2009年3月6日星期五

NAC CCA Debug Log

发帖者 CISSPro Blog on 08:53
标签:

--- START OF DECODE ---
2008-07-03 17:42:07 [Fatal] [HTTPConnection] first HttpSendRequest() failed: 12045
2009-03-04 12:05:49 [Error] [Strings] Failed to load CCA_804.clsResources:429, CleanMachines, ActiveX component can't create object
2009-03-04 12:05:49 [Debug] [Strings] Trying to load CCA_409.clsResources ...
2009-03-04 12:05:49 [Debug] [Strings] English resources was loaded successfully.
2009-03-04 12:05:49 [Debug] [OpswatUtil] Starting AV/AS detection....
2009-03-04 12:06:05 [Debug] [OpswatUtil] 1 AV/AS products found
2009-03-04 12:06:05 [Debug] [OpswatUtil] AV info string: 1. Product Type : AntiVirus (NortonAV)
Product Name : Symantec Endpoint Protection
Product Ver. : 11.0.2000.1567
Def Ver. : 3/2/2009 rev. 53
Def Date : 2009-03-02


2009-03-04 12:06:09 [Debug] [frmLogin] Create Tooltip window.
2009-03-04 12:06:09 [Debug] [frmLogin] Adding Tooltip.
2009-03-04 12:06:09 [Debug] [frmLogin] frmLogin hwnd=132036 container=132248 nessusframe=132248.
2009-03-04 12:06:09 [Debug] [frmLogin] Tooltip added.
2009-03-04 12:06:09 [Debug] [AccessToAuth]: DetectNework value: 0
2009-03-04 12:06:09 [Debug] [frmLogin] disable access to auth feature
2009-03-04 12:06:09 [Debug] [frmLogin] Switch to frame : 64
2009-03-04 12:06:10 [Debug] [frmSysTray] Checking status..
2009-03-04 12:06:10 [Debug] [SWISSClient] current CAS:
2009-03-04 12:06:10 [Debug] [SWISSClient] Is L3 Swiss? : False
2009-03-04 12:06:10 [Debug] [SWISSClient] DiscoveryHost : 192.168.34.22
2009-03-04 12:06:10 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:10 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:10 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:10 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:10 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:10 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:10 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:10 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:10 [Debug] [SWISSPacket]SWISS Nounce Length : 5
2009-03-04 12:06:10 [Debug] [SWISSPacket] content length:60
2009-03-04 12:06:10 [Debug] [SWISSPacket] Packet Length:71
2009-03-04 12:06:10 [Debug] [AdapterInfoList] gateway: 172.21.46.1 ip: 172.21.46.202 subnet: 255.255.0.0
2009-03-04 12:06:10 [Debug] [AdapterInfoList] gateway: 172.21.46.1
2009-03-04 12:06:10 [Debug] [SWISSClient] adapter with ip='172.21.46.202' gw='172.21.46.1'
2009-03-04 12:06:10 [Debug] [SWISSClient] send packet to gw 172.21.46.1
2009-03-04 12:06:10 [Debug] [SWISSClient] WinSock Control set remote host='172.21.46.1'
2009-03-04 12:06:10 [Debug] [SWISSClient] WinSock Control bind port=0 ip='172.21.46.202'
2009-03-04 12:06:10 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:06:10 [Debug] SWISSClient: received packet size = 53
2009-03-04 12:06:10 [Debug] from : 172.21.46.1 local :172.21.46.202
2009-03-04 12:06:10 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:06:10 [Debug] [SWISSClient] SendQuery: gw PacketReceived True
2009-03-04 12:06:10 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:10 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:10 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:10 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:10 [Debug] [SWISSPacket]SWISS Nounce Length : 10
2009-03-04 12:06:10 [Debug] [SWISSPacket] content length:65
2009-03-04 12:06:10 [Debug] [SWISSPacket] Packet Length:76
2009-03-04 12:06:10 [Debug] [SWISSClient] send V2 packet to: 192.168.34.22
2009-03-04 12:06:10 [Debug] [SWISSClient] WinSock Control set remote host='192.168.34.22'
2009-03-04 12:06:10 [Debug] [SWISSClient] WinSock Control bind port=0 ip=''
2009-03-04 12:06:10 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:06:10 [Debug] SWISSClient: received packet size = 62
2009-03-04 12:06:10 [Debug] from : 192.168.34.22 local :172.21.46.202
2009-03-04 12:06:10 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:06:10 [Debug] [SWISSClient] - SendQuery: V2 status PacketReceived True; RequestorIP:172.21.46.202; local IP: 172.21.46.202
2009-03-04 12:06:10 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:10 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [frmSysTray] Checking status..
