eEye Digital Security

upgrade from Vista x64 to Windows 7 leaves Blink unusable, uninstallable

shipsass — Sat, 24 Oct 2009 19:04:02 GMT

I should have known better, but I left Blink Personal edition installed when I upgraded to Windows 7 last night. Now I cannot start Blink, and the uninstaller fails with a 1703 DLL error.

Are there any instructions for manually uninstalling the product so I can try again?

Thanks,

Joe

Audit ID 9826 Microsoft Visual Studio ATL Vulnerabilities (969706) - VS 2008 SD

RAC_Reaper — Wed, 21 Oct 2009 13:25:54 GMT

I have been trying to figure this one out. All my windows XP SP3 machines, the Scan says that file C$\Program Files\Microsoft Visual Studio 9.0\VC\ce\dll\x86\atl90.dll is version 9.0.21022.220 and should be at 9.0.30729.4154. MS09-035 is installed as well as other KB's associated according to a WSUS report . Is this another type of 3rd party add in? How can I get rid of this vulnerability?

Office XP False Positives

eyesonly — Mon, 26 Oct 2009 01:21:01 GMT

I recently installed Windows XP & Office XP on a brand new disk. I installed the service packs in chronological order. Next, I went to Microsoft Update and applied all critical patches. Microsoft Update reported NO critical updates. Windows XP SP3 & Office XP SP3.

Next, I installed Blink Personal, then updated the software & virus definitions. I ran a Vulnerability Assessment and it reported the following 3 critical updates needed to be applied:

Microsoft Office One Note URI Remote Code Execution (955047) - Office XP

Microsoft Office Remote Code Execution (949030) - Office XP

Microsoft Office Remote Code Execution (934873) - Office XP

I checked the links to the Microsoft Bulletins to determine whether the updates may have already been applied in some kind of roll-out or cumulative update. Although the Microsoft Bulletines did not mention any roll-out or cumulative updates that superceded the bulletins, I was able to find the files updated in the file information sections.

My current systems (Windows XP SP3, Microsoft Office XP SP3) reports:

mso.dll 10.0.6856.0 9/04/09 9811792

ietag.dll 10.0.6731.0 9/04/09 105152

According the Microsoft Bulletins:

Microsoft Office One Note URI Remote Code Execution (955047) - Office XP per http://support.microsoft.com/default.aspx?scid=95507

mso.dll 10.0.6845.0 6/11/08 9819136

ietag.dll 10.0.6731.0 6/11/08 105152

Microsoft Office Remote Code Execution (949030) - Office XP per www.microsoft.com/technet/security/bulletin/ms08-016.mspx

mso.dll 10.0.6839.0 10/30/07 9819136

ietag.dll 10.0.6731 9/10/04 105152

Microsoft Office Remote Code Execution (934873) - Office XP per www.microsoft.com/technet/security/bulletin/ms07-025.mspx

mso.dll 10.0.6830.0 3/26/07 9819480

As you see, I have the most recent versons and most recent dated files even though I did not apply any of the 3 Microsoft Updates. While I don't know exactly what Micosoft patch(es)/update(s) are responsible, I do know that my system is completely patched and Vulnerability Assessment incorrectly tells me to apply patches that apply older and obsolete versions of my current files.

Please review my post to confirm that the aforementioned 3 critical update warnings in Vulnerability Assessment is really a false positive.

Again thank you for Blink Personal, it's really a great piece of software.

Thanks in advance.

No Remote Registry Access Available

dspivey — Fri, 09 Oct 2009 16:38:43 GMT

I run this Retina scan using a single IP and do not have this issue. When run with a range of IP's i get the No Remote Registry Access Available. I have looked at the log files, and I see some Err=5 as it trys all the local accounts, but I AM supplying credentials with my scan. Why does this work with a single IP scan and not the range of IP's?

