XMON - Does it launch before logon?

[GSteer]

Hi,

We have a customer running EE with XMON and there server is scheduled to reboot every wednesday early morning.

Until the server is logged onto at the start of the day they appear to be having various infected files get past XMON and be picked up by EMON on the local desktops, is this standard behaviour?

Does NOD require that the server be logged into once before kicking in properly?

Regards

Greg.

[sparx]

Yes, you have to log in after the system boots in order for the program to start running. However, once you log in, if you log out again, it will continue to run. But, yes, it's like any other program. Windows needs to load completely to get it goin'.

[YeOldeStonecat]

Quote:

Originally Posted by sparx

But, yes, it's like any other program. Windows needs to load completely to get it goin'.

Many programs designed to run on servers, will start as a "service"...regardless if the server has been logged in or not.
Exchange itself starts as a server, you don't need to log onto the server
Remote access programs such as PcAnywhere, or various VNC flavors..can run host mode as a service.
SQL server..
Exchange itself...
IIS
I could fill the capacity of this forums hard drive space with a list.....

[GSteer]

Quote:

Originally Posted by YeOldeStonecat

Many programs designed to run on servers, will start as a "service"...regardless if the server has been logged in or not.
Exchange itself starts as a server, you don't need to log onto the server
Remote access programs such as PcAnywhere, or various VNC flavors..can run host mode as a service.
SQL server..
Exchange itself...
IIS
I could fill the capacity of this forums hard drive space with a list.....

Thats where my thoughts were coming from YeOldeStoneCat.

Lets home version 3 sets xmon as a service (if it still exists in this form).

I'm going to have to look at some sort of temporary auto logon script for rebooting some of remote servers now, anyone got any immediate pointers?

I can't really leave any server "unprotected" by not logging it in even if its a scheduled reboot at some godforsaken hour in the morning.

[Megachip]

Hmm...

Amon also starts before login, why xmon doesn't??

Is it possible to run xmon as service?

[NOD32 user]

Quote:

Originally Posted by GSteer

Thats where my thoughts were coming from YeOldeStoneCat.

Lets home version 3 sets xmon as a service (if it still exists in this form).

I'm going to have to look at some sort of temporary auto logon script for rebooting some of remote servers now, anyone got any immediate pointers?

I can't really leave any server "unprotected" by not logging it in even if its a scheduled reboot at some godforsaken hour in the morning.

I'm quite sure you will find the auto login feature of Microsoft PowerToys 'Tweak UI' works even if that's the only feature you make use of.

Quote:

Originally Posted by www.microsoft.com

Tweak UI

This PowerToy gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more.
Version 2.10 requires Windows XP Service Pack 1 or Windows Server 2003

Download it from the list on the right: http://www.microsoft.com/windowsxp/d...powertoys.mspx

Cheers

[Marcos]

Quote:

Originally Posted by GSteer

Does NOD require that the server be logged into once before kicking in properly?

No, the communication between NOD32 and MS Exchange is as follows:

MS Exchange <=VSAPI=> XMON <===> NOD32 Kernel

As soon as the kernel is loaded XMON is ready to communicate with MS Exchange.

[GSteer]

Quote:

Originally Posted by Marcos

No, the communication between NOD32 and MS Exchange is as follows:

MS Exchange <=VSAPI=> XMON <===> NOD32 Kernel

As soon as the kernel is loaded XMON is ready to communicate with MS Exchange.

In that case - any ideas why these infected files are getting through?

I've grabbed these screenies this morning as it really doesn't appear right

XMON - No Infected Files:
http://www.fundamentalchaos.org.uk/k...es-nodxmon.gif

AMON - Picking up Infected NOD Temp file from the exchange store?
http://www.fundamentalchaos.org.uk/k...es-nodamon.gif

Any ideas as it seems that XMON really isn't working!

[Marcos]

Please PM me a threat log from one of the workstations where EMON detected such a threat.

[GSteer]

Quote:

Originally Posted by Marcos

Please PM me a threat log from one of the workstations where EMON detected such a threat.

Hi Marcos - have been in touch with Dan at UK eset support - we've upgraded XMON to 2.71.9 to see if it resolves the issue.