Last Modified:10/05/2005
| Document ID:2001102411092848 Last Modified:10/05/2005 |
| Situation: | This document contains the release notes for Norton AntiVirus Corporate Edition version 7.61 inline releases. Each incident explains the symptom and is followed by the solution, including details of any user or administrator interaction needed to implement the solution. This document is written so that the most recent product builds will be added to the front of the document. |
| Solution: | Before you begin: If you experience the problems that are outlined in this document, upgrade to the latest version of each Symantec and VERITAS product. To learn how to obtain an upgrade, click the link that applies to your software product: This document describes enhancements and fixes in NAVCE 7.61 inline releases. For the original NAVCE 7.60 release notes, click here. For instructions on obtaining the latest inline release, read How to obtain an update or an upgrade for your Symantec Corporate product. NAVCE 7.61 Build 54 New Fixes and Enhancements: NAVCE logs are not purged correctly based on history settings. Symptom: Setting the History settings (File -> Configure Histories) to delete the NAVCE logs (Scan History, Virus History, Event Log) after 1 day does not delete the logs until the second day. Further, the logs are not deleted correctly at the end of months that have more or less than 30 days. Resolution: The code would not delete logs until the age in days was greater than the specified number of days. Also, all months were considered to have 30 days and all years 365 days. The code was changed to delete the logs when the age equals the specified age, and the code was rewritten to calculate the exact age in days. This will handle all months correctly, leap years, and also considers Daylight Savings Time (the age may be less than one full day). User AppData Directory not used for NAVCE logs (Logs not available in UI) Symptom: After switching to a new primary partition on the hard drive; the NAVCE logs (Virus History, Scan History, Event Log) are no longer available in the main user interface of the product. Resolution: The code that determines the location of these logs did not resolve the path correctly in the case where the primary partition was reset after Windows was installed. This has been corrected. Manual or scheduled scan does not detect folders beginning with "." Symptom: One or more folders begin with a single period ("."). The NAVCE user interface does not display the directories in the "Scan Computer" dialog. A manual or scheduled scan will not scan these directories. Resolution: The code was skipping any directories that started with a period. The intent of this was to skip the two built-in directories "." and "..". The code was modified to explicitly skip "." and ".." but to allow everything else. NAVCE causes the Win32 API ReadDirectoryChangesW to receive change notification on FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_ CREATE, and FILE_NOTIFY_CHANGE_SECURITY Symptom: After the directory is scanned, NAVCE causes the Win32 API ReadDirectoryChangesW to receive change notification on FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATE, and FILE_NOTIFY_CHANGE_SECURITY. This causes ASP.NET to restart applications because it believes the files composing the application have been modified. Resolution: After a normal scan, we do not restore the File Creation time and File Last Write time. Only the Last Access Time is restored. Alert Management Server (AMS) not installed correctly as part of NAVCE Server installation Symptom: AMS is not installed correctly when NAVCE server installation is done. The user interface indicates that it successfully installed, but when you check later, it does not appear in the Start Menu or included in Add/Remove programs. Resolution: Modified a silent install setup file to configure AMS to install correctly. This was necessary because of the recent AMS release. Microsoft Management Console (MMC) sporadically crashes during shutdown of the Symantec System Console (SSC) Symptom: During shutdown of the Symantec System Console (SSC), the Microsoft Management Console (MMC) harness that loads the SSC snap-in stops responding sporadically. In some environments, this happens more often than not. Changes in settings are not saved in this instance. Resolution: The snap-in was selecting the current item (node) before initialization was fully finished, causing memory corruption and crashes during cleanup. Eliminated the race condition that was causing this intermittent problem. Cannot Contact Internal LU Server After Changing Language to Taiwanese Symptom: After changing Windows to use a double-byte language, attempting to call LiveUpdate to an internal LiveUpdate server fails. Resolution: LiveUpdate uses the LiveUpdt.hst file to store the location of the LU server to get updates from. Updating the primary language in Windows causes this file to be regenerated for the new language. There was a problem in the code that caused this to fail when using a double-byte language (such as Taiwanese). This resulted in an empty LiveUpdt.hst file, which caused LiveUpdate to fail. This has been corrected. Copying files from read-only media takes twice as long Symptom: Copying files from removable media (Zip drive, floppy drive, etc.) that has been set to Read-only takes up to twice as long as when it is set to Writable. Resolution: Auto-Protect was updated to restore the Last Access timestamp of files that are scanned. This is to support backup products that check the Last Access timestamp to back up files. However, when the media is set to Read-only, the Last Access timestamp cannot be restored. The attempt to restore the timestamp eventually times out, but this results in a significant time delay when scanning files on Read-only media. This problem was not addressed directly, but a workaround was provided: setting the registry key PreserveFileTimes=0 suppresses the restoration of the Last Access timestamp, which eliminates the delay on Read-only media. Changes to attributes of NetWare files on server are not retained when Realtime Protection is enabled Symptom: Changing some attributes of NetWare files on the server (remotely, from a NetWare client) do not succeed when Realtime Protection is turned on. The attributes do not "stick" after exiting the Properties dialog box. Resolution: The fix that added the PreserveFileTimes registry value (see "Copying files from read-only media takes twice as long") had the side effect of correctly retaining all attributes. NAVCE 7.61 Build 50 New Fixes and Enhancements: Installation of NAV 7.61 Server does not create the LogFileRollOverDays registry entry Symptom: Installation of NAV 7.61 Server does not create the LogFileRollOverDays registry entry. Resolution: The entries "LogFileRollOverDays"=dword:0000001e and "LogFrequency"=dword:00000000 have been added to the file CmnLMSrv.Reg. During installation of NAV Server, these entries add appropriate entries in the Grc.dat file, and the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ClientConfig NAVCE 7.61 on NetWare does not scan compressed files Symptom: NAVCE 7.61 skips compressed files on NetWare even when the scan is configured to scan such files in SSC. Resolution: A problem with the way the compiler handled the Boolean logic in the code was preventing the files from being scanned. Adjusted the code accordingly. NAVCE 7.61 Build 46a New Fixes and Enhancements: Scan engine error resurfaced Symptom: Under certain circumstances, when the registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell is changed to a value other than Explorer.exe, manual scans will return an error and fail. Resolution: Code was added to do more thorough checking in the situation where NAVCE is unable to find the named shell in memory. The new code also iterates through the processes in memory, and checks each for the SIDs: Local, Interactive, and Logon. If the process contains all three, and is not a remote Terminal Server session process (or in fast user switching session), then NAVCE can be fairly certain that it has a process which is spawned in the security context of the currently logged in interactive user. In this way, any process which is spawned (shell, child of shell, and so forth) can be used for a token reference. NAVCE 7.61 Build 45b New Fixes and Enhancements: RTVScan abends when scanning directories deeper than 20 levels Symptom: RTVScan on a NetWare server will abend during a scheduled or manual scan, if a directory exists that is deeper than 20 levels. (For example: 1\2\3\4\5\6\7\8\9\10\11\12\13\14\15\16\17\18\19\20\) Resolution: The recursive function that processes directories was using 0x2E0 bytes of stack. Two structures were moved from the stack to heap memory. Now the function uses 0x44 bytes of stack, and NAVCE can scan several hundred levels deep. NAVCE 7.61 Build 45a Important: NetWare 3.x will no longer be supported in NAVCE 7.61 build 45a and subsequent builds. Known Issue: IAO.nlm cannot load when uninstalling NAVCE from a NetWare 4.x server When attempting to remove NAVCE from a NetWare 4.x server IAO.nlm cannot unload. This causes the console thread to hang, requiring a manual reboot. There are two workarounds for this issue:
