definitions file?

  • Thread starter Thread starter Grafis
  • Start date Start date
G

Grafis

Does anyone know the name and location of the definitions file?
I need to update a whole bunch of offline machines.

The only file that changes when I Update my defs doesn't look like the
actual def's: 'gcUserData.gcd'

tia
- g
 
They are located under - c:\program files\Microsoft AntiSPyware
1 - gcThreatAuditThreatData
2 - gcThreatAuditThreat
--
Click to expand...

Excuse me, but aren't hey:

1 - gcThreatAuditThreatData.gcd
2 - gcThreatAuditScanData.gcd

??
 
Andre said:
They are located under - c:\program files\Microsoft AntiSPyware
1 - gcThreatAuditThreatData
2 - gcThreatAuditThreat
Click to expand...


Thanks Andre, see the "Update issue" thread as to why I couldn't figure
this out :)


Will independantly downloadable Def's be available when MSAS goes live?
First thing I do with an infected machine is take it offline, safe mode,
BartPE boot disk etc... so portable Def's are very nice.

thanks again
- g
 
The issue of being able to use this product from some mechanism such as an
independent maintenance OS boot--like Bart's--has been raised since the
beginning of the beta. I believe that there will be some provision that
will (in the eyes of the developers, at least) satisfy this kind of
need--but I don't know what it will look like--I don't expect that it will
take the form of work to ensure that it will run with Bart's, for example.

--
 
Bill said:
The issue of being able to use this product from some mechanism such as an
independent maintenance OS boot--like Bart's--has been raised since the
beginning of the beta. I believe that there will be some provision that
will (in the eyes of the developers, at least) satisfy this kind of
need--but I don't know what it will look like--I don't expect that it will
take the form of work to ensure that it will run with Bart's, for example.
Click to expand...

MSAS already runs under BartBE I believe but that's not my core interest
(though I would absolutely die for a license free AS program that is
capable of being pointed at a drive/registry of ones choosing. Spybot
won't do it, AdAware does (allowing choosing of what drive to scan is a
huge issue when you're booting of a CD and a program scans your CD :)

I wish to be able to download an indedepedant "defs" file(s) for...
- working offline, as all such Spyware and AV work should be done
- safe mode without network (see above)
- users who are so hosed they can't get online
- a sales conference such as I'm going to in a few weeks where most
machine maintenance will be offline and lines are $2,000 a week (yes 2K
and no thats not abnormal theese days...)
- distribution point for other techs
- etc

I (we) appreciate all the work you guys are putting in. I don't think I
have to tell you how many man hours the collective Windows IT realm has
lost chasing this issue in the last 2-3 years, extremely frustrating as
it came right on the heels of "welp looks like we're good on virus
protection!" :) I mention this only as I personaly feel Microsoft has a
responsibility to the community to fix these issues due to their nature,
and you guys are coming through (late, but hey.... :)
 
yeah I'm confused now, which are the right files?

is it...
?? gcThreatAuditThreat
or
?? gcThreatAuditScanData.gcd
 
Grafis said:
MSAS already runs under BartBE I believe but that's not my core interest
(though I would absolutely die for a license free AS program that is
capable of being pointed at a drive/registry of ones choosing. Spybot
won't do it, AdAware does (allowing choosing of what drive to scan is a
huge issue when you're booting of a CD and a program scans your CD :)

I wish to be able to download an indedepedant "defs" file(s) for...
- working offline, as all such Spyware and AV work should be done
- safe mode without network (see above)
- users who are so hosed they can't get online
- a sales conference such as I'm going to in a few weeks where most
machine maintenance will be offline and lines are $2,000 a week (yes 2K
and no thats not abnormal theese days...)
- distribution point for other techs
- etc

I (we) appreciate all the work you guys are putting in. I don't think I
have to tell you how many man hours the collective Windows IT realm has
lost chasing this issue in the last 2-3 years, extremely frustrating as it
came right on the heels of "welp looks like we're good on virus
protection!" :) I mention this only as I personaly feel Microsoft has a
responsibility to the community to fix these issues due to their nature,
and you guys are coming through (late, but hey.... :)
Click to expand...

Thanks for the very clear feedback. I think that responsibility to the
community is probably a prime reason for the release and maintenance of the
beta product--buggy though it may be.

The desire for an offline mode of definition update comes up very regularly
in the feedback here. I'm certain that Microsoft is aware of the request,
but I don't know more than that. Plun has posted the authoritative KB
article giving the definition files. I'm guilty of not having tested manual
placement of these files myself--I'm unclear whether it works. I've
certainly suggested it a number of times, and I think I've had perhaps one
"success" response, but I don't know for sure. There are also .gcd files
which record various settings and responses, and others have suggested and
verified that moving these files among installations allows for moving those
settings without going through the UI. I wouldn't depend on any of this in
any large scale or long term way, but as a way to work with the beta product
for now--that's what I'm aware of.
 
