NOD32 LSP & Jupiter Netscreen WSAM Issue

Greetings All,

Please check out the following message and let me know what you think.

Unfortunately the site that requires the Jupiter Netscreen WSAM app will not work with NOD32 installed, bummer.

When the two programs are installed together the computer acts very unstable in general, especially any internet activity. When either program is uninstalled all works well.

So who to get help from ESET or Jupiter?

Thanks,

Eric

 

Hi sandcrash,

Welcome to Wilders!!!!

Try the steps in posts # 8 and # 9 HERE and see if it helps. If it does not, you may want to contact Jupiter.

HTH.....

 

Kent,

Thanks for the suggestions. I attempted an exclusion as well - no luck.

I believe the problem lies in the Layers (see image). The Jupiter NetScreen WSAM doesn't like NOD in its play space.

Any thoughts or suggestion whom I might speak with at ESET regarding the issue?

Thanks,

Eric

 

The Windows Secure Application Manager (WSAM) is an ActiveX control provided along with the Juniper NetScreen Secure Access products, sometimes called "SSL VPNs", "Clientless VPNs", or "Instant Virtual Extranets (IVEs)". NetScreen acquired the technology when they purchased a company called Neoteris, and subsequently Juniper Networks purchased NetScreen. These SSL VPNs are actually pretty good appliances that allow users to avoid the vast majority of hassles associated with installing traditional IPSec VPN client software on end-user machines. IPSec VPN clients are notoriously problematic to install and often prone to compatibility issues with other software. The Juniper NetScreen (aka Neoteris) SSL VPN is actually a decent appliance and last I heard was the market leader in that security market niche.

However, having said all of that and given my past experience with pretty much VPN-anything, I would recommend you talk to Juniper support. I think its a bit ridiculous that they would demand the absence of any and all unknown Layered Service Providers (LSPs). Part of me is inclined to think that they are worried about a trojan or something hijacking the SSL VPN by installing custom LSPs that can surreptitiously communicate through the VPN tunnel back to the protected network, and to avoid the security risk, they sort of throw up that alarming dialog box to intimidate people into removing other apps with LSPs. However, you said you did experience instability and certainly instability with conflicting LSPs is not uncommon.

Anyway, talk to Juniper. If they offer little help, then just disable IMON in NOD32. As I recall, as long as you disable IMON, NOD32 will remove the LSP entries. You will no longer have POP3 or HTTP scanning, but you can still have AMON and the on-demand scanner. I know its a partial solution, but it at least should work until you get more answers from Juniper and/or Eset.

 

Hi Eric, can you please send an email to support@nod32.com and place a link to this thread. If you do not hear from Eset within 3 days (allows for weekends), please advise us here...

Let us know how you go…

Cheers

 

Thank you all so much for your timely replies. I will let you all know the replies from both camps.

Eric

 

Tried to disable IMON - did not work. Any other suggestions?

Eric

 

Hello,

Further to Ronjor's comment.... it's best to simply click the 'Quit' button in IMON and re-boot. No need to un-tick the 'Internet Monitor (IMON) enabled' part which is useful when you need to temporarily stop IMON. By hitting the 'Quit' button and rebooting IMON will be completely disabled which is what Sandcrash may need to try.

Incidentally, I tried to D/L from Juniper to see if I could recreate Sandcrash's problem but A) I couldn't see a trial download anywhere on their site (maybe I'm blind!) and B) they wanted to know everything about Eset (turnover, projections, blaa, blaa...) before I could even view a demo. Pffff.....

Bandicoot.

 

As you noticed, they probably don't have it anywhere available as a separate download. My understanding is that it is just an ActiveX control that is installed on their SSL VPN appliance that gets automatically downloaded to an IE browser when you need that type of functionality. Basically, their appliance uses the SSL protocol built into web browsers as a type of VPN encryption algorithm. You SSL to their device and it in turn offers up private network resources. That works for things like file shares, but clearly you sometimes need to route actual TCP/IP packets into the internal network for more complicated protocols. Thats where, as I understand it, the WSAM ActiveX control comes into play. It catches certain outbound TCP/IP packets and re-routes them through an SSL connection into the device, and then the device knows how to pull them out of the SSL conversation and forward them on to the private network. Something like that. I don't think WSAM has any use outside of the proprietary Juniper NetScreen Secure Access appliance. As I recall, they also have a Java applet that can sort of function similarly for people with web browsers that don't support ActiveX.

 

OK, following Bandicoots advice, the quit button makes the lsp unload upon reboot. And of course the Juniper NetScreen Neoteris WSAM now works as it should. But now those machines are exposed somewhat, especially since I had viruses previous to NOD32 (used Symantec Corp and got hosed). It seems to me that the issue lies with Juniper and them allowing another lsp layer to be present.

Any thoughts now? Perhaps the JAVA implementation?

Here is the WSAM file for those who want it: ftp://test@tellmed.zftp.com:test@tellmed.zftp.com/home/test/WSAMInst.exe

Eric

 

Hi Sandcrash,

Obvious question.... have you contacted Juniper's support people? Seems like the best next step to me.

Bandicoot.

 

Bandicoot,

Yes, they have been contacted. I agree that it is Juniper's issue at this point. I wonder what they will say?

Eric