Symantec updates 12/5/04

Discussion in 'other firewalls' started by Oremina, May 12, 2004.

Thread Status:
Not open for further replies.
  1. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Not sure if this is the correct place for this, please feel free to move it.
    Concerns this mornings updates from Symantec.

    Have NSW 2002 and NIS2002. When I checked Live Update this morning (GMT)
    there were two updates, one Security and one Symantec Redirector update of 1642.7 KB.

    D/l'd both of them, rebooted and all hell broke loose on my Pc. Crashed several times with the report on rebooting that it was recovering from a serious error.

    Did a Drive Image restore (thank God for DI) and repeated the whole process with the same results. Have now d/l'd the NIS updates on their own and all seems well. Would appear that the Redirector update is the culprit. It added an exe file, (SNDMON.exe if I remember correctly) and the firewall kept asking for permissions e.g IAMAPP requesting to access the internet. Seemed all the normal NPF exe's were screwed up.

    Anybody else had problems today with this update?



    :doubt:
     
    Last edited: May 12, 2004
  2. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Oh well..

    I'm used to being ignored.... I'm married with two daughters...
    :D
     
  3. Little Mike

    Little Mike Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    29
    No problem with those updates in NIS 2004; other than LuComServer.exe subsequently trying to connect to an IP address that was associated with akamaitechnologies.com. But, this occasionally occurs, as LuComserver.exe appears to want access to all kinds of places.

    Best regards,
    Mike
     
  4. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi Mike

    I guess that the vast majority of Norton users are on 2003 and like yourself, 2004.

    Think we 2002 users seem to go along with steam engines and model-T Fords.

    Nevertheless, your reply much appreciated.

    Best wishes

    ;)
     
  5. A MAN

    A MAN Guest

    Yeah, I'm using Norton Internet Security 2002, and I had to re-format my machine after the last update, and put it all back on. Everything's working fine now though...hopefully.

    It crashed my machine in about 5 mins when I had it running...it just reset.
    Then anytime you restarted Windows it said it had recovered from a critical error, even after I'd uninstalled Norton.

    I thought I had been hit by a virus or something, but this thread confirms not, thanks.

    I only found this because I searched SNDMon.exe I was wondering what the hell SNDMon was...and that just happened to be the problem.
     
  6. FanJ

    FanJ Guest

    Hi Oremina,

    Sorry!!! I didn't see your posting earlier.....

    Have a look at this thread:
    Norton Internet Security 2002

    You will see that you are indeed not the only one having problems....
    You will also see in that thread two links to DSLR-threads where the problem is also been discussed.
    So far there seems not be a real solution.....

    Regards, Jan.
     
  7. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi A MAN and FanJ

    Problem has been solved, at least on my PC.

    What happened was that after the disaster of the Symantec Redirector update of 12 May, I ignored the update but kept an eye on it. I noticed that after a couple of days or so that I was no longer being offered this update. Assumed it had been withdrawn by Symantec for "repairs".

    On the morning of 15th May, I noticed it was being offered again. It appeared to have been amended as it was slightly different in size, about 0.1Mb smaller.
    I d/l'd it and have had no problems since. All I can say is I am so pleased that I have Drive Image and back up regularly, or I would have been considering reinstalling and I would have not been a happy man!!

    I am not a Norton basher, have found my NSW and NIS2002 to be reasonably trouble free and dependable, but this recent episode has shaken my faith in them a little. Having your PC wrecked to the point of having to do a clean install is beyond a joke. Think the best piece of software I ever spent money on has to be Drive Image. By the way A MAN, my LU folder tells me that the SNDMON.EXE is the Symantec Security Drivers Install Monitor... whatever that is

    :)

    Hope everybody who has similar problems has sorted it by now.

    Best wishes :)
     
  8. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Hey, I can't give you a thumbs up here (anymore??), but I think you were on to something that I missed the first time around, so what I did was give you some attribution in the larger thread over at BBR/DSLR Security Forum.

    You can find it at http://www.dslreports.com/forum/remark,10308615~mode=flat

    It's all a rather interesting story and emphasizes what all of us, as a group, can do working together -- no matter what Forum or NNTP newsgroup we may routinely use or where we may come from -- indeed, I think that's the most important point, as I note over there. There were bits and pieces of the answer here, at BBR/DSLR Security and even on the grc.security NNTP newsgroup -- and it involved inputs from people in half a dozen different countries.

