Over 1 million tech questions and answers.

Microsoft Advance Threat Analytic gateway service not working

Q: Microsoft Advance Threat Analytic gateway service not working

Microsoft ATA Gateway fails to sync with the ATA center. on checking the logs following are the Microsoft ATA gateway logs
2016-01-09 00:46:34.2982 2752 12 59166ce0-2508-400e-adc8-2545e2c76123 Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__25] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=atatest.com]
---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<TryCreateLdapConnectionAsync>d__24.MoveNext()
2016-01-09 00:46:34.3139 2752 5 00000000-0000-0000-0000-000000000000 Error [KeyedObjectPool`2] Microsoft.Tri.Infrastructure.ContractException: Contract exception
at Microsoft.Tri.Infrastructure.Utils.KeyedObjectPool`2..ctor(IReadOnlyCollection`1 keysToItems, Int32 maxSize, CancellationToken cancellationToken, Action`1 itemRemovedCallback)
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
at Microsoft.Tri.Infrastructure.Framework.Module.Start()
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnStart()
at Microsoft.Tri.Infrastructure.Framework.Module.Start()
at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

2016-01-09 01:58:43.4482 1468 7 183d118d-9606-401f-bb9f-d68d3630fd8e Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__25] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=atatest.com]
---> System.DirectoryServices.Protocols.LdapException: A local error occurred.
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<TryCreateLdapConnectionAsync>d__24.MoveNext()
2016-01-09 01:58:43.4638 1468 5 00000000-0000-0000-0000-000000000000 Error [KeyedObjectPool`2] Microsoft.Tri.Infrastructure.ContractException: Contract exception
at Microsoft.Tri.Infrastructure.Utils.KeyedObjectPool`2..ctor(IReadOnlyCollection`1 keysToItems, Int32 maxSize, CancellationToken cancellationToken, Action`1 itemRemovedCallback)
at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
at Microsoft.Tri.Infrastructure.Framework.Module.Start()
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnStart()
at Microsoft.Tri.Infrastructure.Framework.Module.Start()
at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)


The gateway and center are configured on window server 2012 r2 on hyper v. "atatest.com" is my DC How to fix this LDAP error
and local error?

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Microsoft Advance Threat Analytic gateway service not working

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 92

Microsoft Advanced Threat Analytics Center and gateway service not starting.
Windows could not start the Microsoft Advanced Threat Analytics Center and gateway service on the local computer
Showing error 1067: The process terminated unexpectedly.

Read other answers
RELEVANCY SCORE 92

We are getting below error on Lightweight Gateway server repeatedly. Can anyone help on this?
Log Name:      System
Source:        Service Control Manager
Date:          7/30/2020 4:38:56 AM
Event ID:      7031
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Server.domain.net
Description:
The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Read other answers
RELEVANCY SCORE 92

The ATA Gateway service keep restating and i get the following in the log:
2015-05-12 10:24:48.8296 1340 5   28ddf5ea-a0e2-4f69-9d2e-2c8b6a0d3a10 Debug [DirectoryServicesClient] Starting

2015-05-12 10:24:49.0640 1340 14  28ddf5ea-a0e2-4f69-9d2e-2c8b6a0d3a10 Warn  [DirectoryServicesClient] LDAP search failed [DomainControllerDnsName=XXX.dk BaseDistinguishedName=CN=Sites,CN=Configuration,DC=XXX,DC=dk Scope=Subtree Filter=(&(objectClass=server)(dnsHostName=XXX.dk))
AttributeNames=canonicalName objectClass whenCreated displayName distinguishedName objectGUID isDeleted name objectSID whenChanged dnsHostName serverReference Options=NoResultsWarning]

2015-05-12 10:24:49.0640 1340 5   00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient]  System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
   at Microsoft.Common.Framework.Module.Start()
   at Microsoft.Common.Framework.ModuleManager.OnStart()
   at Microsoft.Common.Framework.Service.<>c__DisplayClass2.<OnStart>b__0()
   at Microsoft.Common.Utils.ExceptionHandler.<>c__DisplayClass1.<Run>b__0()
   at Microsoft.Common.Utils.ExceptionHandler.Run[TResult](Func`1 function, Boolean shouldRethrow)

A:The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly

oh have forgot to put the intire FQDN name of the Domain Controller i was monitoring in the
Port Mirrored Domain Controllers (FQDN) 

Read other 2 answers
RELEVANCY SCORE 91.2

Hi all,
We're trying to build a Microsoft ATA lab (Version 1.4.2457.4623) in our environment. We have follow the guideline from Technet and we found out after our installation the Microsoft ATA services was unable to start. Below is
the error show on log file.

