Re: Can't run or copy remote "setup.exe"

Fri, 04 Jan 2008 12:23:41 -0800 

group policy?

On Jan 4, 2008 10:55 AM, Angus Scott-Fleming <[EMAIL PROTECTED]> wrote:

> All
>
> Does anyone know what program might be blocking the ability to run or copy
> "setup.exe" from remote drives yet allow you to copy a bit-for-bit
> identical
> copy named XXsetupXX.ZIP, rename it (locally) to "setup.exe", and run it
> locally?
>
> System in question is an XP SP2 box running McAfee VirusScan Corporate v7
> and
> McAfee VS 8.0.x on both a Windows 2000 server and another Windows XP
> workstation.  The VS8 access-protection log does NOT block actions and the
> log
> file doesn't show it interfering with copying the file.
>
> This cost my client an hour or so of my time this morning; the system is
> not
> "mine" but is maintained by someone providing GPS-in-golf-carts to a golf
> course, and I'm involved because we've interfaced the GPS to some
> golf-tourney
> software by a third-party ...
>
> I disabled OnAccess scanning and still couldn't copy the file:
>
> ------- Included Stuff Follows -------
>
> C:\TEMP> dir v:\downloads\*setup*
> 01/04/2008  08:43 AM         5,407,371 setup.exe
> 01/04/2008  08:43 AM         5,407,371 XXsetupXX.ZIP
>
> C:\TEMP> copy v:\downloads\setup.exe
> Access is denied.
>        0 file(s) copied.
>
> C:\TEMP> copy v:\Downloads\XXsetupXX.ZIP
>        1 file(s) copied.
>
> --------- Included Stuff Ends ---------
>
> Running processes on the system which can't copy files, as shown by
> PSList:
>
> ------- Included Stuff Follows -------
>
> PsList 1.23 - Process Information Lister
> Copyright (C) 1999-2002 Mark Russinovich
> Sysinternals - www.sysinternals.com
>
> Process memory detail for basestation:
>
> Name          Pid      VM      WS   WS Pk    Priv   Faults NonP Page
> PageFile
> Idle            0       0      16       0       0        0    0    0
>  0
> System          4    1876     212    2020      28     6530    0    0
>  0
> smss          604    3544     352     448     144      220    0    5
>  144
> csrss         668   26236    2464    3868    1712     4840    5   54
> 1712
> winlogon      692   60340    1508   11992    9372    13253   31   64
> 9372
> services      736   36608    5188    5188    2024     1860    7   39
> 2024
> lsass         748   41724    7268    7348    3944     2984    9   40
> 3944
> svchost       908   62500    5120    5164    2796     1618    6   39
> 2796
> svchost       984   34704    4128    4136    1740     1212   13   37
> 1740
> svchost      1072   97696   21236   31520   13256    25442   52  108
>  13256
> svchost      1108   29768    3248    3272    1232      908    3   29
> 1232
> svchost      1272   37484    4320    4320    1864     1633    5   36
> 1864
> spoolsv      1420   41388    4652    4660    3052     1322    4   39
> 3052
> AWHOST32     1528  192632    8988   10248    3880     7750    8  170
> 3880
> OPHALDCS     1564   12868    1352    1364     340      341    1   32
>  340
> ibguard      1676   27372    2652    2888     664      989    2   26
>  664
> ibserver     1732   55040   16124   16360   12948    51532    8   32
>  12948
> ramaint      1760   29408    3148    3156    1084      804    2   30
> 1084
> LogMeIn      1812   74108    9904    9932    8888    13228   38   57
> 8888
> FrameworkSe  1960   50460    6928    7192    3408     7026    6   43
> 3408
> Mcshield     1980  106884   53628   57396   52436   116407    8   38
>  52436
> VsTskMgr     2012   47876     316    4012    3868     2366    4   34
> 3868
> naPrdMgr     2020   42608     984    3272    3408     2312    3   38
> 3408
> TAService     256   60584    8608    8712    3708     7253   38   46
> 3708
> WinVNC        440   37480    3396    3632    1036     1182    4   29
> 1036
> AdLinkServi   524  101508   16784   16784   11680     4988    8   53
>  11680
> alg          2152   32636    3452    3460    1120      899    5   35
> 1120
> explorer     3016   62088   17848   18224   12324    20045    7   55
>  12324
> hkcmd        3300   30204    3784    4020    1480     1140    3   31
> 1480
> shstat       3308   40780    1860    3772    3452     3860    3   35
> 3452
> UpdaterUI    3352   38876     220    4048    1100    19373    3   37
> 1100
> LogMeInSyst  1432   41716    5520    9884    2036     3957    4   42
> 2036
> GEMService   2432   87424    6380    6468    3448     5953   45   41
> 3448
> Tracker      2876   65412   35080   61840   30372    16913    4   35
>  30372
> PersistentS  3660   37436    4932    5048    1380     1653    4   32
> 1380
> TIM          3676   28572    3056    3292     772      958    2   28
>  772
> PinPlacemen  3792   27432    5200    7344    1816     4008    4   23
> 1816
> RecorderUti  2956   32140    3764    3880     932     1065    3   31
>  932
> Logger       3424   29324    3304    3532     752     1110    3   30
>  752
> Upgrader     2536   36852    4604    7324    1236     3264    4   33
> 1236
> OrderLink    3236   32888    4388    4504    1172     1311    6   32
> 1172
> VPTMC        3564   39316    2224    5372    1572     2157    6   34
> 1572
> VPGolf3      3936  201312    5552   22344   13316   464665    9   81
>  13316
> --------- Included Stuff Ends ---------
>
> ibguard and ibserver are parts of Interbase Server, which is installed on
> the
> system, not some sort of protection system.
>
> TIA for any ideas...
>
> Angus
>
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to