    And, I would be remiss if I did not also acknowledge inputs received from anonymous users (guests here) and lurkers in all of these places. They also serve who only lurk! :cool:

    So, from me to you, a big THUMBS UP!! :D
     
  9. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Symantec Patches its Patches!

    It appears that Symantec may now have fixed this problem. See http://www.dslreports.com/forum/remark,10312609~mode=flat , which apparently came out late on Friday evening.

    Have any of the NIS/NPF 2002 users that experienced the problem after the 12 May LiveUpdate applied this patch; does it solve the problem?

    Next question: Does this fix, primarily for NIS/NPF 2002 users, still provide a solution to the eEYE vulnerabilities that started all this? (Anyone checked using eEYE's Retina scanner?)

    And finally, by way of feedback, just what files are changed by this update?
     
  10. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi jvmorris

    Thanks for your input (your postings of 22 May and 23 May). Apologies for not replying sooner. I'm not disinterested, just that I've been away for a few sunny days (for a change) visiting one of my daughters and her brood in the depths of rural Suffolk. (By the way, referring to one of your postings on DSLR I am definitely, most definitely, male and not a she!! No offence was caused at this end I assure you, but I can see why you would think so with my pseudonym of Oremina.)

    I will just confirm that my all is now well here since my last posting of 18 May. I also d/l'd the Redirector update of 23 May and all I can do is reiterate that all is well now, but without doubt there was a serious problem caused by the 12 May update.

    Please, please Symantec, don't do this to me again or I'll have even less hair than I do now.

    Regards
     
  11. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi again jvmorris

    Forgot to mention that, in response to your posting of 23 May asking which files have been changed....

    When I d/l'd the 23 May update for Symantec Redirector, my Process Guard asked for permission to run SNDMON.EXE again, so that is the one which was in some way changed.

    HTH

    Regards
     
    Last edited: May 25, 2004
  12. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Oremina,

    Oops, sorry 'bout that! :oops: I know someone who uses a very similar sig and has a tendency to change it slightly in different forums; I thought you were she.

    So, it is indeed SNDMON.EXE. Thanks for that.

    I assume you checked the SYM*.* files also? Those would probably be *.SYS or *.vxd files and I don't know if PG would pick up on them or not.
     
  13. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    jvmorris

    No, I didn't, but I do tend to rely completely on PG to pick up all the .exe files and that was the only one that changed here.
     
  14. essenbee

    essenbee Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    I had serious issues with net connectivity after downloading the May 12th Live Update. I only had connectivity about 10% of the time. Now, after the most recent update to Redirector, my net connectivity is incredibly s l o w .

    Does anybody know if a new fix is due from Symantec? If not, is there a way to disable just the redirector program?

    Thanks
     
  15. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    What do you show file "File Created" and "File Last Modified" dates on SNDMON.EXE? Let's start there.
     
  16. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi again jvmorris

    Info I can give you about SNDMon.EXE:-

    File version 5.3.1.9
    Date Created: 15/5/04
    Size 85.1 Kb

    Modified: 21/5/04

    HTH.... Whilst I am pleased to help please note that my knowledge/experience is pretty limited compared to most people on this forum.

    Feel free to ask if you need any more info.

    Regards
     
  17. essenbee

    essenbee Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    SNDMon.EXE:

    Created: 13th May 2004
    Modified: 25th May 2004
    Size 85.1KB

    Cheers
     
  18. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Don't really know whether this is relevant or not, apart from the fact that Redirctor is involved.

    Cast your mind back to last January and the Norton/Verisign farce.

    Ever since then, my NAV 2002 has been taking a fair time (around two minutes) to load, much slower than previously. I have very few programs at start up and my Systray shows NAV, NIS, BOClean and a².

    NAV would be the last to load by some way. However since 12 May Redirector updates, NAV has been the first to show. Whther this is coincidence or not I wouldn't know. But if I were you essenbee I'd be a bit wary of dis'ing Redirector.

    Personally I haven't the faintest idea if you can or not, but its certainly speeded my NAV loading up. Also there has been no effect (unless its absolutely marginal) on my internet speed but I'm only on dial up anyway.