Internet Explorer Vulnerability - False Positive?

jin356b — Tue, 04 Aug 2009 00:19:13 GMT

I have recently installed the latest security update for IE7 on my network (Cumulative Security Update for Internet Explorer 7 (KB972260)). Now whenever I do a Retina scan on these machines, they report 2 High risk vulnerabilities:

Microsoft Internet Explorer Cumulative Security Update (958215) - 2003 Retina Audit ID: 7449
Microsoft Internet Explorer Security Update (960714) - 2003 Retina Audit ID: 7521

Microsoft Internet Explorer Cumulative Security Update (958215) - XP Retina Audit ID: 7448
Microsoft Internet Explorer Security Update (960714) - XP Retina Audit ID: 7520

These vulnerabilities are from 2008, and probably obsolete. I run am running the most updated versions of Win2k3 SP2 and WinXP SP3. Has anyone else had this problem? Does anyone know if these are actually False Positives, or has Microsoft opened up an old vulnerability?

Thanks

Blink Personal 4.5.1 is now available

lnicula — Wed, 18 Nov 2009 01:11:47 GMT

Date of Release:     16 Nov 2009
Product Name:        Blink Personal
Updated Version:     4.5.1
Superseded Version: 4.3.2 - 4.5.0
Table of Contents

1. What's New in This Release
2. Known Issues
3. General Notes
4. Release Availability
5. Current and Historical Issues Resolved

1. What's New in 4.5.1
======================================================================

   - Added support for Windows 7 (x86 and x64).

   - Enhanced detection and reporting of attacks using CVE-2009-2512
     Vulnerability in Web Service on Devices Could Allow Remote Code
     Execution

- Enhanced detection and reporting of attacks using CVE-2009-2523
License Logging Server Heap Overflow Vulnerability

2. Known Issues
=======================================================================

- NONE

3. General Notes
=======================================================================

- Blink Personal only supports Microsoft Windows workstation class
operating systems.

4. Release Availability
=======================================================================

- This release is available using the eEye Auto-Updater and by
download from http://download.eeye.com/blinkpersonal

The MD5 signature is: c1e4d4bb3b0240d4640cf4e74f9a98b0
The SHA-1 signature is: 5046bb3bbb1049dcf1e0be8d33e2172f8a8e3e37

5. Issues Resolved
=======================================================================

   4.5.1 (16 Nov 2009)
   - Fixed a bug causing Registry Protection to lock up applications.
   - Fixed a user interface crash.
   - Fixed a bug on Vista SP1 and above where the Action Center did
     not properly report the status of the firewall and Antivirus
     engines.

   4.4.3 (28 Oct 2009)
   - Fixed a bug causing rules to not be exported properly.
   - Changed the FTP.COMMAND signature to apply now to all FTP commands
     except for USER and PASS.
   - Fixed a bug causing the registry protection engine to lock up
     applications.

   4.4.2 (21 Sep 2009)
   - Fixed a false positive regarding DNS request type 99.
   - Fixed an issue leading to strange characters being displayed
     on the status bar during a Vulnerability Assessment scan.
   - Fixed an issue leading to stalled TCP connections.
   - Fixed a BSOD caused by an incompatibility with the Rescue and
     Recovery ThinkPad software.
   - Fixed an issue causing NetBios connections to be disconnected
     after a while on Windows Vista and 2008.
   - Fixed an error caused by a failure to install drivers at boot
     time.
   - Fixed a bug in a module used during updates.
   - Fixed a bug in the Firewall engine on Vista machines.

