MSAS stops Shavlik HFNetChk Pro from updating remote clients

[Ryan]

Hello,

I have Microsoft AntiSpyware installed on all of the
computers on my network. I use a product called Shavlik
HFNetChk Pro 5.1.0 to install security patches to all of
these computers. HFNetChk Pro uses a temporary service to
schedule the updates on the remote computer.

Microsoft AntiSpyware stops this service from running and
prompts the user for what they would like to do. I would
like to know what I can do to tell AntiSpyware that this
service should always be allowed. Is there a way that I
can add programs and or files to a white list for MSAS?

Thank you for your time,

Ryan

 

[Engel]

Hello Ryan

See if this can be of any help.

http://www.microsoft.com/athome/security/spyware/software/i
sv/cdform.aspx Vendor Dispute Form

http://www.spynet.com/vendors.aspx Look half way the page
for Software vendor resources page Microsoft Windows
AntiSpyware (Beta): Resources for Software Vendors

 

[Ryan]

Engel,

Thank you for taking the time to reply to my post. As I
am not the software developer, I do not feel comfortable
submitting a Vendor Dispute claim to Microsoft. Microsoft
AntiSpyware does not flag the service as a definite
threat. It alerts the user to the fact that something is
attempting to take place on there computer that might not
be something that they want happening.

I normally do the updates after hours so that I do not
interfere with peoples work. Because MSAS is stopping the
update software from proceeding until the user gives the
OK, the updates don't start until I walk around to all
the computers and give the OK.

I'd like to continue running MSAS, but having the
computers updating properly is more important to me.
Unless I can prevent MSAS from prompting the user about
this service every time I try and run updates, I'm going
to have to uninstall it.

Again, thank you for taking the time to reply to my post.
If you have any additional thoughts on this issue or know
where I might go to find additional information, please
let me know.

 

[Bill Sanderson]

This kind of interaction is one reason why the beta states plainly that it
shouldn't be installed in a production environment.

I don't know a way to fix this except to deactivate the checkpoint
responsible for that message on each client machine.

I've got a scriptable uninstall command around somewhere if you need it.

 

[Ryan]

Bill,

That's a good point that you make about the beta software
not being intended for a production environment. My
thought on this is that if software is not tested in a
real world environment then after the testing phase has
ended and the software is released to the public, there
will be all sorts of applications that are found to be
incompatible with the software. I did test the software
in a test environment prior to installing it on my
network. At that time, I did not find any issues with the
software that would cause any major problem.

I would expect there to be a method for a user to add a
file, program, or service to MSAS that would identify
that item as being OK. The program would then not bother
prompting the user for an action regarding the item. This
type of feature would seem logical because we can not
account for every program on the market, and the user
would need a way to bypass MSAS security features until
MS has a chance to evaluate the program.

Ryan

 

[Bill Sanderson]

Bill,

That's a good point that you make about the beta software
not being intended for a production environment. My
thought on this is that if software is not tested in a
real world environment then after the testing phase has
ended and the software is released to the public, there
will be all sorts of applications that are found to be
incompatible with the software. I did test the software
in a test environment prior to installing it on my
network. At that time, I did not find any issues with the
software that would cause any major problem.

I would expect there to be a method for a user to add a
file, program, or service to MSAS that would identify
that item as being OK. The program would then not bother
prompting the user for an action regarding the item. This
type of feature would seem logical because we can not
account for every program on the market, and the user
would need a way to bypass MSAS security features until
MS has a chance to evaluate the program.

Ryan

I don't disagree, in general. However, this is an unusual beta. The beta1
code involves mostly minor revisions to a third-party product, and was first
released to the web within 21 days of the purchase of that third-party
company.

A number of aspects of the product as it stands don't meet Microsoft
standards in various ways--accessability, localization, among others--to say
nothing of the level of fine-grained control that you mention.

The development effort is going into producing a version which will have
those standards built-in from the start, and which we haven't seen yet--but
expect to in beta2.

(I also have the beta deployed to all desktops, including some in which I
have, in the past, used HFNetChkPro. I tend to use it only as an audit
procedure in recent times, however.)

The current beta is of a product intended for home users. It will be
released to the web without additional charge to licensed users of Windows.

Microsoft has announced that they will produce a managed, corporate version
of Microsoft Antispyware. That should have the kinds of features that you
are looking for, but it will not be free. They haven't announced any
timeline for its availability, however.

 

[Ryan]

Bill,

I think that at this time, I am going to remove the
software from most of the computers on my network. There
are some people at this company who have a need to have a
software like this installed. For these computers, I will
just walk over to them and accept the MSAS prompt when
doing updates.

Thanks for the information on the other versions of the
software. I was not aware that they were planned.

Ryan

 

[Bill Sanderson]

Bill,

I think that at this time, I am going to remove the
software from most of the computers on my network. There
are some people at this company who have a need to have a
software like this installed. For these computers, I will
just walk over to them and accept the MSAS prompt when
doing updates.

Thanks for the information on the other versions of the
software. I was not aware that they were planned.

That seems like a reasonable course. I'm sure we will hear more eventually
about the managed corporate version, but when, is definitely unclear.