Archive for May, 2010

Record your problems with Windows 7

Windows 7 provides to system administrators and all those involved in support for users, a useful tool to record problems. This ability to record problems with Windows 7, is provided by the command psr.exe.

Psr.exe Command

  • open the Start menu and run psr.exe;
  • press the Start Record button to start recording;
  • use the mouse to reproduce, step-by-step, the problem;
  • if you want to introduce comments, click on the Add Comment button and highlight the section of the screen you want to comment;
  • when finished press the Stop Record buttom;
  • save the recorded contents in a zip file and send to technical support if you feel like, or keep it for the future.

Inside the zip file, there is an mht file that can be read with Internet Explorer. The mht file consists of several sections, the most important are the section Problem Steps and the section Addiotinal Details.

Categories: Guide, Tips, Windows 7 Tags: , , ,

The Importance of IPS module of the Symantec Endpoint

Recently I was able to appreciate the importance of the IPS (Intrusion Prevention System) module of Symantec Endpoint Protection (SEP). In the past I have to take care of removing the worm Conficker from several corporate LAN. The main problem that I faced, was the identification of infected workstations. Many of my efforts, could be avoided if I had used the IPS module of the SEP.

I installed the IPS module on a workstation subject to attack by Conficker, the IPS module immediately reported the attack, pointing out the IP address of the attacker and the threat that was trying to exploit: MSRPC Server Service BO detected.

Going to read the web MSRPC Server Service BO in the Symantec web site, I noticed at the bottom of the page, a reference to the Microsoft Security Bulletin MS08-067, the security bulletin on the vulnerability exploited by Conficker. I then took note of the IP address of attackers and using the nmap command I could verify that indeed the workstations that were attacking my computer, had the Conficker worm. I confess that I felt euphoric, for the first time I saw a viral attack stopped and identified. The best!

MSRPC Server Service BO

I believe that every system administrator should seriously consider to install an IPS module on every workstations. Of course, before to deploy massively an IPS module on all workstations of a company, you should always perform an analysis. Nevertheless, I believe that although there is a risk of creating some minor discomfort to personnel  of a company, the gain in security is far more profitable.

Categories: Antivirus, Security