How to solve Shh/Updater-B False positives error in Sophos Endpoint Secutiry and Control?



 


If you have encouter above error or your sophos anti-virus keep alert Shh/Updater-B Virus Detected, please follow the step as below to solve.
Actually, it is not virus. It's one of the file that need by Sophos for Auto Update task.

- Lauch Sophos Endpoiint Security and Control and Enable Live Protection as shown in picture.





Check your system downloaded "javab-jd.ide" file or not as shown below. This is to ensure your anti-virus is latest updated or not. If not updated, try to update ASAP.
32-bit: C:\Program Files\Sophos\Sophos Anti-virus\
64-bit: C:\Program Files (x86)\Sophos\Sophos Anti-virus\

- Configure On Access Scanning and Windows Exclusions on Sophos Anti-Virus Policy as below,





C:\Documents and Settings\All Users\Application Data\Sophos\
C:\Program Files\Sophos\
C:\Program Files (x86)\Sophos\
C:\ProgramData\Sophos\
C:\Windows\temp\sophos_autoupdate1.dir\
C:\Progra~1\Sophos\
C:\Progra~2\Sophos\
C:\Docume~1\AllUse~1\Applic~1\Sophos\


Do not forget to check "Exclude remote files" checkbox.

Then Update your Sophos by using Sophos Control Center or Console.

If updating is OK. You issue solved. If updating task got "Unexpected error", please go to below link and download zip file.


http://downloads.sophos.com/tools/SUMUpdateIDEFix.zip


Unzip downloaded file to under C: drive and Run it As Administrator.

Update your Sophos again then. Your Sophos should be OK now.

Now you might need to clean previous Qurantined Alert. To clean those alert, please go to below link.


http://sophserv.sophos.com/repo_kb/118328/file/fpack.txt

Copy all the text from opened web page and paste it to Notepad and save it as Batch file ".bat" file format. Then Run it as Administrator.

All previous qurantined alert will be clean.

OK. Your Sophos Issue solved now.

This is solution for only for Sophos Endpoint Secutiry and Control.

For detail reference for all Sophos Products, please go and read below links,

http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
http://www.sophos.com/en-us/support/knowledgebase/118327.aspx
http://www.sophos.com/en-us/support/knowledgebase/118328.aspx
http://www.sophos.com/en-us/support/knowledgebase/118329.aspx
http://www.sophos.com/en-us/support/knowledgebase/118332.aspx



May you all be happy.
(Be knowlegeable, pass it on then)


Fortigate guide for Begineer - 7





I've been written Basic Fortigate Unit Configuration up to part 1 to 6.
Now...I am going to write Advance Configuration Steps.

Most of the Company have two Internet Line for Primary and Backup.

I'd like to write how to setup two Internet line on one Fortigate unit.
Let's assume Primary Internet Line use Static IP and Backup Internet Line DHCP IP.
Here, I will use some IP address to configure Fortigate. You need to use real IP address of yours instead.

Firstly, I'm gonna setup Primary Intenet line.
- Connect the Line from Primary ISP to the WAN1 Port of Fortigate Unit.
- Log in to Fortigate by using Web-based Manager.
- Go to System>Network>Interface and Select WAN1 Interface. Then Edit as following picture




- Select Internal Interface and Edit as following,




- Go to Router>Static>Static Route and Select Create New. Add Default Route then.





- Go to System>Network>DNS. Add Primary, Secondary DNS serers address.
- Go to Policy>Poliicy>Policy. Select Create New and define the Security Policy as following picture to get Internet Access for Private/Internal Network through from WAN1 interface.
  Some Fortigate Model configured this as Default Policy.





- Select Enable NAT and Use Destination Interface Address.
- Select OK to save Security Poliicy.



