Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Endpoint Management Community Blog

Showing posts tagged with 7.x
Showing posts in English
Ludovic Ferre | 24 Jan 2013 | 3 comments

I have a customer that is using the Connector Solution (in 6.0 and 7.x) to import users, group and parameters into their CMDB's for various business reasons.

Over time their import data has grown and so has the process time, to some extremes: updating 10~20K entries on a dataclass from a CSV file containing 1,000,000+ lines (a mere 30MiB) would take 3 hours + (in 6.0, and many more in 7.x).

Note that the imported data is not one for one - i.e. we are not populating a data table but linking keys from other tables, which is different process to handle from the SMP.

In a couple of cases we decided to take the processing outside of the Connector Solution, via a simple SQL procedure. This worked great but it requires some serious amount of work to implement the data insert, update and delete part of the procedure. This allowed us to run the import in less than one minute (fyi, it's Import #3 in the table below).

Thankfully my customer reported (today...

Ludovic Ferre | 23 Jan 2013 | 0 comments

The Symantec product listing xml was updated Monday.

Here are the information we have from it:

File name: symantec_v2.pl.xml
File hash: 3e447dd07844f9fad531a3240215a11b
File date: 2013-01-18 15:37
File size: 13,990,445 bytes (~14MB)
Release date: 2013-01-21

From the Git commit [1] we can see the following changes:

 

  Add /solutions/7_1/mobilemgmt/7_2_sp2_1_rtm/symantec_mobileframework_7_2_sp2_1_x64.msi_info ...
Ludovic Ferre | 22 Jan 2013 | 1 comment

I just finished a remote session with a customer that found a computer from the database that is not sending data back.

I had received the log files yesterday and the log viewer was all red and blue. Upon inspection it was clear that the agent COM components are not working (not registered or unregistered), so no basic inventory, client session management or sub-agents could perform their normal tasks.

Still the agent was getting it's policy file from the server, but not being able to do anything with the given policy (given its state).

We checked the computer Windows logs and found nothing interesting in there, so we crafted a SQL query to detect other computers with similar issues:

select 
       distinct(s.ResourceGuid),
       i.Name, MAX(_eventtime) 'Last config request',
       MAX(s.ModifiedDate) 'Last Basic Inventory',
       MAX(s.createdDate) 'First inventory',
       DATEDIFF(d, max(s.modifiedDate),
       MAX(c....
mmurphy7 | 18 Jan 2013 | 0 comments

With the new year upon us, it’s time for Arellia’s 2012 analysis of Adobe Security Bulletins and those with privilege exploits. As a refresher from the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer.  Breakdown of Adobe Bulletins:

Bulletins 28
Vulnerabilities 125
Bulletins with Privilege Exploitations 20
Vulnerabilities with Privilege Exploitations 98
% of Bulletins with Privilege Exploitation 71.43%
% of Vulnerabilities with Privilege Exploitation...
Ludovic Ferre | 01 Jan 2013 | 0 comments

Happy New Year Symantec and the Connect Community.

Today I updated my patch toolkit ([1][2]) with version 0.6.7, brining in a couple of features ontop of some project consolidation (nothing visible from the end-user standpoint but I have implementing a generic initializer and a config class that allow me to further consolidate the project codes).

Here are the features implemented in 0.6.7:

  • /severity=<severity>|* now has a wildcard token ("*") that allows users to select any severities instead of only one [available in both ZeroDayPAtch.exe and PAtchAutomation.exe]
  • /custom-sp=<sp_name> allows the user to specify a stored procedure name that will be executed [available in PatchAutomation.exe alone]

What's specially interesting in this case (and in the combination of both features) is that it is now possible to generate a result-set to be used in the tool based on what ever the end user want.

The /...

