Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Virtualization Community Blog

A few notes on SP6 MP1 and X64 support

Created: 28 Oct 2010 • Updated: 28 Oct 2010 • 14 comments
Jordan's picture
0 0 Votes
Login to vote

As some of you are aware we just released SP6 MP1 and there's a few things that need to be pointed out since I know many of you are eager to get using SP6 MP1.

(Until we have them up on the public download site please contact your sales rep to get the release--once the build is public I'll do one of my posts listing what's in the release and where to get it).

First off any XPFs or VSAs made with either of the betas (January's or July's) are not supported with SP6 so you will need to repackage any application that you made with them.  Any XPF or VSA exported from SP4 or earlier will work with the build so it's only the beta builds you have to worry about.  For the most of you this will only be x64 related stuff.

The same goes for any Office 2010 packages people were experimenting with pre-SP6 MP1.  This includes the recalled SP6 release.  You will need to repackage any office 2010 stuff.  As this is the first release where we support Office 2010 I don't think this will be an issue for many people.

Comments 14 CommentsJump to latest comment

ManelR's picture

Hi,

We're using SP6 from two days ago because this release solved our BSOD problems while launching an on demand scan with McAfee VirusScan 8.7i SP4.

Well, the virus scan problem is gone but ... we've found that many of our layers (created and exported using SP4 in a MUI installation of Windows 7 x86 Enterprise Spanish + English + Catalan) don't work with SP6 initially.

Some of them are active layers but the files aren't visible to the user. Some others, like Lotus Notes, stays in a loop while executing. Word has some problems while saving the normal.dotx template and so on ...

Some of these problems are solved if we RESET the layer. So I've did the following test:

- Deploy Win 7 image

- Deploy SWV 6.1 SP6

- Import all SP4 layers, RESET and activate them

Most of them work now.

My next step is to export them again using SP6 so my PCs will be deployed initially using SWV 6.1 SP6 and layers created using this version.

Next week we start our final deployment of desktops and we will be happy if everything works as before (very well with only the virus scan problem).

For your information ...

Thanks.

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
+1
Login to vote
ManelR's picture

Double click in "Computer" ... message "Not responding" ...

If you kill this window, taskbar dissapear.

CTRL+ALT+DEL and logout ..

Login and message "Initiating ..." and black screen like the MUICache problems ...

Shutdown + Reboot and the problem is the same.

Now reverting my clients to 6.1 SP4 + SP4 layers until we can test more SP6.

The only "problem" with this is that we will get BSOD when scanning using McAfee because SP4 has problems with McAfee :-(

 

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
+1
Login to vote
ManelR's picture

Hi,

I've recaptured some of our applications using SP6 ...

Some of them seems to work: Firefox, Thunderbird, Office 2007 ...

but Lotus Notes 8.5.2 don't ...

I've captured the application in the same manner than before in SP4 and it has the same problem ... when starting Lotus Notes it stays forever in the splash screen "loading ...".

So, the only combination is SWV 6.1 SP4 + Notes in SP4 layer (the layer exported to SP6 didn't work and the layer created from scratch under SP6 didn't work too).

I'll open a case.

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
+1
Login to vote
ManelR's picture

Hi,

I've found that the global excludes aren't in the same registry key for SP4 than for SP6 so it breaks our setup process (that import global excludes using a registry file as explained in the page 55 of SP4 User's Guide).

In SP4:

HKLM\SYSTEM\CurrenControlSet\Services\FSLX\Parameters\FSL\Exclude (key)

In SP6:

HKLM\SYSTEM\CurrenControlSet\Services\FSLX\Parameters\FSL\ExcludePath (value)

:-(

PS: It would be nice to have a "what's changed from past version" in the User's Guide to point to this change and others...

 

 

 

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
+5
Login to vote
Jordan's picture

Thanks, I'll get that info changed.

We're supposed to have a change log in the KB for each release.

