CLEANACCESS Archives

September 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: 3.5.7
From:
"Duguay, Gerard" <[log in to unmask]>
Reply To:
Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:
Mon, 12 Sep 2005 10:26:08 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (200 lines) 
I hate to think of us being a test network for 3.5.7, but in some ways
we are. Classes don't start for another two weeks and we currently have
around 80 users in the Resnet. So we have a bit of a grace period to
'experiment" (groan). Here's what we've learned so far concerning 3.5.7:

We rolled out a clean install of CCA (v3.5.5) last week with the "Big
Four" rules deployed:
1. Current Mickeysoft patches
2. Autoupdates configured
3. Any antivirus
4. Antivirus: current DAT 

Out of the gate, about 50% of users were going into the temporary client
role because of an apparent conflict with the 3.5.5 client and McAfee
8.0i dat 4577. After learning of the apparent conflict between CCA 3.5.5
(client) and McAfee (the locking Scan.dat issue), we disabled
requirement #4. This seemed to make everyone happy.

This morning we tested the 3.5.7 client on several machines (testing
ONLY for McAfee update installation success and any other false
negatives re: The Big Four). Seeing good results, we've now deployed
3.5.7 into the Resnet at large, reenabled rule #4, and kicked out the
certified devices to engage login/certification. 

So far, so good. I am getting people in the temporary role (failure on
#4), but they seem to be updating and moving into certified compliance
as expected. The phones aren't ringing off the hook, which is obviously
a good sign. 

I cannot speak to the Symantec issue Ryan raised (below). From the
McAfee standpoint, however, 3.5.7 seems to work as desired with 33 users
to date. I will report back if we start seeing any additional issues. It
is still early in the morning (student time) on the west coast...

- Gerard Duguay
Seattle Pacific



-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Ryan Dorman
Sent: Monday, September 12, 2005 6:16 AM
To: [log in to unmask]
Subject: Re: 3.5.7

We have decided to fly by the seat of our CCA and leave automatic
updates on, mostly because with the political climate aroudn here I dont
know if I'd ever be allowed to turn it back on.  So far 3.5.7 has caused
zero issues.  We have had a rash of PC's this weekend that couldn't
install the latest Symantec LiveUpdate definitions.  An
LU6001 error, looks like they are downloading the update successfully
but it won't apply to their PC's.  All of these machines could
previously accepts def updates.  Not directly Perfigo related but if
anyone had a tip... I haven't actually gotten my hands on one of the
machines to do any testing so maybe it will be a PEBKAC quick fix
(Problem Exists Between Keyboard and Chair).

Ryan Dorman, CCNP
Network Communications Specialist
Millersville University
717.871.5883
[log in to unmask]


On Sep 12, 2005, at 8:55 AM, Brian Beausoleil wrote:

> I have a test vlan set up in my office.  I just tested the McAfee 
> update and it worked fine on 3.5.7.  We were using the 3.5.4 client 
> with the
> 3.5.6
> upgrade patch when we found out there was a problem.  Before I re- 
> enable the update rule, I will test it out on a few more machines.  It

> appears to be fixed so far though.
>
> ---------------------------------------
>
> Brian Beausoleil
> Network Services
> Southern CT State University
> [log in to unmask]
> (203) 392-6109
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of King, Michael
> Sent: Friday, September 09, 2005 5:46 PM
> To: [log in to unmask]
> Subject: 3.5.7
>
> 3.5.7 hit the download site today....
>
> I'm sure most people have done the same as us, and disabled automatic 
> upgrades... So people with test networks, let us know...
>
>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List 
>> [mailto:[log in to unmask]] On Behalf Of Duguay, Gerard
>> Sent: Friday, September 09, 2005 12:52 AM
>> To: [log in to unmask]
>> Subject: Re: CCA 3.5.5 and McAfee DAT 4577
>>
>> Latest update from TAC is that 3.5.5 has a major bug, blocking McAfee

>> auto-updates by locking-up the scan.dat file.
>> They are working on a fix and anticipate client version 3.5.7 by next

>> Monday.
>>
>> - Gerard
>>
>> Gerard P. Duguay
>> CIS, Seattle Pacific University
>> 206.281.2431
>> gerard(at)spu.edu
>> <><
>>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List 
>> [mailto:[log in to unmask]] On Behalf Of Pender, Anne
>> Sent: Thursday, September 08, 2005 2:09 PM
>> To: [log in to unmask]
>> Subject: Re: CCA 3.5.5 and McAfee DAT 4577
>>
>> This "scan.dat is locked or missing" has been the bane of my week.
>>
>> We started seeing this error on Tuesday after agent 3.5.6 came out 
>> (we had left the defaults so it went to everybody without our getting

>> to do any testing).  Finally traced the error to the new agent 
>> version, and have spent today helping students back out to 3.5.4 (via

>> a batch file that uninstalls the bad before installing the good, 
>> wrapped up in a self-extracting zip).
>>
>> I won't know for sure that this has fixed it until enough people get 
>> downgraded that I feel safe switching the DAT requirement back to 
>> presenting the "update" button - right now it is presenting a link to

>> a web page, which then links to the McAfee xDAT, which is able to 
>> update the DAT version - though a reboot is required.*
>>
>> It hasn't been the best week.  The fact that you're seeing errors 
>> with
>> 3.5.5 does not make me happy.  Cisco assured us that 3.5.5 did not 
>> have any of these issues, so 3.5.5 is now what you download from our 
>> server if you do a web login - though not too many should be doing 
>> that now.
>>
>> -Anne
>>
>> * Actually the xDAT is wrapped up with a batch file now too, because 
>> we had a number of folks somehow end up with correctly updated DATs 
>> files on the hard drive, but the registry a version back, so 
>> VirusScan denied it needed updates while Clean Access insisted it 
>> did.  No idea if/how this is related to the other problems this week.
>>
>> --
>> Anne Bower Pender
>> Computing Support Analyst, Student Services Information Technology 
>> Services, Davidson College [log in to unmask]
>>
>>
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List 
>> [mailto:[log in to unmask]] On Behalf Of Duguay, Gerard
>> Sent: Thursday, September 08, 2005 3:50 PM
>> To: [log in to unmask]
>> Subject: CCA 3.5.5 and McAfee DAT 4577
>>
>> We are running CCA (v3.5.5 across the board) and have suddenly run 
>> into errors with people trying to run McAfee updates -specifically to

>> today's
>> 4577 dat.
>>
>> # Any AV Definitions Check (Mandatory)
>>      * Passed Checks:
>>      * Failed Checks:
>>        av_def_ANY, Antivirus Check [Any supported AV software up to 
>> date]
>>      * Not executed Checks:
>>
>> On the client machine, they get an error that update failed because 
>> "scan.dat is locked or missing."
>>
>> This is odd in that McAfee updates have been working without error. I

>> have machines that updated to dat 4576 yesterday just fine. Today 
>> they are failing with 4577.
>>
>> Is anyone else seeing this issue? Suggestions?
>>
>> - Gerard Duguay
>> CIS, Seattle Pacific University
>>
>

ATOM RSS1 RSS2