Troubleshooting

upgrade from Vista x64 to Windows 7 leaves Blink unusable, uninstallable

shipsass — Sat, 24 Oct 2009 19:04:02 GMT

I should have known better, but I left Blink Personal edition installed when I upgraded to Windows 7 last night. Now I cannot start Blink, and the uninstaller fails with a 1703 DLL error.

Are there any instructions for manually uninstalling the product so I can try again?

Thanks,

Joe

No Remote Registry Access Available

dspivey — Fri, 09 Oct 2009 16:38:43 GMT

I run this Retina scan using a single IP and do not have this issue. When run with a range of IP's i get the No Remote Registry Access Available. I have looked at the log files, and I see some Err=5 as it trys all the local accounts, but I AM supplying credentials with my scan. Why does this work with a single IP scan and not the range of IP's?

Antivirus False Positive??? - Microsoft RAW Thumbnail Powertool

eyesonly — Sat, 07 Nov 2009 08:33:22 GMT

I'm reporting a possible false positive, Blink Personal Virus & Spyware reports the Microsoft RAW Thumbnail Powertools as W32/Obfuscated.A!genr.

The file name is RAWSupport.exe.

My system is Windows XP SP3.

Please let me know if this is a false positive or actual malware.

If you need the file, let me know how to send it to you (preferably via Blink Personal, rather than e-mail).

BTW, Microsoft Security Essentials does NOT flag this file as malware.

Thanks in advance.

Virus Scan Report

martynjy — Wed, 04 Nov 2009 15:21:15 GMT

I am currently running Blink Personal 4.4.3 trial version on Windows Vista Home Premium SP1.

When running a Virus/Spyware Scan (whether On Demand, Quick or Full) Blink does not generate a report. When choosing 'View The Last Scan Report' I get a box saying 'No Virus and Spyware Protection report exists'.

This happens despite the fact that it found 4 suspicious files. These were only logged in the Event Logs.

Vunerability Assessment Scan works and produces a report and there are 3 related files in the reports folder:

ScanResults.html / ScanResults.xml / ScanResults.xslt

There is only 1 file in the reports folder relating to Virus/Spryware Scan:

MalScan.xslt

Any suggestions would be appreciated.

Thanks

Blink Personal Version 4.4.3, Rule version 1550
AntiVirus Version 1.0.824
Vulnerability Scanner version 5.10.18, Audits version 2155

Firewall issues !!

Bart — Mon, 16 Nov 2009 20:02:30 GMT

Within the last four days, I have not been able to get online. After checking with my online service, they suggested I turn off my firewall which I did. I can now get right on the internet. However, I do not wish to leave the firewall down. So, why is my firewall causing issues and how do I correct this problem???

Thanks

Is anyone else seeing a lot of this?

imhome — Wed, 15 Apr 2009 18:36:24 GMT

Event ID:

BLINK-IDT-7006

Severity:

Medium

Description:

A web page contained a link to a different domain name than the link text claimed.

Alert:

Yes

Action:

Terminated

Attacker:

203.77.186.248 (note below)

Attacker Port:

Victim IP:

192.168.1.

Victim Port:

1500

Protocol:

TCP

Real Link:

http://g.msn.com/0HE_TRACKSTAR_ENUS9/10028

Deceptive HREF:

https://billing.microsoft.com

Process Path:

C:\WINDOWS\system32\svchost.exe

I'm seeing a lot of entries for this. The 4th. octate of the attacker ip varies (247,242,240,234,222,208 etc.)

Network Shares

christk01 — Tue, 10 Nov 2009 13:14:57 GMT

Forgive me if there is an answer to this somewhere. I couldn't find it through the search engine.

I'm using Blink Personal 4.4.3 on six computers on my network. I have seven computers and a laptop, the seventh computer has Kaspersky Beta for Win 7 and is running Win 7 32 bit. My laptop is running F-Secure 2010 and is on Vista Ultimate 32 bit. Of the other six computers on all of which Blink Personal is installed, 2 are on Windows XP Media Center 2005, 2 are on Vista Home Premium 32 Bit, 1 is on Vista Ultimate 32 bit, and one on Vista Ultimate 64 bit.