New Fixes and Enhancements: Unchecking the Network Drives checkbox in realtime protection does not stop NAVCE from scanning drives mapped to the FQDN name of the share. Symptom: When a mapped network share's path exceeds 37 characters, unchecking the Network Drives checkbox does not prevent files from being scanned by file system realtime protection. Resolution: Fixed problem detecting network drives. The static-length buffer to get the device name from ZwQuerySymbolicLinkObject was too small in some cases. Now the buffer is allocated dynamically and resized if necessary. Unmanaged Client Install results in error with missing Jpnams.cn_ component dialog Symptom: An unmanaged client install results in abnormal termination with a dialog indicating the "Jpnams.cn_" (Japanese AMS Help file) component is missing. Resolution: Recent AMS changes left a residue for these obsolete help files in the installer project. As a result, the installer would eventually look for, and not find, the files during the actual install. The fix was to remove references in the installer project. Startup Scans were re-executing after the same user logs off and logs back in. Symptom: The expected behavior for Startup Scans is that they execute initially during a login after reboot or shutdown/restart. However, if the same user logs off and logs back in, the Startup Scans re-execute. Resolution: Changed various components to detect logoff and shutdown situations --- saving some state information. Upon re-login NAVCE can use this state information to distinguish between a reboot/shutdown-restart scenario versus a re-login scenario. Subsequently, NAVCE determines whether a Startup Scan should execute. Canceling the uninstall password prompt results in an inability to shut down Windows 2000 via the 'Start>shutdown' option. Symptom: After invoking an uninstall and canceling out of the password dialog box, trying to reboot or shut down the computer via the Start menu has no effect. Resolution: The install is now properly aborted if a user cancels the password entry. This prevents the Install Shield executables IKernel.exe and Knlwrap.exe from remaining in memory. AMS alerts fail after upgrade Symptom: Upgrading NAVCE 7.61 or SAVCE 8.0 on a NetWare server with AMS alerts configured causes the alerts to stop working. Resolution: When performing an upgrade of a NAVCE server, the registry value HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Common\AMS would be reset from 1 to 0. Changed code so that this value is written if it isn't already present, and left alone if it is present. AMS alerts always fail after failing once Symptom: If an AMS alert fails due to a network error or the receiving machine being down, they will always fail from then on. Resolution: LanDesk released updated AMS libraries that address this issue. NAVCE 7.6 or SAVCE 8.0 abends the NetWare server downloading definitions Symptom: If the connection to the FTP definition server is lost in the middle of downloading text information, the NetWare server will abend with a stack overflow detected. Resolution: Added additional error checking. Added a check for zero bytes read in the FTP text download protocol and abort the download on this condition. Vulnerability with Microsoft® IME2000/2002 Symptom: Input Method Editor (IME) is a tool to support accessibility requirements for Microsoft. This tool allows application windows to interact with and launch the IME dictionary functions. These functions can be used to launch applications. Resolution: Disabled IME integration with Rtvscan. IME still works, but is no longer closely coupled with antivirus services AMS e-mail alert doesn't support 29 character Fully Qualified Domain Names (FQDN) Symptom: AMS currently does not support 29 character FQDN. Resolution: Updated to a newer release of AMS which now supports 29 character FQDN's. AMS Intel Alert Originator fails to start after upgrade Symptom: After upgrading NAVCE, the Intel Alert Originator (IAO) service fails to start. Resolution: The problem is due to corruption of the IAO log file (IAOLOG.dat). This caused errors when the IAO service read in the log file during startup. Further research indicates that the corruption was caused by simultaneous writes to the log due to heavy alerting activity. Updated to a newer release of IAO.exe (and related AMS/PDS routines), which prevents corruption of the IAO log file by synchronizing access to the file. Note: This will not correct previously corrupted files, and other problems could cause corruption of the log. NetWare servers may abend in IAO.NLM Symptom: NetWare will ABEND if the "Event History" file becomes corrupted. It also happens in some of the other AMS configuration and history files. Resolution: LanDesk has provided an updated IAO.NLM that doesn't abend if the file format of the configuration files is damaged. NAVCE 7.61 Build 44 New Fixes and Enhancements: NAVCE does not load on a NetWare server after being moved into a new server group Symptom: If a NAVCE 7.6 server is moved into a server group whose primary server is installed using a different location, then the secondary server cannot find its load location. This is because the NLMsToLoad subkey copied from the DomainData area of the Primary Server is incorrect for the new server. Solution: Primary Servers now skip the NLMsToLoad subkey when creating the GRCSRV.DAT file. Memory leak in manual scan dialog box Symptom: When you run a manual scan on 100 KB of eicar test virus files, the scan dialog consumes about 300 MB of memory. When the dialog is closed, only 200 MB of memory appears to be recovered. Solution: This issue has been solved. Creating a "Quarantine Central Events" action results in a warning message "The Intel Alert Originator service has already been started." Symptom: In SSC, right-click Symantec Central Quarantine and select "Configure Quarantine Events." Create any alert action other than "Default Alert." After completing the alert configuration, the message "The Intel Alert Originator service has already been started" appears. Solution: An incorrect text mapping was being used for the alert name when registering it with AMS. The code was fixed to use the correct text mapping. Help button is non-functional on some NAVCE user interface screens Symptom: Selecting the help button on some NAVCE user interface screens does not bring up the help window. Affected screens are: Quarantine, Backup Items, Repaired Items, Virus History, Scan Histories, and Event Log. Solution: The help button was attempting to open a help file that did not exist. The code was modified to open the correct file. Exploit found where messages from other applications could cause execution of arbitrary functions in NAVCE Symptom: WM_TIMER messages can specify an arbitrary address that most default window procs and message pumps will blindly jump to. Solution: NAVCE now filters out WM_TIMER messages in key message processing codes that have branching addresses associated with them. NAVCE 7.61 Build 42a New Fixes and Enhancements: Two help files installed into the AMS directory do not seem to be correct Symptom: After installing the NAVCE Server or Client product, navigating to the AMS2 directory will show two non-compressed help files: Enucamgr.hlp and Jpncamgr.hlp. These files can be opened by the Help Manager, but they seem unrelated to NAVCE and could cause confusion for customers. Resolution: These files are part of the overall AMS install set, which is copied to the AMS2 directory even though all files are not used. These files are related to other AMS functionality (Certificate Authority Manager), which is not supported in NAVCE. These files have been removed from the AMS install set, and are no longer copied to the AMS2 directory. Grc.dat is not being correctly updated on secondary servers Symptom: When a server is moved into a new server group in Symantec System Center (SSC), and you elect to inherit the new group settings, a new Grc.dat file is not generated on the secondary server to propagate the group settings to its clients. If the secondary server is configured directly in SSC, a new Grc.dat file is generated correctly. Resolution: NAVCE secondary servers will now generate a new Grc.dat after a move in SSC. NavRoam Errors Out Occasionally in Windows 95/98/Me Symptom: NavRoam causes a Memory Access Error dialog box when run as a command-line utility or as a service on Windows 95/98/Me. This error happens when the computer is not able to resolve its IP address. Resolution: Now, when NavRoam verifies whether the network address has changed, the system looks for a nearest parent and the crashing is handled. Invalid attachment information causes a crash if Lotus Notes email scanner is active Symptom: Lotus Notes has provided invalid attachment information on an email that does not contain any attachment. When the Notes Hook Driver processed this email, the driver crashed, thus crashing Notes. Resolution: Now if Lotus Notes provides invalid attachment information for an email, the particular attachment is skipped and the system proceeds with next attachment. NAVCE on a NetWare server leaves deleted files in the I2_LDVP.TMP directory Symptom: When NAVCE running on a NetWare server scans an archive file such as a ZIP or LHA file, it leaves some of the temporary files in a state of deleted, but not purged. This can cause directory space problems on very busy servers. Resolution: These temporary files created by NAVCE will now be purged upon deletion. NAVCE causes NetWare 5.x servers to revert to US locale settings Symptom: NAVCE causes NetWare 5.x servers to revert to US locale settings. This can cause other programs such as SBACKUP to be unable to enter dates in the correct format for the locale. One result is that SBACKUP can only schedule a backup during the first 12 days of any given month. Resolution: An Intel library that was calling NWSetLocale with an incorrect parameter was modified by Symantec as a short-term workaround. NAVCE will use this modified library until Intel can deliver a tested release version of the library. AutoProtect does not does not scan a local drive that is substituted using Subst.exe Symptom: If you use the Subst.exe command to change a drive mapping, local files on those drives are not scanned unless network file scanning is turned on. Resolution: The problem occurs because AutoProtect checks logical DCBs to determine if a drive is local, but Subst drives don't have a logical DCB. To fix this issue, if