There a way to auto-restart a service after it was manually stoppe



jeridbohmann
07-10-2005, 12:36 AM
Here's the problem I have. We are running McAfee Anti-Virus on all machines
at my work. After some of McAfees automatic updates McAfee disables the
shield and tells you to reboot or continue. The problem is, we have people
that choose to continue what they are doing and forget to reboot. They assume
whether the "M" is red or black that it's running okay. Or that if it's black
they must call someone. Needless to say out of 150 users we easily get 40
calls after a McAfee update. We where discussing possibilites and my idea was
to find out if there is a way for the service to restart itself. Not the PC,
the McAfee service.
So lets say McAfee disables after the update. Now I want something checking
on that making sure the service is started. Is there a way to automatically
check it's started and if not restart it. Or if it's shut off for 10 minutes
a custom message to pop up and let them know.

Thanks!

David H. Lipman
07-10-2005, 12:36 AM
From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>

| Here's the problem I have. We are running McAfee Anti-Virus on all machines
| at my work. After some of McAfees automatic updates McAfee disables the
| shield and tells you to reboot or continue. The problem is, we have people
| that choose to continue what they are doing and forget to reboot. They assume
| whether the "M" is red or black that it's running okay. Or that if it's black
| they must call someone. Needless to say out of 150 users we easily get 40
| calls after a McAfee update. We where discussing possibilites and my idea was
| to find out if there is a way for the service to restart itself. Not the PC,
| the McAfee service.
| So lets say McAfee disables after the update. Now I want something checking
| on that making sure the service is started. Is there a way to automatically
| check it's started and if not restart it. Or if it's shut off for 10 minutes
| a custom message to pop up and let them know.
|
| Thanks!

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


What version are you using ? It sounds like you are using a retail (home) version of Mcafee
v8.x or v9.x. If you are in a coporate environemnt that version is HIGHLY contraindicated !

You should be using McAfee Enterprise v7.1E or v8.01. The retail version is a "dumbed" down
version and is not configurable and is NOT manageable while the corp./enterprise versions
are. Not to mention that the retail versions crappy as compared to the corp./enterprise
versions

So your problem most likely stems form installing the WRONG version !

BTW: Is this company in in the subject matter here "Executive PC, Inc." ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

jeridbohmann
07-10-2005, 12:36 AM
Executive PC Inc? No, sorry. That is a place around here I think. I've at
least heard of them.
We have server side anti-virus with proxy server and all. 99.9% is caught
through our server. However when we buy new PC's we just buy the McAfee
Version available at the time. It's just a little extra precaution we take.
Never know when a user will bring in a floppy/CD/USB Key and we don't want it
here.
I didn't know there was an anti-virus MS discussion. I'll go hit it up over
there.
Thanks!

"David H. Lipman" wrote:

> From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>
>
> | Here's the problem I have. We are running McAfee Anti-Virus on all machines
> | at my work. After some of McAfees automatic updates McAfee disables the
> | shield and tells you to reboot or continue. The problem is, we have people
> | that choose to continue what they are doing and forget to reboot. They assume
> | whether the "M" is red or black that it's running okay. Or that if it's black
> | they must call someone. Needless to say out of 150 users we easily get 40
> | calls after a McAfee update. We where discussing possibilites and my idea was
> | to find out if there is a way for the service to restart itself. Not the PC,
> | the McAfee service.
> | So lets say McAfee disables after the update. Now I want something checking
> | on that making sure the service is started. Is there a way to automatically
> | check it's started and if not restart it. Or if it's shut off for 10 minutes
> | a custom message to pop up and let them know.
> |
> | Thanks!
>
> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.scripting.virus.discussion
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
>
> What version are you using ? It sounds like you are using a retail (home) version of Mcafee
> v8.x or v9.x. If you are in a coporate environemnt that version is HIGHLY contraindicated !
>
> You should be using McAfee Enterprise v7.1E or v8.01. The retail version is a "dumbed" down
> version and is not configurable and is NOT manageable while the corp./enterprise versions
> are. Not to mention that the retail versions crappy as compared to the corp./enterprise
> versions
>
> So your problem most likely stems form installing the WRONG version !
>
> BTW: Is this company in in the subject matter here "Executive PC, Inc." ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-10-2005, 12:36 AM
From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>