   4.4.1 (18 Aug 2009)
   - Fixed a number of issues resulting from performing Malware Scans
     while the On-Access scanning was disabled.
   - Fixed various issues in the AntiMalware layer.
   - Fixed a bug quarantining malware located in folders with a very
     long path.
   - Fixed Application Protection false positives caused by .NET
     applications on Windows 2008 x64.
   - Malware scans now take less memory.
   - Fixed an issue where the Blink icon was not animated during
     malware scans in certain situations.
   - Fixed a crash in Internet Explorer 8 caused by the Application
     Protection engine conflicting with existing hooks.
   - Fixed an IPS deadlock.
   - Fixed an issue where all traffic was stopped on some systems
     with NICs that use IP checksum offloading.
   - Fixed an issue causing Microsoft Word 2007 to crash when in
     Full Screen Reading mode.
   - Fixed false positives in the SMTP protocol analyzer.
   - Fixed a bug which caused IP addresses in the Trusted list to
     be trusted even after removed from the policy.
   - Fixed an issue leading to incomplete malware quarantine packages
     lacking the deleted registry keys. Such a malware package would
     then fail to be restored.
   - Fixed an issue causing non-paged pool memory exhaustion due to
     the AV On-Access cache being too large.
   - Fixed an issue in the RPC protocol analyzer causing the IPS to
     deadlock and stop all traffic.
   - Fixed an issue with running protected movies using Microsoft
     Silverlight. Playing content from Netflix is known to have
     triggered this bug.
   - AntiMalware exclusions are now applied when files are executed
     as well as when they are Read and Written.
   - ActiveX protection will not be applied to other applications than
     Internet Explorer. This fix allows older VB6 Help files to work.
   - Fixed deadlocks caused by scanning named pipes and mailslots.
   - Fixed a Blink GUI bug where Registry Protection rules could be
     created without specifying read/write action.
   - Fixed several bugs leading to BSODs on certain configurations.
   - Fixed a bug causing the BSOD detection to trigger even if the
     system has been forcibly rebooted at large intervals (normally
     the detection should trigger in the case of a looping reboot).
   - Fixed a bug causing the blinksvc.log file to be locked after
     debugging was stopped.
   - Reduced the severity of several events.
   - Fixed a bug causing network shares to become unavailable.
   - Fixed a crash in the SSL protocol analyzer.
   - Fixed a bug where the IPS was blocking a Bank of America website.
   - Fixed IMAP protocol analyzer errors.
   - Fixed a hanging bug when Blink was shut down from the File
     Shutdown menu.
   - Fixed an issue causing the Application firewall to report
     incorrect processes.
   - Fixed an issue where permanent banned or trusted IPs would be
     shown as expiring in less than one minute.
   - Fixed a bug causing the Auto-Update time to not be properly
     displayed on systems with a non-US locale.
   - Fixed SMTP false positives when running on Exchange SMTP
     connectors.
   - Fixed an issue where certain very large archives would deadlock
     the AntiMalware engine and fill up the hard disk.
   - Fixed false positives in the MSN protocol analyzer.
   - Fixed an issue where malware data would be truncated in the log
     event.
   - Fixed an issue where Remote Desktop connections would be left
     hanging on Vista and Server 2008 systems.
   - Fixed a SMB Reflection Attack false positive.
   - Fixed a service crash caused by scanning the RDP port after
     disabling the RDP IPS rules.

   4.3.2 (23 Apr 2009)
   - Reduced memory usage for the Antivirus cache to avoid memory
     allocation issues on systems accessing many files.
   - Fixed IPS issue stopping IPSec traffic on Windows Vista.
   - Fixed false positives caused by the detection of the Kernel
     EMF Image Attack.
   - Enlarged the time control to allow proper time display on
     non-English OS.
   - Fixed an IPS issue causing UDP data to be dropped on Vista
     systems.

   4.3.1 (26 Mar 2009)
   - Fixed False Positive for "Protection Against Windows Kernel Input
     Validation Vulnerability CVE-2009-0081"
   - Fixed occasional BSOD in the eeyeh.sys driver

   4.3.0 (19 Mar 2009)
   - Fixed several Firewall related issues.
   - Removed a false positive in the FTP module related to the
     OPTS command.
   - Fixed parsing issues in the IMAP protocol causing uppercase
     duplicate IMAP folders.
   - Fixed a bug in Antivirus on Vista systems causing the Repair
     to fail.
   - Fixed a race condition causing Blinksvc process to crash.
   - Fixed a bug causing IPS events for rules with a threshold to
     not ban the attacker IP.
   - Fixed a bug related to the Disable Packet IPS to not be applied
     correctly.
   - Fixed several bugs causing BSODs on certain systems with high
     network traffic.
   - Fixed an issue causing the Blink GUI to hang after adding a
     firewall rule from the Log Viewer.
   - Fixed issues with processing Dynamic Policy state switches.
   - Fixed a bug where the "Save" button becomes inactive while
     browsing a Registry Protection rule.
   - Fixed a bug when decreasing priority for a deny rule causing the
     rule icon to be changed.
   - Fixed a bug causing Blink Alert Notifications to persist for IPS
     even if the IPS Global Alerts were disabled.
   - Resolved incompatibilities with SandBoxie.
   - Fixed a bug in parsing HTTP chunked data causing errors in
     programs doing large uploads and downloads of data over HTTP.

