Unable to obtain updates .....

[Keith]

... either manually or automatically at the office.

The screen says checking for updates but it comes back
with running current versions - 5678 dated 19 Jan.

On my home PC I got 5682 and a notification that a new
updae was installed - but this does not happen at work on
any of the PCs.

We use a Firewall / Router and general web access is OK,
(port 80) but any ideas why I can't update office PCs?

Cheers,

Keith Archer

 

[Bill Sanderson]

Keith - I've got two ideas:

1) There's a bug in the Help, about display of the version number.

Go to File, Check for updates. Let it do whatever it does (it'll probably
just say you are current, but let me know if you get an error message and
what that is.) Once that has done its thing, go back to Help, About, and
check the version number. It may have changed, even though no apparent
update was done. If it did, then this is an appearance bug and we can
ignore it--or go through this procedure at each machine.

2) If you have a full blown firewall that controls both incoming and
outbound traffic, both ports 80 and 443 are used. 443 is the standard port
for HTTPS, so it would be surprising if that were not opened or proxied. Do
you use a proxy or firewall client? Is proxy information manually entered
for Internet Explorer, for example?

 

[Keith Archer]

Hi Bill,

Thanks for the response and the ideas.

I've checked the version number before and after an
update attempt, and I still have 5678 showing in Help
About - even after a re-boot etc.

The Office Internet access is done with a Watchguard 700
firewall device which has both http port 80 and https
port 443 configured for full outbound access. Watching
the firewall activity from its monitor program I see that
my system does connect to IP address 216.32.240.26 -
lited as ASService/definitions.asmx, port 80, but do not
see a port 433 connection attempt.

I'm using XP Pro with SP2 and have even tried turning off
the Windows Firewall. Most of the systems I've insalled
the AS onto are all clean installed this week with McAfee
VirusScan Enterprise V8.0i - tried it with this on or off
too - same result.

Any ideas?

Keith Archer

 

[Bill Sanderson]

The Office Internet access is done with a Watchguard 700
firewall device which has both http port 80 and https
port 443 configured for full outbound access. Watching
the firewall activity from its monitor program I see that
my system does connect to IP address 216.32.240.26 -
lited as ASService/definitions.asmx, port 80, but do not
see a port 433 connection attempt.

I'm using XP Pro with SP2 and have even tried turning off
the Windows Firewall. Most of the systems I've insalled
the AS onto are all clean installed this week with McAfee
VirusScan Enterprise V8.0i - tried it with this on or off
too - same result.

Any ideas?

Nothing very useful, I'm afraid. The Watchguard device really seems to be
the issue, but exactly why the update is being impeded, I don't know.

I'm afraid what I know about the interaction of Microsoft Antispyware and
firewalls is gleaned from the help, and also the fact that I know it updates
in small offices using Microsoft Small Business Server 2000, using Microsoft
ISA server firewall.

Actually, I guess there could be a bug in the update mechanism in all your
installs, but that seems a bit odd. There have been individual reports of
failure to update of various kinds, but yours is the first post I've seen
where the machine(s) are stuck on the original definition release.

FWIW, the binary at the download site is being updated with new definitions
as time passes--not sure this happens with every release, but that's one way
to get this past your firewall--not a very good one, I'm afraid!

 

[John]

Has anyone put a net monitor on their machine while doing an update? I have
done it before but I'm not the best go to guy for it. Maybe I'll take a
shot at it. I'll bet there are some udp ports involved.

 

[Bill Sanderson]

Haven't done it.

The help says 80 and 443, but doesn't specify TCP or UDP.
I'm expecting it to get the job done with just TCP, but I could be wrong,
and Keith's setup is definitely broken.

It is sticking in the back of my mind that there was another hardware
firewall user much earlier on in the beta who also had this issue, but I
don't remember how their hardware was described.

 

[Keith Archer]

Thanks again Bill,

I'll keep trying and with post any good news as and when.

Kind regards,

Keith

 

[Bill Sanderson]

FWIW, there's a brand new post in spyware.networking asking for the port
number for autoupdates--presumably from another person with the same problem
you have.

I don't know whether it would be useful for the two of you to compare notes.

I'll see if I can get any more information on this issue.

 

[Bill Sanderson]

Keith - Steve Dodson, from Microsoft, has just posted this in the thread in
..networking:

Customers with software firewalls need to grant access to the programs
below in order to keep Microsoft AntiSpyware up to date as well as upload
unknown threats to the spynet community.

GiantAntiSpywareMain.exe
gcasDtServ.exe
MicrosoftAntiSpywareUpdater.exe
gcasServAlert.exe

Customers with hardware firewalls only need to verify ports 80 and 443 are
open.

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[Keith Archer]

Tried this and still no joy.