| Executive PC Inc? No, sorry. That is a place around here I think. I've at
| least heard of them.
| We have server side anti-virus with proxy server and all. 99.9% is caught
| through our server. However when we buy new PC's we just buy the McAfee
| Version available at the time. It's just a little extra precaution we take.
| Never know when a user will bring in a floppy/CD/USB Key and we don't want it
| here.
| I didn't know there was an anti-virus MS discussion. I'll go hit it up over
| there.
| Thanks!

You can't rely on a server side AV application. All computers *must* have AV protection
becuase of email, Instant Messaging, removeable media, News Groups and web Browsing which
are all vectors of infection.

Your company's mangement concept of "...when we buy new PC's we just buy the McAfee Version
available at the time..." is bad to say the least !

All computers should be using the same version of AV software. It should be centrally
managed, I did via NT Login Scripts, McAfees preferred method is ePolicy Orchestrator
(ePO).. All the AV applications should be enterprise/corporate versions. This way they
will work with McAfee Alert Manager such that if a PC is infected or "hit" with and
infector, the network administrator will know rightaway to mitigate the threat and all
events will be logged for later inspection and quality contriol.

Whoever is in charge to make decisions should be fired and replaced with a more competent
administrator ! One that can properly prtect company assets from malicious software. Your
current management is clueless.

The actual and *best* place for discussion on Mcafee AV software is the Mcafee Forums.
http://forums.mcafeehelp.com/index.php

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

jeridbohmann
07-10-2005, 12:36 AM
So what your saying is if we have a desktop Anti-Virus they should all be the
same. Which I disagree with as well. We have 3 different OS's and 3 different
OV's. Sure it makes it more difficult for trouble shooting, but I am not
going to the boss and say it's justify's spending that kind of money to have
the same thing across the board.

Anyway, I understand that's it's easier to have server side protection to
monitor it all, but I don't make that call. I have to work with what's given
to me.

I'll be checking out the McAfee post. Thans for the opinion/help/link!

"David H. Lipman" wrote:

> From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>
>
> | Executive PC Inc? No, sorry. That is a place around here I think. I've at
> | least heard of them.
> | We have server side anti-virus with proxy server and all. 99.9% is caught
> | through our server. However when we buy new PC's we just buy the McAfee
> | Version available at the time. It's just a little extra precaution we take.
> | Never know when a user will bring in a floppy/CD/USB Key and we don't want it
> | here.
> | I didn't know there was an anti-virus MS discussion. I'll go hit it up over
> | there.
> | Thanks!
>
> You can't rely on a server side AV application. All computers *must* have AV protection
> becuase of email, Instant Messaging, removeable media, News Groups and web Browsing which
> are all vectors of infection.
>
> Your company's mangement concept of "...when we buy new PC's we just buy the McAfee Version
> available at the time..." is bad to say the least !
>
> All computers should be using the same version of AV software. It should be centrally
> managed, I did via NT Login Scripts, McAfees preferred method is ePolicy Orchestrator
> (ePO).. All the AV applications should be enterprise/corporate versions. This way they
> will work with McAfee Alert Manager such that if a PC is infected or "hit" with and
> infector, the network administrator will know rightaway to mitigate the threat and all
> events will be logged for later inspection and quality contriol.
>
> Whoever is in charge to make decisions should be fired and replaced with a more competent
> administrator ! One that can properly prtect company assets from malicious software. Your
> current management is clueless.
>
> The actual and *best* place for discussion on Mcafee AV software is the Mcafee Forums.
> http://forums.mcafeehelp.com/index.php
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-10-2005, 12:36 AM
From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>

| So what your saying is if we have a desktop Anti-Virus they should all be the
| same. Which I disagree with as well. We have 3 different OS's and 3 different
| OV's. Sure it makes it more difficult for trouble shooting, but I am not
| going to the boss and say it's justify's spending that kind of money to have
| the same thing across the board.
|
| Anyway, I understand that's it's easier to have server side protection to
| monitor it all, but I don't make that call. I have to work with what's given
| to me.
|
| I'll be checking out the McAfee post. Thans for the opinion/help/link!

