NOD32 LSP & Jupiter Netscreen WSAM Issue

Discussion in 'NOD32 version 2 Forum' started by sandcrash, Oct 4, 2004.

Thread Status:
Not open for further replies.
  1. sandcrash

    sandcrash Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    6
    Greetings All,

    Please check out the following message and let me know what you think.

    Unfortunately the site that requires the Jupiter Netscreen WSAM app will not work with NOD32 installed, bummer.

    When the two programs are installed together the computer acts very unstable in general, especially any internet activity. When either program is uninstalled all works well.

    So who to get help from ESET or Jupiter?

    Thanks,

    Eric
     

    Attached Files:

    Last edited: Oct 4, 2004
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi sandcrash,

    Welcome to Wilders!!!!

    Try the steps in posts # 8 and # 9 HERE and see if it helps. If it does not, you may want to contact Jupiter.

    HTH.....
     
  3. sandcrash

    sandcrash Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    6
    Kent,

    Thanks for the suggestions. I attempted an exclusion as well - no luck.

    I believe the problem lies in the Layers (see image). The Jupiter NetScreen WSAM doesn't like NOD in its play space.

    Any thoughts or suggestion whom I might speak with at ESET regarding the issue?

    Thanks,

    Eric
     

    Attached Files:

  4. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    The Windows Secure Application Manager (WSAM) is an ActiveX control provided along with the Juniper NetScreen Secure Access products, sometimes called "SSL VPNs", "Clientless VPNs", or "Instant Virtual Extranets (IVEs)". NetScreen acquired the technology when they purchased a company called Neoteris, and subsequently Juniper Networks purchased NetScreen. These SSL VPNs are actually pretty good appliances that allow users to avoid the vast majority of hassles associated with installing traditional IPSec VPN client software on end-user machines. IPSec VPN clients are notoriously problematic to install and often prone to compatibility issues with other software. The Juniper NetScreen (aka Neoteris) SSL VPN is actually a decent appliance and last I heard was the market leader in that security market niche.

    However, having said all of that and given my past experience with pretty much VPN-anything, I would recommend you talk to Juniper support. I think its a bit ridiculous that they would demand the absence of any and all unknown Layered Service Providers (LSPs). Part of me is inclined to think that they are worried about a trojan or something hijacking the SSL VPN by installing custom LSPs that can surreptitiously communicate through the VPN tunnel back to the protected network, and to avoid the security risk, they sort of throw up that alarming dialog box to intimidate people into removing other apps with LSPs. However, you said you did experience instability and certainly instability with conflicting LSPs is not uncommon.

    Anyway, talk to Juniper. If they offer little help, then just disable IMON in NOD32. As I recall, as long as you disable IMON, NOD32 will remove the LSP entries. You will no longer have POP3 or HTTP scanning, but you can still have AMON and the on-demand scanner. I know its a partial solution, but it at least should work until you get more answers from Juniper and/or Eset.
     
    Last edited: Oct 4, 2004
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Eric, can you please send an email to support@nod32.com and place a link to this thread. If you do not hear from Eset within 3 days (allows for weekends), please advise us here...

    Let us know how you go…

    Cheers :D
     
  6. sandcrash

    sandcrash Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    6
    Thank you all so much for your timely replies. I will let you all know the replies from both camps.

    Eric
     
  7. sandcrash

    sandcrash Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    6
    Tried to disable IMON - did not work. Any other suggestions?

    Eric
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    If you disable Imon and reboot, the lsp entries will be removed. Uncheck both instances of imon in the gui.
     
  9. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hello,

    Further to Ronjor's comment.... it's best to simply click the 'Quit' button in IMON and re-boot. No need to un-tick the 'Internet Monitor (IMON) enabled' part which is useful when you need to temporarily stop IMON. By hitting the 'Quit' button and rebooting IMON will be completely disabled which is what Sandcrash may need to try.

    Incidentally, I tried to D/L from Juniper to see if I could recreate Sandcrash's problem but A) I couldn't see a trial download anywhere on their site (maybe I'm blind!) and B) they wanted to know everything about Eset (turnover, projections, blaa, blaa...) before I could even view a demo. Pffff.....

    Bandicoot.
     
  10. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    As you noticed, they probably don't have it anywhere available as a separate download. My understanding is that it is just an ActiveX control that is installed on their SSL VPN appliance that gets automatically downloaded to an IE browser when you need that type of functionality. Basically, their appliance uses the SSL protocol built into web browsers as a type of VPN encryption algorithm. You SSL to their device and it in turn offers up private network resources. That works for things like file shares, but clearly you sometimes need to route actual TCP/IP packets into the internal network for more complicated protocols. Thats where, as I understand it, the WSAM ActiveX control comes into play. It catches certain outbound TCP/IP packets and re-routes them through an SSL connection into the device, and then the device knows how to pull them out of the SSL conversation and forward them on to the private network. Something like that. I don't think WSAM has any use outside of the proprietary Juniper NetScreen Secure Access appliance. As I recall, they also have a Java applet that can sort of function similarly for people with web browsers that don't support ActiveX.
     
  11. sandcrash

    sandcrash Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    6
    OK, following Bandicoots advice, the quit button makes the lsp unload upon reboot. And of course the Juniper NetScreen Neoteris WSAM now works as it should. But now those machines are exposed somewhat, especially since I had viruses previous to NOD32 (used Symantec Corp and got hosed). It seems to me that the issue lies with Juniper and them allowing another lsp layer to be present.

    Any thoughts now? Perhaps the JAVA implementation?

    Here is the WSAM file for those who want it: ftp://test@tellmed.zftp.com:test@tellmed.zftp.com/home/test/WSAMInst.exe

    Eric
     
  12. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hi Sandcrash,

    Obvious question.... have you contacted Juniper's support people? Seems like the best next step to me.

    Bandicoot.
     
  13. sandcrash

    sandcrash Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    6
    Bandicoot,

    Yes, they have been contacted. I agree that it is Juniper's issue at this point. I wonder what they will say?

    Eric
     
Thread Status:
Not open for further replies.