Author Topic: Solved one problem made another --EDIT (ALL SOLVED!)  (Read 11416 times)

0 Members and 1 Guest are viewing this topic.

Offline dmccann

  • Newbie
  • *
  • Join Date: Apr 2014
  • Posts: 4
  • Karma: 0
    • View Profile
Solved one problem made another --EDIT (ALL SOLVED!)
« on: April 23, 2014, 10:55:02 pm »
 :cheesy: :smiley: Thank you for this program.  I have been trying to instal my hp 8600 plus software for days.  None of the fixes on hp's site worked.  As it appeared they were trying to force their way past file association and permission issues I decided to try your AIO software. Problem solved!!  The only thing is that every time after I run the AIO (this and previous versions) my Win 7 action center sends me a message that my Trend Micro Ti Max Antivirus is "On" but is reporting its status in a format that is no longer supported.  I can solve this by uninstalling and reinstalling the Trend Micro but I thought you would like to know about it.  Also the message at the start of AIO to disable your antivirus should give the user some idea of the time it will take to run AIO.  My Trend defaults to disable for 30 min. unless I exit all together.  Barely made it!
« Last Edit: April 24, 2014, 02:48:03 pm by dmccann »

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Solved one problem made another
« Reply #1 on: April 24, 2014, 08:55:37 am »
Actually that should fix itself without having to reinstall anything :-)

Here is how it works. The AV writes itself to the WMI, which is what the security center pulls from to show the status. When my Repair WMI runs, and if the WMI is working, it will export the AV info out of WMI and then import it back in.

I did that because of what is happening here, the security center complains and it can freak a user out. But what happens is after a reboot or two or when the AV updates itself it writes itself back to the WMI anyways, it has to every time it does anything so it can report its status tot he security center.

So in your case I am curious to what status the AV is reporting to cause that. I have attached a screen shot and a zip file with a vbs script in it.

The vbs is script is a script that will read the AV info from the WMI. It will also show the current product state. I attached a screen shot of what it pulls up on my system.

The product state is suppose to be a number. Like these examples

Quote
266240 -> 0x041000:
ANTIVIRUS + active + dat_files_up_todate

266256 -> 0x041010:
ANTIVIRUS + active + dat_files_NOT_up_todate

397312 -> 0x061000:
ANTIVIRUS + AUTOUPDATE + active + dat_files_up_todate

397584 -> 0x061110 (Windows Defender started on Win7):
ANTIVIRUS + AUTOUPDATE + ???? + dat_files_NOT_up_todate

393488 -> 0x060110 (Windows Defender stopped on Win7):
ANTIVIRUS + AUTOUPDATE + ???? + dat_files_NOT_up_todate

So I want to see what yours is reporting. My repair tool takes that info and puts it into a mof file so WMI can import it back in.

Shane

Offline dmccann

  • Newbie
  • *
  • Join Date: Apr 2014
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Solved one problem made another
« Reply #2 on: April 24, 2014, 10:51:20 am »
I think Trend Micro does something with their files so they can't be messed with (make it harder for fake AV infections to disable).  I noticed during the AIO operation there were about 1590 "failures" all having to do with Trend Micro.  I have attached a screen shot from what your tool is reporting.  I have not uninstalled and reinstalled yet to see if that corrects it.  It did last time.  I am not in a particular hurry to do it as the Trend software is in fact fully functional and scanning and updating normally..it just isn't telling windows about it.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Solved one problem made another
« Reply #3 on: April 24, 2014, 11:44:08 am »
All AVs have that protection actually and it is normal to see the errors about access denied in the repairs for them, so no worries there.

Ok so WMI isnt reporting anything for the AV, lets try the anti spyware section.

Right click on that vbs file and click edit, once open in notepad change line 6

from
Set objItemAV = objWMIAV.ExecQuery("Select * from AntiVirusProduct")
to
Set objItemAV = objWMIAV.ExecQuery("Select * from AntiSpywareProduct")

And then save and run the vbs file again. This time it will check the anitspyware section of WMI :-)

Shane

Offline dmccann

  • Newbie
  • *
  • Join Date: Apr 2014
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Solved one problem made another
« Reply #4 on: April 24, 2014, 12:54:07 pm »
Ok that returned a report.  Attache screen cap.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Solved one problem made another
« Reply #5 on: April 24, 2014, 02:05:31 pm »
Ok, the next time it updates its virus defs it should update the wmi for the AV part. When it does and the security center reads normal, then try the vbs again for the antivirus part and lets see if it returns any info :-)

Shane

Offline dmccann

  • Newbie
  • *
  • Join Date: Apr 2014
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Solved one problem made another
« Reply #6 on: April 24, 2014, 02:44:49 pm »
Trend Micro works a little different than some antivirus.  It has a large number of individual protection modules that update incrementally and report their current pattern version to the Trend Console so I am not positive that it reports all of this to windows.  Apparently this is to avoid the heavy use of system resources during updates.  A few times a year the the console or shell receives an update.  As it is fully functional I will wait and see what happens--mostly out of curiosity.  It is also possible that the anti spyware modules are the only ones that have actually had updates since I did this.  I think we can consider this solved... but I will post back here when something changes.  It is possible that I will un-install Trend to try the new  Titanium version 8 Beta, but I will wait a few weeks to see when the Trend console correctly reports itself to windows.  I wish to thank you again for making this AIO program available. There are a bunch of threads with people trying to Install Hp software with this same issue on Hp's forums.  This was by far the quickest and easiest way to solve it. :cheesy:

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Solved one problem made another --EDIT (ALL SOLVED!)
« Reply #7 on: April 24, 2014, 02:50:09 pm »
The security center and wmi is the MS required standard way to do it. In fact only AV makers get the hidden API to write to the WMI about it. I found a way around that to put the info back in :-)

So doesn't matter which AV it is, if it wants to report to the security center it has to follow MS rules :-)

Let me know if anything changes. :wink:

Shane