Malware Defender Issue

Peter2150 · #1 April 16th, 2009, 12:08 PM

I've run into one problem, not unique to a particular version of MD. I just ran a windows Update, and now MD tells me I need to download the kernel symbols. But when I try to do so, the download fails.

Any ideas.

Pete

tony62 · #2 April 16th, 2009, 12:24 PM

Hi Peter,
are you using Windows XP? I also received several windows updates yesterday and MD downloaded the kernel symbols with no problems.
Have you tried deleting the contents of: C:\Program Files\Malware Defender\symbols?

Peter2150 · #3 April 16th, 2009, 01:06 PM

Quote:

Originally Posted by tony62

Hi Peter,
are you using Windows XP? I also received several windows updates yesterday and MD downloaded the kernel symbols with no problems.
Have you tried deleting the contents of: C:\Program Files\Malware Defender\symbols?

Hi Tony

Yes XP . I will try deleting those contents and see what happens.

Thanks,

Peter2150 · #4 April 16th, 2009, 01:43 PM

Figured it out. There was no symbols folder, so I tried manually creating one, and couldn't. Protection issues. So I disabled MD, and shutdown OA, and bingo kernel symbols downloaded fine.

Pete

bellgamin · #5 April 16th, 2009, 02:02 PM

Quote:

Originally Posted by Peter2150

Figured it out. There was no symbols folder, so I tried manually creating one, and couldn't. Protection issues. So I disabled MD, and shutdown OA, and bingo kernel symbols downloaded fine.

Pete

Hmmm... the defender got screwed by the protector? Ah well, such is life. Some folks get the elevator -- others get the shaft.

Peter2150 · #6 April 16th, 2009, 03:24 PM

It's weird, the symbols directory seems to have gotten deleted during the system update. Then the folder was protected so the new symbol folder couldn't be opened.

xiaolin · #7 April 16th, 2009, 09:54 PM

Quote:

Originally Posted by Peter2150

It's weird, the symbols directory seems to have gotten deleted during the system update. Then the folder was protected so the new symbol folder couldn't be opened.

Thanks for the information. I will look into it.

MD will delete the old symbols before downloading new symbols.

Peter2150 · #8 April 16th, 2009, 10:43 PM

Quote:

Originally Posted by xiaolin

Thanks for the information. I will look into it.

MD will delete the old symbols before downloading new symbols.

Thanks xiaolin. Should new symbols be necessary with a Windows update?

Pete

Espresso · #9 April 17th, 2009, 12:13 AM

I had the same problem, but when I checked with a packet sniffer, I saw that MD was getting a http 404 error when it tried to download the symbols.

xiaolin · #10 April 17th, 2009, 07:26 AM

Quote:

Originally Posted by Peter2150

Thanks xiaolin. Should new symbols be necessary with a Windows update?

Pete

If the Windows kernel file is updated, MD will download new symbols for the new file.

xiaolin · #11 April 17th, 2009, 07:27 AM

Quote:

Originally Posted by Espresso

I had the same problem, but when I checked with a packet sniffer, I saw that MD was getting a http 404 error when it tried to download the symbols.

Could you try to download the symbols again after restart?

Peter2150 · #12 April 17th, 2009, 08:26 AM

Quote:

Originally Posted by xiaolin

If the Windows kernel file is updated, MD will download new symbols for the new file.

Makes sense. I run Online Armor, along with MD, and it's clear one of them was protecting the program area. Shutting down OA, and disabling all protections in MD solved my problem.

Pete

nick s · #13 April 30th, 2009, 11:19 PM

It's not unexpected, but I do get "Failed to get kernel symbols." when prompted to download new symbols after upgrading my Vista machines to SP2 RTM (TechNet release)...

HTTP:Request, GET /download/symbols/index2.txt

HTTP:Response, HTTP/1.1, Status Code = 404, URL: /download/symbols/index2.txt

18 0.312001 {HTTP:7, TCP:6, IPv4:3} 192.168.1.116 msdl.microsoft.akadns.net HTTP HTTP:Request, GET /download/symbols/ntkrpamp.pdb/109FACEC7E244C8FAC6D191457B5C7022/ntkrpamp.pdb

HTTP:Response, HTTP/1.1, Status Code = 404, URL: /download/symbols/ntkrpamp.pdb/109FACEC7E244C8FAC6D191457B5C7022/ntkrpamp.pdb

xiaolin · #14 May 1st, 2009, 04:33 AM

Quote:

Originally Posted by nick s

It's not unexpected, but I do get "Failed to get kernel symbols." when prompted to download new symbols after upgrading my Vista machines to SP2 RTM (TechNet release)...

HTTP:Request, GET /download/symbols/index2.txt

HTTP:Response, HTTP/1.1, Status Code = 404, URL: /download/symbols/index2.txt

18 0.312001 {HTTP:7, TCP:6, IPv4:3} 192.168.1.116 msdl.microsoft.akadns.net HTTP HTTP:Request, GET /download/symbols/ntkrpamp.pdb/109FACEC7E244C8FAC6D191457B5C7022/ntkrpamp.pdb

HTTP:Response, HTTP/1.1, Status Code = 404, URL: /download/symbols/ntkrpamp.pdb/109FACEC7E244C8FAC6D191457B5C7022/ntkrpamp.pdb

The kernel symbols for Vista SP2 may be not provided by MS now.

The HIPS functions will work fine without kernel symbols.

Thanks,
Xiaolin

demoneye · #15 May 1st, 2009, 05:22 AM

same problem like peter in here , its somehow faild to download

also i found another thing , correct me if i wrong , when i del a rule i made to any software and try to lunch it , it lunch without MD alerts

using XP sp3 + MD 2.1.1

cheers

xiaolin · #16 May 1st, 2009, 08:45 PM

Quote:

Originally Posted by demoneye

same problem like peter in here , its somehow faild to download

also i found another thing , correct me if i wrong , when i del a rule i made to any software and try to lunch it , it lunch without MD alerts

using XP sp3 + MD 2.1.1

cheers

Launching software is controld by child application rule. You need to delete the app from the child application rules of explorer.exe.

thanks

demoneye · #17 May 2nd, 2009, 02:57 PM

Quote:

Originally Posted by xiaolin

Launching software is controld by child application rule. You need to delete the app from the child application rules of explorer.exe.

thanks

yes i know , i did it but no help , i used "find rules" ,enter software name , and Del all related rules(so no missed rules) , software still lunch without any MD warning, btw it goes for all software i checked

any explanation to that?is it a bug ppl somehow missed ?

xiaolin · #18 May 2nd, 2009, 09:12 PM

Quote:

Originally Posted by demoneye

yes i know , i did it but no help , i used "find rules" ,enter software name , and Del all related rules(so no missed rules) , software still lunch without any MD warning, btw it goes for all software i checked

any explanation to that?is it a bug ppl somehow missed ?

The only possible reason is that you are select one of the first two options in Options dialog -> Rules.

nick s · #19 May 15th, 2009, 12:31 AM

Quote:

Originally Posted by xiaolin

The kernel symbols for Vista SP2 may be not provided by MS now.

The HIPS functions will work fine without kernel symbols.

Thanks,
Xiaolin

Kernel symbols for Vista SP2 are now available

.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search