On all my PCs, I have 8 hard drives. I share 7 of these drives with full network access with all the other PCs, and have a 'shared' or 'public' folder (depending on OS) on the system drive. I am climbing the wall trying to set rules that will allow all computers to access each other. I use a Netgear router with static IP addresses between 192.168.0.2 and 192.168.0.50, the gateway being obviously 192.168.0.1. I have tried allowing all local IP addresses and all ports on these in the firewall in both directions, but am not getting complete sharing. The two XP Pro(Media Center) PCs cannot see each other, but can see all the Vista and the Win 7 machines. The Vista machines can see each other, but not the XP machines.

Previously, all the machines had F-Secure 2009, but on the forced update to 2010 by F-Secure, I could not access some parts of the rules sets in F-Secure - user tweaking had become very limited. Nevertheless, I had no problems with network shares. However, being unable to do some things, I lost patience with F-Secure, and decided to give Blink a try out. I liked it after using on one machine with no problems, and bought six licences and installed it on six of my PCs, thereby ceasing a 10 year loyalty to F-Secure. Now I'm tearing my hair out because I can't get free access between all the PCs, and can't figure out what I'm doing wrong.

What I need is allowed network shares, with full permissions on non system drives allowing 'everyone' to view and edit all files, plus full permissions on the shared or public folder on the system drive, but no network access to any other files on the system drive.

Can anyone suggest a simple rule that I can incorporate in my configuration that will restore full network access like I had with F-Secure between all machines and all Windows NT based operating systems ?

(I don't think the problem is a Windows one. It worked fine with F-Secure, and works fine if I turn off Blink Personal. The only change I made at the same time as installing Blink was to change one PC from Vista Ultimate 64 bit to XP Media Center 32 bit to give the setup described above. If someone thinks it may be a Windows problem I haven't thought of, I will gladly read the comment).

I will be forever grateful if someone can provide a solution !

Blink Personal Edition and AVG v.9 free

compage — Thu, 12 Nov 2009 10:41:42 GMT

On a PC running Windows XP, AVG wants to update from v.8.5 to v.9 but detects a Blink installation that no longer exists.

Ideas anyone?

Irfanview Loading Delay

Dave L — Wed, 11 Nov 2009 21:12:41 GMT

I use the free image viewer Irfanview. I have Windows XP with all updates. I noticed about a month ago that Irfanview went from launching in under a second to over 5 seconds. I'm not sure if the delay in loading started to occur with an update to Blink Personal (I'm using 4.4.3) or to Irfanview (ver. 4.25).

When I disable virus checking in Blink, the loading goes back to taking under a second.

I checked this on another computer, also XP. The same behavior occurs, except that the computer has a slower processor and Irfanview takes TEN seconds to load. So the problem does not seem to be unique to a specific computer.

I have disabled Blink's checking of Irfanview (i_view32.exe) in the Options and Settings dialogue box in order to temporarily fix the problem, but wonder if anyone has any ideas on what is going on here. It would seem to be a bug in Blink. Considering Irfanview is pretty widely used, and the loading time is remarkably slowed by Blink, then perhaps Blink developers might want take a look at the issue.

licence expiry

olly47 — Mon, 09 Nov 2009 16:53:25 GMT

Hi. I am a noob who has been using blink for only a few months...but Ikeep getting pop ups telling me the licence is due to expire. I downloaded the prog from Download.com where it says it is free without a time limit. Is this incorrect and does the prog expire after 30 days ?

I am using version 4.4.1, but am in the process of updating to 4.4.3. Help please!!! Olly

Only installed 30 days, already being asked for license

cyrusrayne — Tue, 13 Oct 2009 15:56:42 GMT

I installed Blink about a month ago and am already being asked to purchase a license. Being in Canada, my understanding was that I should be alright to use Blink for a year prior to purchasing a new license. Is this still the case, or has it changed recently?

UPDATE: I should note I've also contacted licensing and a response is pending, but Blink is saying the license expires in just under 2 weeks, so I'm hoping to hear something soon.

Identity Theft ProtectionTerminated

dpimatrix — Sat, 07 Nov 2009 17:18:15 GMT

Hello-

Has anyone received this notification from their product? I re-installed and got the same thing. Is this the zero-day vulnerability protection I paid for?

Shutdown of Blink Pro

jaiamma — Thu, 29 Oct 2009 07:21:05 GMT

Whenever I shut down my up-to-date XP SP3 PC, it displays a Windows dialog box "Trying to Shutdown Blink Pro. Click Here to End Now" or something like that. Any way to fix this?

