Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs
Date: Mon, 23 Sep 2002 18:03:15 -0400 (EDT)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: Dan Vasaru <dvasaru AT broadpark DOT no>, Max Bowsher <maxb AT ukf DOT net>
cc: cygwin AT cygwin DOT com
Subject: Re: (Partially) OT: Circumventing NAVCE (was: Performance Issues
 due to Anti-Virus software.)
In-Reply-To: <00b201c26341$a5ac45f0$0100a8c0@wdg.uk.ibm.com>
Message-ID: <Pine.GSO.4.44.0209231719200.15469-100000@slinky.cs.nyu.edu>
Importance: Normal
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 23 Sep 2002, Dan Vasaru wrote:

> dan > Seriously, aren't your developers local administrators ? In that case,
> dan > they could easily disable the AV.
> Igor >I'm of half a mind to set up an ssh server just to be able to su to
> Igor >local system and kill it.  But for now I live with it.
>
> Igor,
>
> Try installing the PSTOOLS package from
> http://www.sysinternals.com/ntw2k/freeware/pstools.shtml.
>
> PSKILL (part of pstools) will kill virtually any process, including
> LocalSystem processes, given enough (local administrator) rights. Of course
> you can also try stopping the service in the ControlPanel (Administrative
> Tools|Services, right click on NAV). Here's where you would restart it.
>
> Dan

On Mon, 23 Sep 2002, Max Bowsher wrote:

> Igor Pechtchanski wrote:
> > Dan,
> > "Good luck" is the exact term needed here, in reference to turning off NAV
> > Corp. Edition.  The service runs as LocalSystem, so anyone with less
> > privilege than that is not able to either turn it off or change anything
> > that is not unlocked.  The way it's set up on my computer, the option to
> > stop the scan is disabled, and the scheduler is locked.  Since the process
> > runs as LocalSystem as well, it is unkillable through the Task Manager.
> > I'm of half a mind to set up an ssh server just to be able to su to local
> > system and kill it.  But for now I live with it.
> > Igor
>
> The pasted REGEDIT file shows how to regain control control of NAVCE. Of
> course, you will need local admin to edit the relevant registry
> locations. I can't say for certain that your version of NAVCE will use
> _exactly_ the same registry keys, but with this as a hint, it shouldn't
> take more than 5 minutes for anyone comfortable with registry editing to
> unlock NAVCE.
>
> Max.
>
> [Registry settings snipped]

Merci beaucoup to all for your suggestions.  This has been plaguing me for
a while.  I was aware of being able to stop the service, but the pskill
and especially the registry settings proved very useful.
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Water molecules expand as they grow warmer" (C) Popular Science, Oct'02, p.51




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/