XMON - Does it launch before logon?

Discussion in 'Other ESET Home Products' started by GSteer, Aug 8, 2007.

Thread Status:
Not open for further replies.
  1. GSteer

    GSteer Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    18
    XMON - Launching and not detecting infections?

    Hi,

    We have a customer running EE with XMON and there server is scheduled to reboot every wednesday early morning.

    Until the server is logged onto at the start of the day they appear to be having various infected files get past XMON and be picked up by EMON on the local desktops, is this standard behaviour?

    Does NOD require that the server be logged into once before kicking in properly?

    Regards

    Greg.
     
    Last edited: Aug 10, 2007
  2. sparx

    sparx Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    60
    Yes, you have to log in after the system boots in order for the program to start running. However, once you log in, if you log out again, it will continue to run. But, yes, it's like any other program. Windows needs to load completely to get it goin'. :)
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Many programs designed to run on servers, will start as a "service"...regardless if the server has been logged in or not.
    Exchange itself starts as a server, you don't need to log onto the server
    Remote access programs such as PcAnywhere, or various VNC flavors..can run host mode as a service.
    SQL server..
    Exchange itself...
    IIS
    I could fill the capacity of this forums hard drive space with a list.....
     
  4. GSteer

    GSteer Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    18

    Thats where my thoughts were coming from YeOldeStoneCat.

    Lets home version 3 sets xmon as a service (if it still exists in this form).

    I'm going to have to look at some sort of temporary auto logon script for rebooting some of remote servers now, anyone got any immediate pointers?

    I can't really leave any server "unprotected" by not logging it in even if its a scheduled reboot at some godforsaken hour in the morning.
     
  5. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    Hmm...

    Amon also starts before login, why xmon doesn't??

    Is it possible to run xmon as service?
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I'm quite sure you will find the auto login feature of Microsoft PowerToys 'Tweak UI' works even if that's the only feature you make use of.
    Download it from the list on the right: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

    Cheers :)
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, the communication between NOD32 and MS Exchange is as follows:

    MS Exchange <=VSAPI=> XMON <===> NOD32 Kernel

    As soon as the kernel is loaded XMON is ready to communicate with MS Exchange.
     
  8. GSteer

    GSteer Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    18
    In that case - any ideas why these infected files are getting through?

    I've grabbed these screenies this morning as it really doesn't appear right

    XMON - No Infected Files:
    http://www.fundamentalchaos.org.uk/kcs/baines-nodxmon.gif

    AMON - Picking up Infected NOD Temp file from the exchange store?
    http://www.fundamentalchaos.org.uk/kcs/baines-nodamon.gif

    Any ideas as it seems that XMON really isn't working!
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please PM me a threat log from one of the workstations where EMON detected such a threat.
     
  10. GSteer

    GSteer Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    18
    Hi Marcos - have been in touch with Dan at UK eset support - we've upgraded XMON to 2.71.9 to see if it resolves the issue.
     
Thread Status:
Not open for further replies.