AutoProtect cannot find a logical DCB for a drive, it checks to see if the drive is Subst. Crash when NAVCE is installed over some versions of NAV Consumer Symptom: A crash occurs when NAV Consumer's AutoProtect Service is not uninstalled or disabled prior to installing NAVCE. Resolution: AutoProtect is now verifying that a valid configuration structure is being passed. NAVCE 7.61 Build 41b New Fixes and Enhancements: NAVCE fails to start if Quarantine Console is installed first Symptom: NAVCE client will fail to install with the message "Error 1920: Service Norton AntiVirus failed to start..." if Quarantine Console is installed on the same computer. NAVCE server will install, but after reboot the service will fail to start with the message "Norton AntiVirus failed to start." Resolution: Several files were missing from the virus definition set installed by Quarantine Console. NAVCE failed to start because the virus definition set was incomplete. The Quarantine Console installer was fixed to install the missing files. Email configuration dialogs not displayed Symptom: The Warning and Compose buttons on the Lotus Notes and Exchange Realtime Protection configuration pages did not produce the expected dialogs and did not report an error. Resolution: This was related to the fix for NAVAP improved failure descriptions. The dialogs not displayed contained custom controls that had been modified and now required one more field of initialization data than was present. Consequently, the controls failed to initialize, causing the windows to fail to be created, and thus not be displayed. The dialogs were updated with the new field, resolving the issue. NAVCE 7.61 Build 40 New Fixes and Enhancements: Pool Non-paged memory leak Symptom: Some NAVCE client computers experience a pool non-paged memory leak. This leak occurs every 30 minutes by default. Resolution: The application has code which monitors file changes in certain directories. NAVCE's usage of the Microsoft file monitoring functions/APIs was incorrect. The code was modified to use these APIs in the proper order. NAVCE 7.61 Build 39c New Fixes and Enhancements: Cannot suppress a reboot during a silent uninstall Symptom: Customers have requested the ability to suppress the reboot prompt on Win 9X systems. However, we also wish to maintain this prompt for other customers to avoid the situation where a user uninstalls, and then attempts to install NAVCE again without rebooting. Resolution: A SUPPRESSRBPARAM parameter was added to Microsoft Installer (MSI) to suppress this reboot if it is specified equal to 1. If set to any value other than 1, the install will prompt to reboot. For example, use the following command line to uninstall without the prompt to reboot: msiexec -x NavCE.msi SUPPRESSRBPARAM=1 Improved NAVAP Failure Descriptions (Part 2) Symptom: Insufficient description of NAVAP action failure or deletion progress if file is in use by another process. Resolution: This is the final half to the resolution of this issue (see release note on build 38f for more detail). NAVAP now sends the improved action result information to NAVAP for display on the notification window, storage in the log, logging to NT Event Log, and notification via AMS. System stops responding when trying to install Office 2000 over NAVCE 7.6 Symptom: This is due to a conflict between the Windows Installer and the version of Microsoft's OLEAUT32.DLL distributed with NAVCE (2.40.4514.1) and does not involve NAVCE. This conflict is specific to this version of OLEAUT32.DLL and occurs only with that version. Resolution: The issue was resolved by updating the NAVCE install to include a later version of this file (2.40.4518) that has now become available. Please note that NAVCE will continue to install 2.40.4514.1 on Windows 950 (original release) machines because this is the latest version of this DLL supported by Microsoft on this build of Windows 95. If this presents an issue, the file can be easily downrev'd a few versions without affecting functionality, by replacing the "oleaut32-95.dll" file located in the SUPPORT subdirectory of the client install (NAVCORP\ROLLOUT\AVSERVER\CLIENTS\WIN32 of CD2). Quarantine Server allows access to remote servers without Username / Password Symptom: In SSC, attaching to Quarantine Server (Central Quarantine) on another machine will prompt for a username and password, but will allow access if no username or password is provided - even if the remote machine requires a different username / password than the local machine (to map a drive, for instance). Resolution: The username / password prompt dialog was updated to require a username / password combination when accessing Central Quarantine on another computer. If not provided, an error message is generated and the user is returned to the prompt dialog. A username / password are not required if attaching to local Quarantine Server. Install Fails when upgrading a previous NAVCE 7.6x Build Symptom: When upgrading a previous 7.6x build, the install fails after reaching 30 percent complete with an error of "InitSrcDir() failed!". Resolution: This is related to a fix for another issue where Registry keys that were left after a failed install would prevent another installation attempt from succeeding. This fix deletes leftover Registry keys if the product is not completely installed - but this causes problems if it does not correctly detect a successful install. The earlier fix was removed to prevent problems when upgrading from a previous (successful) install. Upgrade to Decomposer Component Symptom: Upgrading the Decomposer component addresses several issues as described below:
Scheduled scans terminate early, or are immediately interrupted with the message "Scan stopped by user" Symptom: A scan is scheduled via SSC and the client computer is turned off. The client computer is left off until the scan is past due. The client computer is turned on and the scheduled scan starts, but it terminates early or it is interrupted with the message "Scan stopped by user." Resolution: The scheduled scan was starting before the NAVCE service was fully initialized. The code was fixed so that missed SSC-scheduled scans are not started until the service is fully initialized. The definition date broadcast by a Novell NAV server may not be correct. Symptom: In some time zones, the definition date that is broadcast in the Novell NAV server's PONG packet is not the correct definition date. Resolution: Applied an earlier fix for WinNT servers to the NetWare server. NAVCE on NetWare would ABEND scanning a directory with a long path. Symptom: When scanning directories with path names in the 240 - 250 character length range, NAVCE on NetWare could ABEND. Resolution: Moved code to check for path names longer than 260 on all platforms. Upgrade of NAVCE on NetWare server changes NAV Server settings Symptom: When upgrading NAVCE on a NetWare server, NAV server configuration settings are not preserved. Resolution: NAV server configuration settings will now be preserved when upgrading NAVCE. Default Registry settings will now only be restored if previous values do not exist. NAVCE 7.61 Build 38f New Fixes and Enhancements SSC Server Group Icon Does Not Reflect Client Virus Status Symptom: When a virus is detected on a client, the log event is sent to the server immediately. However the client icon status in SSC is not updated until the next regular client check-in. Resolution: This has been fixed and the client icon in SSC is updated immediately. Installing with Leftover NAV Keys Does Not Install and Gets No Errors Symptom: A failed install of NAVCE leaves registry keys which are detected when an attempt is made to reinstall. When the keys are detected, NAVCE tries to perform an upgrade/overinstall, but fails. Resolution: The fix now checks for active NAV process like Defwatch.exe or VPTray.exe. If these processes are not running, then the installation assumes a failed install and deletes any keys that would prevent a normal install. Servers Installed into an Existing Server Group do not Inherit Server Group Settings Symptom: Servers installed into an existing server group would not get the settings defined for that server group, but would get server default settings. Resolution: When installing a server into an existing group, the server will pull down and incorporate the server group settings from the primary server. This should also work for NetWare servers. NAVCE client/Server Install replaces the Windows system dlls with older version dlls. Symptom: When NAVCE client is installed, the existing Windows system dlls are replaced by older versions. Resolution: This is fixed by checking the file version. When a file is equal to or of a lesser version, it will be replaced by the NAVCE install. NAVRoam Errors Out Occasionally Symptom: When NavRoam is run as a command-line utility or as a service, the system throws Memory Access Error Dialog. Resolution: This is fixed by removing the function call to upload WinInet.dll in NavRoam. Improved NAVAP Failure Descriptions Part 1 Symptom: Insufficient description of NAVAP action failure or deletion progress if file is in use by another process Resolution: The fix is to describe the exact reason for the failure, instead of simply "delete failed" for events other than virus events. NOTE: In addition, a reboot is now required on systems with old versions of MSVCRT.DLL, and in these cases the user cannot access the main UI until the reboot is performed. For virus events a new Action Description field has been added to the notification window, virus history, virus details window and message builder (Display Message). Currently, this field will only report simple status like “Quarantine failed” or "Quarantine succeeded.” Additional improvements will be added to a later build. Directory Exclusions not being honored on NetWare servers Symptom: On restart of