XP Embedded on Compaq/HP Thin CLients

H

hello

I have 28 Thin Clients on a network at work that have been running
fine for 6 months now.

Now we are showing traffic from port 445 (i think) out to various IP
addresses all over the world announcing the infection on the affected
thin client. The Thin Clients are running Windows XP Embedded
Software. 17 thin clients are HP T5700 and 11 thin clients are Compaq
(pre merger) EVO T20.

We now have a need to install updates on the thin clients and possibly
install anti-virus software on each one.
The thin clients have been setup to auto-login to themselves and then
have a rdp session in their startup folder that logs them into a
Terminal Server after which time they are ready for use.


My questions are this:

1. If Enhanced Write Filters are on won't a restart take care of the
virus infection (korgo virus...a sasser variant). Thus there being
no need for anti-virus on the thin client. The terminal server is
secure. I can run a stinger to remove the virus from my memory stick.


2. How do I remove/add components to the XP Embedded load like windows
update or what is the appropriate way to get security updates from
Microsoft.

3. What anti-virus software will run on thin clients running XP
Embedded.. 2 phone calls today to Norton and Mcafee both informed me
they do not support XP Embedded. (If needed reference question #1)



4. What is the best way to deploy a new image of XP Embedded on a
thin client that has 192 meg flash drive and 256 meg memory?

5. Any thoughts on a better way to get the thin clients to connect to
a terminal server.

Thanks,

Sam Cederas
 
K

KM

hello,

If you did not develop the image that is currently running on your devices,
you will likely have a lot of headache updating and patching the thin
clients.
I'd recommend you contacting the manufecturer (HP).

1)
http://groups.google.com/groups?hl=...a=group=microsoft.public.windowsxp.embedded.*

2) DUA scripting latest QFEs and XP Pro patches. See "Windows security
patches" thread from this day eailier.

3) I haven't heard of off-the-shelf anti-virus software for XPe. However,
depending on what components were included in the image running on your
devices, you may be able to install some anti-virus software (I heard some
customers were able to install NAV).

4)
http://h18007.www1.hp.com/support/files/ThinClients/us/locate/93_5587.html

5) Not really sure what you ask here. RDP, ICA clients? But I guess you
already got at least one of the clients.

This may also be of some interest to you:
http://www.bsquare.com/products/managedsecurityagent.asp.

KM
 
A

Andy Allred [MS]

On the AV question, stay tuned there will be AV components soon.

Your best bet is an updated image that has the firewall included and
turned on. EWF is not a solution to AV, even if rebooting resolved the
issue at that moment, it will surely get infected again soon after the
reboot since that port is still open.

Here is a third party solution from *Sygate* for securing your system
and managing it's security, though it's not an AV solution:
http://www.sygate.com/solutions/xpe-solutions.php
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Upgrading HP Thin Clients 0
Embedded XP Thin Client 2
Thin Client with Windows XP Embedded SP2 and EWF enabled 5
Upgrading out of support thin client images? 1
Can WPF run on XP Embeded 1
Best Practise for Anti-Virus & Windows Updates on Windows Embedded 0
Need direct device control on a thin client from a Web app 6
HP Thin Client 5700 wirth embedded XP 3

Top