2009-03-04 12:06:15 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:15 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:15 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:15 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:15 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:15 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [SWISSClient] current CAS: 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSClient] Send query directly to: 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:15 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:15 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:15 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:15 [Debug] [SWISSPacket]SWISS Nounce Length : 6
2009-03-04 12:06:15 [Debug] [SWISSPacket] content length:61
2009-03-04 12:06:15 [Debug] [SWISSPacket] Packet Length:72
2009-03-04 12:06:15 [Debug] [SWISSClient] send V2 packet to: 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSClient] WinSock Control set remote host='192.168.34.22'
2009-03-04 12:06:15 [Debug] [SWISSClient] WinSock Control bind port=0 ip=''
2009-03-04 12:06:15 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:06:15 [Debug] SWISSClient: received packet size = 58
2009-03-04 12:06:15 [Debug] from : 192.168.34.22 local :172.21.46.202
2009-03-04 12:06:15 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSClient] - SendQuery: V2 status PacketReceived True; RequestorIP:172.21.46.202; local IP: 172.21.46.202
2009-03-04 12:06:15 [Debug] [SWISSPacket] Login Status: 32
2009-03-04 12:06:15 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:0, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:06:15 [Debug] [Application] Login - Status:0
2009-03-04 12:06:15 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:15 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:15 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:15 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:15 [Debug] [SWISSPacket]SWISS Nounce Length : 6
2009-03-04 12:06:15 [Debug] [SWISSPacket] content length:61
2009-03-04 12:06:15 [Debug] [SWISSPacket] Packet Length:72
2009-03-04 12:06:15 [Debug] [SWISSClient] Query Provider
2009-03-04 12:06:15 [Debug] [SWISSClient] current CAS: 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSClient] Send query directly to: 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSClient] WinSock Control set remote host='192.168.34.22'
2009-03-04 12:06:15 [Debug] [SWISSClient] WinSock Control bind port=0 ip=''
2009-03-04 12:06:15 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:06:15 [Debug] SWISSClient: received packet size = 60
2009-03-04 12:06:15 [Debug] from : 192.168.34.22 local :172.21.46.202
2009-03-04 12:06:15 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:06:15 [Debug] [SWISSClient] - SendQuery: PacketReceived True
2009-03-04 12:06:15 [Debug] SecureSmart DN = 192.168.34.22
2009-03-04 12:06:15 [Debug] Attribute = 1, Name = 'Local DB'
2009-03-04 12:06:15 [Debug] [frmLogin] Switch to frame : 1
2009-03-04 12:06:28 [Debug] [Application] Raised Login Click Event
2009-03-04 12:06:28 [Debug] [frmLogin] Set quarantine timer: 0 seconds
2009-03-04 12:06:28 [Debug] [Application] Issue PerfigoLogin
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] Check for agent updates
2009-03-04 12:06:28 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:28 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:28 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:28 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:28 [Debug] [SWISSPacket]SWISS Nounce Length : 7
2009-03-04 12:06:28 [Debug] [SWISSPacket] content length:62
2009-03-04 12:06:28 [Debug] [SWISSPacket] Packet Length:73
2009-03-04 12:06:28 [Debug] [SWISSClient] current CAS: 192.168.34.22
2009-03-04 12:06:28 [Debug] [SWISSClient] Send query directly to: 192.168.34.22
2009-03-04 12:06:28 [Debug] [SWISSClient] WinSock Control set remote host='192.168.34.22'
2009-03-04 12:06:28 [Debug] [SWISSClient] WinSock Control bind port=0 ip=''
2009-03-04 12:06:28 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:06:28 [Debug] SWISSClient: received packet size = 62
2009-03-04 12:06:28 [Debug] from : 192.168.34.22 local :172.21.46.202
2009-03-04 12:06:28 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:06:28 [Debug] [SWISSClient] - SendQuery: PacketReceived True
2009-03-04 12:06:28 [Debug] Client Version from SWISS: 4.1.3.1
2009-03-04 12:06:28 [Debug] [IsNewerClientVersion] Latest: 4,1,3,1
2009-03-04 12:06:28 [Debug] [IsNewerClientVersion] Current: 4,1,3,1
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] Issue DoPerfigoLogin
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] Look for previous login postings before starting async login
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] reset user key
2009-03-04 12:06:28 [Debug] [AppUtil] MacIpList=00:1E:C9:50:53:83:172.21.46.202
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] 1 AV/AS products found
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] AV info query: avpid=NortonAV&avpname=Symantec%20Endpoint%20Protection&avpversion=11%2E0%2E2000%2E1567&avpfeatures=AV
2009-03-04 12:06:28 [Debug] Validate Query: provider=Local%20DB&username=test2&password=****&os=WINDOWS%5FPRO%5FXP&remove_old=&dm_key=&mac_list=00%3A1E%3AC9%3A50%3A53%3A83&ip_list=172%2E21%2E46%2E202&cm=w13vkpoq&ops=1&avpid=NortonAV&avpname=Symantec%20Endpoint%20Protection&avpversion=11%2E0%2E2000%2E1567&avpfeatures=AV
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] Logging in...