NAVCE directories that are configured to not be scanned are scanned. Also excluded directories on a volume that isn’t mounted when NAVCE loads will be scanned if the volume is mounted after NAVCE starts. Resolution: This is fixed by correcting a timing issue on startup. Logs show incorrect computer as being infected Symptom: A virus is detected on a client computer. The virus history or AMS log incorrectly lists the parent computer as the cause of the infection. Resolution: A fix was made to correctly identify the client computer in the AMS log. Gradual memory leak over time Symptom: Client experiencing gradual memory leak over time. Resolution: This is fixed by a code change to release memory. Rtvscan memory leak when scanning Symptom: When scanning a large number of viruses with realtime and reporting viruses with the messagebox, rtvscan can leak memory. Customer is seeing something similar with their virus testbed when copying files and enabling realtime. Resolution: This is fixed by a code change related to memory allocation. NAVCE 7.61 Build 37b New Fixes and Enhancements: Upgrade of NAVCE on NetWare server changes settings Symptom: When upgrading NAVCE on a NetWare server, NAVCE configuration settings are not preserved. Resolution: Settings will now be updated only if previous values do not exist in the registry, and the configuration settings will be preserved when upgrading NAVCE.. Scan progress indicator bar does not function on NetWare Symptom: Beginning with 7.6 and all 7.6x builds since, the "Files Found" statistic and scan progress bar does not increment. Resolution: The "Files Found" and scan progress will now increment. To save processing time, this fix can be disabled by creating the "SkipPreScan" registry entry with a non-zero value. RTVScan.exe spikes to 100% CPU utilization when booting up computer Symptom: After booting up, computer functions very sluggishly. In Task Manager, CPU utilization of process RTVScan is 99%. Resolution: An unhandled exception was sometimes being generated during the bootup sequence. The code has been modified to handle the exception if it occurs. AMS alert parameters are missing when configuring AMS Symptom: When configuring AMS, only six of the 12 alert parameters are displayed in the selection box on the 'Enter Action Message' dialog box. Resolution: Build 37B now uses an updated version of AMS (Alert Management System) that contains a fix for this issue. SymEvent Install (Sevinst.exe) changes the IRPStackSize Setting on an Upgrade Symptom: When upgrading from a previous version or re-installing the same version of NAVCE on Windows 2000, the SymEvent install process changes the Services\CurrentControlSet\LanManServer\Parameters\IRPStackSize key in the Registry. This value should not be modified in Windows 2000. Resolution: A change in the way command line parameters are interpreted in the SymEvent installer (Sevinst.exe) in a recent release caused this key to be incorrectly modified in Windows 2000. A new release of the SymEvent installer resolves this problem. LiveUpdate has to be invoked twice in order to get the Latest Definitions Symptom: Running LiveUpdate does not correctly install the latest definitions, and Running LiveUpdate again pulls down a full 3 MB update. Resolution: One of the definition files initially installed (SymAveng.cat) was corrupted that caused an error during LiveUpdate, resulting in an incomplete update. Due to the error, the next LiveUpdate would pull down a full definition set. The corrupt definition file was replaced with a valid version, correcting the LiveUpdate problem. The SSC Server Group Icon does not reflect the Server Group Status Symptom: When unlocking a Server Group in SSC, the server group icon would sometimes not reflect the Virus Detected status of one or more of the servers in the group. The original problem described that the Client status was sometimes not reflected in the server or server group icons, but the product does not support this functionality. Resolution: In situations where one of the servers does not respond when the server group is unlocked, the previous status icon for the server group is used, which matches the server icon. If all the servers respond, the server group icon is updated correctly. Upgrading or Re-installing Build 36 with MSI 2.0 Fails, Leaving the Product in an Invalid State Symptom: When installing Build 36 over the same version, or a previous version, with MSI 2.0 installed, the install would fail, leaving the product in an invalid state: The user interface does not come up from the System Tray icon, and when it does come up from the Start Menu, Scan, Configuration, and History items are missing. The product has to be removed and cleaned up manually. Resolution: A fix in build 36 caused this problem because MSI 2.0 stores its keys in a different location than previous versions. The previous fix has been removed, resolving this problem. Scanning of infected files is slower compared to NAVCE 7.5 in domain environments Symptom: Scanning infected files is slower compared to NAVCE 7.5 in domain environments when the computer that detects the virus must access a domain controller to retrieve account information. Noninfected files do not cause any performance slowdown. Resolution: All versions of NAVCE write virus activity to a log file under the user's Application Data directory (if a user is logged in). NAVCE 7.5 and earlier did not support Windows Terminal Server so only one user could be logged in at a time. If a virus was found the activity was logged to that user's log file. NAVCE 7.6 and later support Terminal Server, and multiple users may be logged into the computer at the same time. When a virus is detected in these versions, NAVCE obtains an identifier from the operating system that uniquely determines the user. A lookup was made to map the identifier to a username so NAV can determine which log file to use. This caused significant network traffic in environments when the computer retrieves the information from a domain controller. The code was fixed to cache the identifier so it does not need to be retrieved each time virus activity is logged. Scheduled scans are immediately interrupted with the message "Scan stopped by user" Symptom: A scan is scheduled and the computer is turned off. The computer is left off until after the scan is due to run. The computer is turned on and the scheduled scan starts, but is immediately interrupted with the message "Scan stopped by user." Resolution: The scheduled scan was starting before the NAVCE service was fully initialized. The code was fixed so missed scheduled scans are not started until the service is fully initialized. Fixes from NAVCE 7.61 build 36c included in 37b SNMP MIB file missing declarations Symptom: The SNMP MIB file was missing declarations all but one of the traps generated by NAVCE. Consequently, management consoles would only display a descriptive name for one of the traps. All other information would be displayed correctly. Resolution: This has been fixed by adding the new declarations and clarifying what each trap will be sent in response to in the MIB comments. Scanning issues with folders that have the same name as an environmental variable Symptom: If a folder on the drive had the same name as an environmental variable and the user scanned it, NAVCE would not detect viruses in it. Resolution: This was due to old logic that internally checked the folders along the path of each file to see if any were the same as an environmental variable and then replaced them with the value of that variable. This logic was removed. With NAVRoam installed, Windows 9x computers hang on shutdown when disconnected from the network Symptom: If a client is disconnected from its network (specifically laptops), and the user initiates shutdown, NAVRoam causes the machine to stop responding because it can't check in with its parent server. Resolution: NAVRoam now checks for network connectivity, and skips the check-in and other shutdown processes if it has no connection. NAVRoam was causing Windows 9x computers to hang for various reasons, including a variety of network states and not being multithreaded Symptom: If the machine is connected via dial-up, NAVRoam causes the computer to stop responding. Additionally, NAVRoam on Windows 9x is not multithreaded, also causing hangs in some circumstances. Resolution: NAVRoam now checks if the machine connection is dial-up, and if so behaves appropriately. It has also been made multithreaded. NAVRoam was causing Windows 9x computers to stop responding on startup if the user completes login before NAVRoam gets started Symptom: If a user on a Win9x machine logs in immediately as the machine is coming up, and NAVRoam hasn't started, it will often stop responding. Resolution: NAVRoam is now run from RunServices, which delays startup until the user is logged in. With a silent install package, in which Setup.wis is configured to prevent the reboot of 9x clients, the reboot occurs anyway Symptom: BootOption has been set to "1" in Setup.wis, but when the silent install to a Windows 9x computer completes, the reboot occurs anyway. Resolution: On some 9x computers, the installer was forcing a reboot because newer versions of system DLL's were installed. The install was modified to suppress this reboot. Improper file ownership change attempt on Windows NT/2000/XP Symptom: When trying to Quarantine or Backup an infected file on an NTFS drive owned by a user other than the current user, a blue screen crash would occur. Resolution: This was caused by several issues within NAVAP. First, security logic to transfer file ownership was removed because it was determined that it could not succeed due to NT’s security model. Second, stack switch logic for several calls was disabled. These changes resolved the problem. NAV version in Support Link incorrect after upgrading