McAfee Antivirus is falsely detecting VNC remote control software as a malware and deleting it upon detection. This is causing a major problem for a lot of remote management tools that rely upon this popular open source software to operate.

If you are using McAfee on your network, you can use the following detection log as a checklist of files that need to be added to your “exclusion list” inside your antivirus properties.

You may also want to look into your McAfee settings for ways to change the default action from DELETE to LOG. We’ve notified McAfee of this problem and are awaiting a response. If this problem is affecting you, please contact them at vendor_questions@mcafee.com.

9/19/2008 11:30:01 AM Scan Started BMSANWS4LZ13D1\SYSTEM (managed) VirusScan 8.5 on demand friday scan
9/19/2008 11:36:51 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\LOGMESSAGES.DLL RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:51 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\logmessages.dll RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\VNCCONFIG.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\vncconfig.exe RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\WINVNC4.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\winvnc4.exe RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:\FASTPUSH\VNC7\REALVNC4\WM_HOOKS.DLL RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:\fastpush\vnc7\realvnc4\wm_hooks.dll RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:53 AM Deleted SYSTEM C:\FASTPUSH\VNC7\ULTRA\WINVNC.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:53 AM Deleted SYSTEM c:\fastpush\vnc7\ultra\winvnc.exe RemAdm-VNCView(Remote Admin Tool)

Twitter This

UserName: Password:

You need a jailbroken iPhone for this and now I’ve found the second coolest reason to jailbreak your iPhone (second only to Qik). You can download and install this using Cydia.

I installed this about an hour ago and have been having a blast with it. You can just add it to your group in VNCScan or use the standard VNC viewer from UltraVNC, TightVNC, RealVNC, or Chicken of the VNC.

There are no two-finger motions integrated into this but the text input using your PC or MAC keyboard more than makes up for that!

Twitter This

UserName: Password:

I’ve had a lot of requests for a way to disable XP firewalls on the network or at least open up the required ports to remotely manage the computers. If your workstations are protected by a NAT translating router with a decent firewall built into it, there is typically little need for the XP desktop firewall to be running on them.

If you have the XP firewall enabled, there’s very little that you can do in the way of remote management for these PC’s. Fortunately, there are was to automate the configuration of the XP firewalls on your network depending on what type of a network you are using.

Login Script Method

The easiest way to do this is with a login script. If your company is using a directory services such as Novel or Active Directory, you can create a script that runs each time that a user logs in. You can use this script to open the required firewall ports.

We run into a problem, however, if the user that is logging in does not have local administrative rights on his PC. This is required to modify the settings. For this, we can employ a nice piece of freeware called CPAU. Using this tool, you can do a run-as style command to make it go. Alternatively, you can use a tool such as Admin Script Editor to compile your script into an executable that runs under a specific security account. There are other tools that can do this and feel free to add them in the comments section if you would.

Active Directory Startup Script Method

You can also run the script using Active Directory’s group policy for the machine account. This script runs under the context of the machine’s system account and does not need to be elevated by tools such as CPAU. You can do this in the Group Policy Editor under “Windows Settings => Scripts => Startup”.

The following is a script that will open the required ports on the XP firewall:

netsh firewall set portopening udp 445 WindowsNetworking enable all
netsh firewall set portopening tcp 139 WindowsNetworking enable all
netsh firewall set portopening udp 137 WindowsNetworking enable all
netsh firewall set portopening udp 138 WindowsNetworking enable all
netsh firewall set portopening tcp 5900 VNC enable all
netsh firewall set portopening tcp 5800 VNC-HTTP enable all

Group Policy Method

You can set these options using Active Directory’s Group Policy, also. You can access this in the Group Policy Editor by navigating to “Computer Configuration => Administrative Templates => Network => Network Connections => Windows Firewall”.

Extra Notes

As a side note, if you choose to use a scripting tool such as Admin Script Editor to compile your script, you can also choose to distribute it directly to the end users so that they can execute it themselves.

Make sure that you also disable Simple File Sharing on the remote computers. That can be just as much of a barrier to remote administration as the firewall. I’ll make a post about that one soon.

Twitter This

UserName: Password:

The current release of VNCScan has a working beta method of deploying UltraVNC version 1.0.4 to Vista computers! We are the first to market with this feature!

While 90% of it has been fully tested and working, there are still some minor missing pieces that you may run into. We don’t know what they are so we’re relying upon you to let us know what you find.

Here’s a quick run-though for deploying UltraVNC to Vista in the upcoming version 2008.6.1:

1. Launch the deployment wizard as usual
2. Create a new profile and select “Ultra104″ as the version
3. Set a VNC password (even if you’re going to use MS Auth)
4. Blow through the rest of the wizard answering questions as you see fit.
5. Watch the deployment process – some errors in the script are normal but others can mean things went badly.

————–

You will want to make sure that Network Discovery and File Sharing has been turned on for your Vista computers. A firewall and stopped services can keep the good guys out as well as the bad guys.

If things didn’t work, please post the output of the script here, editing out anything that you feel that you can not freely share on a forum post.

Twitter This

UserName: Password: