Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <00b201c26341$a5ac45f0$0100a8c0@wdg.uk.ibm.com>
From: "Max Bowsher" <maxb AT ukf DOT net>
To: <pechtcha AT cs DOT nyu DOT edu>
Cc: <cygwin AT cygwin DOT com>
References: <Pine DOT GSO DOT 4 DOT 44 DOT 0209231236140 DOT 15469-100000 AT slinky DOT cs DOT nyu DOT edu>
Subject: (Partially) OT: Circumventing NAVCE (was: Performance Issues due to Anti-Virus software.)
Date: Mon, 23 Sep 2002 21:41:44 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

Igor Pechtchanski wrote:
> Dan,
> "Good luck" is the exact term needed here, in reference to turning off NAV
> Corp. Edition.  The service runs as LocalSystem, so anyone with less
> privilege than that is not able to either turn it off or change anything
> that is not unlocked.  The way it's set up on my computer, the option to
> stop the scan is disabled, and the scheduler is locked.  Since the process
> runs as LocalSystem as well, it is unkillable through the Task Manager.
> I'm of half a mind to set up an ssh server just to be able to su to local
> system and kill it.  But for now I live with it.
> Igor

The pasted REGEDIT file shows how to regain control control of NAVCE. Of course,
you will need local admin to edit the relevant registry locations. I can't say
for certain that your version of NAVCE will use _exactly_ the same registry
keys, but with this as a hint, it shouldn't take more than 5 minutes for anyone
comfortable with registry editing to unlock NAVCE.

Max.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalSca
ns\ClientServerScheduledScan_1]
"ScanLocked"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administ
ratorOnly\Security]
"LockUnloadServices"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages
\Filesystem\RealTimeScan]
"OnOff-L"=dword:00000000
"MessageBox-L"=dword:00000000
"BackupToQuarantine-L"=dword:00000000
"Writes-L"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages
\LotusNotes\RealTimeScan]
"FileType-L"=dword:00000000
"MessageBox-L"=dword:00000000
"NotifySender-L"=dword:00000000
"NotifySelected-L"=dword:00000000
"InsertWarning-L"=dword:00000000


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/