Symptom: Under Windows 2000, the Add / Remove Programs entry for Norton AntiVirus Corporate Edition includes a link labeled Support Information - this brings up a standard dialog showing the Publisher, Version information, Support link, etc. The version information is set to 7.5.1.0000 in version 7.51, and 7.6.1.0000 in version 7.61. The problem occurs when upgrading from 7.5x to 7.61 - this version information in the Support Information dialog is not updated to the new version. Resolution: Both install and upgrade will now update this information (in the Registry) to not only show the correct version information, but to also show the build number: 7.61.00.936. Registry Key Handle Leaks in Terminal Server Sessions Symptom: An earlier fix to support Terminal Server sessions used sample code from Microsoft - but this code was incorrectly formatted, causing a Registry handle leak each time it was called. Resolution: The code was revised to ensure that the Registry key is always closed before the function returns, preventing a Registry handle leak. NAVCE 7.61 Build 35a New Fixes and Enhancements: Blue Screen Crash when Scanning Boot Records on some HP Servers using RAID Drives Symptom: AutoProtect would cause a bluescreen crash when attempting to scan the boot record of a RAID drive. Resolution: The RAID drive was returning incorrect partition information for the drive, causing a crash when AutoProtect attempted to retrieve information from a nonexistent location. AutoProtect was updated to validate the partition information before attempting to read from the partition. Stops responding during a Scheduled, Custom, or Startup Scan when encountering Reserved Filenames Symptom: Certain filenames and extensions (aux prn, con, com1) are traditionally reserved by the old DOS operating system, and cannot be created locally in Windows. But these file extensions can be created on a remote drive, causing the operating system to block when attempting to read from a reserved device name, causing the scan operation to stop responding. Resolution: The scan routine now uses a Windows API called GetFileType that determines whether a file is an actual disk file or an MS-DOS device. The fix is to call this API first. If the file is an MS-DOS device, it is not scanned. Getting "Insufficient Directory Space" errors after scanning files on NetWare volumes. Symptom: This most often affects real-time scanning when "scan inside compressed files" is turned on. This happens because temp files that are created during scanning were deleted but not purged from the disk. This caused directories to fill up before the NetWare automatic cleanup service could clean them out. Resolution: These temp files now have the "purge immediately" flag set on them when they are deleted. They become permanently inaccessible and no longer take up any directory space. The LiveUpdate password is being stored in the registry in plaintext Symptom: A previous fix for this made it configurable via the registry key HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdateSource\EncryptPassword. However, under certain conditions the password was still not encrypted, nor was it encrypted by default. Resolution: It is now encrypted, and does not have to be configured. IMPORTANT NOTE: Older versions of NAVCE (7.0) will not be able to read the encrypted password. This is in line with the newest version of NAVCE. This is a superficial issue, not impacting functionality (the password would appear unreadable on a 7.0 console). Updates to NAVRoam Functionality (now NAVRoam version 1.5) Symptom: The 'help' for NavRoam does not displaying correctly. Resolution: NavRoam help should now display correctly. Symptom: The case of a server's name causes it not to be recognized as valid. Resolution: Several calls were previously case-sensitive, specifically regarding servernames - NavRoam is now case-insensitive. Symptom: Some scheduled scans are disappearing when a 3-line GRC.dat file is dropped on a client. Resolution: In cases where a server dropped a 3-line GRC.dat file on a client, the client's previously scheduled scans were being removed. This no longer happens, and the client retains its settings. Symptom: Minimum parent response time not implemented. Resolution: There is now a minimum parent/network response time when roaming. Symptom: On Win9x, NavRoam is not working properly when no network is present. Resolution: NavRoam now waits until the machine is a part of a network to run, as well as checking that the network is up. Symptom: Symantec Enterprise Security Manager (ESM) and Symantec Intruder Alert (ITA) roaming not implemented. Resolution: Clients can now roam to ESM and ITA servers. Symptom: Some computers stop responding on startup if NavRoam starts before login is complete. Resolution: If started from the command line and there is no network, NavRoam will now send a message to that effect and exit. NavRoam is now started from RunService and not Run, as this was causing computers to stop responding if NavRoam started before the login process completed. NetWare Abend: Free detected modified memory beyond the end of the cell being returned Symptom: This problem relates to a condition that can exist on a NetWare volume. If the file has a DOS Name Space name that is longer than the LONG Name Space name, then NAVCE overwrites memory when changing to the DOS Name Space name. This condition is not a normal or an easy condition to create. Resolution: The fix is simply to calculate the actual name we are going to save before we malloc memory to hold it. Virus definition date that is broadcast in the NAVCE server's PONG packet may be off by one day Symptom: In some time zones, the virus definition date that is broadcast in the NAVCE server's PONG packet may be off by one day. After updating Virus Definitions, the PatternFileDate in the Address Cache may indicate that the set of definitions being used are one day older than the actual current date. Resolution: This problem is related to the Time Zone of the timestamp on the virus definitions and the time zone of the NAVCE server creating the PONG packet. The virus definition time stamp is based on the PST time zone. The conversion of the virus definition timestamp was not taking the time zone difference into consideration. The code has been modified to convert the timestamp to the local time zone before storing it to the Address Cache. After installing Windows Security Update (July 26, 2001) on Windows NT 4.0 SP6a, manual scans won't run. Symptom: After installing the July 26, 2001 security update to Windows NT 4.0 SP6a, a user who is only a member of the domain group "Users" cannot run manual scans. NAVCE KB Article 2001020708140648 instructs users to apply the hotfix in MS Q Article 303437, which is also included in IE5.5 SP2. Applying this hotfix does not resolve the problem. Resolution: Manual scans impersonate the logged on user, and due to security changes, a function call was failing after the update. This has been corrected in the code. Problems with the functionality of the LogFileRollOverDays registry value Symptom: This optional registry value can be added to the HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion key. It represents the number of days before the current date to keep log files in the current user's and the "All Users" profiles directories. When NAVCE checks to see if there are old log files to remove (on startup and every 6 hours), this registry value is used to determine what to keep. Some customers would like to have all NAVCE "Logs" folders cleaned, not just the current user's and the "All Users" folder. Resolution: The log cleanup code has been modified so that a new optional DWORD value, AllLogFileRollOverDays, can now be added to the registry by users seeking the above functionality. This value is not installed by default. If this DWORD value is added, all NAVCE "Logs" folders will be cleaned, leaving the log files that were created after the current date minus the number of days specified in AllLogFileRollOverDays. Slow logoff of NAVCE 7.61 clients from Terminal Server sessions Symptom: When no users are logged on locally to a Windows Terminal Server, remote users experience a slow logoff (1 minute or more) when logging off from a terminal server session. Resolution: NAVCE was not correctly distinguishing remote user sessions from local logons, resulting in the remote user's registry hive being left open during the logoff, causing a delay as Windows attempted to access the hive and eventually timed out. This has been corrected in the code. The E-Mail Realtime Protection configuration is not always present in SSC. Symptom: In organizations where client machines use VDTM to update virus definitions, the "Email Realtime Protection" tab disappears from the "Client Realtime Protection Options" property sheet after def updates. Rebooting the client or restarting the client's NAVCE service restores the tab. Resolution: The error on the client that was causing the tab to disappear has been corrected in the code. In addition, to better support roaming clients, the Exchange and Notes Realtime Protection tabs are now always present in the SSC "Client Realtime Protection Options" property sheet. Silent Install Crashes or Stops Responding When DisplaySilentMsg=1 in Setup.wis Symptom: Invoking a silent install and setting the DisplaySilentMsg setting in Setup.wis to 1 (display a notification dialog to the user during Install) would cause a crash or the computer to stop responding during the install, leaving a partial install (Registry keys, some files - but not a complete install). Resolution: The install process was unloading the DLL used to maintain the notification dialog, causing unpredictable results. This was corrected to not unload the DLL until the dialog is closed at the end of Install. Abend on NetWare 5.1 SP3 when Upgrading or Removing