Panda Security stellt über die nachfolgenden Links den Release Candidate von Panda for Enterprise  und Panda for Business with Exchange der Version 4.05 zum Download bereit. Neben diversen Verbesserungen bringt die Version 4.05 Schutzmodule für Microsoft Server 2008 R2 mit.

Zu jeder Version ist ein Upgrade- (ab Version 3.06.10) und ein Vollinstallationspaket verfügbar.

Eine Übersicht über die in der Version 4.05 enthaltenen Änderungen kann hier eingesehen werden.

Beachten Sie bitte: Es handelt sich bei dieser Version um einen Release Candidate. Dieser beinhaltet nahezu alle Features der späteren finalen Version. Dennoch handelt es sich bei dieser Version nach wie vor um eine Beta-Version. Diese Version ist AUSSCHLIESSLICH zu Testzwecken und zur Voransicht freigegeben. Panda Security leistet für diese Version KEINEN Technischen Support. Ferner wird von einer Installation und dem Gebrauch in produktiven Umgebungen abgeraten.

Downloads:

Panda for Business Exchange 4.05 – Release Candidate
Panda for Business Exchange 4.05 – Release Candidate – Upgrade Paket

Panda for Enterprise 4.05 – Release Candidate
Panda for Enterprise 4.05 – Release Candidate – Upgrade Paket

• Outlook 2003 reagiert nicht beim öffnen von großen Plain Text Nachrichten.

• Surfen nicht möglich bei gleichzeitig installiertem Panda Security for Desktops Schutzmodul und ISA Firewall Client.

• Fehler CS-0200 TCConf: Generic error wird im Windows Anwendungsprotokoll auf Vista Maschinen angezeigt wenn Panda AdminSecure Events service eingeschaltet ist.

• Es ist nicht möglich Scan Berichte auf Vista Maschinen zu drucken.

• Outlook 2000 stürzt ab wenn das Context Menü Optionen Antwort Senden an ->EMail Empfänger ausgewählt ist.

• Inkompatibel mit Media Monitor Player.

• Konflikte mit POP3 Connector.

• Es ist nicht möglich bestimmte Webseiten aufzurufen.

Lösung

Panda Security stellt ein Hotfix HAS_4_04_10_0007.exe zur Verfügung, um die aufgeführten Probleme zu lösen.

• Hotfix HAS_4_04_10_0007.exe Installation
  

Folgen Sie den Anweisungen, um den Hotfix HAS_4_04_10_0007.exe zu installieren:

1. Klicken Sie auf den Link, um den Hotfix herunterzuladen HAS_4_04_10_0007.exe:
   http://pandatechnik.de/355
2. Speichern Sie den Hotfix auf Ihrer Festplatte.
   Bemerkung: Es wird empfohlen das automatische Update der Schutzmodule auf dem Admin Server und allen Repositories zu deaktivieren, um eine Hohe Netzwerkauslastung und Neustarts der Maschinen zu verhindern.
3. Starten Sie die heruntergeladene Datei auf  dem Admin Server und allen Repositories.
4. Aktualisieren Sie die Maschinen, auf denen das Problem auftritt.
5. Prüfen Sie, ob das Problem weiterhin besteht.

Versionen nach Hotfixinstallation

• Panda Security for Desktops: 4.04.12.0000
• Panda Security for File Servers: 8.04.12.0000

Hier einige Empfehlungen von Panda Security dazu:

What scanning exclusions should be considered for system and servers?

Consider the following file scanning exceptions for your Panda security for Desktops or Fileserver where applicable:

NOTE: The %systemroot% is normally the C:\WINDOWS or C:\WINNT directory depending on your OS.

NOTE: the %systemroot% variable will not work as an exclusion for some OSs. So make sure to spell out full path in your exclusion files (GPO or via Antivirus Server)

General:

1.) %systemroot%\System32\Spool (and all the sub-folders and files)

2.) %systemroot%\Softwaredistribution\Datastore Refer to the following article for information: KB822158 – Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP http://support.microsoft.com/kb/822158

3.) Any Network Drives that are mapped.