2015-09-11 02:33:30.3302 2936 5   fccebc4e-d3b1-4199-8725-04a17f352fa0 Error [DirectoryServicesClient] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=enfraad01.enfrasys.com] ---> System.DirectoryServices.Protocols.LdapException:
The supplied credential is invalid.
The services was set to run as local system. I've try to put my domain admin credential but still no luck.

Any help would be very appreciated.

Thanks in advanced.

Read other answers
RELEVANCY SCORE 78.8

We have a VMware Enterprise environment.
I have tested Microsoft ATA and it works perfectly well with Port Mirroring but for that we may have to choose Enterprise Plus.
Question:
With our existing infrastructure, will the Microsoft ATA solution work if I configure both the DC and the Gateway in (Promiscuous Port Group)?
If yes is it supported by Microsoft?
I would appreciate the answer if someone has implemented the solution first hand or knows about a reliable article/source.
For simplicity please assume the unknowns, thank you for your help.

Read other answers
RELEVANCY SCORE 73.2

Hello. I install Microsoft ATA Console and Microsoft ATA Gateway on fresh 2012R2 server with all updates preinstalled.
Here settings



Here errors
Microsoft.Tri.Gateway-Resolution

2015-10-29 02:44:56.9991 2460 5 00000000-0000-0000-0000-000000000000 Debug [NetworkNameResolver] Initialized
2015-10-29 02:44:57.0181 2460 5 00000000-0000-0000-0000-000000000000 Debug [DirectoryServicesClient] Initialized
2015-10-29 02:44:57.0341 2460 5 00000000-0000-0000-0000-000000000000 Debug [DirectoryServicesResolver] Initialized
2015-10-29 02:44:57.0511 2460 5 00000000-0000-0000-0000-000000000000 Debug [EntityResolver] Initialized
2015-10-29 02:44:58.4401 2460 5 11ab8557-9725-452e-a456-582d511db311 Debug [NetworkNameResolver] Starting
2015-10-29 02:44:58.5181 2460 5 11ab8557-9725-452e-a456-582d511db311 Debug [NetworkNameResolver] Started
2015-10-29 02:44:58.5181 2460 5 11ab8557-9725-452e-a456-582d511db311 Debug [DirectoryServicesClient] Starting
2015-10-29 02:44:58.5971 2460 5 11ab8557-9725-452e-a456-582d511db311 Error [DirectoryServicesClient] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=dc1.domail.local] ---> System.DirectoryServices.Protocols.LdapException: ????????? ????????? ??????.
? System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
? Microsoft.Tri.Gateway.Resolution.DirectoryServicesC... Read more

Read other answers
RELEVANCY SCORE 73.2

Hello,
I am doing a laboratory with microsoft ATA and I got a question, how many DC or File Servers can attach to one Gateway?
Thanks.

Read other answers
RELEVANCY SCORE 73.2

Hello,
I am doing a laboratory with microsoft ATA and I got a question, how many DC or File Servers can attach to one Gateway?
Thanks.

Read other answers
RELEVANCY SCORE 72.4

Hello,
I'am trying to install Microsoft ATA in a Vmware ESXi 5.5
environment.
My test lab contains 2DC (2008R2), 1 Microsoft ATA Center Server (2012 R2) and 1 Microsoft ATA Gateway server (2012 R2). The
Center server has been successfully installed.
Now I'am stuck on the gateway installation. My windows 2012R2 server has all the last microsoft updates. When I valid the installation
(after the path, autosigned certificate and credentials options) the setup crash with the following problem signature  :
Microsoft Advanced Threat Analytics Gateway has stopped working :
Problem Event Name : CLR20r3

Application Name : Microsoft ATA Gateway Setup.exe

Application Version : 1.4.2457.4623

Application Timestamp : 548629eb

Fault Module Name : mscorlib

Fault Module Version : 4.0.30319.34014

Fault Module Timestamp : 52e0b679

Exception offset : 451e

Problem Signature : Ce

Problem Signature : System.IO.FileNotFoundException

OS Version : 6.3.9600.2.0.0.272.7

Locale ID : 1036

In the Application logs, I have two errors related to this crash : 
- .Net Runtime events 1026, Framework v4.0.30319, System.IO.FileNotFoundException, Microsoft.Tri.Deployement.UI.Application.BootstrapperApplication.....
- Application error events 1000, Microsoft ATA Gateway Setup.exe, version 1.4.2457.4623, fault module KERNELBASE.dll

Any help would be very appreciated.
Thanks in advanced.
 

