How do I know MSAS is working?

R

Rick

Hello,
I have had MSAS installed on two machines, office and home since the
beginning, and have NEVER had any indication that anything is happening. No
notification that anything has been blocked, nothing in the quarrantine or
deactivated folders, and most importantly,
it has never detected ANY knowns spyware during a scan.
Yet, when I run AdAware later, it always finds something.

The only indication that it is starting on boot is that wierd gcasDTserve
button window that sometimes appears, and lingers, or other times disappears
on its own, and the bullseye is in the taskbar.
I have all of the obvious check boxes turned on and today it says 3 agents
are currently active.
Any way to tell it is working, or did I download a sugar pill instead of the
real stuff?
The error log is is only 5k and is below with lots of odd things in it. I am
running a Dell 2.4Ghz with 512Mb memory.
Thanks,
Rick
========================================
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/7/2005 3:23:17
PM:1.0.501
0::The web server returned an error:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultst::modSoapHelper:SendSoapRequest::1/7/2005 3:29:27 PM
91::Object variable or With block variable not
set::SoapClient:isUpdateAvailable::1/7/2005 3:29:28 PM
0::The web server returned an error:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultst::modSoapHelper:SendSoapRequest::1/10/2005 8:59:51 AM
91::Object variable or With block variable not
set::SoapClient:isUpdateAvailable::1/10/2005 8:59:51 AM
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/12/2005 3:00:25
PM:1.0.501
0::ln 0:Software updates could not contact update server,
IsConnectedToInternet returned false (Error:
1)::gcasSWUpdater:modMain:Main::1/19/2005 8:38:14 AM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/19/2005 3:00:29
PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::4/12/2005 9:22:13 AM:1.0.501
0::ln 0:App.PrevInstance = True::gcasDtServ:modMain:Main::4/12/2005 9:42:20
AM:1.0.501
0::ln 0:App.PrevInstance = True::gcasDtServ:modMain:Main::4/12/2005 9:42:20
AM:1.0.501
0::ln 0:App.PrevInstance = True::gcasDtServ:modMain:Main::4/12/2005 9:42:21
AM:1.0.501
429::ln 15:ActiveX component can't create
object::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21 AM:XP:1.0.501
91::ln 15:Object variable or With block variable not
set::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21 AM:XP:1.0.501
91::ln 15:Object variable or With block variable not
set::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21 AM:XP:1.0.501
0::ln 0::gcasDtServ not
Authorized.::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21
AM:XP:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::4/13/2005 3:00:20
PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::4/20/2005 3:00:04
PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::4/27/2005 3:00:02
PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/4/2005 3:00:03
PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/11/2005 3:00:22
PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/18/2005 3:00:05
PM:1.0.501
-2146885629::Method '~' of object '~' failed::C:\Program Files\Microsoft
AntiSpyware\temp.zip::C:\Program Files\Microsoft
AntiSpyware\temp.cat::gcTCPObjLib::modMain:VerifyCatalog::5/20/2005 8:46:45
AM::1.0.501
0::Library Files - Unsynced; Loading Full
Update::Updates:UserVersionID::0::5/23/2005 8:27:13 AM
-2146885629::Method '~' of object '~' failed::C:\Program Files\Microsoft
AntiSpyware\temp.zip::C:\Program Files\Microsoft
AntiSpyware\temp.cat::gcTCPObjLib::modMain:VerifyCatalog::5/23/2005 8:28:20
AM::1.0.501
0::Library Files - Unsynced; Loading Full
Update::Updates:UserVersionID::0::5/24/2005 8:38:19 AM
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/24/2005 4:15:05 PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/25/2005 11:44:48 AM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/25/2005 3:00:25
PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/26/2005 10:50:17 AM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/26/2005 3:10:20 PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::6/1/2005 3:00:24
PM:1.0.501
91::Object variable or With block variable not
set::Updates:LatestRulesetVersionID::30::6/2/2005 8:40:53 AM
 
A

Alan

One easy way to see if MSAS is working is to change your
home page, and see if it asks you to aloow or block this
change. To do this, go to Tools > Internet Options... in
IE, and type in a new home page, and press Enter. If it
alerts you, then it's working. If it doesn't, make
certain that Real-time is in fact enabled, if not, enable
it, then try this again.

Most of the time when I run Ad-Aware, the most things it
returns are tracking cookies and dataminers. Both of
these are in the form of cookies, and since this is a
beta test, MS has said they are not dealing with cookies,
but will reevaluate their policy on cookies based upon
response during the beta test. Therefore, you won't see
this returned in the current release of MSAS.

As for the error log, mine too is filled with a lot of
the same type of errors that you saw in your error log.
I'm running a Gateway computer with a 1.8 GHz P4 and 512
MBs of memory.

Alan
 
G

Guest

Sorry to interrupt this thread but, I have been able to
change my home page without Antispy making any objection.
This as you say shows it is not functioning. I have
uninstalled and deleted the Antispy folder three times.
Any thoughts on how I can remove Antispy it in its
entirety in order to re-install without problem? It does
not show any events logs whatsover. Any help would be
appreciated.
 