The following steps are Server Role specific:

1.) If your system is also a Domain Controller (DC) / DNS / DHCP also exclude the following from Anti-Virus Scanning:

a.) %systemroot%\Sysvol folder (include all the sub-folders and files)

b.) %systemroot%\system32\dhcp folder (include all the sub-folders and files)

c.) %systemroot%\system32\dns folder (include all the sub-folders and files)

d.) %systemroot%\ntds

Refer to the following article for information: KB822158 – Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP http://support.microsoft.com/kb/822158

2.) If File Replication (NTFR) service is running on your system, make sure your Anti-Virus software is compatible: KB815263 – Antivirus, backup, and disk optimization programs that are compatible with the File Replication Service http://support.microsoft.com/kb/815263

And exclude:

a.) %systemroot%\ntfrs folder (include all the sub-folders and files)

b.) Files that have the .log and .dit extension

3.) If you have IIS installed , exclude:

a.) The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)

b.) %systemroot%\system32\inetsrv folder

c.) Files that have the .log extension

Refer to the following knowledge base articles for reference: KB817442 – IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File http://support.microsoft.com/kb/817442 KB821749 – Antivirus software may cause IIS to stop unexpectedly http://support.microsoft.com/kb/821749

4.) If you have SQL installed , you may want to exclude the SQL folder and databases files (or database file types) from scanning for performance reasons: KB309422 – Guidelines for choosing antivirus software to run on the computers that are running SQL Server http://support.microsoft.com/kb/309422

5.) If you have Exchange installed , perform the relevant file-based scanning exclusions listed in Knowledge Base articles: KB328841 – Exchange and antivirus software http://support.microsoft.com/kb/328841 KB823166 – Overview of Exchange Server 2003 and antivirus software http://support.microsoft.com/kb/823166 KB245822 – Recommendations for troubleshooting an Exchange Server computer with antivirus software installed http://support.microsoft.com/kb/245822

6.) If you have Cluster services , make sure your Anti-Virus software is compatible: KB250355 – Antivirus Software May Cause Problems with Cluster Services http://support.microsoft.com/kb/250355 NOTE: If you have a SQL cluster, make sure that you exclude these locations from virus scanning:

a.) Q:\ (Quorum drive)

b.) %systemroot%\Cluster

c.) SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension

7.) If you have Sharepoint installed , you should exclude:

a.) Drive:\Program Files\Sharepoint Portal Server

b.) Drive:\Program Files\Common Files\Microsoft Shared\Web Storage System

c.) Drive:\MSDEDatabases (particularly on SBS) (where Drive: is the drive letter where you installed Sharepoint Portal Server)

Refer to the following knowledge base articles for reference: KB320111 – Random Errors May Occur When Antivirus Software Scans Microsoft Web Storage System http://support.microsoft.com/kb/320111 KB322941 – Microsoft’s Position on Antivirus Solutions for Microsoft Sharepoint Portal Server http://support.microsoft.com/kb/322941

8.) If you have a Systems Management Server (SMS) , you should exclude folders:

a.) SMS\Inboxes

b.) SMS_CCM\Servicedata

Refer to the following knowledge base articles for reference: KB327453 – Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003 http://support.microsoft.com/kb/327453

NOTE: If you exclude the SMS\Inboxes directory from virus scanning or remove the antivirus software, you may make the site server and all clients vulnerable to potential virus risks. The client base component files reside in the SMS\Inboxes directory.

9.) If you have a MOM (Microsoft Operations Manager) Server , you consider excluding:

a.) Drive:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager

b.) Drive:\Program Files\Microsoft Operations Manager 2005 (where Drive: is the drive letter where profiles are located)

10.) If you have an Internet Security and Acceleration Server (ISA) Server , you should exclude:

a.) The ISALogs folder. By default, the ISALogs folder is located in the folder where you installed ISA Server. Typically, this location is Drive:\Program Files\Microsoft ISA Server.

Refer to the following knowledge base articles for reference: KB887311 – Event ID 5, event ID 14079, and event ID 14176 are logged in the Application log on your Internet Security and Acceleration Server 2000 computer http://support.microsoft.com/kb/887311

11.) If you have a Windows Software Update Services (WSUS) Server role , you consider excluding:

a.) Drive:\MSSQL$WSUS

b.) Drive:\WSUS

(where Drive: is the drive letter where you installed Windows Software Update Services)

Also refer to the following knowledge base articles for reference: KB900638 – Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file is copied http://support.microsoft.com/kb/900638

MORE INFORMATION: KB49500 – List of antivirus software vendors http://support.microsoft.com/kb/49500 KB129972 – Computer viruses: description, prevention, and recovery http://support.microsoft.com/kb/129972

Small Business Server (SBS): ‘

KB885685 – How to troubleshoot the POP3 Connector in Windows Small Business Server 2003 http://support.microsoft.com/kb/885685

SOX050603700001 – How do I exclude a file from AV scanning? SOX040212700018 – Anti Virus Software and System State Backup SOX060301700048 – ISA 2004 Firewall Service crashes intermittently with Event ID: 5 Source: Microsoft Firewall SOX060307700037 – MOM 2005/ File level Anti-virus scanners SOX061205700029 – MOM Agent Installation fails with -2147023277

KB837932 – Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003 http://support.microsoft.com/kb/837932

Anti-Virus folder exclusions have not been configured (Exchange) http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/9fb755f5-5f0b-4817-a584-70c76a62eae2.mspx

Process: Manage Antivirus Software on Domain Controllers http://www.microsoft.com/technet/solutionaccelerators/cits/mo/winsrvmg/adpog/adpog3.mspx#EHBBG

File-Level Antivirus Scanning on Exchange 2007 http://technet.microsoft.com/en-us/library/bb332342.aspx

Info from here

CITRIX Presentation Server, Anti-Malware guidelines: ‘

See: http://support.citrix.com/article/CTX114522 for source.