Read other answers
RELEVANCY SCORE 70.8

Hi
We have ATA deployed as follow:
Version 1.9.7478.57683 latest
on Hyper-V VM both host and guest are W2K12R2 with latest update and patches installed

on server manager page Microsoft Start ATA Gateway Keep showing start pending and when i check Event viewer it shows at system section error 7031
The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly.  It has done this 256 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
we used lightweight gateways deployment on 4 Domain Controllers all are same version witch is 1.9.7478.57683 service status showing running and they are fine
at C:\Program Files\Microsoft Advanced Threat Analytics\Center\Logs logs hsow as follow :
Microsoft.Tri.Center-Errors
2019-04-14 09:26:29.3902 2540 433 Error [ExceptionFilterStream] System.IO.IOException ---> System.Net.HttpListenerException: An operation was attempted on a nonexistent network connection
   at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at Microsoft.Owin.Host.HttpListener.RequestProcessing.ExceptionFilterStream.Write(Byte[] buffer, Int32 offset, Int32 count)
   --- End of inner exception stack trace ---
   at Microsoft.Owin.Host.HttpListener.RequestProcessing.ExceptionFilterStream.Write(Byte[] buffer, Int32 offset, Int32 count)
   at async Microsoft.Tri.Common.Management.AppBuilderExtension.<>c... Read more

Read other answers
RELEVANCY SCORE 68.8

Hello, 

after 3 re'installation,  I am not able to start Microsoft Advanced Threat Analytics Center service., i have the following
error from my log file :

System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:27017


The MongoDB service est running, but the ATA center service does not work, i have uninstalled completely the ATA center and reinstalled all gateways, but a few minutes later, i have the same issue and from the web console, the configuration regarding ATA
center disppears ... 
i have the last version 1.8 update 1
do you have any idea ? 
thank you in advance

Read other answers
RELEVANCY SCORE 68.8

We added a third VNIC to our instance inside a UCS chassis. I'm beginning to think that our DC Ops guys may not have shut down the server gracefully. Upon restart the service would not start.
The Microsoft.Tri.Center-Errors.log repeats the same error over and over:

2017-04-18 10:54:24.9832 5008 5   00000000-0000-0000-0000-000000000000 Error [DateTimeParse] System.FormatException: String was not recognized as a valid DateTime.
   at System.DateTimeParse.ParseExact(String s, String format, DateTimeFormatInfo dtfi, DateTimeStyles style)
   at Microsoft.Tri.Center.Common.TimedBloomFilter`1.Load(String path)
   at Microsoft.Tri.Center.Processing.NetworkActivityProcessor.<OnInitializeAsync>d__35.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.ModuleManager.&l... Read more

Read other answers
RELEVANCY SCORE 68.8

Microsoft is working on Windows Defender Advanced Threat Protection, a new service aimed at enterprises for detecting and responding to advanced attacks.The client piece of the service will be built into Windows 10, and will be available soon to Windows Insiders as part of a "Redstone" preview test build, officials said.Microsoft already offers an antivirus service called Windows Defender. It originally was a free download for Windows XP, and is currently built into Windows 10.Source: http://www.zdnet.com/article/microsoft-unveils-new-windows-10-threat-protection-service/

A:"Microsoft unveils new Windows 10 threat protection service", via ZDNet

Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.

Source.
 
Greets!

Read other 8 answers
RELEVANCY SCORE 68

Hello,
I am trying to setup ATA and the server that we are installing the ATA Center on has a system log filled with these messages:
"The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 274 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service."
There does not seem to be anything else in the event logs that indicate why this is happening.  This is a Windows Server 2012 R2 machine that was freshly installed.
Any thoughts on what I can do to troubleshoot this?
Thanks,
Matt

Read other answers
RELEVANCY SCORE 68

after upgrade to 1.7 Microsoft Advanced Threat Analytics Center service won't start,
we get error
event id 7031

The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 12950 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
need help.