Thanks,

Tom

Blink Pro and itunes

jaiamma — Thu, 29 Oct 2009 07:09:36 GMT

When I download a podcast using iTunes 9.0.1.8, my fully updated Blink Pro 4.4.2 starts using close to 100% of the CPU in my WIndows XP SP3 PC. Anyway to fix this?

NO RULES after Blink Personal 4.4.3 Update

eyesonly — Thu, 29 Oct 2009 02:27:05 GMT

After Blink forced a new update (today) to version 4.4.3 after reboot, there were NO RULES (Firewall, Intrusion Prevention & System Protection) for the Administrative User. BTW, I have Windows XP SP3.

Strangely, the Limited User had rules.

Obviously, a firewall w/o rules in absolutely worthless. Less than useless.

This happened to me previously months ago, so I tried to follow the advice given at that time.

Reseting the configuration did NOT help, still NO RULES.

Deleting the key HKCU/Software/Eeyes Digital Security/Blink did NOT help, still NO RULES.

I'm going to try uninstalling Blink, eliminating as many registry entries for Blink as I can find and finally downloading and reinstalling Blink.

It's very frustrating to see this happen again, especially after I reported a similar incident earlier.

Maybe Eeyes should check for this BEFORE letting Blink Personal out of Beta.

Thanks in advance.

Emailing users

abreeland — Mon, 26 Oct 2009 15:22:41 GMT

Is there anyway to automatically generate emails to network users with vulnerabilities on their system? As opposed to sending individual emails to every user.

Vulnerability Scanner - NTFS 8 Filenames - Value 0 or 1

saishing — Sat, 10 Oct 2009 00:03:15 GMT

Vulnerability scanner requires conflicting values for NtfsDisable8dot3NameCreation, as shown below. It's my understanding, if the value is set to 1, then short filenames are _not_ created. This value,however, only affects new writes (not on existing files/directories). If the value is missing or set to 0, then short filenames _are_ created. The audit requires both values; both vulnerabilities show. Please advise?

Note: In my initial install version, Personal Version 4.3.2, Vulnerability Scanner v.5.10.12, Audits v.2115, only the "FDCC" was included in the vulnerability list, as I have it set to 1.

OS: XP,SP3
Blink Personal Version 4.4.2, Rule version 1543
AntiVirus Version 1.0.797
Vulnerability Scanner version 5.10.15, Audits version 2144

Registry NTFS 8 Dot 3
CVE CVE-1999-0012
Description NTFS has the ability to support backwards compatibility with older 16 bit apps. It is recommended not to use 16-bit apps on a secure server since it could allow attackers to bypass access restrictions for files with long file names.
How To Fix To disable 8.3 file names set the following registry key settings:

Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Control\FileSystem
Key: NtfsDisable8dot3NameCreation
Type: REG_DWORD
Value: 1
=====
Windows Microsoft Windows NTFS 8.3 Filenames - FDCC
Description The setting for "MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames" does not meet FDCC requirements.
How To Fix To set NtfsDisable8dot3NameCreation to disabled, set the following registry key settings:

Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Control\FileSystem
Key: NtfsDisable8dot3NameCreation
Type: REG_DWORD
Value: 0

Audit ID: 6356 Ghostscript Zseticcspace() Buffer Overflow - Windows

brian44cc — Wed, 14 Oct 2009 14:44:43 GMT

I've read multiple fixes on this issue, and I have yet to find one that actually works. Are there any reports of this being a false positive?

Thanks,

Brian

Windows Security Center on 64-bit Vista Reports Blink Virus protection is Turned Off

Mike — Thu, 15 Oct 2009 23:13:01 GMT

Every time I boot my computer Windows Security Center reports that Blink Virus protection is turned off. When I check Blink, it shows Virus and Spyware Protection as on. Is this a bug or do I have a possible configuration problem?

Here's the info on the version of Blink that I'm running.

Blink Personal Version 4.4.2, Rule version 1548
AntiVirus Version 1.0.800
Vulnerability Scanner version 5.10.15, Audits version 2147

I am running the 64-bit version of Windows Vista. It is up-to-date with all of the latest service packs and updates.

Retina reveals no vulnerabilties until after windows update runs and patches system

jdeitel — Tue, 13 Oct 2009 18:47:31 GMT

Ok, so this is the first time I've had an issue like this. I scanned a few servers this morning with updated Audits and I came up with a few vulnerabilities. Well I decided to do a windows update on all of the boxes and now I've got Cumulative IE secuirty updates popping all over my reports. The IE updates and ActiveX killbits appeared "old" but when I looked for more information the site said it was updated as of 10/13/2009....