MSGSYS.NLM Symptom: Upgrading or removing NAVCE (7.61 build 30b or later) would cause an Abend in MSGSYS.NLM. Resolution: This file is part of the Intel/AMS fileset that was updated in build 32. This problem was submitted to Intel, who provided an update to this file which corrects the problem. CAUTION: If you are running NAVCE 7.61 build 30b or earlier, you may encounter this abend while upgrading to build 35a. To work around this problem, comment out the load VPSTART line in Autoexec.ncf and reboot server before running the build 35a installation. If you have previously upgraded NAVCE 7.61 to build 32 or later, you can upgrade to build 35a by simply running build 35a installation. Scheduled Scans run Twice after Daylight Savings Time Ends Symptom: After the end of Daylight savings time in the fall, a daily scheduled scan would run twice - an hour before the scheduled time, and again at the scheduled time. The same problem existed for weekly or monthly scheduled scans. Resolution: The process that checks for missed scheduled events would detect that more than 24 hours had elapsed since the previous scan (due to the end of DST), and run the scan an hour early as a missed event - then the scheduled scan would run again at the scheduled time. The missed event routine was updated to account for the difference in elapsed time when switching to or from Daylight Savings Time. Crash in AutoProtect PAM 16 Emulator Code Symptom: Certain files would cause a crash in the AutoProtect code that checks for specific kinds of viruses by "running" the macro code in a virtual machine to identify virus-like activity from previously unknown macro viruses. This code would crash in certain cases with a divide by zero error. Resolution: The AutoProtect PAM 16 code was corrected to handle these situations Buffer Overflow Error in AutoProtect when creating a Filename for Quarantine Symptom: When building a filename for an infected file to add to Quarantine, no check was made for the full path/filename fitting into the allocated buffer, in some cases resulting in a buffer overflow error in AutoProtect. Resolution: Additional code was added to make sure that the full path/filename fits into the allocated buffer to prevent buffer overflow errors. Text String Problem when Booting from a Non-Bootable Floppy after Repair Symptom: After repairing the boot sector of a non-bootable floppy disk, when trying to boot from the disk, the error message did not use the correct Line Feed characters to correctly format the message. Resolution: The Repair code was corrected to insert the correct Line Feed characters when repairing a non-bootable floppy disk. NAVCE 7.61 Build 34a New Fixes and Enhancements: Unmanaged Clients are Installing Unnecessary PDS / XFR Services Symptom: When AMS files were updated in build 32b, the installation of PDS.exe and XFR.exe were inadvertently added back to unmanaged client configurations. These services are not needed for unmanaged clients, and they create unnecessary processor / network overhead by looking for a "parent" server when there is no parent for unmanaged clients. Resolution: The AMS installation configuration file (AMS2.CFG) was corrected to not install these services on unmanaged clients. Crashes and Hangs in Intel Alert Originator (IAO) Service Symptom: When the IAO Alert database file (IAOLOG.dat) becomes truncated, the IAO service will crash or hang when starting up. Sometimes the IAO service will attempt to restart every 5 minutes (and fail each time), filling the NT Event Log with errors. Resolution: Intel has corrected their code to handle truncated log files - if any part of an event is not found, ignore the entire event record. This prevents hangs and crashes (but because the log was truncated, alert event information was lost). Seeing "~E~V in ~F" as the User Name in Client properties in SSC Symptom: When some clients start up, the initial check-in with the parent server adds "~E~V in ~F" instead of "Not Logged-In" as the User Name in the client record on the server. This shows in the Registry on the server (under CurrentVersion\Clients), and under the client's properties in SSC. Resolution: The code that loads text strings from the resource file was causing the wrong string to be returned when called from separate threads at the same time. The code was changed to complete the call for one thread before allowing a switch to the other thread. Performance Problems on Heavily-used Server due to AutoProtect Symptom: During peak usage on a heavily-used server, opening and saving files to the server slows down considerably due to scanning by AutoProtect on the server and on clients. Resolution: A significant performance enhancement from the upcoming Symantec AntiVirus Corporate Edition 8.0 release has been ported to address this problem. Several additional performance enhancements should be included in SAVCE 8.0. MSI handles not closed properly during install Symptom: You install NAVCE with MSI logging enabled, and you create an MSI log file. In the MSI log file you see three warning messages about open MSI handles. Resolution: The handles were inadvertently left open. The install code was fixed so the handles are closed. Rtvscan.exe crashes under heavy load, or scheduled/manual scan stops unexpectedly with the message "Scan stopped by user" Symptom: You are running a scheduled or manual scan with thousands of viruses. Rtvscan.exe crashes or the scan stops unexpectedly with the message "Scan stopped by user." Resolution: An exception was generated in Rtvscan.exe that only manifested itself while under heavy load scanning thousands of viruses. The exception was caught but not handled properly. The code was fixed so the exception will no longer occur. Exception in debug logging when VE logging is also enabled Symptom: NAVCE debug logging is enabled and you have also enabled "VE" logging by using a "Gx" value in the debug registry key (e.g. GA, GC, GF, GI, GS, or GV). You see the message "Exception!! in VEScanFile" in the debug log when scanning certain files. Resolution: Certain file names caused an exception when they were printed to the debug log. This problem only occurred when "VE" debug logging was enabled. No exception was generated in the scan engine, only the print code. The print code was fixed so the exception will no longer be generated. SetFileTime error messages in debug log Symptom: NAVCE debug logging is enabled. For each file scanned you see the message: Failed to SetFileTime() for <filename> due to the operation completed successfully. Resolution: This message was printed for each file scanned, even though SetFileTime() was not failing. The code was fixed so this message will not appear. Any actual SetFileTime() errors will still appear in the debug logs. Windows 2000 Terminal Server clients experience slow logoff Symptom: When NAVCE is installed on a Windows 2000 Terminal Server, clients experience slow logoffs. Server will have USERENV event log entries "Failed to unmount hive..." and "Didn't unload user profile". Resolution: NAVCE was not differentiating users logged in via terminal server client sessions from local logins. NAVCE should only load user profiles from users logging in locally. NAVCE was opening a remote client user's profile and kept it open when the user logged off. When a user logs off, Windows tries to unload the user profile. It retried for a period (event log says 60 seconds, but delays are typically several minutes) before logging the events above. Logic was added to identify terminal session logins. User profile is no longer loaded for terminal server session logins. Temp files left over on client machine after remote install Symptom: When a remote client install is performed from SSC on clients already running NAVCE, the "Clt-Inst" folder is left on the client machine with all files. This folder, which contains temporary install files, should be deleted after any remote install. Resolution: Incorrect logic existed in the InstallShield for Windows Installer sequence that restricted the cleanup of temp files to fresh installs where NAVCE is not yet installed on the client. The logic was corrected to allow the removal of the "Clt-Inst" folder after both upgrades and fresh installs. Logs exported as CSV files from NAV not displayed correctly if they contain an empty field Symptom: When logs are exported from NAV (such as virus history) as comma separated values, they are not displayed correctly if one or more fields are empty. Resolution: Logic has now been added to check if a given field is empty, and if so, placeholders are inserted. This was done to enable users viewing the logs as plain text to see that there is an empty field rather than just two commas next to one another. If just a space were used it is readily missed. Formatting will now be correct. AutoProtect resets file modified date on Netware or Unix server Symptom: When you save or rename a file on a server, realtime scanning on the client causes the file modified date to change. On a Netware server, the modified date changes to 1/1/1985. On a UNIX server, the date changes to 01/01/1970. Resolution: After a file is scanned, the new file times are compared against the old file times. If the times are not equal, then the original file times are put back. Norton AntiVirus Corporate Edition 7.61 Build 32b Important Notes Uninstall Fails Reporting Error Loading or Referencing NAVINS95.DLL/NAVINSNT.DLL Testing for other upgrade issues turned up problems with the fix to issue Upgrade Install Fails if the User Double-Clicks the MSI File Instead of Launching SETUP.EXE, previously reported fixed in build 30. Additional logic was added to workaround the problem locating the source directory. More extensive testing has proven this to resolve the issue completely. Quarantine Server - Update to Intel AMS/PDS, Virus Definitions The updates to AMS / PDS and virus