Bill said:
Thanks for the very clear feedback. I think that responsibility to the
community is probably a prime reason for the release and maintenance of the
beta product--buggy though it may be.
Click to expand...

It is crisis mode. Bugs or not all the tools possible are needed.
Keyloggers are not funny, neither are porno homepages. Computers sit
idle, people are baffled.
The desire for an offline mode of definition update comes up very regularly
in the feedback here. I'm certain that Microsoft is aware of the request,
but I don't know more than that. Plun has posted the authoritative KB
article giving the definition files. I'm guilty of not having tested manual
placement of these files myself--I'm unclear whether it works. I've
certainly suggested it a number of times, and I think I've had perhaps one
"success" response, but I don't know for sure.
Click to expand...

I'm running the installer automatically from CD and then firing up the
app with the -scan -withMainUI switches (thank you Andre!!)

I've added a step in between Install and Scan to copy the Definition
'gcThreatAuditScanData.gcd' % 'gcThreatAuditThreatData.gcd' files to the
install directory, but this stops the scan process from happening and
instead I get the basic setup screens asking how I want to configure,
maybe one of the other .gcd fellas holds the key...
 
I've added a step in between Install and Scan to copy the Definition
'gcThreatAuditScanData.gcd' % 'gcThreatAuditThreatData.gcd' files to the
install directory, but this stops the scan process from happening and
instead I get the basic setup screens asking how I want to configure,
maybe one of the other .gcd fellas holds the key...
Click to expand...


Well, maybe take a look at the other two files:

gcUserData.gcd
gcAgentsDataStoreData.gcd

These files both change when you make any modifications and save them
through the Options-> Settings menu. The second one also is modified when
you apply any new changes to the Security Agents settings.
 
Mikolaj said:
Well, maybe take a look at the other two files:

gcUserData.gcd
gcAgentsDataStoreData.gcd

These files both change when you make any modifications and save them
through the Options-> Settings menu. The second one also is modified
when you apply any new changes to the Security Agents settings.
Click to expand...

Thanks for all your help Mikolaj

I tried adding those two files and then I tried all .gcd files (11)
still had the program ask me to configure before it would run the
command line scan arguments. I'll just download the latest builds till I
can find a way!
 
I tried adding those two files and then I tried all .gcd files (11) still
had the program ask me to configure before it would run the command line
scan arguments. I'll just download the latest builds till I can find a
way!
Click to expand...

You're well ahead of me, and I don't have the time to look into this at
present--good luck, and keep us apprised of your progress, if
possible--there are a number of other folks who wish to use the product in
the way you are aiming at.
 
Bill said:
You're well ahead of me, and I don't have the time to look into this at
present--good luck, and keep us apprised of your progress, if
possible--there are a number of other folks who wish to use the product in
the way you are aiming at.
Click to expand...

Currently I have this working, relies upon recent build for respectably
current Defs. I have Andre and Mikolaj and this group to thank!! If I
make any headway I'll post back. Have to switch gears now to a Hotfix CD
and a new image and a software updates cd and more coffee...

- Insert CD and MSAS silent install auto executes
- CD runs command line arguments to fire MSAS into scan mode with GUI
- When scan finishes operator has option to remove, quarantine etc.
- Manually close MSAS
- CD script automatically uninstalls MSAS (don't want Beta left on
machines, user intervention required for SMS and other enterprise
scripty stuff)
- Dialog pops asking user to reboot machine

I found these excellent related links once I started visiting this
group, helped me solve the 101 error ( gcasDtServ.exe /regserver )

<http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm#anchor1>

This links needs to be updated with new MSI file but otherwise rocks
<http://www.overdose.net/docs/msas_silent_remote_install.txt>
 
Terrific! I've got a recipe for silent uninstall which has been posted here
a few times--not sure if it is in Mark L Ferguson's faq or not--let me know
if you need it.

--
 
Bill said:
Terrific! I've got a recipe for silent uninstall which has been posted here
a few times--not sure if it is in Mark L Ferguson's faq or not--let me know
if you need it.
Click to expand...

If you have a link please post, I have so many in the last few days I'm
confused!

I'm uninstal running like so, no problems except maybe twice out of 10
or so times on reboot I've gotten an error at Windows load "Cannot find
C:\Programs". Can't find any reference that would cause this and if you
log in again you don't get it.

MsiExec.exe /X{536F7C74-844B-4683-B0C5-EA39E19A6FE3} /Q"
 
Here's the one I have--it's community contributed--I didn't write it, nor
have I actually tested it--but others have.
------------------------------
Unattended uninstall:

The command should be:
MsiExec.exe /X {536F7C74-844B-4683-B0C5-EA39E19A6FE3} -qn

If you want a log file ... (note: no space between the /L
and its parameters (ime))

MsiExec.exe /X {536F7C74-844B-4683-B0C5-EA39E19A6FE3} /Lime
c:\temp\msas.log -qn

(from lori)
 
Back
Top