2009-03-04 12:06:28 [Debug] [PerfigoAuthenticator] Set CompletePerfigLogin as callback after login
2009-03-04 12:06:41 [Debug] [MainClass] Entering notifying: CompletePerfigoLogin
2009-03-04 12:06:41 [Debug] [PerfigoAuthenticator] CompletePerfigoLogin Start....
2009-03-04 12:06:41 [Debug] [PerfigoAuthInfo] TRYING TO PARSE ---

















2009-03-04 12:06:41 [Debug] requirements: 203Symantec_applicationCheck symantec application3200003(pc_Symantec_Norton_App-Corporatepc_Symantec_Norton_App-Professionalpc_Symantec_Norton_App-9x)pc_Symantec_Norton_App-Corporate4401runningrtvscan.exe0pc_Symantec_Norton_App-Professional4401runningNAVAPSVC.EXE0pc_Symantec_Norton_App-9x4401runningrtvscn95.exe01Symantec_installCheck symantec installing3200003(pc_Symantec_Norton_Installation-SAVCEpc_Symantec_Norton_Installation-NAVNTpc_Symantec_Norton_Installation-NAV95)pc_Symantec_Norton_Installation-SAVCE1103exists\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE0pc_Symantec_Norton_Installation-NAVNT1103exists\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAVNT0pc_Symantec_Norton_Installation-NAV951103exists\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV9502Symantec_updateCheck symantec update42NortonAV011054(pc_Symantec_Norton_Update-Corporatepc_Symantec_Norton_Intelligent_Update-Corporatepc_Symantec_Norton_Update-Professionalpc_Symantec_Norton_Update-Professional-9x)pc_Symantec_Norton_Update-Corporate1103ends with\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DEFWATCH_1020081015.0032pc_Symantec_Norton_Update-Professional1103ends with\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAVNT_50_AP120081015.0032pc_Symantec_Norton_Intelligent_Update-Corporate1103ends with\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DEFWATCH_1020081016.0042pc_Symantec_Norton_Update-Professional-9x1103ends with\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAV95_50_AP120081015.0032
2009-03-04 12:06:41 [Debug] [frmLogin] Set quarantine timer: 299 seconds
2009-03-04 12:06:41 [Debug] [modProcess] Process name: [System Process]
2009-03-04 12:06:41 [Debug] [modProcess] Process name: System
2009-03-04 12:06:41 [Debug] [modProcess] Process name: smss.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: csrss.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: winlogon.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: services.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: savedump.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: lsass.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: svchost.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: svchost.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: svchost.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: Smc.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: svchost.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: svchost.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: spoolsv.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: scardsvr.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: BESClient.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: ccSvcHst.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: inetinfo.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: MDM.EXE
2009-03-04 12:06:41 [Debug] [modProcess] Process name: winvnc.exe
2009-03-04 12:06:41 [Debug] [modProcess] Process name: Rtvscan.exe
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check process 'rtvscan.exe' running? True
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check process result: True
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry - type=103 op=15 param=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE operation=15 value= value_type= 0
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] regRootKey=[HKEY_LOCAL_MACHINE], regKey=[SOFTWARE\Symantec\InstalledApps], regName=[SAVCE]
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry result: True
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry - type=103 op=10 param=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DEFWATCH_10 operation=10 value=20081015.003 value_type= 2
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] regRootKey=[HKEY_LOCAL_MACHINE], regKey=[SOFTWARE\Symantec\SharedDefs], regName=[DEFWATCH_10]
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Registry value=[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090302.053](REG_SZ).
