  • Updates automatically to protect against new threats.

To Install Download from the below link:

http://www.siteadvisor.com/howitworks/index.html#

Happy browsing!!

source: McAfee

Computer Virus

Computer Virus:  Like most people, you run a Windows-based operating system (or perhaps something else), you run anti-virus software. Perhaps you’re even diligent about keeping your virus definitions up-to-date. Are you completely protected against viruses?  Of course not. Let’s examine what viruses and Trojans are, and how they find their way onto your computer. We all have heard the terms Virus, Worms, Trojans and spyware but only a few of us know the difference between them. We generally consider everything that is detected by an antivirus as virus but this is not the case. All these can be harmful to your computer hardware and software. To differentiate all these terms from each other. let’s start with the introduction to viruses.

Virus: A virus is a self-replicating program that attaches itself to an executable file. When  the file is executed the virus automatically gets executed and enters into the system memory .Once it enters into the system memory it either searches for other files that can be infected or stays in the background and infects the files that  uses the virus infected program.

Worms: Worms are very similar to viruses but differ in way that they do not bind themselves to executable files instead they uses the network to replicate themselves. If you find excessive use of your network bandwidth then you may be infected by a worm. So, a worm does not require a user to execute any file for its execution it can work without user intervention.

Trojan horse: A Trojan horse is harmful program which may seem harmless to the user before its installation but instead it is programmed or reverse engineered to facilitate unauthorised remote access to the computer. Trojan’s do not replicate themselves.

  The name Trojan horse comes from that fateful episode in the novel The IliadThe limitation of Trojans is that the user needs to be convinced to accept/run them, just as the Trojans had to first accept the Greek gift of the wooden horse, in order for them to have their way. So they are typically mislabeled, or disguised as something else, to  fool the user into running them.

Spyware: A spyware is a program that secretly monitors and collects pieces of information. It usually runs in stealth mode and cannot be detected easily. Key loggers is a great example of spyware software. It is not limited to just spying but can also send data to remote computers.

Rootkit:  A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or by cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer’s hard drive and reinstall the operating system.

Botnets: Once users’ computers are infected with viruses, the computers are turned into “zombies”. These computers, serving as “Bots” controlled by hackers, are used to send a large number of forged data packets or junk data packets to the pre-defined target for launching a DOS (Denial-of-service ) attack. As a result, the attacked target breaks down.

 Grayware: The spyware and rogue software are software designed by certain immoral companies to collect users’ habits in browsing Web pages for working out their advertisement push policies. The grayware does not harm computers greatly. The privacy of victims, however, is compromised and collected by others. Once being installed, the gray-ware cannot be deleted or uninstalled normally. For example, advertisement software designed for the Internet Explorer can change and lock default homepages automatically, and load the toolbars of advertisement companies.

 Malware: Malware is mischief. Malware is not infectious, but can also lead to serious consequences. For example, when certain malware is run, hard disks are formatted automatically, which causes the great losses of users’ important data.

 Features of Computer Viruses:

  • Destructive  

               When a computer is infected with viruses, normal programs cannot be run, and important data may be damaged or stolen. Thus, huge losses are caused.

  • Infectious

                     Computer viruses are destructive as well as infectious. The infectivity is more harmful. Once viruses are reproduced or virus variations are generated, the spread speed is rather fast. The viruses are hard to be defended. Viruses can spread through multiple means such as storage media and networks. Among them, the network becomes a major means of virus spread.

  • Covered

                   Computer viruses are well-covered. For common users, computer viruses are difficult to sense.

  • Latent

                   Certain viruses have “latent periods”. These viruses burst out sometime in the future. For example, in 1999, CIH viruses damaged the BIOS. The CIH viruses burst out on April 26 every year. If latent periods of viruses are long, viruses can exist in systems for a long time. Thus, the infectious scale of viruses is large.