   4.2.4 (30 Jan 2009)
   - Improved protection for CVE-2008-4835
   - Fixed bug causing Internet Explorer or applications using the
     Internet Explorer control to crash when failing to load an ActiveX
     control.
   - Fixed a bug causing UDP traffic to be denied by the firewall on
     Vista if IPS was disabled

4.2.3 (16 Jan 2009)
- Fixed a bug in recently added protection for CVE-2008-4835

4.2.2 (14 Jan 2009)
- Fixed a bug causing ICQ clients to disconnect from the network.

   4.2.1 (06 Jan 2009)
   - Fixed a POP3 mail retrieval timeout issue.
   - Fixed eeyeh 64bit memory access error.

   4.2.0 (17 Dec 2008)
   - Fixed a false positive in the AIM protocol analyzer
   - Improved performance on HTTP servers
   - Fixed an issue where HTTP traffic was corrupted due to improper
     processing of HTTP chunked transfers. This issue manifested when
     publishing applications to Web, browsing certain Web sites, etc
   - Fixed multiple issues in the IMAP protocol analyzer
   - Fixed an issue where even though the Antivirus engine was
     stopped, signatures were still loaded in memory after an update
     leading to unnecessary memory usage.
   - Fixed several System protection engine incompatibilities
   - Fixed a bug causing Blinksvc to take 100% CPU for a long time in
     certain cases
   - Fixed an occasional Blink service crash when modifying
     Application firewall rules
   - Fixed an Application firewall bug causing a second network
     request to succeed in spite of a deny rule
   - Fixed several issues in the POP3 analyzer module
   - Fixed a registry handle leak occurring with each policy update
   - Fixed an issue where Blink service hung on starting after
     several system reboots
   - Fixed an Application Firewall bug caused by stopping the DNS
     Client Service
   - Fixed an occasional BSOD while unloading the drivers
   - Fixed a bug causing the Blink icon to report it is scanning for
     malware during a Vulnerability Assessment Scan
   - Fixed several Blink GUI bugs allowing invalid values in IPS
     signatures
   - Fixed several memory leaks in Blink service
   - Updated documentation to clarify the topic of Malware exclusions
   - Resetting Configuration will now properly reset to the Default
     configuration
   - Fixed an issue where when Quarantining malware from the scanner
     integrated in explorer, the status will not be properly reported

   4.1.5 (17 Nov 2008)
   - Fixed a Firewall issue causing traffic to be randomly denied
   - Fixed an issue causing the Fortigate SSL VPN to not connect when
     the Antivirus engine was enabled
   - Fixed an issue where when reading email over IMAP, email folders
     would appear in uppercase and in duplicate
   - Fixed rare BSODs caused on systems with heavy traffic when IPS
     was enabled.

4.1.4 (23 Oct 2008)
- NONE

4.1.3 (21 Oct 2008)
- Fixed a BSOD occurring when stopping Blink manually or during updates

   4.1.1 (13 Oct 2008)
   - Fixed a crash experienced when downloading certain emails
   - Fixed an issue where on very busy systems, some outgoing connection
     requests were denied by the firewall
   - Fixed an issue causing network issues on XP and Windows 2003
     systems (corrupt downloads, stalled connections) when IPS engine
     was enabled.
   - Fixed a rare crash when starting the Blink service.
   - Fixed several IPS issues on Windows Vista.