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry result: False
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry - type=103 op=10 param=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DEFWATCH_10 operation=10 value=20081016.004 value_type= 2
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] regRootKey=[HKEY_LOCAL_MACHINE], regKey=[SOFTWARE\Symantec\SharedDefs], regName=[DEFWATCH_10]
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Registry value=[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090302.053](REG_SZ).
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry result: False
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry - type=103 op=10 param=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAVNT_50_AP1 operation=10 value=20081015.003 value_type= 2
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] regRootKey=[HKEY_LOCAL_MACHINE], regKey=[SOFTWARE\Symantec\SharedDefs], regName=[NAVNT_50_AP1]
2009-03-04 12:06:41 [Error] [PerfigoDMCheck] Registry value \HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAVNT_50_AP1doesn't exist.
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry result: False
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry - type=103 op=10 param=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAV95_50_AP1 operation=10 value=20081015.003 value_type= 2
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] regRootKey=[HKEY_LOCAL_MACHINE], regKey=[SOFTWARE\Symantec\SharedDefs], regName=[NAV95_50_AP1]
2009-03-04 12:06:41 [Error] [PerfigoDMCheck] Registry value \HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAV95_50_AP1doesn't exist.
2009-03-04 12:06:41 [Debug] [PerfigoDMCheck] Check registry result: False
2009-03-04 12:06:41 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:42 [Debug] [PerfigoAuthenticator] CompletePerfigoLogin ....End
2009-03-04 12:06:42 [Debug] [MainClass] Complete notifying: CompletePerfigoLogin
2009-03-04 12:06:42 [Debug] === Result of Package Checks ===
2009-03-04 12:06:42 [Debug] [PerfigoDMInfo] 1 AV/AS products found
2009-03-04 12:06:42 [Debug] [PerfigoDMInfo] AV report string: NortonAVSymantec Endpoint Protection11.0.2000.15673/2/2009 rev. 532009-03-02AV
2009-03-04 12:06:42 [Debug] Package: Symantec_application Status: SUCCESS
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_App-Corporate] [Category=PROCESS] [Type=PROCESS_STATUS] [Parameter=rtvscan.exe] [Operation=running] [Value Type=NONE] [Value=] Status: SUCCESS
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_App-Professional] [Category=PROCESS] [Type=PROCESS_STATUS] [Parameter=NAVAPSVC.EXE] [Operation=running] [Value Type=NONE] [Value=] Status: NOT_CHECKED
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_App-9x] [Category=PROCESS] [Type=PROCESS_STATUS] [Parameter=rtvscn95.exe] [Operation=running] [Value Type=NONE] [Value=] Status: NOT_CHECKED
2009-03-04 12:06:42 [Debug] Package: Symantec_install Status: SUCCESS
