https://support.moonpoint.com/os/windows/commands/wmic/determine-antivirus.php
From above I got
C:\>wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /value
Which seems to detect when 360 Total Security if on/off:
When 360 is off, productState=335872
displayName=Windows Defender
instanceGuid={D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe=windowsdefender://
pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
productState=393472
timestamp=Mon, 09 May 2022 04:41:04 GMT
displayName=360 Total Security
instanceGuid={FFDC234A-CE9B-08F9-406B-F876951CE066}
pathToSignedProductExe=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
pathToSignedReportingExe=C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe
productState=335872
timestamp=Thu, 19 May 2022 15:00:35 GMT
When 360 is on, productState=331776
displayName=Windows Defender
instanceGuid={D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe=windowsdefender://
pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
productState=393472
timestamp=Mon, 09 May 2022 04:41:04 GMT
displayName=360 Total Security
instanceGuid={FFDC234A-CE9B-08F9-406B-F876951CE066}
pathToSignedProductExe=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
pathToSignedReportingExe=C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe
productState=331776
timestamp=Thu, 19 May 2022 15:10:30 GMT
Is this a good approach to check status of 360, and other anti-virus?
Perhaps I should also ask, where can I read more about meaning of productState?
I am planning to use something like this on a QTIFW installer for a Qt5 project on Windows to inform the user anti-virus should be disabled during installation.
The d3dcompiler_47.dll is the file 360 flags.
Another approach might be cited here, which involves playing with
X5O!P%#AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Related
I've came across a very strange issue with firebase storage. One of our users manages to create files ending with slash:
He claims that he uses only web console, etc and doesn't do anything special. If I try to copy such file using gsutil I (obviously) get the following error:
Copying images/20610/...
Skipping attempt to download to filename ending with slash
(images/20610/). This
typically happens when using gsutil to download from a subdirectory
created by the Cloud Console (https://cloud.google.com/console)
Extended attributes do not show anything unusual except that this is indeed a file with a slash at the and in its filename:
Creation time: Mon, 27 Apr 2020 16:32:12 GMT
Update time: Mon, 27 Apr 2020 16:32:12 GMT
Storage class: STANDARD
Content-Length: 11
Content-Type: text/plain
Hash (crc32c): XkI+Dw==
Hash (md5): apnFdauH+MfR7R5S5+NJzg==
ETag: CL7wy46EiekCEAE=
Generation: 1588005132499006
Metageneration: 1
My question basically is - how is it possible? and what to do to prevent this?
thanks in advance!
You'll get an object with a trailing slash in the name if you create a folder using the Cloud Console.
I have device that i want to autorize to using TACACS+ server.
I have TACACS version: tac_plus version F4.0.4.26
I have tacacs server with next configuration
accounting file = /var/log/tac_plus.acct
key = testing123
default authentication = file /etc/passwd
user = sf {
default service = permit
login = cleartext 1234
}
user = DEFAULT {
# login = PAM
service = ppp protocol = ip {}
}
on device i have NSS with config:
/etc/nsswitch.conf
passwd: files rf
group: files
shadow: files
hosts: files dns
networks: files dns
protocols: files
services: files
ethers: files
rpc: files
and pam.d with sshd file in it
# SERVER 1
auth required /lib/security/pam_rf.so
auth [success=done auth_err=die default=ignore] /lib/security/pam_tacplus.so server=172.18.177.162:49 secret=testing123 timeout=5
account sufficient /lib/security/pam_tacplus.so server=172.18.177.162:49 service=ppp protocol=ip timeout=5
session required /lib/security/pam_rf.so
session sufficient /lib/security/pam_tacplus.so server=172.18.177.162:49 service=ppp protocol=ip timeout=5
password required /lib/security/pam_rf.so
# PAM configuration for the Secure Shell service
# Standard Un*x authentication.
auth include common-auth
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so
# Standard Un*x authorization.
account include common-account
# Set the loginuid process attribute.
session required pam_loginuid.so
# Standard Un*x session setup and teardown.
session include common-session
# Standard Un*x password updating.
password include common-password
and the problem, while i connect to device first time vie TeraTerm, i see that inputed user name was added in session start to /etc/passwd and /etc/shadow
but logging not succeed and in tacacs server i see in logs
Mon Dec 17 19:00:05 2018 [25418]: session.peerip is 172.17.236.2
Mon Dec 17 19:00:05 2018 [25418]: forked 5385
Mon Dec 17 19:00:05 2018 [5385]: connect from 172.17.236.2 [172.17.236.2]
Mon Dec 17 19:00:05 2018 [5385]: Found entry for alex in shadow file
Mon Dec 17 19:00:05 2018 [5385]: verify
IN $6$DUikjB1i$4.cM87/pWRZg2lW3gr3TZorAReVL7JlKGA/2.BRi7AAyHQHz6bBenUxGXsrpzXkVvpwp0CrtNYAGdQDYT2gaZ/
Mon Dec 17 19:00:05 2018 [5385]:
IN encrypts to $6$DUikjB1i$AM/ZEXg6UAoKGrFQOzHC6/BpkK0Rw4JSmgqAc.xJ9S/Q7n8.bT/Ks73SgLdtMUAGbLAiD9wnlYlb84YGujaPS/
Mon Dec 17 19:00:05 2018 [5385]: Password is incorrect
Mon Dec 17 19:00:05 2018 [5385]: Authenticating ACLs for user 'DEFAULT' instead of 'alex'
Mon Dec 17 19:00:05 2018 [5385]: pap-login query for 'alex' ssh from 172.17.236.2 rejected
Mon Dec 17 19:00:05 2018 [5385]: login failure: alex 172.17.236.2 (172.17.236.2) ssh
after that if i close TeraTerm and opening it again and trying to connect, connection established successfully, after that if i close TeraTerm and open again, the same problem appears each seccond try.
what may be a problem with it, i am driving crazy already
after deeply discovering problem, i fount out that iit was my fault, i compiled my name service using g++ instead of gcc.