   4.1.0 (05 Sep 2008)
   - Fixed a system freeze on Vista x64 running Apache web server
     and PHP
   - Fixed a Blink Service crash caused by NetBios traffic
   - Fixed low performance issues when booting up a Vista system while
     the Antivirus engine was enabled
   - Fixed an issue to apply a new license on Vista when UAC is enabled
   - Firewall rules created from Logs were not always accurate
   - Fixed an issue where when the identity Theft engine was enabled
     some web pages were not displayed
   - Fixed several small memory leaks
   - Fixed issues related to downloading large emails with multiple
     massive attachments
   - Fixed an issue causing the Blink service to take a very long time
     to stop on Vista
   - Fixed an issue where an Admin on Vista with UAC enabled will not
     be able to run Updates
   - Fixed several bugs in the IPS wizard
   - Fixed a nonpaged kernel memory leak
   - Fixed several BSODs

   4.0.4 (26 Jun 2008)
   - Fixed a severe memory leak in the IPS engine occurring on systems
     using TCP offloading
   - Fixed an error causing Spyware to not be detected upon execution
   - Fixed an issue causing UDP fragments to be dropped
   - Fixed an issue causing Internet Explorer 6 and 7 to occasionally
     hang
   - Fixed an issue in the IPS causing Windows Mobile Device Center to
     fail connecting to WM devices on Vista
   - Fixed the problem where in certain cases Blink would not recognize
     that the logged in user is a local Administrator
   - Fixed an issue on XP where moving folders with multiple sub folders
     from one disk to another would generate errors.
   - On Vista, Blink will not allow installation if TrendMicro or McAfee
     Antivirus is detected.
   - Fixed a severe memory leak in the IPS engine occurring on systems
     using TCP offloading
   - Fixed an error causing Spyware to not be detected upon execution
   - Fixed an issue causing UDP fragments to be dropped
   - Fixed an issue causing Internet Explorer 6 and 7 to occasionally
     hang
   - Fixed an issue in the IPS causing Windows Mobile Device Center to
     fail connecting to WM devices on Vista
   - Fixed the problem where in certain cases Blink would not recognize
     that the logged in user is a local Administrator
   - Fixed an issue on XP where moving folders with multiple sub-folders
     from one disk to another would generate errors.
   - On Vista Blink will not allow installation if TrendMicro Antivirus
     is detected.
   - Improved compatibility with other applications such as utorrent,
     Skype, etc.
   - Fixed a System has been scanned false positive
   - Fixed memory leaks when running on high traffic servers
   - Fixed a number of Malware false positives
   - Fixed memory leaks in the SMB/RPC Analyzer module
   - Fixed MSN Analyzer module false positives
   - Fixed a bug causing certain applications to not terminate properly
     when IPS was enabled
   - Fixed an issue where signed emails would not verify the signature
     due to extra spaces being removed by Blink.
   - Fixed a broadcast ICMP false positive
   - Fixed a land attack false positive
   - Identity Theft rules can be disabled now
   - Fixed an issue where after uninstalling Blink some files were
     left locked.
   - Fixed wrong error message when trying to open Blink GUI at system
     start in safe mode
   - Fixed an issue where the IPS signature wizard could not save the
     IP options
   - Fixed an issue where a virus would not be quarantined if the
     first action was set to Repair.
   - Fixed an issue where scanning a folder using a list of file
     extensions didn't scan the subfolders.
   - Fixed various crashes while editing IPS rules.

   4.0.1 (28 May 2008)
   - Added support for Windows Vista SP1 (x86 and x64)
   - Malware actions (restore, trust) can be performed from the Log
     Viewer by right clicking the malware events
   - Lower CPU usage on desktops with high network usage when IPS
     engine is enabled
   - When Blink starts for the first time after installation, it will
     not disconnect the network
   - Vulnerability Scan report has been improved
   - Optimized AntiVirus exclusion processing
   - Blink will avoid creating duplicate Application Firewall rules.
     If another disabled rule is found, it will be enabled instead of
     creating a new rule.

Antivirus False Positive??? - Microsoft RAW Thumbnail Powertool

eyesonly — Sat, 07 Nov 2009 08:33:22 GMT

I'm reporting a possible false positive, Blink Personal Virus & Spyware reports the Microsoft RAW Thumbnail Powertools as W32/Obfuscated.A!genr.

The file name is RAWSupport.exe.

My system is Windows XP SP3.

Please let me know if this is a false positive or actual malware.

