Re: OT: Virus scanner registry keys

From: prg (rdgentry1_at_cablelynx.com)
Date: 02/04/05 

Date: 4 Feb 2005 09:59:24 -0800

Noah Roberts wrote:
> I know at least some of you have to deal with Windows machines on
your
> network. I have asked everywhere else I can think to.
>
> I am trying to develop a program that scans windows machines to make
> sure they won't destroy the network. I check for SP2 and virus
scanner
> existance currently. I want to check to be sure the scanner is set
up
> to scan periodically, not just by user intervention, and that it has
> been used recently and came up clean. These things I am having
trouble
> finding and deciphering in the registry.
>
> Students in the Dorms tend to not ever use the virus scanner. So it
is
> up to date, and the service is running, for all the good it does.
They
> still get infected because they never scan...then I have to deal with
> it, and I hate windows.
>
> Anyway, if anyone has any information on these values and keys or
knows
> a place where the information is available (I have even contacted
> McAfee and am still waiting...Norton has no damn address or anything
on
> their site, but I will continue attempting)...

Sympathize with your problems, but you may not want to go down this
road of remote registry access given the wide range of Win versons and
the real potential of leaving the registry wide open for _any_ remote
access if you don't get it right for each and every client setup. Yet
more proof of MS's brain dead implementation of this _vital_ system
file.

Besides, these are not _your_ machines, so you may end up being
responsible for anything that goes "wrong" with them despite your pleas
that your editing/mucking with registry was not the fault. Put
yourself in their shoes if _your_ laptop "broke". You may not be able
to resist the outcry;(

We tried using this approach at the school district just to monitor
that _we_ had set up _our_ (~2500) machines correctly, and ... what a
headache.

Best would be to have a directory service and Win policy that enforced
starting/running the AV software on each client. Not easy in any case
and may be nearly impossible in a college setting with students'
laptops. We were running a NetWare net and eventually went with
ZenWorks to lock down and configure startup of _our_ computers.

We also relented and now scan all email moving through the system.
Even reduced that by having local email service/accounts only for staff
-- students have to use a web based email account of their choosing,
Yahoo, etc. They rarely used their local accounts anyway since they
weren't accessible off-campus. Having an off-campus, web email account
also useful when students needed a quick-n-dirty way of making a
"backup" of their term papers they worked on in the labs/library --
just mail it to themselves.

Pegasus Mail will go far in reducing email born viruses. Since it's
free, we've used it for years in the schools. It does not provide the
same level of integration as Outlook, which causes some users to
complain, but makes mail admins shout with joy;-)

That said, you still need some way to insure the AV software _is_
running to automatically scan at least new flles and incoming email --
scanning outgoing email will boink many mail server setups. IIRC, you
are making the AV software available on your site and installing it
when students first setup on the network.

Perhaps you can come up with a script that runs after the AV install
that sets the registry values needed to insure and lock how the AV
software runs. Setting registry values is probably easy enough but
haven't looked at what you can do with the policy editor lately. And
rather than testing the registry at each login, you could write your
own, encrypted "license" file that you read for proper checks. A
script that runs the AV? A downloaded/login script kicker that runs a
previously installed AV startup/run script on the client?

These are off-the-top ideas I've used in various contexts, not
together, and not for network "authorization" of any kind. Also
haven't looked lately at how Novell ZenWorks is coming along on Linux
-- maybe this weekend? Will try to look into "locking down" AV setup
on clients. No, not 'cause I'm such a great guy, but because this is
a recurring problem I've not looked into for some time. And I really
should look into it these days ;)

I'll get back with anything I find that may be useful to you.

good luck,
prg
email above disabled

Relevant Pages

  • OT: Virus scanner registry keys
    ... I know at least some of you have to deal with Windows machines on your ... sure they won't destroy the network. ... Students in the Dorms tend to not ever use the virus scanner. ...
    (comp.os.linux.networking)
  • RE: 0x7c911e58 error
    ... was still using the registry during log off. ... Your computer was not assigned an address from the network (by the DHCP ... Server) for the Network Card with network address 000E3541722C. ...
    (microsoft.public.windowsxp.general)
  • Re: For the AdaOS folks
    ... > could be on any workstation in the network. ... >>root file system, which obviously is only local to one node. ... - Joining (hard pressed to think of any registry entry I wanted ...
    (comp.lang.ada)
  • Re: Cant connect to computers
    ... Now that the connection has been made, ... machine via network neighborhood then the good machine can ... by using Registry Editor or by using another method. ... How much time elapses between when the laptops ...
    (microsoft.public.windows.server.networking)
  • Re: Workstation and Server Services quadruple boot time
    ... Is this computer a member of a business or home network? ... (The specified domain either does not exist or could not be ... Event Source: AutoEnrollment ... service was still using the registry during log off. ...
    (microsoft.public.windowsxp.perform_maintain)