You might disagree with me but you don't have the experience I have in an enterprise
environment nor with the McAfee AV product line.

Enterprise AV software:
Win9x/ME -- v4.5.1 SP1 however, it reaches it End of Life in a couple of months as Win9x/ME
is loosing its support by Microsoft
Win2K, WinXP and Win2003 (as well as WinXP64 and Win2003/64) -- v7.1 or v8.0i

Both are centrally manageble.
Both have variable configuratyion settings.
Both still utilize the McAfee Command Line Scanner
Both have perpetual licensing
Both are not predicated on Internet Explorer
Both centrally log events
Both centrally perform administrative notification of events

If "YOU" are the person who manages the computers it is your job and responsibility to make
sure things are done correctly and using retail software in a corp. environment using a
non-standarddiszed version is a disaster waiting to happen.

If "YOU" are the person who manages the computers it is your job to convince the boos that a
few dollars spent in prevention is worth many $$ is erradication, correction and data loss
or worse proprietary data theft .

If "YOU" are the person who manages the computers and you don't understand this, you are in
the wrong position.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

jeridbohmann
07-10-2005, 12:37 AM
So your a McAfee Salesman and I am in the wrong business because I won't talk
my boss into buying an Enterprise Edition. We have 150 users (80 of which are
on the road laptops) They are not on our network 75% of the time...they need
a desktop AV/Firewall.
I disagree with having the same version. We have 2000/XP/2003. I am not
about to tell the boss each PC should be the same. I have a recpetionist who
needs nothing more than a 2000 box with Outlook 2000. But your experience
states she should be running more for the 5 emails she sends out a day?
You might have more experience in McAfee line (Actually I would guarentee
it). I don't care for McAfee or Norton...I personally have had nothing but
problems with both products. So if it was my choice we wouldn't even have it.
Like I said, I don't make the calls here on whats used.

I understand to a point you're trying to help, but in the same breath
mocking my question. I came and asked a simple question and you're now
yelling at me that I am in the wrong business because my boss doesn't make
the same decision you would. From what i understand he's been in the game for
30 years...I don't question him...I simply look for information to help my
job go smoother.

I thought that's what these posts where for...help...not insults.


"David H. Lipman" wrote:

> From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>
>
> | So what your saying is if we have a desktop Anti-Virus they should all be the
> | same. Which I disagree with as well. We have 3 different OS's and 3 different
> | OV's. Sure it makes it more difficult for trouble shooting, but I am not
> | going to the boss and say it's justify's spending that kind of money to have
> | the same thing across the board.
> |
> | Anyway, I understand that's it's easier to have server side protection to
> | monitor it all, but I don't make that call. I have to work with what's given
> | to me.
> |
> | I'll be checking out the McAfee post. Thans for the opinion/help/link!
>
> You might disagree with me but you don't have the experience I have in an enterprise
> environment nor with the McAfee AV product line.
>
> Enterprise AV software:
> Win9x/ME -- v4.5.1 SP1 however, it reaches it End of Life in a couple of months as Win9x/ME
> is loosing its support by Microsoft
> Win2K, WinXP and Win2003 (as well as WinXP64 and Win2003/64) -- v7.1 or v8.0i
>
> Both are centrally manageble.
> Both have variable configuratyion settings.
> Both still utilize the McAfee Command Line Scanner
> Both have perpetual licensing
> Both are not predicated on Internet Explorer
> Both centrally log events
> Both centrally perform administrative notification of events
>
> If "YOU" are the person who manages the computers it is your job and responsibility to make
> sure things are done correctly and using retail software in a corp. environment using a
> non-standarddiszed version is a disaster waiting to happen.
>
> If "YOU" are the person who manages the computers it is your job to convince the boos that a
> few dollars spent in prevention is worth many $$ is erradication, correction and data loss
> or worse proprietary data theft .
>
> If "YOU" are the person who manages the computers and you don't understand this, you are in
> the wrong position.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-10-2005, 12:37 AM
From: "jeridbohmann" <jeridbohmann@discussions.microsoft.com>