If you need the file, let me know how to send it to you (preferably via Blink Personal, rather than e-mail).

BTW, Microsoft Security Essentials does NOT flag this file as malware.

Thanks in advance.

Virus Scan Report

martynjy — Wed, 04 Nov 2009 15:21:15 GMT

I am currently running Blink Personal 4.4.3 trial version on Windows Vista Home Premium SP1.

When running a Virus/Spyware Scan (whether On Demand, Quick or Full) Blink does not generate a report. When choosing 'View The Last Scan Report' I get a box saying 'No Virus and Spyware Protection report exists'.

This happens despite the fact that it found 4 suspicious files. These were only logged in the Event Logs.

Vunerability Assessment Scan works and produces a report and there are 3 related files in the reports folder:

ScanResults.html / ScanResults.xml / ScanResults.xslt

There is only 1 file in the reports folder relating to Virus/Spryware Scan:

MalScan.xslt

Any suggestions would be appreciated.

Thanks

Blink Personal Version 4.4.3, Rule version 1550
AntiVirus Version 1.0.824
Vulnerability Scanner version 5.10.18, Audits version 2155

Unique Antivirus Alert

Blue1978 — Sun, 15 Nov 2009 23:05:42 GMT

Here is a unique AV alert I received recently. Seems the heuristic engine tripped on this file. This file is ligitament though, so this is a false-positive. :)

Event ID: BLINK-MAL-205
Severity: High
Description: Blink has found a malware application
Alert: Yes
Action: Log Only
Name: Fake Microsoft Application
Found Item: C:\Program Files (x86)\Microsoft Works\lnchtour.exe
MD5 Checksum: E8CE912100A93456CE4C87BAAFDAABC1
Category: Suspicious
Name: Fake Microsoft Application
Category: Suspicious
Malware Description: This application claims to be made by Microsoft, but it is packed/encrypted. Hackers pack/encrypt their viruses to avoid detection.
Detected by: Heuristics Engine

Firewall issues !!

Bart — Mon, 16 Nov 2009 20:02:30 GMT

Within the last four days, I have not been able to get online. After checking with my online service, they suggested I turn off my firewall which I did. I can now get right on the internet. However, I do not wish to leave the firewall down. So, why is my firewall causing issues and how do I correct this problem???

Thanks

Is anyone else seeing a lot of this?

imhome — Wed, 15 Apr 2009 18:36:24 GMT

Event ID:

BLINK-IDT-7006

Severity:

Medium

Description:

A web page contained a link to a different domain name than the link text claimed.

Alert:

Yes

Action:

Terminated

Attacker:

203.77.186.248 (note below)

Attacker Port:

Victim IP:

192.168.1.

Victim Port:

1500

Protocol:

TCP

Real Link:

http://g.msn.com/0HE_TRACKSTAR_ENUS9/10028

Deceptive HREF:

https://billing.microsoft.com

Process Path:

C:\WINDOWS\system32\svchost.exe

I'm seeing a lot of entries for this. The 4th. octate of the attacker ip varies (247,242,240,234,222,208 etc.)

Blink 4.5.0 BETA is Working Great!

Blue1978 — Sat, 14 Nov 2009 16:52:09 GMT

I finally got my copy of Windows 7 Ultimate sent to me here in Afghanistan. I went ahead and did a fresh install of it after wiping my system; using the 64bit edition. Blink 4.5.0 BETA is installed and running great so far!

Outstanding job as always Blink team!

I will keep you posted if I find anything new out.

Network Shares

christk01 — Tue, 10 Nov 2009 13:14:57 GMT

Forgive me if there is an answer to this somewhere. I couldn't find it through the search engine.

I'm using Blink Personal 4.4.3 on six computers on my network. I have seven computers and a laptop, the seventh computer has Kaspersky Beta for Win 7 and is running Win 7 32 bit. My laptop is running F-Secure 2010 and is on Vista Ultimate 32 bit. Of the other six computers on all of which Blink Personal is installed, 2 are on Windows XP Media Center 2005, 2 are on Vista Home Premium 32 Bit, 1 is on Vista Ultimate 32 bit, and one on Vista Ultimate 64 bit.