I'm going to rollback all of the updates I performed but has anyone else encountered something along the same lines? MS Update screwy?

Thanks

Vulnerability Scanner - Registry Settings for RasMan Not Detected

saishing — Fri, 09 Oct 2009 23:46:06 GMT

Vulnerability scanner doesn't properly detect registry settings for MS RAS Logging, MS RAS Encrypt, MSCHAPv2 VPN, PPP Client Security, as shown below. This is the case on 2 computers that use Blink.
(a) Registry access is granted; all other app or registry changes (except NtfsDisable8dot3NameCreation--see post) are detected by the scanner.
(b) Services for RasMan, RasAuto, Remote Desktop are disabled.
(c) No malware.

Enabling services, removing reg entries/re-entering, reboot, removing/reinstalling Blink, _etc_ are not a fix.

When using the free edition or the purchased install version, Blink Personal Version 4.3.2, Vulnerability Scanner Version 5.10.1, Audits version 2115--if RasMan etc is audited--no vulnerabilities shown for RasMan etc.

Any help appreciated. Thank you.

OS: XP,SP3
Blink Personal Version 4.4.2, Rule version 1543
AntiVirus Version 1.0.797
Vulnerability Scanner version 5.10.15, Audits version 2144

MS RAS Logging
How To Fix To enable logging, set the following Registry key settings: Hive: HKEY_LOCAL_MACHINE Path: System\CurrentControlSet\Services\Rasman\Parameters Key: Logging Type: REG_DWORD Value: 1

MSCHAPv2 VPN
How To Fix To enforce MSCHAP V2 set the following key: Hive: HKEY_LOCAL_MACHINE Path: System\CurrentControlSet\Services\RasMan\PPP Key: SecureVPN Type: REG_DWORD Value: 1

MS RAS Encrypt
How To Fix To force encrypted transfers set the following Registry key settings:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\RASMAN\PPP
Key: ForceEncryptedData
Type: REG_DWORD
Value: 1

PPP Client Security
How To Fix To require authentication set the following key:
Hive: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\Rasman\PPP
Key: ForceEncryptedPassword
Type: REG_DWORD
Value: 2

Unable to install e-eye digital security blink professional

Adam-CC — Fri, 09 Oct 2009 08:11:46 GMT

I have just taken over a business, and they are using e-Eye Digital Security blink professional. They no longer wish to use the software, but the previous company refuse to hand over the password set to remove the software. How can I get around this without delving into the registry and mindlessly removing entries?!

Thanks,

Adam

GRC's DNSB

lwbone — Fri, 02 Oct 2009 00:38:12 GMT

Louis...

> Whatever you did .... my results are horrible!!  EEye Security
> (BLINK.EXE) screams from the onset about each IP not conforming
> to DNS Standards. Attached is the screen shot


Thanks for sending all that stuff to me via eMail at DNS2009.

I've examined the BLINK logs you sent ... and it simply appears 
that BLINK is completely unaware of DNS security.  Is there some 
way to make the benchmark an exception to allow those packets 
back in to it ... or to briefly disable BLINK's detection while 
running the benchmark??

-- 
________________________________________________________________
Steve.  Working on: GRC's DNS Benchmark utility:
        http://www.grc.com/dev/DNSBench.exe



BLINK:  I hope that your techies are following the developments over at Gibson Research Corp. (GRC)
 
I Love this product, but as can be seen from the above BLINK needs some updating (or I need some help)
or both...  either way.
Help us make BLINK a better product.

LW BONE

HELP: Conflict with another Security Program

herbertm — Fri, 09 Oct 2009 19:50:44 GMT

Hello to all.

I am currently working on a project that uses eEye Retina Network Security. I am having problems with it conflicting with another program. This program scans the local system and lists potential vulnerabilities. Now, when I run eEye Retina, it audits some issues but it conflicts with the other program. For example, eEye Retina wants this a particular service on while the other program wants it disabled. The company is more in favor with the other program but would still like to utilize eEye Retina. Is there any way to change the settings of eEye Retina regarding the audits that it finds?

Thank you very much in advance.

Installation of Blink personal edition-problems installing Error: 1317

Sean — Tue, 29 Sep 2009 04:26:58 GMT

I have the program, but cannot complete the installation. I receive Error: 1317, cannot create a C folder quarantine. Are there any ideas on how to solve this installation issue?