If a forum post solves your problem please flag is as the solution

+3
Login to vote
MikeWoodd's picture

In the SWV 6.1 SP6 MP1 release, there are some antivirus process exclusions - included by default it seems:

Key name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FSLX\Parameters\FSL

Value name: ProgramIgnoreList (REG_MULTI_SZ)

Values:

 

[_B_]PROGRAMFILES[_E_]\NAVNT\rtvscan.exe
[_B_]PROGRAMFILES[_E_]\Symantec Client Security\Symantec Antivirus\rtvscan.exe
[_B_]PROGRAMFILES[_E_]\Symantec Antivirus\rtvscan.exe
[_B_]PROGRAMFILES[_E_]\Symantec_Client_Security\Symantec Antivirus\rtvscan.exe
[_B_]PROGRAMFILES[_E_]\CA\eTrustITM\InoTask.exe
[_B_]PROGRAMFILES[_E_]\CA\eTrustITM\Shellscn.exe
 
*** We are dealing with CA eTrust x64 version, and the paths above don't actually exclude the x64 processes in 64-bit Program Files that CA is installed under. Files were being cloned into the base OS, the cloned files were cloned as UPPERCASE so very noticeable and wierd until I figured out it was a conflict with eTrust ITM. 
 
To stop files being cloned I had to add the following:
 
[_B_]PROGRAMFILES64[_E_]\CA\eTrustITM\InoTask.exe
[_B_]PROGRAMFILES64[_E_]\CA\eTrustITM\Shellscn.exe
 
I assume this would also apply to any/all other64-bit Antivirus programs - I think Symantec should include the 64-bit exclusions as well as the 32-bit exclusions if they're going to do it at all... 
+1
Login to vote
Jordan's picture

This was something that we discussed internally and we couldn't find any at the time that actually installed their x64 versions to programfilesx64.

I'll look into CA eTrust x64 and see about getting those updated.

If a forum post solves your problem please flag is as the solution

+1
Login to vote
ManelR's picture

Jordan,

Do you know the right exclussions for McAfee VirusScan 8.7i?

Thanks.

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
+1
Login to vote
Jordan's picture

The rule of thumb for the program ignore list are any exes that run in Task Mon when the scan is taking place.  Proc Explorer can generally make this easier.

If a forum post solves your problem please flag is as the solution

-1
Login to vote
ManelR's picture

Hi Jordan,

I can see different processes in Proc Explorer depending on where I execute "on-demand scan" from.

For example, we manage VirusScan using ePolicy Orchestrator, so in our taskbar we always have an icon for McAfee programs called McTray. This program is launched by UdaterUI. If I use the option in this tray that "scan computer for ... threats" I get the "scan32.exe" running without asking for scan properties:

UdaterUI.exe (C:\Program Files\McAfee\Common Framework\UdaterUI.exe)
  |
  +-- McTray.exe (C:\Program Files\McAfee\Common Framework\McTray.exe)
        |
        +-- scan32.exe (C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe)

If we execute "On-Demand Scan" from the menus I get the properties screen for the scan and the scan starts without running scan32.exe, only "ScnCfg32.Exe":

ScnCfg32.Exe (C:\Program Files\McAfee\VirusScan Enterprise\ScnCfg32.Exe)

And, finally, if we execute "VirusScan Console" and run the scan from there, we get the following process tree:

mcconsol.exe C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe)
  |
  +-- scan32.exe (C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe)

So, probably, we need to exclude the processes marked in bold.

Is this right? I'll call McAfee this morning to confirm this.

Thanks.

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
-1
Login to vote
Jordan's picture

those two look correct.  The other ones are UIs and not something that needs to be ignored.

If a forum post solves your problem please flag is as the solution

-1
Login to vote
ManelR's picture

Well,

After calling McAfee support and talk with them for some minutes, I've come to the conclusion that the binaries should be correct.

I'll add them to the exclusion list.

I guess this should not hurt, right?

Thanks.

 

IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
+1
Login to vote
Jordan's picture

No it won't hurt.

All the ignore list does is prevent the application being ignored from seeing the redirected path.

If a forum post solves your problem please flag is as the solution

-1
Login to vote
ManelR's picture

 

Hi,

Symantec released SP6 MP1 HF1 (see  DOC3478 in KB, http://symantec.com/docs/DOC3478).

I'll give it a try tomorrow. I hope it solves all our problems.

Regards,

 
IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
-1
Login to vote