On all my PCs, I have 8 hard drives. I share 7 of these drives with full network access with all the other PCs, and have a 'shared' or 'public' folder (depending on OS) on the system drive. I am climbing the wall trying to set rules that will allow all computers to access each other. I use a Netgear router with static IP addresses between 192.168.0.2 and 192.168.0.50, the gateway being obviously 192.168.0.1. I have tried allowing all local IP addresses and all ports on these in the firewall in both directions, but am not getting complete sharing. The two XP Pro(Media Center) PCs cannot see each other, but can see all the Vista and the Win 7 machines. The Vista machines can see each other, but not the XP machines.

Previously, all the machines had F-Secure 2009, but on the forced update to 2010 by F-Secure, I could not access some parts of the rules sets in F-Secure - user tweaking had become very limited. Nevertheless, I had no problems with network shares. However, being unable to do some things, I lost patience with F-Secure, and decided to give Blink a try out. I liked it after using on one machine with no problems, and bought six licences and installed it on six of my PCs, thereby ceasing a 10 year loyalty to F-Secure. Now I'm tearing my hair out because I can't get free access between all the PCs, and can't figure out what I'm doing wrong.

What I need is allowed network shares, with full permissions on non system drives allowing 'everyone' to view and edit all files, plus full permissions on the shared or public folder on the system drive, but no network access to any other files on the system drive.

Can anyone suggest a simple rule that I can incorporate in my configuration that will restore full network access like I had with F-Secure between all machines and all Windows NT based operating systems ?

(I don't think the problem is a Windows one. It worked fine with F-Secure, and works fine if I turn off Blink Personal. The only change I made at the same time as installing Blink was to change one PC from Vista Ultimate 64 bit to XP Media Center 32 bit to give the setup described above. If someone thinks it may be a Windows problem I haven't thought of, I will gladly read the comment).

I will be forever grateful if someone can provide a solution !

VMware console terminates

puresecure — Thu, 12 Nov 2009 19:29:15 GMT

Running the VMware Server 2 console in Firefox causes an application termination in Blink. It does not terminate the console when running via IE 8. I'm running Win 7 x64. This did not happen with previous versions of Blink when I was running Vista x64.

Event ID: BLINK-APP-100
Severity: High
Description: Blink detected a suspicious system call.
Alert: Yes
Application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Reason: Attempting to infiltrate Kevlar memory
Action: Restart process
Application Arguments: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

Note: Blink detected an abnormal behavior in one of the monitored applications. It is very likely that you are witnessing an attempt to exploit a known or unknown buffer overflow vulnerability in this application. The best course of action is to update this application to the latest version available from its vendor. Also, please report this issue to eEye to be investigated further. If you are sure that this is not an attack, you can disable the Application Protection layer for this application by editing the apiex.ini file in the Config folder under the Blink installation directory.
To add an exclusion for this application, open the file in notepad or your favorite text editor and add a line in this format: PROCESS_NAME;;Kevlar;0
Replace the PROCESS_NAME entry above with the .exe name reported above in this event. For example, to exclude notepad.exe create an entry like this: notepad.exe;;Kevlar;0

Blink Personal Edition and AVG v.9 free

compage — Thu, 12 Nov 2009 10:41:42 GMT

On a PC running Windows XP, AVG wants to update from v.8.5 to v.9 but detects a Blink installation that no longer exists.

Ideas anyone?

Irfanview Loading Delay

Dave L — Wed, 11 Nov 2009 21:12:41 GMT

I use the free image viewer Irfanview. I have Windows XP with all updates. I noticed about a month ago that Irfanview went from launching in under a second to over 5 seconds. I'm not sure if the delay in loading started to occur with an update to Blink Personal (I'm using 4.4.3) or to Irfanview (ver. 4.25).

When I disable virus checking in Blink, the loading goes back to taking under a second.

I checked this on another computer, also XP. The same behavior occurs, except that the computer has a slower processor and Irfanview takes TEN seconds to load. So the problem does not seem to be unique to a specific computer.