A

Alan

The best way to go about doing so is to run the installer
and select 'Remove.' Once the installer is finished
removing the program, reboot your computer, and re-
install the program. Simply removing the folder won't
remove the registry keys associated with MSAS. Also, do
NOT use 'Add or Remove Programs' from the Control Panel,
as this feature can leave behind remnants of preograms
both in the registry and other areas as well, as has
happened to me several times in the past.

Alan
 
S

Steve Dodson [MSFT]

What I am pushing for is an EICAR-type file like AV programs have. This way
you would know everything is ok. We will see if I can get this through.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 
B

Bill Sanderson

Thanks - glad to hear that idea is still alive.
--
Steve Dodson said:
What I am pushing for is an EICAR-type file like AV programs have. This
way you would know everything is ok. We will see if I can get this
through.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
http://blogs.technet.com/stevedod
--

This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
Rick said:
Hello,
I have had MSAS installed on two machines, office and home since the
beginning, and have NEVER had any indication that anything is happening.
No notification that anything has been blocked, nothing in the
quarrantine or deactivated folders, and most importantly,
it has never detected ANY knowns spyware during a scan.
Yet, when I run AdAware later, it always finds something.

The only indication that it is starting on boot is that wierd gcasDTserve
button window that sometimes appears, and lingers, or other times
disappears on its own, and the bullseye is in the taskbar.
I have all of the obvious check boxes turned on and today it says 3
agents are currently active.
Any way to tell it is working, or did I download a sugar pill instead of
the real stuff?
The error log is is only 5k and is below with lots of odd things in it. I
am running a Dell 2.4Ghz with 512Mb memory.
Thanks,
Rick
========================================
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/7/2005 3:23:17
PM:1.0.501
0::The web server returned an error:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultst::modSoapHelper:SendSoapRequest::1/7/2005 3:29:27 PM
91::Object variable or With block variable not
set::SoapClient:isUpdateAvailable::1/7/2005 3:29:28 PM
0::The web server returned an error:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultst::modSoapHelper:SendSoapRequest::1/10/2005 8:59:51 AM
91::Object variable or With block variable not
set::SoapClient:isUpdateAvailable::1/10/2005 8:59:51 AM
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/12/2005
3:00:25 PM:1.0.501
0::ln 0:Software updates could not contact update server,
IsConnectedToInternet returned false (Error:
1)::gcasSWUpdater:modMain:Main::1/19/2005 8:38:14 AM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::1/19/2005
3:00:29 PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::4/12/2005 9:22:13 AM:1.0.501
0::ln 0:App.PrevInstance = True::gcasDtServ:modMain:Main::4/12/2005
9:42:20 AM:1.0.501
0::ln 0:App.PrevInstance = True::gcasDtServ:modMain:Main::4/12/2005
9:42:20 AM:1.0.501
0::ln 0:App.PrevInstance = True::gcasDtServ:modMain:Main::4/12/2005
9:42:21 AM:1.0.501
429::ln 15:ActiveX component can't create
object::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21
AM:XP:1.0.501
91::ln 15:Object variable or With block variable not
set::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21 AM:XP:1.0.501
91::ln 15:Object variable or With block variable not
set::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21 AM:XP:1.0.501
0::ln 0::gcasDtServ not
Authorized.::GIANTAntiSpywareMain:modMain:Main::4/12/2005 9:42:21
AM:XP:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::4/13/2005
3:00:20 PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::4/20/2005
3:00:04 PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::4/27/2005
3:00:02 PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/4/2005 3:00:03
PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/11/2005
3:00:22 PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/18/2005
3:00:05 PM:1.0.501
-2146885629::Method '~' of object '~' failed::C:\Program Files\Microsoft
AntiSpyware\temp.zip::C:\Program Files\Microsoft
AntiSpyware\temp.cat::gcTCPObjLib::modMain:VerifyCatalog::5/20/2005
8:46:45 AM::1.0.501
0::Library Files - Unsynced; Loading Full
Update::Updates:UserVersionID::0::5/23/2005 8:27:13 AM
-2146885629::Method '~' of object '~' failed::C:\Program Files\Microsoft
AntiSpyware\temp.zip::C:\Program Files\Microsoft
AntiSpyware\temp.cat::gcTCPObjLib::modMain:VerifyCatalog::5/23/2005
8:28:20 AM::1.0.501
0::Library Files - Unsynced; Loading Full
Update::Updates:UserVersionID::0::5/24/2005 8:38:19 AM
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/24/2005 4:15:05 PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/25/2005 11:44:48 AM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::5/25/2005
3:00:25 PM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/26/2005 10:50:17 AM:1.0.501
438::ln 0:Object doesn't support this property or
method::gcasDtServ:modMain:ShutDown::5/26/2005 3:10:20 PM:1.0.501
7::ln 10:Out of memory::gcasDtServ:ScheduleScans:Update::6/1/2005 3:00:24
PM:1.0.501
91::Object variable or With block variable not
set::Updates:LatestRulesetVersionID::30::6/2/2005 8:40:53 AM
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to read error log? 1
Error with scheduled scan 1
Enormous Growing Errors.txt File 3
Real-time agents and system explorers not available 1
error log 2
Security Agents have no checkpoints 3
Is it really checking my system? 1
entries in error log 1

Top