Read other answers
RELEVANCY SCORE 67.2

Hello, the other day I looked at my Event Viewer, which I usually look at every week or so. However, it's been a while since I have and I usually only look at the Windows Logs section and only the Application, Security & System ones.

When I did look at it the other day, I found this one error (Store Licensing, Event ID: 512) that keeps occurring, but found that it's not a critical error, tried this site and many others, but it still occurs, but since it's not critical, I'll live with it.

The problem now is that I only exported the key for the Microsoft-Windows-DxpTaskRingtone/Analytic and not the whole registry (stupid, yeah I know). Plus, I was trying to do other things at the same time when deleting it, so now I have a new error, which is that the registry key that was below it in RegEdit is missing. Since I was not paying attention, I accidentally deleted this key instead of the one I meant to and didn't realize it until later.

That key is the Microsoft-Windows-DxpTaskSyncProvider/Analytic and the exact message is the "The specified channel could not be found. Check channel configuration."

So what I'm after is if somebody could look in their registry and give me the values I need to recreate that key or tell me where to find these? I tried to undelete it in RegEdit, but no luck. I'm assuming it too is not a critical error, but I'd still like to recreate it.

My system:
- Gateway DX4375G
- AMD A6 5200 APU with Radeon Graphics HD 8400
- 6GB RAM
- Window ... Read more

Read other answers
RELEVANCY SCORE 67.2

Hi,
I'm running MS ATA 1.9.7312.32791 and haven't had any issues for close to two years.
I noticed yesterday that I didn't receive my daily emails from MS ATA so this morning I checked the ATA server and my event log is full of this message:
The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
I went and checked the log files and in the Errors log file I see this message logged over and over:
Error [CertificateExtension] Microsoft.Tri.Infrastructure.Utils.ExtendedException: There are no matching certificates [StoreLocation=LocalMachine StoreName=My thumbprint=660CXXXXXX]
So I checked the certificates on the server and I can't find a certificate with the thumbprint of 660CXXXXXX.
If I look in MMC I do see the certificate for the server and it has shows that it was recently renewed (probably automatically thru Active directory)
I can't access the ATA website on the server to specify the new certificate.
How can I fix this?  Do I need to re-install ATA.  If I re-install will I lose all the information that has already been collected?
Thanks in advance,
Nick

Read other answers
RELEVANCY SCORE 63.6

Does ATA support Tripwire for syslog alerting. If Tripwire support CEF format, i guess this will be compatible, but please confirm Microsoft. Finally Does ATA only needs the following Windows events to be read by the ATA lightweight : 4776, 4732, 4733,
4728, 4729, 4756, 4757

Do we need to add any other services like file server, database server, application server to be monitored by ATA lightweight gateway? I noticed this from the ATA Architecture diagram

Read other answers
RELEVANCY SCORE 62

Hi There,

After making the changes as per below url, I am not able to start Microsoft Advanced Threat Analytics Center service.
https://technet.microsoft.com/en-us/library/mt348975.aspx

Log file says "Illegal characters in path."
Cheers,
Narayan

Read other answers
RELEVANCY SCORE 56.4

I've installed the Microsoft ATA Gateway on a dedicated server in a lab environment. The gateway shows a status of "Stopped" in the ATA Console configuration tab. On the ATA Gateway itself, the Microsoft Advanced Threat Analytics Gateway service
will not start. I keep getting the following error: "Windows could not start the Microsoft Advanced Threat Analytics Gateway service on Local Computer. Error 1067: The process terminated unexpectedly."
I get an Event ID 7031 error in the windows service logs that says: "The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service". The service continually fails to start.
I'm not sure if this is related, but I also get the following error in the Microsoft.Tri.Gateway-Errors Log: "Error [AsyncResult]System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from
the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message."

I'm using Windows Server 2012 R2. The Gateway is installed as a stand alone server with port mirroring configured for the capture NIC.

Read other answers
RELEVANCY SCORE 55.6

I received an error in that ATA console stating that one of my lightweight gateways is no longer communicating.  I've seen this error before, and in the past I connected to the DC in question and restarted the Gateway services, and this resolved the
issue.  However in this particular case, the Gateway service will not start.  When attempting to start the service I get the following error.
Windows could not start the Microsoft Advance Threat Analytics Gateway service on Local Computer.