You should do the following to ensure smooth Citrix operation:

• Scan local drives only

• Exclude the pagefile from being scanned

• Exclude the Print Spooler directory to improve print performance

• Exclude the \Program Files\Citrix folder from being scanned (the heavily accessed local host cache and Resource Manager local database are contained inside this folder)

• If ICA pass-through connections are used, exclude the user‘s Presentation Server Client bitmap cache and the Presentation Server Client folders .

• If users are connecting to a published desktop, Citrix recommends removing the antivirus-related calls from the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run registry key to improve Performance.

NOTE: The last one for us (Panda Security) means to remove PsCtrlC.exe from the above mentioned registry key.

Symptoms

• Loss of Web surfing when using Internet Explorer. 

• Alert emails don’t met rfc822 when the SMTP server used to send them is QMAIL.

• The scanner doesn’t respect the configuration of the resident regarding the kind of Malware to be detected.

• Unplanned reboots of the servers after upgrading the protection engine, when the servers are pending on the reboot for a long time having the session blocked.

• Error 2102 when forcing the update from the console to a computer that has TruPrevent protection unselected.                                               

  Steps for applying the hotfix:

  1. Download hotfix HAS_4_03_00_0020.exe (116 MB) by clicking the following adress:
     http://pandatechnik.de/298

  2. Save the file to your hard disk; to the Windows Desktop, for example.
     NOTE: It is advisable to disable the option to automatically upgrade the protections on all repositories before applying the hotfix in order to prevent excessive network traffic as all workstations/servers may restart or be prompted to restart, depending on what the automatic installation settings are.

  3. Run the downloaded file on the computers on which a repository is installed. You can do this by double-clicking the HAS_4_03_00_0020.exe file to apply the hotfix.

  4. Update the protection affected by the incident. For more information, go to How can I update the protection of my IT resources once I have upgraded AdminSecure? (only applies to AdminSecure).

  5. Check that the AdminSecure version once the hotfix has been applied is 4.03.00.0020. To check the AdminSecure version, go to Help, About AdminSecure.

  6. Verify that the incident has been resolved.

  Resulting versions:
  
    Panda Security for Desktops: 4.03.14.0001
    Panda Security for FileServers: 8.03.14.0001

Bitte entpacken Sie das Installationspaket. Dieses wird beim Aufruf des Paketes standardmäßig unter C:\Panda entpackt. Sichern Sie die Dateien PAVAGENT.exe und CRC.dat bitte aus dem Verzeichnis:

“C:\Panda\Pandaadminsecure\Program File\Panda Software\Panda Administrator 3\Distribution Server\Repository\PLAgent\v403000000

Laden Sie sich folgendes ZIP Archiv herunter und speichern Sie die entpackten Dateien in das oben genannte Verzeichnis.

http://pandatechnik.de/280

(Das Passwort für das ZIP Archiv lautet: panda)

Nun Starten Sie die Installation über die Setup.exe im Verzeichnis C:\Panda\Pandaadminsecure.

Nach der Installation, müssen Sie die alten Dateien CRC.DAT und PAVAGENT.exe in das Verzeichnis

C:\Programme\Panda Software\Panda Administrator 3\Distribution Server\Repository\PLAgent\v403000000 kopieren.

Download

This process is suitable for companies with slow communication lines as it would prevent them from collapsing when the protection ( Panda Security for Desktops, Panda Security for File Servers etc…) is installed.

• Installation of the package with an updated pav.sig:

1. From the console, go to Tools–> Updates and repositories–> Packages.

2. Select the protection you wish to install , for example, Panda Security for Desktops, and click on Generate Installer…
   The package contains three files:

   • *.EXE

   • *.DAT

   • *.

     INI
     In the case of Panda Security for Desktops, the files are:
     AVTC.EXE, CRC.DAT and CONFAVTC.INI

3. Edit the *.INI file.

4. Add the following line to the file:

   [files]
   pav.sig=\pav.sig
   

5. Save the changes.

6. Copy an updated PAV.SIG file ( either from the SIGNATURE folder or from the download area at the Website ) in the same directory where the three installation files are located.