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Installation-SAVCE] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE] [Operation=exists] [Value Type=NONE] [Value=] Status: SUCCESS
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Installation-NAVNT] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAVNT] [Operation=exists] [Value Type=NONE] [Value=] Status: NOT_CHECKED
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Installation-NAV95] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV95] [Operation=exists] [Value Type=NONE] [Value=] Status: NOT_CHECKED
2009-03-04 12:06:42 [Debug] Package: Symantec_update Status: FAILURE
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Update-Corporate] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DEFWATCH_10] [Operation=ends with] [Value Type=STRING] [Value=20081015.003] Status: FAILURE
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Update-Professional] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAVNT_50_AP1] [Operation=ends with] [Value Type=STRING] [Value=20081015.003] Status: FAILURE
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Intelligent_Update-Corporate] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DEFWATCH_10] [Operation=ends with] [Value Type=STRING] [Value=20081016.004] Status: FAILURE
2009-03-04 12:06:42 [Debug] Check: [Id=pc_Symantec_Norton_Update-Professional-9x] [Category=REGSTRY] [Type=REGISTRY_DATA] [Parameter=\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\NAV95_50_AP1] [Operation=ends with] [Value Type=STRING] [Value=20081015.003] Status: FAILURE
2009-03-04 12:06:42 [Debug] [PerfigoDMInfo] Create DM report='10000WINDOWS_PRO_XPtest24.1.3.1CATTLEgkn/aCATTLENortonAVSymantec Endpoint Protection11.0.2000.15673/2/2009 rev. 532009-03-02AV31pc_Symantec_Norton_App-Corporate1pc_Symantec_Norton_App-Professional-1pc_Symantec_Norton_App-9x-111pc_Symantec_Norton_Installation-SAVCE1pc_Symantec_Norton_Installation-NAVNT-1pc_Symantec_Norton_Installation-NAV95-120pc_Symantec_Norton_Update-Corporate0pc_Symantec_Norton_Update-Professional0pc_Symantec_Norton_Intelligent_Update-Corporate0pc_Symantec_Norton_Update-Professional-9x0'
2009-03-04 12:06:42 [Debug] [AppUtil] MacIpList=00:1E:C9:50:53:83:172.21.46.202
2009-03-04 12:06:42 [Debug] [PerfigoAuthenticator] 1 AV/AS products found
2009-03-04 12:06:42 [Debug] [PerfigoAuthenticator] AV info query: avpid=NortonAV&avpname=Symantec%20Endpoint%20Protection&avpversion=11%2E0%2E2000%2E1567&avpfeatures=AV
2009-03-04 12:06:42 [Debug] [PerfigoAuthenticator] Posting clean machine report query = provider=Local%20DB&username=test2&password=****&os=WINDOWS%5FPRO%5FXP&user_key=172.21.46.202_QOQ8HL40XYM0A2TI&dm_key=&mac_list=00%3A1E%3AC9%3A50%3A53%3A83&ip_list=172%2E21%2E46%2E202&cm=bcu5ksw0&dm_report=xq%2Fa6RpvNTsRYMTZ3a2A4YnLLP8ob09rB370YK76BJ6aSphG%2FbMtFTQqDg95%0D%0Aydhu9ouuJx0dqDJ03xbeR0WYeLl%2FnOQk5SC0I7sfapvsDAKOoCGKSywtVf9k%0D%0AZEThdZSD%2BZOVUPG%2Biyz45fbwbgD%2B4%2B%2BW%2Fk8x%2Fe3gzLgt9UmH9pyh3U01QGbk%0D%0A0QXFpiaxPAXja8xJ3ygVBPvAHcntPL3irPvlr7q41mp%2FWOYvLzYbT2mT%2FIv4%0D%0AXQvywJ7Miep9Th8vbMRLN6kUJnu%2BhGOL%2FvjR7cdd17ffw1dL2L4