HighTower | 27 Dec 2012 | 7 comments

At the last couple of Symantec Endpoint Management User Group meetings I talked about a couple of things that can be done to improve the performance of your Symantec Management Platform.  I figured it would be best to summarize them in the group itself:

  1. The first one I mentioned had to do with changing the Kerberos authentication order in the IIS website from Negotiate > NTLM to NTLM > Negotiate
    http://www.symantec.com/business/support/index?page=content&id=TECH156006
     
  2. The second we just ran across this week.  Our 16 core, 24gb RAM SQL server was running a constant 80-90% CPU utilization and we were experiencing frequent deadlocks.  On Sunday, a deadlock/blocking situation corrupted our PMImport and broke Patch.  Very bad things happened.

    In any event, we found that the SQL Tuning guide had been updated by...

Ludovic Ferre | 20 Dec 2012 | 0 comments

I was asked today to help on a long running hierarchy replication task. I pointed my customer to the default report whilst I was searching a hand crafted SQL to do the same, with a slightly friendlier look to it.

I found it, so I sent it to them and I share it with the Community now:

select
		rs._eventTime as 'Event time',
		replace (src.name, '.15-cloud.fr', '') + ' --> ' +
		replace (dst.name, '.15-cloud.fr', '') + 
		case src.name when 'vbox-atrs5.15-cloud.fr' then ' (Down)' else ' (Up)' end as 'Details',
		cast(rs.TotalReplicationCount as varchar) as 'Objects (total)',
		cast (rs.FailedReplicationCount as varchar) as 'Failed',
		cast (rs.DataTransferred as varchar) as 'Size in KiB',
		cast (DATEDIFF(mi, rs.[StartTime], rs.[FinishTime] ) as varchar)AS 'Duration (mins)'
  from...
Ludovic Ferre | 21 Nov 2012 | 1 comment

I just wrote an article in French regarding recommanded application pool configuration for the SMP and IIS.

It's available [1] but I won't tease you too much. Here is the most interesting part from it, a batch script to automate the pool creation, "straight off the bat" as a British friend of mine would put it. Please note that some web-applications work nicely in their own pools, but other need to remain in the /Altiris application domain. So if you feel like trying to craft your own, keep this in mind and be ready to revert.

 

@echo off
set appcmd=%comspec%\..\inetsrv\appcmd

%appcmd% add apppool -name:Altiris-NS-Agent
%appcmd% set apppool Altiris-NS-Agent -managedPipelineMode:Classic
%appcmd% set app "Default Web Site/Altiris/NS/Agent" -applicationPool:Altiris-NS-Agent

%appcmd% add apppool -name:TaskManagement
%appcmd% set apppool TaskManagement -managedPipelineMode:Classic
%appcmd% set app "Default Web Site/Altiris/...
Ludovic Ferre | 21 Nov 2012 | 0 comments

This evening I was asked whether I would recommand disabling IIS log file to make sure the SMP console runs as fast as possible.

My answer was (and remains) a big NO. Do _not_ disable IIS logging. It contains a lot of good information on it (that I am a big consumer of, but the value is there to anyone).

So, first lets dispell this nonsense about improving performances.

IIS logging is done on the http.sys driver, so it run in the Windows Kernel. You can verify this using procexp as per the image below. This means logging requests once they are completed (as this is when it) does not cost any context switching (as it would if it was in living user space). Besides, each entry is normal less than 1024 bytes, which means the "cost" of logging entries is fractional: push the information already held in memory to disk.

If you compare the cost of doing this tiny little task with what happens in user mode in the w3wp.exe (handling the request in ISAPI...

stebro | 12 Nov 2012 | 0 comments

One of the challenges related to critical applications on Windows desktops is end user’s or malware’s ability to kill critical services and processes. Critical applications in an enterprise desktop can include antivirus and endpoint security products as well as systems management tools for software delivery, patching, and\or inventory. Protection of the services and processes related to these applications is key to ongoing operational security and availability.

Critical Windows applications typically run as a service that often can be stopped by a user running with administrator credentials. Any user who runs as a standard user is limited from stopping services, but as most users in enterprises run with administrator accounts they can stop those services and often do. Reasons for stopping critical services vary, but the most common reasons include complaints about performance impact of such applications or not wanting to be controlled by corporate IT. Whatever...