Primary Internet Line Setup Task done. Now I'm gonna setup Backup Internet line.
- Connect Backup Internet Line to WAN2 port of Fortigate.
- Log in to Fortigate by using Web-Based Manager.
- Go to System>Network>Interface and Edit WAN2 Interface.
- Change Addressing Mode to DHCP. Select Retrieve Default Gateway from server. Uncheck the Override internal DNS checkbox.
- Select OK to save.
(Do not forget to select Retrieve Default Gateway from server to add Default Route into Routing Table)
- Go to Policy>Policy>Policy. Select Create New and Define Security Policy as following picture. To get Internet access from Private/Internal Network through from WAN2 interface.





- Select Enable NAT and Use Destination Interface Address.
- Select OK to save Security Policy.
Backup line setup done.

Now I'm going to set the default route to WAN1 to be the primary default route and add a ping server for WAN1 and WAN2
The Ping Servers Verifiy the ability of the WAN1 and WAN2 interfaces to connect to the Internet.



- Go to Router>Static>Static Route. Edit the WAN1 Default Route. Select Advance and set Distance to value to 10. (By Default it is 10).
- Go to System>Network>Interface. Edit the WAN2 Interface. Set Distance to value to 20. ( The value of Distance to can set any number higher than 10)
- To confirm which default route is now actually being used by the Fortigate unit, go to Router>Monitor>Routing Monitor to view the current Fortigate routing table.




- Go to Router>Static>Settings. Select Create New and Add Ping Server for WAN1 as following picture,




- Add Ping Server for WAN2 as following picture.





OK... Now settiing up two Internet line in one Fortigate unit is done.


May you all be happy.
(Be knowledgeable, pass it on then)



How to reset forgotten Lotus Notes User's ID Password?



Sometime you will face with task to reset the password of Lotus Notes User ID from Lotus Notes Client Customer.

I'd like to show how to reset the Lotus Notes User ID password in step by step as below,

- Firstly, copy the ID file of User ID that you need to reset.
- Log in to Domino Server.
- Run Lotus Domino Administrator.
- Click Configuration Tab and Extract Reovery Password.



- Key in the admin password and log in when you see Log in windows.


- Select the ID file that you need to reset and click open. ( ID file must be the file that you copie at first step)


- Lotus Notes will generate recovery password for User ID and take it note because you have to use it later.



Steps on Domino Server side are doen. Go to User's PC and


- Run Lotus Notes.
- Click Exit when it's open.



- Choose Try to recoer your password option and click OK when Options Windows appears.


- Key in recovery password gerenated from Domino Server and click Enter.


- Choose User ID and click Open.


- Let User to key in desire password when password change windows come out.



Lotus Notes Client User ID password reset task completely done.

If you have done in creation of ID Vault in your Domino Server, the above steps are not essential.

Just copy ID file of effected User from ID Vault and overwrite the existing ID file at User's PC then try to log in with original password created since first time for that user.

May you all be happy.
(Be knowledgeable, pass it on then)

Email control by google apps unable to send out in Outlook 2010

I'd like to share today my experience at customer place.

One of customer unable to send out email in her Outlook. But can receive all emails.

Their Domain is control by Google Apps that give Onenote office service from SingTel.

So, I opened and checked the Outlook.

All incoming/outgoing server and port are correct. But sending email is not work.

I also checked Firewall. All SMTP ports are not blocked.

Then I opened Telnet and type the "smtp.gmail.com 587" to check the SMTP Server connection.

I got error message "220 mx.google.com ESMTP q3sm12794179oef.0". OK. Sure. Port 587 is not working.

I was called to ISP and they asked me to change SMTP port to 465 instead of 587.

I changed and found out that's not working too.

I decided to use last method.

Removed profile that give me headache.

Re-created new profile and test out. Suddenly foud out it's work.

I knew that is not because of port setting. Only old profile is corrupted.

Port 465 is for SSL and Port 587 is TLS.

Well... I believe this post can help you if you face with same problem.

May you all be happy.
(Be knowledgeable, pass it on then)