I've also addedd (as an experiment) every other program
in the MSAS program folder to the exceptions list in
Windows Firewall, and still no joy - and I get the same
if I completely disable the firewall too.

I have other apps (e.g. the McAfee Virus Scan Enterprise)
which will happily update though HTTP and FTP through our
hardware firewall, so I'm still puzzled why this program
cannot update itself.

I've downloaded the latest version which includes the 5682
definitions and will wait to see if there is any change
in the situation when I find a new defs file update.

I'll keep you posted.

Keith

 

[Bill Sanderson]

Thanks Keith--somehow, I am not surprised.

Is there any information in logs associated with the firewall that might
give a clue about what's happening?
--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt

Tried this and still no joy.

I've also addedd (as an experiment) every other program
in the MSAS program folder to the exceptions list in
Windows Firewall, and still no joy - and I get the same
if I completely disable the firewall too.

I have other apps (e.g. the McAfee Virus Scan Enterprise)
which will happily update though HTTP and FTP through our
hardware firewall, so I'm still puzzled why this program
cannot update itself.

I've downloaded the latest version which includes the 5682
definitions and will wait to see if there is any change
in the situation when I find a new defs file update.

I'll keep you posted.

Keith

-----Original Message-----
Keith - Steve Dodson, from Microsoft, has just posted this in the thread in
..networking:

Customers with software firewalls need to grant access to the programs
below in order to keep Microsoft AntiSpyware up to date as well as upload
unknown threats to the spynet community.

GiantAntiSpywareMain.exe
gcasDtServ.exe
MicrosoftAntiSpywareUpdater.exe
gcasServAlert.exe

Customers with hardware firewalls only need to verify ports 80 and 443 are
open.

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security
--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.


.

 

[Keith Archer]

Latest definitions 5683 update is available, but still
unable to pick it up.

BILL - There are no reports of any denied access or
connection failures coming from the firewall. As a test I
installed Zone Alarm Pro on a system and watched what it
did as I updated - the only thing that happened is that
GianAntiSpywareMain.exe requested outgoing access to port
80 to www.giantcompany.com (216.32.240.26). No other
program attempted access to anything else.

I've run out of ideas and suggestions. Except one - I'll
take a laptop off the network and will attempt a direct
connection to the internet via modem dial up and see if
that picks up the update. I'll leave this open for a few
minutes while I run off and try it......

..... Yep - it works OK if I dial up rather than connect
tothe internet via the company LAN.

This is definately a problem with accessing the update
site through a firewall. I'll top post the question again.

Keith

-----Original Message-----
Tried this and still no joy.

I've also addedd (as an experiment) every other program
in the MSAS program folder to the exceptions list in
Windows Firewall, and still no joy - and I get the same
if I completely disable the firewall too.

I have other apps (e.g. the McAfee Virus Scan Enterprise)
which will happily update though HTTP and FTP through our
hardware firewall, so I'm still puzzled why this program
cannot update itself.

I've downloaded the latest version which includes the 5682
definitions and will wait to see if there is any change
in the situation when I find a new defs file update.

I'll keep you posted.

Keith

-----Original Message-----
Keith - Steve Dodson, from Microsoft, has just posted this in the thread in
..networking:

Customers with software firewalls need to grant access to the programs
below in order to keep Microsoft AntiSpyware up to date as well as upload
unknown threats to the spynet community.

GiantAntiSpywareMain.exe
gcasDtServ.exe
MicrosoftAntiSpywareUpdater.exe
gcasServAlert.exe

Customers with hardware firewalls only need to verify ports 80 and 443 are
open.

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

and
confers no rights.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.


.

.

 

[Keith Archer]

Latest definitions 5683 update is available, but still
unable to pick it up.

BILL - There are no reports of any denied access or
connection failures coming from the firewall. As a test I
installed Zone Alarm Pro on a system and watched what it
did as I updated - the only thing that happened is that
GianAntiSpywareMain.exe requested outgoing access to port
80 to www.giantcompany.com (216.32.240.26). No other
program attempted access to anything else.

I've run out of ideas and suggestions. Except one - I'll
take a laptop off the network and will attempt a direct
connection to the internet via modem dial up and see if
that picks up the update. I'll leave this open for a few
minutes while I run off and try it......

..... Yep - it works OK if I dial up rather than connect
tothe internet via the company LAN.

This is definately a problem with accessing the update
site through a firewall. I'll top post the question again.

Keith

 

[Bill Sanderson]

I know that I have two small offices with groups of machines picking up
definitions just fine through ISA firewall, and I didn't need to open
anything new for this program.

I definitely recall a similar query very early in the beta from another
firewall user--but I can't find it now--there are a couple of threads
related to proxies in the .networking group, but using firewall as a key
yields a bunch of broken Winsock LSP threads. I've just done a search of
all the groups on the key "watchguard" and only found this thread, so the
same product wasn't named.