NF3Ecc%2BKP%0D%0A%2B8E2Bwjd2O89BUS7jDfyymLOdSQ1G1a2d17WQTXnzo8kotmGYDEgDbm4FDzn%0D%0A77GOS3vTIgYxxA3e7ChjLyC2op5y3QX2TlzFmnmir5tBLPePRZWj4DStCuO5%0D%0AKK%2F0oYMeL5fZ8GeCfcqel4BdCep%2F24XDIADs1RUJLciFimRQzjUqHcxzS%2BC5%0D%0AV1qezsyMzV37%2FAgDVng5CoX8cdlQXp4g27O60S99Og2fQ7oLqy%2FY4abbHLyP%0D%0ADenL0jFbVoE0guPk1u%2FlxWZdPz0SSvgxSc3YT4H%2BemBwmzLedkIrPyeVusfg%0D%0ATBqlo%2Ff%2BfreBcEByJsiZtoN7HFxsx2O%2BG77fZITIOTp%2BjrOoshK%2FiICs%2F5Mu%0D%0AlFjh6b1ae%2FJLGIKxHMaOkWzDQb46UUkP1fkQFSa5JmxfP4IfIjGgpr%2B73pcD%0D%0AFVF5yvEUG3K9fFKPz9RbPxousnApPwWbyNfamybfhnjYCFRGZw7cIwZB%2FXHj%0D%0AkmvcstsoV0DZl6wQ1EY7SaDBB7SMtrQ23pwrq0hcVA9qOrXhF1WZSXR1sFR5%0D%0AnmR%2BPCY2wOQqfsu%2FL8aErzuoMUdlQBMKOpa0mg%2FfPSGP%2F5TB2mfE2v%2BaoonK%0D%0AosVsNqlGn8xGkR%2BmVYLWrFzMaTn6ialn0JKmM6pnpLzvaliR6Czr98ySkJj%2F%0D%0AtY7NQz23nXEl%2BLhOaTiT8q1luleZ8gpISijFpDY2U1o%2Ff6wVeCsxVtM2aUbq%0D%0As0GCtI2MNDG3L7q4p5KOasAsauOmCNgHnElRAHajbpmOlHXv1JjbcG5Ewqla%0D%0AbX4SZS81CGTlIwi%2FKpZV9dywA1FO%2Bdh0iMa%2BiT%2FxcBpHdiHPZH6ZTijkVCMp%0D%0A0rkvhebpDAHtYbs%2BNezcmzAtvckxBdommHh57Jpau3NgInap1EVwqHWvi4tc%0D%0At9HXkh3RPCtjIu5sToKasm1A9GBQ45qxR4LwHTV6VIDW2nooNcrhp7beigCT%0D%0AjhvqIrdyOQiHzjzcdCM%2Bx4J8LGb5GNf0GyfH7miIHbPTm6mOCWbxJHV2d20i%0D%0AzISj75rVZovXkCPj8PpE0H3Ie9U%2FdIBwOBbtiZZ7I1UeMjDAj5XsEdcaHbdn%0D%0AbfHDDmmF6smHgGRq7vkk4IXLqww1Qfda2SsNjZXGYR5cIHJ8FwCU2%2Bmtlu%2Fc%0D%0AR%2B24HVFdBS09EUdV6k8SX31VGjLVa%2BB1HfZD4loGD0TNgHcFwS0k5vMwh%2BFw%0D%0Abnqlqt6r06JhUonEicfeXSB4EYfjmlAOT3NaJL%2FhA1RQHLSyQtZ51PlUen8G%0D%0ARKuRZDUGOUgTZJUoxCQrI6RhKK4hSYsJajmVNXXCw2v4bvYrkfU8GtO0X0LV%0D%0AHHmlqY9Lnnket8Q2HBpNH9cf%2Frq8Dow9o5%2FXVxPMpuxd%2B9LnxMoV99fDlOYc%0D%0ACSPCRyhaHBwiQ%2BqZo9Nvz4U6CoejJtOJ6yRdcrXIOJcqteYdQMDSomOnsbfK%0D%0AV8fx9ZhE4N4KVE6n5ejUHiv1rQ6v5dx5lzVFunfxWDEA5caaAmoFdM%2BH0fWo%0D%0ANqoTLZnSFgnNrJI8gNEMAWDdO335cVK%2FlNwqY6Cf2bjJ%2FCFIuYv0x8QwYtiO%0D%0AhTZiEasbfk1AqAQlRHhB8o4Ys1zlphqm7WyVfDxV4QWQy0s1aiPzC%2FZW2HKP%0D%0AlsthzIwe%2FWuCMcusLtlXupW9MGBXaKwnm0hzRWXyWNrV3AEoNY4%2BYNe6Oimj%0D%0AoL56Yl3oyJNG8Bo89wOmm%2BiwgYg0zPXbEj5UqrVPSKtgCGSz4kX87uzj3KfT%0D%0AtRrnrtrmVjg%2F%2BJO7TI6Ag%2F2UdaARKzXbjc02%2B8Ia8Nqk%2Be%2FUnSN4io37pGqC%0D%0AAl1lnUX4KMIYMQ7nPGCa6cF03gElQKLp3TZlxJdJSpkQiCOqEShbZi0heZWo%0D%0A4HOh7uzmKM48WJ2BUT9bJajkReLE&ops=1&avpid=NortonAV&avpname=Symantec%20Endpoint%20Protection&avpversion=11%2E0%2E2000%2E1567&avpfeatures=AV
2009-03-04 12:06:52 [Debug] [MainClass] Entering notifying: CompleteCleanMachinesReport
2009-03-04 12:06:52 [Debug] [PerfigoAuthenticator] completed login request.
2009-03-04 12:06:52 [Debug] [PerfigoAuthInfo] TRYING TO PARSE ---

















2009-03-04 12:06:52 [Debug] [PerfigoAuthenticator] logged in successfully.
2009-03-04 12:06:52 [Debug] [frmLogin] Set quarantine timer: 0 seconds
2009-03-04 12:06:52 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:52 [Debug] [frmLogin] Set auto close timer: 2 seconds
2009-03-04 12:06:52 [Debug] [frmLogin] Switch to frame : 128
2009-03-04 12:06:52 [Debug] [MainClass] Complete notifying: CompleteCleanMachinesReport
2009-03-04 12:06:55 [Debug] [frmSysTray] Checking status..
