I’ve recently helped investigate a number of SBS 2008 and Windows 2008 servers that have gone offline and have things like DHCP not working, unable to access network drives and the like. Two common threads on these servers were that they both had TrendMicro WFBS 6.0 installed as well as IT Control Suite for the resellers to manage them.
After much investigation I found the issue was related to the Windows Firewall which seemed to go crazy and prevented proper communication to the server. I checked with my buddies in CSS at Microsoft (thanks Damian) and they suggested I look at the firewall rules in the registry at the location below.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
).
"{DDC8B132-3BFA-4588-8F88-575668C5C025}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=c:\\windows\\itcvnc\\itcvnc.exe|Name=VNC APP|Edge=FALSE|"
"{DC0E3700-04D7-4001-A8DB-D306D99CB33B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\itControl Connector\\daemon.exe|Name=itcs FileServer|Edge=FALSE|"
When I did – on one server I found it took over 35 minutes to expand and list that registry key. It then showed me over 98,000 rules that were duplicates. All of them created by the IT Control Suite application. Deleting 98,000 rules is painful to be sure, but can be done and once gone the problem was fixed… for a while. It appears that the IT Control Suite application was creating them for some reason without checking if they first existed.
I’ve spoken to IT Control Suite and they’ve found a fix, but are only deploying it to customers who report the problem to them… I’m sorry but that’s not good enough. I find it inexcusable for a vendor who KNOWS of a problem, has a way to DETECT the problem and yet will not AUTOMATICALLY push out a fix to their clients… instead waiting for them to call. Honestly – I’m not happy with that arrangement and would hope for their customers sake they think long and hard about that.. it will lose them customers…
This is one of the reasons i don’t work with the big 3 anymore…aka macafee, symanec, and trend. they simply don’t care about their customers. AVG is worse(no phone based technical support at all). Right now I’m having problems finding a good anti-whatever vendor.
William,
The issue here is not the Antivirus vendor at all. Trend was initially FALSELY blamed for this, but were soon cleared. The issue here was the IT Control Suite software that was being used to monitor and manage the clients network environment.
Wayne
That is the big thing at the moment. Who can you recommend for a decent AV solution, without all the bloat ware that comes from the big 3.
Rob,
Right now I am sticking with TrendMicro. I feel it’s better to work with a vendor such as Trend who has a track record of listening to our needs than to try to cultivate a new relationship with a vendor I do not know. The cost to me and the customer of learning any new package is quite steep.
Wayne
Hi! This post could not be written any better! Reading through this post reminds me of my good old room mate!
He always kept chatting about this. I will
forward this post to him. Pretty sure he will have a good read.
Thanks for sharing!