EZ-Antivirus possibly disabled by MSAS. How to reset MSAS checkpoints?

[Vanguard]

Just noticed today that the tray icon for CA's EZ-AntiVirus 6.4.0.4 has
a red X. Hovering over its tray icon showed the popup saying,
"Real-Time: Boot:OFF File:INACTIVE Email:ON". All real-time protection
settings were enabled. Rebooting didn't help. Eventually I disabled
all its real-time protections, rebooted (required), re-enabled all its
protection settings, rebooted (again required), and now the red X is
gone and all protections are enabled. So EZ-Antivirus wasn't complying
with its settings.

On re-enabling all the protection settings and rebooting, I got a
message from MSAS saying a new LSP (layered service provider) was added
to the TCP layer. That is expected because EZ-Antivirus uses an LSP.
However, I did *not* get this warning when MSAS was installed about a
week ago. So it could be MSAS disabled the LSP for EZ-Antivirus and
never prompted me to choose an action on what to do about the LSP.

It looks like the Winsock checkpoint for the Internet agent is where
LSPs get detected. However, the "Manage allowed/blocked" configuration
option is disabled. So I can't see that the LSP for EZ-Antivirus that I
just allowed is in its allow-list. Also, it seems stupid that the only
events I can see in the logs are for blocks. I would also want to see
what I allowed (since something allowed maybe should not have been
allowed). Does the "Tools -> Real-Time Protection -> View Security
Agent Events" menu show both allowed and blocked events?

I wanted to reset its management lists on every checkpoint to start from
scratch. In fact, at this point, and since it is dubious what MSAS did
during its install regarding disabling of anything that it may not have
alerted to the user, I want to reset everything so it will should alert
me on everything it detects again. That is, I have to discard every
allow and block rule to have MSAS start from scratch. Do I have to
review all 59 checkpoints to check on their "Managed allowed/blocked"
list?

 

[Andre Da Costa]

Check under real time protect > Application agents to see if it is disabled.
If it is, select it and click on reactivate in the right pane.

 

[Vanguard]

Check under real time protect > Application agents to see if it is
disabled. If it is, select it and click on reactivate in the right
pane.

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

All the real-time protection components were enabled. That is what got
confusing. Everything was enabled (as it was previously and still set
the same) but only e-mail scanning was active according to the status
show when you hover the mouse over the tray icon (along with the red X
in the tray icon). Rebooting didn't help. Eventually I decided one
last ditch effort by disabling all the real-time protections, reboot,
enable them again, reboot, and then it was working again. Otherwise,
the next step would've been to uninstall and reinstall EZ-AntiVirus. So
I had to toggle the options (with the subsequent reboots) to get the
product to comply with the settings.

The only software installed between when status was good and then bad
was MSAS hence the finger pointing at MSAS. As soon as the options got
reenabled (after the disable), MSAS popped up an alert regarding the LSP
that EZ-AntiVirus uses. I already knew an LSP was used and so I said to
allow the change to the LSP chain. When I installed MSAS, I never did
get this prompt regarding it detecting the LSP that EZ-AntiVirus adds.
That's why I suspect that the install and first-use of MSAS somehow
disabled the LSP for EZ-AntiVirus but never prompted me to ask how to
handle the detection. Hopefully MSAS isn't monkeying around with the
LSP chain without asking the user what to do.

I had to wander through all 59 checkpoints and verify each one
separately did not yet have any management items defined (i.e., no
allows or blocks from prompts to the user). This is a real pain. You'd
think they would have a way to clear them all so you could start from
scratch.

 

[Robert Hammond]

All the real-time protection components were enabled. That is what got
confusing. Everything was enabled (as it was previously and still set
the same) but only e-mail scanning was active according to the status
show when you hover the mouse over the tray icon (along with the red X
in the tray icon). Rebooting didn't help. Eventually I decided one
last ditch effort by disabling all the real-time protections, reboot,
enable them again, reboot, and then it was working again. Otherwise,
the next step would've been to uninstall and reinstall EZ-AntiVirus.
So I had to toggle the options (with the subsequent reboots) to get the
product to comply with the settings.

The only software installed between when status was good and then bad
was MSAS hence the finger pointing at MSAS. As soon as the options got
reenabled (after the disable), MSAS popped up an alert regarding the
LSP that EZ-AntiVirus uses. I already knew an LSP was used and so I
said to allow the change to the LSP chain. When I installed MSAS, I
never did get this prompt regarding it detecting the LSP that
EZ-AntiVirus adds. That's why I suspect that the install and first-use
of MSAS somehow disabled the LSP for EZ-AntiVirus but never prompted me
to ask how to handle the detection. Hopefully MSAS isn't monkeying
around with the LSP chain without asking the user what to do.

I had to wander through all 59 checkpoints and verify each one
separately did not yet have any management items defined (i.e., no
allows or blocks from prompts to the user). This is a real pain.
You'd think they would have a way to clear them all so you could start
from scratch.

There have been a number of other posts relating to some problems with
eZAV versions 6 and some early version 7 releases.
You might want to try installing the bug fix released by CA to fix some
problems with there LSP layer which you can down load and install, or
just update to the latest release 7.0.6.7, released early February, it
seems to work flawlessly with the Beta1.
<ftp://ftpez.ca.com/pub/myeTrust/apps>
<ftp://ftp.ca.com/pub/myeTrust/test/FixedLSP.zip>

 

[Bill Sanderson]

There have been a number of other posts relating to some problems with
eZAV versions 6 and some early version 7 releases.
You might want to try installing the bug fix released by CA to fix some
problems with there LSP layer which you can down load and install, or
just update to the latest release 7.0.6.7, released early February, it
seems to work flawlessly with the Beta1.
<ftp://ftpez.ca.com/pub/myeTrust/apps>
<ftp://ftp.ca.com/pub/myeTrust/test/FixedLSP.zip>

Thanks. I've got only a couple of machines runing CA's EZ-trust in some
version with Microsoft Antispyware. No issues noted at all. Microsoft
Antispywar was installed after Ez-trust, and has been updated to .509 since.

Vanguard--I think the solution to reset to initial state, at the moment, is
to delete the file recording the state in the install directory. I think
this has worked for me--make a change to the state of one of the checkpoints
and note which file changes, and delete that file after stopping the
program. It'll get recreated on the restart, and all should be back at the
initial install defaults.

What you might lose with this action I haven't checked out real
carefully--so don't try it if you've got actions you might need to reverse
with regard to those checkpoints. And, I agree, this is not the best way to
provide this mechanism--just a workaround that I've observed.