Basically, viruses are programs that the programmer designed to do something you generally would not want to have happen if you were aware of their function. These programs usually get onto your computer through some sort of trickery. They pretend to be something else, they’re attached to a program you wanted, or they arrive on media you inserted without knowing it was infected. They can also be placed by a remote attacker who has already compromised your security.

How does anti-virus software work? Before program execution can take place, the anti-virus software will scan the program or media for “bad things,” which usually consist of viruses, Trojans, and even a few potential hacker tools.

               Keep in mind, though, that your anti-virus software vendor is the sole determiner of what to check for, unless you take the time to develop your own signature files. Signature files are the meat of most anti-virus programs. They usually consist of pieces of code or binary data that are (you hope) unique to a particular virus or Trojan. Therefore, if you get a virus that does not appear in the database, your anti-virus software cannot help you.

             So why is the process so slow? In order to produce a signature file, an antivirus vendor has to get a copy of the virus or Trojan, analyse it, produce a signature, update the signature file (and sometimes the anti-virus program too) and publish the update. Finally, the end user has to retrieve and apply the update. As you might imagine, there can be some significant delays in getting new virus information to end users, and until they get it they are vulnerable. You cannot blindly run any program or download any attachment simply because you run anti-virus software. Not so long ago, anti-virus software could usually be relied upon, because viruses propagated so slowly, relying on people to move them about via diskettes or shared programs. Now, since so many computers connect to the Internet, that connectivity has become a very attractive carrier for viruses. They spread via Web pages, e-mail and downloads. Chances are much greater now that you will see a new virus before your anti-virus software vendor does. And don’t forget that a custom virus or Trojan may be written specifically to target you at any time. Under those circumstances, your anti-virus software will never save you.

Steps to remove virus from computers: 

    1. If the computer is on then restart. Keep tapping F8 and start the computer simultaneously and select “safe mode with networking” from the Advanced Boot Menu by using the arrow keys and press the “Enter” key on the keyboard.

Note: The reason we go to safe mode is because, most viruses do not function in safe mode.   

                 

2. Delete Temp (temporary) files.

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “%temp%” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “%temp%” and press “Enter”.

Now the “Temp” folder will open. Select all the files and press Shift + Delete to delete the files.

3. Delete prefetch files.

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “prefetch” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “prefetch” and press “Enter”.

Now the “Prefetch” folder will open. Select all the files and press Shift + Delete to delete the files.

4. In Windows XP , MS Removal Tool is running or keeps popping up, look for them in the task manager and close it. Also, you can disable them in services. To access services follow the steps below:

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “services.msc” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “services.msc” and press “Enter”.

5. Download the free version of Malwarebytes and run a virus scan. Following the scan if there is any infection it will show and give you the option to delete . After you remove the virus, it may ask you to restart.

6. If Malwarebytes does not help, then try Hitman pro. Before downloading check whether the system is 32 bit or 64 bit as Hitman Pro has different version for 32 bit and 64 bit.

7. Try TDS Killer from Kaspersky. Download TDS Killer.exe file and run a scan for Rootkits.

8. Try Combofix. It is a freeware but  very good software to remove virus. It is available for free download. While you run Combofix you may lose Internet connection temporarily.

9. You may also try SuperAntispyware. You may try this only when none of the other software given here helped.

10. If you are unable to run or access the computer even in safe mode then create a new user account and login to that. Now start running the software. If they do not detect anything, go to the user account which is affected and look for suspicious files. Confirm with the user, if they are aware of such file, if not, delete it. Then try going to the affected user account and run the anti virus software.

11. If after virus removal, you face issues with file association or running .exe files on Windows XP, then try the tweaks from Kellys Korner XP.

12. If nothing works and severe damage is done. Then we have two options left:

  • If there is important data on the computer then you should take the hard disk to a local vendor to check if the data can be backed up. Then perform a clean installation of operating system. That is, you should format your hard drive and install your Windows OS again.
  • If there is no important data, then you can go ahead and do a clean installation of Windows OS.
source: Huawei Symantec,Hack Proofing Your Network,pctipstricks