Error 1067: The process terminated unexpectedly.
I checked the Microsoft.Tri.Gateway.log and Microsoft.Tri.Gateway-Errors.log, I see the following error in both:
2017-02-01 14:20:02.7833 8864 5 00000000-0000-0000-0000-000000000000 Error [ServiceChannel] System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Cannot process request because the process (3024) has exited. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.InvalidOperationException: Cannot process request because the process (3024) has exited.
at System.ServiceModel.Dispatcher.TaskMethodInvoker.InvokeEnd(Object instance, Object[]& outputs, IAsyncResult result)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeEnd(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage7(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Bo... Read more

Read other answers
RELEVANCY SCORE 54.8

I had a trojan recently and i got rid of it. there is still a problem with google chrome. Nothing loads. not even a new tab. Also theres a problem with Microsoft Security Service. its disabled. and whenever i try to enabale it an error message shows up and disappears immediatly. i also occasionally get redirects on firefox and IE.
DDS (Ver_10-12-12.02) - NTFSx86
Run by jonzo at 19:54:58.25 on 23/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3002.2178 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSRe... Read more

A:Google Chrome/microsoft security service not working

Hi,

Please do the following

Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

Read other 4 answers
RELEVANCY SCORE 54.8

I had a trojan recently and i got rid of it. Still a problem with google chrome. Nothing loads. nott even a new tab. Also theres a problem with Microsoft Security Service. its disabled. i also occasionally get redirects. i used hijackthis yesterday but my internet went down. heres the log
--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:30:59, on 21/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Program Files\Acer\WR_PopUp\ProductReg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Program Files\Acer\WR_PopUp\AcerRegTool.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\... Read more

A:Google Chrome/microsoft security service not working

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 54.4

Actually a Windows 2008 Server R2 connected to both a routed and non-routed network.  When a node on the non-routed network goes down, the server goes on a ping frenzy looking for the lost node and starts pinging through the routed network hitting our
TMG server with thousands of pings looking for the lost node.  We turned off Dos on the TMG server as it was affecting performance.

Our only solution at this point is to reboot the server and it goes away.  Nothing in the event logs to lead us to anything.  Any thoughts?

Thanks in advance

Read other answers
RELEVANCY SCORE 54.4

Ok, I'm trying to get a Windows 7 Home Premium 64-bit boot repair disk. I have all the reinstall disks to do a back to factory settings that was purchased from Gateway(Acer) but I do not have a boot repair disk to fix the "UNMOUNTABLE_BOOT_VOLUME"  on the BSOD.  I tried to contact Microsoft and provided the Product key on the laptop, but was informed that I would have to contact the manufacturer because it was a preloaded Windows 7. I think it is wrong of them not to help since it is their OS that is causing the problem. But none the less I tried contacting Gateway but after holding for an eternity and never actually getting a human only to be disconnected it is getting very frustrating!
 
  After finally figuring out how to reach the BSOD (never thought I would be glad about getting the BSOD)ha) to see the information it supplied. Then finally finding out for sure I have the 64 bit, all I need now is the Windows 7 Home Premium 64 bit, with out the Service Pack 1 attached to it. 
 
  Unless I have been misinformed on another site and I CAN use the 7 Home Premium SP1 to boot from. Will I mess up my chance of booting the laptop back to life and out of the endless loop if I use the SP1? I don't want to make matters worse since I do not think it was updated with the service pack before it got stuck looping on the Windows Error Recovery Screen. I still can not get to any files in any of the usual ways...as in F8 , Alt/F10 or any of the other way... Read more

A:Microsoft says contact Gateway, Gateway says hold... over 3hrs and counting!

You appear to have a legal product key, you can down load a copy of what you need from the site below.
 
http://superuser.com/questions/78761/where-can-i-download-windows-7-legally-from-microsoft

Read other 4 answers
RELEVANCY SCORE 54

I have a W2k Advanced server that was hacked. I have cleaned up all the trojans and updated all the patches. While I am sure I have missed some malware, my current difficulty is that the workstation service will not start. When attempting to start it, I get an error 5 access denined. It is set up to start as a system account. Any ideas on what to regedit or app to run to correct my problem? I am about to the point of low level format, but reloading everything will take days.
 

