Scans stalling out at "Evaluating rule: Devices: Unsi

General support questions for the Secutor Prime product.
dljungling
Contributor
Posts: 5
Joined: Thu Nov 13, 2008 1:47 pm

Scans stalling out at "Evaluating rule: Devices: Unsi

Postby dljungling » Thu Nov 13, 2008 2:07 pm

"Scans stalling out at "Evaluating rule Evaluating rule: Devices: Unsigned driver Installation Behavior

I am running the latest version of SecutorPrime Pro. I have been successfully using the scans on both desktops and servers. Thoughts? Thanks! Darren

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Re: Scans stalling out at "Evaluating rule: Devices:

Postby gunnar » Thu Nov 13, 2008 2:19 pm

dljungling wrote:"Scans stalling out at "Evaluating rule Evaluating rule: Devices: Unsigned driver Installation Behavior

I am running the latest version of SecutorPrime Pro. I have been successfully using the scans on both desktops and servers. Thoughts? Thanks! Darren


Darren,

From your email it looks like you are running into this problem while scanning a Windows Server 2003 Member Server. Is that machine a member of a domain, and if so how many machine and user accounts exist in that domain?

dljungling
Contributor
Posts: 5
Joined: Thu Nov 13, 2008 1:47 pm

Re: Scans stalling out at "Evaluating rule: Devices:

Postby dljungling » Thu Nov 13, 2008 2:24 pm

[quote="gunnar"][quote="dljungling"]"Scans stalling out at "Evaluating rule Evaluating rule: Devices: Unsigned driver Installation Behavior

I am running the latest version of SecutorPrime Pro. I have been successfully using the scans on both desktops and servers. Thoughts? Thanks! Darren[/quote]

Darren,

From your email it looks like you are running into this problem while scanning a Windows Server 2003 Member Server. Is that machine a member of a domain, and if so how many machine and user accounts exist in that domain?[/quote]

The server is part of the domain, which has never been a problem before. I cannot divulge the number of servers on the domain...sorry...Fed Agency.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Re: Scans stalling out at "Evaluating rule: Devices:

Postby gunnar » Thu Nov 13, 2008 2:32 pm

dljungling wrote:The server is part of the domain, which has never been a problem before. I cannot divulge the number of servers on the domain...sorry...Fed Agency.


No problem. I'll dig into the content to see if that's even an avenue worth pursuing.

When you say you have the latest version, what is the build number you see on the Help-->About dialog? Build 1414 was just released within the past couple of days.

Is this the only machine that this happens on?

Is this particular machine a 64-bit OS or 32-bit?

dljungling
Contributor
Posts: 5
Joined: Thu Nov 13, 2008 1:47 pm

Re: Scans stalling out at "Evaluating rule: Devices:

Postby dljungling » Thu Nov 13, 2008 2:39 pm

[quote="gunnar"][quote="dljungling"]
The server is part of the domain, which has never been a problem before. I cannot divulge the number of servers on the domain...sorry...Fed Agency.[/quote]

No problem. I'll dig into the content to see if that's even an avenue worth pursuing.

When you say you have the latest version, what is the build number you see on the Help-->About dialog? Build 1414 was just released within the past couple of days.

Is this the only machine that this happens on?

Is this particular machine a 64-bit OS or 32-bit?[/quote]

I am using the 1414 build, 32-bit as well as the server I am scanning. Another weird thing, I have three installs of the product, with three separate activation codes. The options of which scan type to use are not consistent across the three scanning systems; even when attaching to the same server to scan. All three scanning systems stall at the same "check".

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Re: Scans stalling out at "Evaluating rule: Devices:

Postby gunnar » Thu Nov 13, 2008 3:01 pm

dljungling wrote:I am using the 1414 build, 32-bit as well as the server I am scanning. Another weird thing, I have three installs of the product, with three separate activation codes. The options of which scan type to use are not consistent across the three scanning systems; even when attaching to the same server to scan. All three scanning systems stall at the same "check".


So this happens when you are doing a network-based scan of the target machine from another workstation?

That particular test is just a registry key, so domain size won't be a factor. Forget that I even asked that.

If some of your installs are older installs that have been updated they will also have the older content revisions available. A new install will only have the most recent content, so that would cause a difference in what scan types you see as available. The default content is stored in the "resources" directory below the application, so you can copy everything you don't want to use to another directory. If you're not sure which is the current content, just move everything and then use Help->Check For Updates and Prime will download the most recent content into that directory.

This is something we've ever seen or heard of before, so getting some debug information from you would be helpful if you are willing.

To enable low-level debugging, go to Tools -> Settings and then to the Assessment tab. Check the check boxes labeled "Create Error Log" and "Enable additional debug logging".

This should create a file in the "logs" directory below where Secutor Prime is installed. In this directory will be a file called "windows_native.dbg" and, hopefully, in that file will be a reference to accessing the registry key "Software\Microsoft\Driver Signing" that will solve this -- please post (or email to Support@ThreatGuard.com) as much of this debug file you are comfortable sending.

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Wed Dec 17, 2008 1:23 pm

This issue has now been fixed as of Secutor Prime build #1417, available for download as of today (December 17).

Our thanks to Mr. Jungling for providing the feedback that let us track this one down.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: Google [Bot] and 4 guests