I have disabled Blink's checking of Irfanview (i_view32.exe) in the Options and Settings dialogue box in order to temporarily fix the problem, but wonder if anyone has any ideas on what is going on here. It would seem to be a bug in Blink. Considering Irfanview is pretty widely used, and the loading time is remarkably slowed by Blink, then perhaps Blink developers might want take a look at the issue.

Question-new user

baldys15 — Mon, 09 Nov 2009 22:17:11 GMT

Hello I have a few questions on the Blink Personal 4.5 Beta or program can be used on a daily basis, whether it is better to install a stable version? Whether something is improved when it comes to detecting malware, the program has for example, heuristics and detection module rookits? How he deals with the detection malware? or created separate versions of Blink Edtion eg Antivirus, Internet Security, etc., or blink as a personal automatic update database? and if you can send viruses, eg the e-mail or create the appropriate department.

PS I can help translating the program into Polish, and if necessary I can translate the final version:)

Beta fails install

cdmichael — Sat, 07 Nov 2009 22:51:00 GMT

Attempted to install on fresh Windows 7 Home Premium install

Error 1904 Module C:\Program Files (x86)\eEye Digital Security\Blink\EEYENTHST.dll failed to register. HRESULT -21470 10895

QA mail bounces

cdmichael — Sat, 07 Nov 2009 22:53:10 GMT

postmaster@eeye.com to me
show details 5:45 PM (3 minutes ago)

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

QADept@eeye.com

Final-Recipient: rfc822;QADept@eeye.com
Action: failed
Status: 5.7.1
X-Display-Name: QA Department

---------- Forwarded message ----------
From: xxx
To: blink.personal.eap@eeye.com
Date: Sat, 7 Nov 2009 17:45:31 -0500
Subject: Beta fails to install

Attempted to install on fresh Windows 7 Home Premium install

Windows Firewall On by Default?

drj1221 — Mon, 09 Nov 2009 18:11:16 GMT

Installing Blink seems to turn off Windows Defender but leaves Windows Firewall running. Is this the advised configuration or should the user manually disable Windows Firewall when installing Blink?

Windows 7 Professional x64.

licence expiry

olly47 — Mon, 09 Nov 2009 16:53:25 GMT

Hi. I am a noob who has been using blink for only a few months...but Ikeep getting pop ups telling me the licence is due to expire. I downloaded the prog from Download.com where it says it is free without a time limit. Is this incorrect and does the prog expire after 30 days ?

I am using version 4.4.1, but am in the process of updating to 4.4.3. Help please!!! Olly

Only installed 30 days, already being asked for license

cyrusrayne — Tue, 13 Oct 2009 15:56:42 GMT

I installed Blink about a month ago and am already being asked to purchase a license. Being in Canada, my understanding was that I should be alright to use Blink for a year prior to purchasing a new license. Is this still the case, or has it changed recently?

UPDATE: I should note I've also contacted licensing and a response is pending, but Blink is saying the license expires in just under 2 weeks, so I'm hoping to hear something soon.

Firewall settings

puresecure — Tue, 03 Nov 2009 23:13:23 GMT

I've had three instances in the past few days where Windows Action Center is telling me that Blink Firewall is off. It appears to be running OK so I assume it's just misreading something. But I wanted to let you know.

I'm running Win 7 x64 Ultimate, BTW.

Easy way to compare scans?

jimbo — Sat, 07 Nov 2009 01:02:59 GMT

We run Retina scans every month and what I'd like to do is show management the progress that's being made with IAV patching.

Is there a way in Retina where I can compare scans?

What I mean is:

1st scan shows IAVA 2009-A-0001 is vulnerable on client1, client2, and client3.

2nd scan shows the same IAVA 2009-A-0001 is vulnerable on client1 and client3.

Looking at that, I can easily tell that the patch was applied to one client (client2). But imagine having multiple IAVs on hundreds of clients. Now you can see that manually doing this is too cumbersome.

Identity Theft ProtectionTerminated

dpimatrix — Sat, 07 Nov 2009 17:18:15 GMT

Hello-

Has anyone received this notification from their product? I re-installed and got the same thing. Is this the zero-day vulnerability protection I paid for?