7. Copy the four resulting files in the machine where the protection is going to be installed and run the *.EXE file.

   In the case of Panda Security for Desktops, the file to execute is AVTC.EXE.

NOTE:

The name of the configuration files vary depending on which protection is going to be installed:

Panda Security for Desktops (Windows NT-2000-XP) confAVTC.ini

Panda Security for File Servers (Novell NetWare) confAVNW.ini

Panda Security for File Servers (Windows NT-2000-2003) confAVNT.ini

[tags]AdminSecure, Install[/tags]

One of the essential components of the AdminSecure architecture is the Database. When installing AdminSecure you can choose between different data engines:

• MSDE 2000: Free Microsoft data engine (AdminSecure, AdminSecure 2006, AdminSecure 2007)
• Microsoft SQL Server 7 or 2000 (AdminSecure, AdminSecure 2006,AdminSecure 2007)
• Microsoft SQL Server 2005 and SQL Express 2005 (AdminSecure 2006, AdminSecure 2007).

The typical installation will always use MSDE as the data engine. If an SQL server database already exists in the network, it is advisable to use it for the following reasons:

1. It offers the user additional functions, such as including our database in the periodic backup copies so that they can be restored if necessary.
2. MSDE has a series of disadvantages compared to SQL, which are particularly significant in corporate environments.

   • It supports multiple connections, but from 5 connections onwards, the computer´s performance may degrade or slow down, due to the monitoring process performed on the system by the workload governor.

   • Maximum size of the database: 2 GB
   • Maximum RAM supported: 2 GB RAM
   • Does not support machines with more than two processors.

If the database in MSDE has more than 5 concurrent batches of queries, an log file is generated in the database log. This log is located in:
C:\Program files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\LOG
And will contain lines like the following:
2004-01-23 09:45:23.96 spid11 This SQL Server has been optimized for 8 concurrent queries. This limit has been exceeded by 2 queries and performance may be adversely affected.
2004-01-23 10:09:16.11 spid10 This SQL Server has been optimized for 8 concurrent queries. This limit has been exceeded by 1 queries and performance may be adversely affected.
2004-01-23 10:10:16.27 spid5 This SQL Server has been optimized for 8 concurrent queries. This limit has been exceeded by 1 queries and performance may be adversely affected.

When this happens, the query is not lost, but it is queued, and therefore, the functionality of the application is not reduced. However, bear in mind that this will greatly reduce the performance of the computer on which the database is installed.

Companies that do not have an SQL Server need to decide whether to perform an installation based on MSDE or to install an SQL server to house the database. The following factors must be considered when taking this decision:

• The capacity of the computer on which the database will be stored.
• Whether the computer will be dedicated exclusively to the database or not.
• The number of computers whose antivirus protection will be managed through AdminSecure.
• Frequency of the self-diagnosis and data collection jobs.
• Number of virus detected warnings generated in the computers protected by the antivirus.

Based on these factors, a series of hypothetical situations in which to perform each type of installation can be established:

• Small and medium-sized networks with a low number of virus warnings could work with either an MSDE database or an SQL Server.
• As the number of computers to be managed and the number of viruses detected increase, it is advisable to use an SQL server. In these networks, MSDE could work correctly but concurrent query errors would be generated in the database log and the performance of the computer on which it is installed will be slightly degraded.
• In large networks, with more than 300 computers and many virus warnings, it is highly advisable to use SQL Server 7, 2000 or 2005 (SQL 2005 included) to house the AdminSecure database. These networks could work with an MSDE database but the low performance of this engine could affect the smooth functioning of the console.
• In general, the following guidelines must be considered for all types of networks:
  • Installing the database in a different computer from the one with the repository installed will allow the computer to work more smoothly. Therefore, in networks with a large number of computers, it is advisable to install an additional repository, which the majority of the computers will connect to.
  • Install AdminSecure and the database in a computer that easily meets the minimum requirements.
  • Increase the intervals for communicating with the workstations. You can do this through the AdminSecure console in Tools > Options > General > Advanced settings.

It is important to highlight that, if after installing AdminSecure using MSDE as the database, you decide to migrate to an SQL server in order to improve performance, you do not need to completely uninstall the product.

There are two basic methods for checking if low performance is a result of the 5 concurrent workload “throttle” on the database engine:

• Check the database logs.
• Use the DBCC command, which is available with all editions of SQL Server and especially useful in MSDE situations. Four parameters can be used with the DBCC CONCURRENCYVIOLATION command, which are DISPLAY, RESET, STARTLOG and STOPLOG.

The following link contains more information about the features and restrictions about MSDE and additional details of the DBCC command:
http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fen%2Fwc021402%2Fwct021402.asp

[tags]AdminSecure, SQL[/tags]