definitions in the previous build have been fully implemented in Quarantine Server in this build. Update to Intel AMS/PDS Version 6.12.0.0071 The Alert Management System (AMS), and core component Ping Discovery Service (PDS) are licensed from Intel - a new release of Intel files are included with this build. This release should resolve several ongoing problems traced to Intel files - but a specific list of fixes is not available. Update to Virus Definitions - December HubDefs The virus definitions installed with this build have been updated to the latest full definition set (dated 12/29/01). New Fixes and Enhancements: Incorrect sorting of clients or servers by virus definitions date in SSC Symptom: When sorting the display of clients or servers in the SSC, they appear to be sorted by the ASCII value of the date rather than the actual date. Resolution: The code that handles the sorting was designed to handle a generic case using strings. The sorting algorithm was modified to handle the case of a numeric sort. Information in NAV Server/Client Tree control in SSC can be corrupted Symptom: The NAV client and server objects in Symantec System Center (SSC) can sometimes become corrupted, showing invalid information. Resolution: Memory for the objects in SSC was erroneously being deleted or reused, corrupting the information for those objects. This has been corrected in the code. Windows 95 client cannot update virus definitions from server Symptom: Windows 95 clients attempt to download virus definitions from the server. The temporary virus definition file is placed in the directory C:\Program Files\NavNT\xfer as it is downloaded. The file is never deleted. The xfer directory fills up with temporary files and eventually all space on the drive is exhausted. Resolution: The code that processes downloaded virus definitions was fixed. The file is processed by the client and deleted from the xfer directory when processing is complete. Quarantine Server process consumes 100% of CPU when client disconnects Symptom: A client is uploading a file to the Quarantine Server but the client disconnects from the server during the transfer before it is complete. The Quarantine Server process on the server (qserver.exe) goes into a loop and begins to consume all available CPU for several minutes or more. Resolution: The Quarantine Server code was fixed to better handle clients that disconnect during a transfer. Clients may lose connectivity with servers that have two or more network cards (NICs) Symptom: Clients are connected to a server that has two or more network cards and the server is rebooted. Clients maintain connectivity with the server until the server pushes GRC.DAT to the clients. After that point, the clients lose connectivity to the server because the wrong IP address value is stored in the AddressCache for the server. Resolution: NAVCE server now checks for a new registry value called "OverrideIPAddress". The registry value may be manually set by the server administrator to contain the IP address that clients should use to communicate with the server. The OverrideIPAddress registry value must be created in HKLM\Software\Intel\LANDesk\VirusProtect6\CurrentVersion. The registry value must be an IP address in dotted decimal form, e.g. 192.168.0.1, and must be a valid IP address for the server. The registry value will be ignored if it does not exist, if it is empty, or if it does not match one of the server IP addresses. Note: NAVCE server will begin to use the new registry value in the AddressCache one minute after the server is started. NAVCE consumes 100% of the CPU on shutdown when Lotus Notes 4.5 is installed Symptom: Lotus Notes 4.5 is installed and the Notes snap-in is in use. When the user logs out or the system is shutdown, NAVCE (rtvscan.exe) consumes 100% of the CPU for several minutes. Windows may pop-up messages about tasks that are not ending properly, including Battery Meter and Explorer. Resolution: Lotus Notes 4.5 contains many memory leaks and buffer overruns that are fixed in later versions of Lotus Notes. These memory leaks and buffer overruns caused an exception in NAVCE. The exception caused rtvscan.exe to go into a loop and consume all available CPU. The customer must upgrade to Lotus Notes 4.6 or higher. The code was also fixed so this loop will not occur if an exception is generated in the future. NOTE: Although the code was fixed so it does not loop, the exception will still occur due to Lotus Notes 4.5. When the exception occurs on a user logout, rtvscan.exe will still be terminated and the machine will no longer be protected by NAVCE. The customer must also upgrade to Lotus Notes 4.6 or higher so the exception will no longer be generated. Windows 2000 users cannot launch LiveUpdate (update to previous fix) Symptom: Users logged into Windows 2000 with a local, restricted account can now run LiveUpdate, but Administrators who installed NAV, then were later demoted to Users, will still fail when attempting to run LiveUpdate. Resolution: Restricted users are now identified by their class (not a member of Administrators), rather than their access to specific Registry keys. NAVCE installation fails Symptom: NAVCE installation fails. If you use msiexec to create a log of the install, you see the error message "DebugLogInit. Return value 3." All attempts to install NAVCE result in the same problem. Resolution: An incorrect condition in the NAVCE installer prevented a core InstallShield component from running during the install. Without the InstallShield component the remainder of the installation would fail. The NAVCE installer was fixed so the component will run. NAVCE 7.61 Build 30b Server Upgrade Install Does Not Upgrade Server Symptom: When rolling out a server install, the server was not updated with the new build. Resolution: The ProductVersion stamped in the .MSI files had not been updated to 7.61, ultimately causing MSI to ignore the newer install file and use the locally cached copy of the old install in WINNT\INSTALLER. Upgrade Install Fails With Error 1920 Starting Service Symptom: Installation would proceed to about 75% of the way through, then would appear to stop when it tried to start the RTVScan service. It would then report the error and rollback the install. Resolution: This occurs if you've manually deleted the current NAVCE virus definitions directory and then attempted a reinstall. DefUtils incorrectly believed the old virus defs were the ones NAVCE should use. RTVScan then failed to startup because the old defs did not exist. The fix was to improve the DefUtils logic to prevent multiple entries for a single AppID in USAGE.DAT. Upgrade Install Fails if the User Double-Clicks the MSI File Instead of Launching SETUP.EXE Symptom: The install would appear to be functioning, but none of the NAVCE files would be upgraded to the new build. This would also occur if an administrator tried to roll out an install to a machine via MSIEXEC, the standard method of doing so. Resolution: Due to an InstallShield issue, the install could not determine where it was run from and so could not locate the files in the SUPPORT directory. This has been improved, but still could potentially fail. If an administrator rolls out an update and runs into this problem, it can be fixed by manually setting the UPGRADEDIR property on the MSIEXEC command line. Also, administrators should always use "/fva" instead of "/i" when performing an install over. This should be set equal to the full path to the Rollout\Server\Clients\Win32 directory, as in: Msiexec /fva "\\server\share\navce.msi" UPGRADEDIR=\\server\share NAVCE 7.61 Build 30 New Fixes and Enhancements: NAV Conflict with BlackICE Defender Symptom: Starting the system with both NAV and BlackICE Defender installed intermittently gets an error 'NAV Realtime Protection failed to load.' Solution: The BlackICE product was unnecessarily locking the Service Control Manager database, causing our attempts to load AutoProtect services to fail. A new version of BlackICE Defender (2.9.can) resolves this problem. In addition, the routines that attempt to start the AutoProtect services have been updated to retry if the database is locked. NAV Can't Access Folders with DBCS Names Symptom: A folder created from another machine, using a different codepage, using DBCS characters in the folder name can not be scanned by a local manual or scheduled scan. Solution: This is actually an operating system issue when using different codepages - these DBCS folders are not found when searching the (English) host drive. The scan routines have been updated to use the alternate (8.3) name if it is available. New Unsupported Tool - QuarDel Enhancement: A new tool is being added to the set of unsupported tools located under CD1\ProdMgmt\NoSuprt. The tool is named QuarDel.exe, and has been added along with documentation, QuarDel.pdf. Disabling the 'Add to Quarantine' feature Symptom: A previous fix to restrict the Add to Quarantine feature does not affect the context menu available when right-clicking on the Quarantine view in the main UI. Solution: This has been corrected. The Registry value to restrict access is: HKey_Local_Machine\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Quarantine\DisableAddQuarantine. Printing from Command Prompt - Illegal Operation Exception Symptom: Attempting to print from a CMD (Dos Box) prompt gets an Illegal Operation Exception in NAVAP.sys. Solution: An update to the AutoProtect component resolves this problem. LiveUpdate - Error: Cannot Create a Temporary Directory Symptom: When trying to initiate LiveUpdate, the following error window is displayed, "LiveUpdate could not create a temporary directory." In addition, the LuComServer process hangs and must be manually terminated through the Task Manager. Solution: A new version of LiveUpdate corrects this problem. The Client version was updated to version 1.7.