Because of name service using
#include <pwd.h>
that defines interface for functions like nss_service_getpwnam_r and others, that was written in C, therefore i was must to:
extern "C" {
#include <pwd.h>
}
or to compile my program using GCC, hope in once someone will face same problem it will help him / her. good luck
I'm running Docker on CentOS 7, from time to time there's the following message displayed:
Message from syslogd#dev-master at Mar 29 17:23:03 ...
kernel:unregister_netdevice: waiting for lo to become free. Usage count = 1
I've googled a lot, read a lot of resources found and tried many ways like keeping my system updated, upgrading kernel etc, but the message still keeps showing up, it's not too often but sooner or later I'll see it. Also I found issue for this problem on docker github is still open, then my questions are:
What does this message mean? Could somebody give me a simple explanation why docker causes it?
Is there any workaround for this?
If it could not be fixed yet(the issue is still open), will it affect the server or services running inside docker container? Will it be a serious performance issue because it also happens on our production servers?
Docker version:
Client:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:42 2016
OS/Arch: linux/amd64
Server:
Version: 1.11.1
API version: 1.23
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:42 2016
OS/Arch: linux/amd64
OS info:
CentOS 7, with kernel version: 4.6.0-1.el7.elrepo.x86_64
I really appreciate for any info/tips or resources, thanks a lot.
Your best source of information is the issue you linked to docker#5618. This is a kernel bug, and has not yet been resolved. The issue is "triggered" by docker because starting/stopping containers also creates network interfaces for containers when they are created/destroyed.
I've encountered a problem with deploying my shiny app on linux Ubuntu 16.04 LTS.
After I run sudo systemctl start shiny-server, and open up my browser heading to http://192.168..*:3838/StockVis/, the web page greys out in a second.
I found some warnings in the web console as below, and survey some information on the web for like two weeks, but still have no solution. :(
***"Thu Feb 16 2017 12:20:49 GMT+0800 (CST) [INF]: Connection opened. http://192.168.**.***:3838/StockVis/"
Thu Feb 16 2017 12:20:49 GMT+0800 (CST) [DBG]: Open channel 0
The application unexpectedly exited.
Diagnostic information is private. Please ask your system admin for permission if you need to check the R logs.
**Thu Feb 16 2017 12:20:50 GMT+0800 (CST) [INF]: Connection closed. Info: {"type":"close","code":4503,"reason":"The application unexpectedly exited","wasClean":true}
Thu Feb 16 2017 12:20:50 GMT+0800 (CST) [DBG]: SockJS connection closed
Thu Feb 16 2017 12:20:50 GMT+0800 (CST) [DBG]: Channel 0 is closed
Thu Feb 16 2017 12:20:50 GMT+0800 (CST) [DBG]: Removed channel 0, 0 left*****
Please kindly give some suggestions to move on.
This can indicate something in your R code is causing an error. As that R error could be anything, this answer is to help you gather that info. The browser console messages will not tell you what that is. In order to access the error, you need to configure Shiny to not delete the log upon exiting the application.
Assuming you have sudo access:
$ sudo vi /etc/shiny-server/shiny-server.conf
Place the following line in the file after run_as shiny; :
preserve_logs true;
Restart shiny:
sudo systemctl restart shiny-server
Reload your Shiny app.
In the var/log/shiny-sever/ directory there will be a log file with your application name. Viewing that file will give you more information on what is going on.
Warning. After you are done, take out the preserve_logs true; line in the conf file and restart Shiny. If not, you will start generating a bunch of log files you don't want.
This might be simple problem. But I am stuck with this for weeks now.
We have an AIX server in which we are facing this issue. I am not able to run programs inside a specific directory and its sub directories.
I am getting proper outputs for commands java and scp2 in /opt/FileNet directory. But when I am in /opt/FileNet/RM directory these commands stops working. Outputs are as below.
Java - JVMXM008: Error occured while initialising System ClassException in thread "main" Could not create the Java virtual machine.
SCP2 - Failed to parse installation path.
I have no idea why this is happening. Your thoughts please.
drwxr-xr-x 24 root system 4096 Feb 21 2012 opt
drwxr-xr-x 17 jxadmin wasadmin 4096 Aug 14 08:40 FileNet
drwxrwxr-x 17 jxadmin wasadmin 4096 Aug 14 08:45 RM
drwxrwxr-x 37 jxadmin wasadmin 4096 Feb 13 2012 AE (/opt/FileNet/AE, This directory is working as expected)
Couldn't find any ACLs.