2009-03-04 12:06:55 [Debug] [SWISSPacket] Login Status: -1
2009-03-04 12:06:55 [Debug] [SWISSPacket] Login Status: -1
2009-03-04 12:06:55 [Debug] [SWISSPacket] Login Status: -1
2009-03-04 12:06:55 [Debug] [SWISSPacket] Login Status: -1
2009-03-04 12:06:55 [Debug] [SWISSPacket] Login Status: -1
2009-03-04 12:06:55 [Debug] [SWISSClient] current CAS: 192.168.34.22
2009-03-04 12:06:55 [Debug] [SWISSClient] Send query directly to: 192.168.34.22
2009-03-04 12:06:55 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:06:55 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:06:55 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:06:55 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:06:55 [Debug] [SWISSPacket]SWISS Nounce Length : 10
2009-03-04 12:06:55 [Debug] [SWISSPacket] content length:65
2009-03-04 12:06:55 [Debug] [SWISSPacket] Packet Length:76
2009-03-04 12:06:55 [Debug] [SWISSClient] send V2 packet to: 192.168.34.22
2009-03-04 12:06:55 [Debug] [SWISSClient] WinSock Control set remote host='192.168.34.22'
2009-03-04 12:06:55 [Debug] [SWISSClient] WinSock Control bind port=0 ip=''
2009-03-04 12:06:55 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:06:55 [Debug] SWISSClient: received packet size = 62
2009-03-04 12:06:55 [Debug] from : 192.168.34.22 local :172.21.46.202
2009-03-04 12:06:55 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:06:55 [Debug] [SWISSClient] - SendQuery: V2 status PacketReceived True; RequestorIP:172.21.46.202; local IP: 172.21.46.202
2009-03-04 12:06:55 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:06:55 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:07:00 [Debug] [frmSysTray] Checking status..
2009-03-04 12:07:00 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:07:00 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:07:00 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:07:00 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:07:00 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:07:00 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:07:00 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:07:00 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:07:00 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:07:00 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
2009-03-04 12:07:00 [Debug] [SWISSClient] current CAS: 192.168.34.22
2009-03-04 12:07:00 [Debug] [SWISSClient] Send query directly to: 192.168.34.22
2009-03-04 12:07:00 [Debug] [SWISSPacket] Client version length: 7
2009-03-04 12:07:00 [Debug] Agent OS: WINDOWS_PRO_XP, Agent Version: 4.1.3.1
2009-03-04 12:07:00 [Debug] [SWISSPacket] Client OS Length: 14
2009-03-04 12:07:00 [Debug] [AppUtil] Total number of adapters : 1
2009-03-04 12:07:00 [Debug] [SWISSPacket]SWISS Nounce Length : 7
2009-03-04 12:07:00 [Debug] [SWISSPacket] content length:62
2009-03-04 12:07:00 [Debug] [SWISSPacket] Packet Length:73
2009-03-04 12:07:00 [Debug] [SWISSClient] send V2 packet to: 192.168.34.22
2009-03-04 12:07:00 [Debug] [SWISSClient] WinSock Control set remote host='192.168.34.22'
2009-03-04 12:07:00 [Debug] [SWISSClient] WinSock Control bind port=0 ip=''
2009-03-04 12:07:00 [Debug] [SWISSClient] WinSock Control send data ...
2009-03-04 12:07:00 [Debug] SWISSClient: received packet size = 59
2009-03-04 12:07:00 [Debug] from : 192.168.34.22 local :172.21.46.202
2009-03-04 12:07:00 [Debug] [SWISSPacket]SWISSS response : 13, 192.168.34.22
2009-03-04 12:07:00 [Debug] [SWISSClient] - SendQuery: V2 status PacketReceived True; RequestorIP:172.21.46.202; local IP: 172.21.46.202
2009-03-04 12:07:00 [Debug] [SWISSPacket] Login Status: 33
2009-03-04 12:07:00 [Debug] OS:False, SSO:False, Cert:True, Remo:False, User:1, Devi:0, L3:False, FailOpen:False, FailClose:False, VpnSSO:False
--- END OF DECODE ---


0 评论:

发表评论

订阅: 博文评论 (Atom)