    One question I would like an answer to if anybody knows is this. SNDMon.EXE appears at startup. Can this be safely disabled without any effect on performance... Does anybody know for sure.
     
  19. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Okay, you and Oremina need to both look sndmon.exe up in Windows Explorer and compare the relevant information obtained by right-clicking on the file and then selecting Properties ... From the "General" tab, you're going to want the file size (down to the byte), the date created, date modified information found there. On the "Version" tab, the complete specification listed for File Version.

    I realize that it looks like the same file, but I don't like the date differences. Also, it's possible both of you could see 85.1 KB, when the two files could have a very subtly different actual file size (down to the byte).

    I'd do it myself, but I'm not running that product anymore.
     
  20. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Hi jvmorris

    The info you ask for is :-

    General tab

    Size 85.1 Kb (87,184 bytes)
    Size on disk 88.0 Kb (90,112 bytes)

    Created 15 May 2004, 9:29:22 AM
    Modified 21 May 2004, 2:59:46 PM

    On Version tab

    File version 5.3.1.9

    HTH

    If you need any more info just yell - I'll be around on and off all evening our time.
     
  21. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Thanks, now for a reply from essenbee. (I wonder if it will be different?)

    Enjoy the cricket!
     
  22. essenbee

    essenbee Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    Size : 85.1 KB (87,184 bytes)
    On Disk : 88.0 KB (90,112 bytes)
    Created : 13 May 2004, 22:21:31
    Modified : 21 May 2004, 14:59:46
    Version : 5.3.1.9 [Symantec Security Drivers Install Monitor]
    Location : C:\Program Files\Symantec\LiveUpdate
     
  23. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Sorry, got caught up looking for one of Jooske's smarticons -- specifically the one that races back and forth across the post going "mutter, mutter, mutter .... :doubt:

    Okay, based on FileSize, FileModified, and FileVersion, I think we have to conclude you've both got the same file . . . now. So, that doesn't explain the difference; has to be in some other file; and that presents a quandary. Specifically, the other file doesn't necessarily have the same FileModified date/time stamp (indeed, it would be pure coincidence if it did).

    Life would be so much easier if Symantec would simply identify what files they'd changed, instead of forcing people to look for the file(s) involved.

    Okay, I'm gonna hate myself for even suggesting this. Back to File | Find ... . This time, let's try a search on Files Modified between 15 May 2004 and 22 May 2004 . Sort the results on FileType (and there are going to be lots of results, I suspect. :p ) This time, we look for files of type *.exe, *.dll, *.vxd, and *.sys that appear to have some relationship to either Symantec or Norton. The complication is that Symantec stuffs some of these files into the Windows System directory, so it's not necessarily intuitively obvious which are which.

    Possibly, if you do a select all and then copy into Notepad, you can quickly eliminate the irrelevant possibilities and then paste what's left into either a post here or exchange between the two of you by IMs? (And it's getting late in the UK)

    Obviously, if you find an SYM*.* file also changed in this time period, you could just post the information on that here and I might be able to find someone else's to compare it with. Sorry about all this.
     
  24. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    Well jv, you're right about one thing.... I've got the better part of 2,000 modified files between those dates you mentioned.
    To be perfectly honest, I'm a bit out of my depth here. While I know how to do a search, I really don't know what I'm looking for. I notice on a search of sys*.* I get several zip files concerning redirector in All Users/Application Data/ Symantec but how to compare all these with somone else's, I just don't know.

    As I mentioned in my post of 18th May, all is well here now, have no problems at all - in fact things are improved as NAV loads faster.

    I am lost.. I really don't know what the answer is as to why my PC is working OK and essenbee has very slow internet connectivity. In fact the longer I have this Pc and the more I see about various problems on the forums, the LESS I know about anything, or that's the way it seems.

    I'll keep an eye on this thread and if I can come up with any ideas, I will, but stumped at the moment..
     
  25. essenbee

    essenbee Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    I too have literally thousands of files that match the search criteria. Many of them are related to NAV virus definition updates. Looks like this way is going to be too difficult :'(
     
Loading...
Similar Threads
  1. jhr76
    Replies:
    20
    Views:
    1,498
Thread Status:
Not open for further replies.