New Documentation for NavRoam Feature Symptom: The new roaming capabilities were not fully documented. Solution: A new documentation file, Roaming.pdf, was added to CD1\Docs, CD2\Docs Known Issue: Uninstall of NAVCE Server from a Windows 2000 (Advanced) Terminal Server fails Symptom: Uninstall of NAV Corporate Edition Server from a Windows 2000 (Advanced) Terminal Server fails - "Fatal Error" message. Event log reports: "The Norton AntiVirus Server service terminated with the following error: The environment is incorrect." The problem is unique to Terminal Server. Uninstalling NAV Corporate Edition Server is successful on Windows 2000 Server. IMPORTANT NOTE: LiveUpdate Administrator 1.5.3.21 Required The LiveUpdate component of NAVCE was updated to v1.7 to resolve a customer issue and in response to a security issue with older versions of LiveUpdate. (See the document "Symantec LiveUpdate 1.4 through 1.6 vulnerability" in the threat list on http://securityresponse.symantec.com). As a result, LiveUpdate administrators must now use LiveUpdate Administrator v1.5.3.21 or later, available from http://www.symantec.com/techsupp/files/lu/lu.html. NAVCE 7.61 Build 28a New Fixes and Enhancements: Windows 2000 users cannot launch LiveUpdate Symptom: Users logged into Windows 2000 with a local, restricted account cannot run LiveUpdate. Resolution: Restricted users will now be able to launch LiveUpdate when the following conditions are met:
Disabling the 'Add to Quarantine' feature Symptom: In the local quarantine window, the "Add to Quarantine" button allows users an explorer view to the system drive and the ability to quarantine critical files. Resolution: A new registry DWORD value: HKLM\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Quarantine\DisableAddQuarantine can be added to the client registry. A value of 1 will disable the "Add to Quarantine" button in all instances except direct update by Administrator. Client install failure Symptom: The silent installation package either stops responding for 5 - 10 minutes before completing, or fails to complete. Resolution: This problem has been fixed with an updated version of setup.exe. Backup software compatibility Symptom: Realtime scanning changes the last access date on files that are opened by backup software. Resolution: Under File System Real Time Protection, there is now an option to ignore files being opened for backup. To disable the scanning of files opened for backup:
This setting causes NAVCE to ignore backup open calls, which are specific API's backup software uses. This will enable NAVCE to run realtime protection at the same time that realtime backups are taking place. NOTE: This setting applies to files being opened for backup and read. Files that are opened for backup and write (restore) will be scanned regardless of this setting. Updated Symevent NAVCE 7.61 includes Symevent release 10.3.2.9. This build allows realtime scanning to ignore files opened by backup software. Blue screen errors when insufficient kernel stack is available Symptom: The computer stops responding at startup or during realtime scanning if there is insufficient kernel stack available. Resolution: NAVCE now initializes on its own stack and switches back to the kernel stack before making system calls. Scans are queued to a separate thread so NAVCE has a fresh kernel stack to use. High CPU utilization Symptom: NAVCE Servers experience high resource utilization when a large number of clients check in simultaneously. Resolution: NAVCE Clients and Servers now statically allocate message semaphores, which uses less resources than allocating and releasing them for every packet sent. The incoming and outgoing semaphore tables have been split, which doubles the size of each, and decouples outgoing and incoming activity. NAVCE 7.61 fixes from previous NAVCE 7.51 inlines Files and folders with long file names were not excluded when configured to do so Symptom: Long path names were not excluded when added to the exclusions list. Solution: This is an update to a previous fix that caused all files and folders to be excluded on mapped drives. Long path names should now be excluded correctly. NetWare 4.11 Servers abend when encountering an invalid virus definition file Symptom: A NetWare server would abend when trying to incorporate new definitions from an incorrectly formatted virus definition file. Solution: Added additional checking to avoid the abend and ignore the invalid definition file. Decomposer problems with malformed MIME messages Symptom: NAVCE was mistaking certain messages for MIME formatted messages, causing problems when the message was scanned. Solution: Added additional checking to detect these new message types. Quarantine Server Console not sorting Age column correctly Symptom: When sorting on the Age column in the Quarantine Console, ages of 11 days, 12 days, and so forth would appear before 2 days. Solution: Revised the sorting algorithm to handle Age values correctly. NAVCE installation would move all log files in System\Logs folder Symptom: To support upgrading older versions of NAV, Quarantine, and other log files are moved to the new location--but in some cases, all logs in the System\Logs folder were being moved. Solution: Added additional checking to ensure that only old NAV log files are moved. Unprotecting a protected Zip disk would fail with RealTime file protection active Symptom: Trying to unprotect a protected Zip disk with RealTime protection active would display the error message "Disk is in use, please close any disk management utilities or other programs accessing the drive." Solution: Added checking for this specific case of a protected Zip disk to avoid attempts to scan the disk during the unprotect operation. SSC UI checkbox would be checked when never selected Symptom: When configuring the Virus Definition Manager for server or server groups in SSC, and then bringing the dialog up again, the Schedule client for automatic updates using LiveUpdate checkbox would be checked even though it was not selected during the initial configuration. Solution: Corrected the default settings to avoid the checkbox being set when not selected. NAVCE Install Logs do not contain date information Symptom: Installer logs _CClt.log and _CSrv.log only contain the time, making it difficult to use the logs. Solution: Added the date to the log files. Minimal UI installation option causes reboot before the installation is finished Symptom: When running the minimal UI (/qr command line parameter) option, a computer would reboot before install was complete. Normal UI options are full UI and silent (no UI). Solution: Updated the install routine to handle this Install UI option correctly. Install UI shows Reboot even when Reboot is disabled in Setup.wis Symptom: The wording on the Install UI would indicate that the computer would reboot, even when reboot was disabled in Setup.wis. Solution: Updated the install routine to check whether reboot is disabled, and display the appropriate text. Clients see rights error message at logon even when configured to not install Symptom: If a user does not have adequate rights to install NAV, an error was generated even if the setting in SSC for that platform is set to Do Not Install. Solution: Added a check to not generate the error if the configuration setting for that platform is set to Do Not Install. Silent Install Dialog box Symptom: The dialog box warning users that NAVCE is silently installing closes before the install completes. Resolution: The dialog box will now stay open until the install completes. |