| So your a McAfee Salesman and I am in the wrong business because I won't talk
| my boss into buying an Enterprise Edition. We have 150 users (80 of which are
| on the road laptops) They are not on our network 75% of the time...they need
| a desktop AV/Firewall.
| I disagree with having the same version. We have 2000/XP/2003. I am not
| about to tell the boss each PC should be the same. I have a recpetionist who
| needs nothing more than a 2000 box with Outlook 2000. But your experience
| states she should be running more for the 5 emails she sends out a day?
| You might have more experience in McAfee line (Actually I would guarentee
| it). I don't care for McAfee or Norton...I personally have had nothing but
| problems with both products. So if it was my choice we wouldn't even have it.
| Like I said, I don't make the calls here on whats used.
|
| I understand to a point you're trying to help, but in the same breath
| mocking my question. I came and asked a simple question and you're now
| yelling at me that I am in the wrong business because my boss doesn't make
| the same decision you would. From what i understand he's been in the game for
| 30 years...I don't question him...I simply look for information to help my
| job go smoother.
|
| I thought that's what these posts where for...help...not insults.

I am NOT a salesrep for McAfee nor an employee of McAfee in any way shape or form. I am
someone who has been studying computer viruses since I wiped my first "Jerusalem.B" virus
off a Novell Netware v2.11 LAN some fifteen years ago and have been specializing in Mcafee
software. I am also a long time member of the 'alt.comp.virus' News Group and it more
recent sister News Group 'alt.comp.anti-virus' News Group. If you did a Google search on
"david h. lipman" you will find greater than 10,000 hits on my name and many are virus
related News Group posts. I am also known for my straight to the point, no nonsense no
sugar coated information.

I am not try to sell you software. I am trying to teach you something you don't seem to
grasp. I have used many versions of Mcafee software and the difference between Retail and
Corporate software is night and day. The majority of "horror stories" you'll here about
McAfee software is based on use of the retail software. Rarely a peep about the
enterprise/corporate software.

As for the statement "I disagree with having the same version."
I have just two words as an answer "Configuration Management (CM)" see if your boss knows
that terminology.

Finally, you just don't get it that if you have 150 mixed laptops/desktops that you are
trying to resolve an issue intrioduced becuase you use a retail version of the softwse. If
you pushed the DAT and ENGINE files via the login script with the Mcafee SuperDAT to a
corporate version you can "guarantee" that when a user logs onto the LAN, the script will
make sure the client is up-to-date. Alternatibvely if you used ePO you would push the
updates via ePO and when the nodes connect to the LAN ePO will update the PC. It can also
push a new ENGINE and HotFixes to the application as well.

The retail version is tied to Internet Explorer and the "ONLY" way to update the application
is via the Internet. You can't guarantee PC A and PC Q are up-to-date. There is a way that
the Retail version CAN be updated through a AD Login Script but I'm not going to get into
that here.

You want to solve your problem ? Get the Enterprise v7.1E !

BTW: It is contraindicated to have a destop FireWall in a office environment. There should
be a hardware based FireWall between the LAN and the WAN..

OK I have said enough. You have *much* to learn and I can see that i can't educate you or
change your mind. But at least I have given you something to think about !

Good luck -- You'll need it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


There a way to auto-restart a service after it was manually stoppe