Read other answers
RELEVANCY SCORE 52.8

I upgraded my ATA environment today from 1.8 to 1.9.  After the ATA center was upgraded successfully, I pushed out the lightweight gateway and normal gateway updates.  Soon after the update, I started getting alerts from my monitoring system that
the services on both the lightweight gateways and normal gateways were constantly stopping and starting.  I tried completely removing and reinstalling one of the lightweight gateways, but the same result remained.  Nothing jumped out in any of the
logs in 'C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs'  I went through all the prerequisites and it looks like I meet them all.

Eventviewer:
Faulting application name: Microsoft.Tri.Gateway.exe, version: 1.9.7312.32791, time stamp: 0xa747e950
Faulting module name: clr.dll, version: 4.7.2117.0, time stamp: 0x59cf526c
Exception code: 0xc00000fd
Fault offset: 0x0000000000177e27
Faulting process id: 0x2464
Faulting application start time: 0x01d3c51802e52184
Faulting application path: C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Microsoft.Tri.Gateway.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 4de04b77-310b-11e8-8e49-005056990dc9

Any advice or tips other than restoring from backup?

Read other answers
RELEVANCY SCORE 52.4

...On 12 December 2006 Microsoft is planning to release:Security Updates? Five Microsoft Security Bulletins affecting Microsoft Windows. ? One Microsoft Security Bulletins affecting Microsoft Visual Studio. ? Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Non-security High Priority updates on MU, WU, WSUS and SUS? Microsoft will release four NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).? Microsoft will release 10 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released....http://www.microsoft.com/technet/security/...in/advance.mspx

A:Microsoft Security Bulletin Advance Notification (dec)

Microsoft Security Bulletin Summary for December, 2006http://www.microsoft.com/technet/security/...n/ms06-dec.mspx3 Critical:MS06-072 - Cumulative Security Update for Internet Explorer (925454)MS06-073 - Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)4 Important:MS06-074 - Vulnerability in SNMP Could Allow Remote Code Execution (926247)MS06-075 - Vulnerability in Windows Could Allow Elevation of Privilege (926255)MS06-076 - Cumulative Security Update for Outlook Express (923694)MS06-077 - Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Read other 1 answers
RELEVANCY SCORE 52.4

Microsoft To Patch Critical Holes In WindowsOffice July 7, 2005 Microsoft will post three security bulletins, two for Windows and one for Office, next week, the software giant announced on Thursday. Two of the trio will be tagged as "critical," Microsoft's most dire threat label.Full Read at InformationWeekMicrosoft Security Bulletin Advance NotificationUpdated: July 7, 2005On 12 July 2005 Microsoft is planning to release:Security Updates? 2 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these bulletin is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA). ? 1 Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for this bulletin is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA). Microsoft Windows Malicious Software Removal Tool? Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).Non-security High Priority updates on MU, WU, WSUS and SUS? Microsoft will release one NON-SECURITY High-Priority Updates for Microsoft Office on Microsoft Update (MU), and Windows... Read more

Read other answers
RELEVANCY SCORE 52

On 11 July 2006 Microsoft is planning to release:Security Updates? Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.? Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.Microsoft Windows Malicious Software Removal Tool? Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services (SUS).http://www.microsoft.com/technet/security/...in/advance.mspx

Read other answers
RELEVANCY SCORE 52

As part of a monthly patching cycle, the software maker plans to release on Tuesday a dozen security bulletins with fixes for flaws. Nine of the bulletins address problems in Windows, two relate to Office and one to the Exchange e-mail server software. At least one of the Windows and one of the Office alerts is deemed "critical,"...Additionally, the June patches will permanently alter the way Internet Explorer handles Web programs called ActiveX Controls.news.commicrosoft.com/technet

Read other answers
RELEVANCY SCORE 51.6

Hi guys,

Could anyone tell me if running only XP Service Pack 2 presents a security threat because, as it is no longer supported by Microsoft, no Automatic Updates (or Updates at all) are available.

I remember (before having to rebuild my machine) when I was running XP SP3, a lot of the updates were regarding security. I am running a fully up to date version of Norton 360 security software, will this be enough to protect me?

I can't download XP SP3 because there is no download available. There are lots of links from Microsoft pointing you to the places to get the download but once you go there, a download for a single machine isn't actually available. You then go to another place (where you can get it apparently) & another, which then take you back to the 1st... & on & on - honestly, I've tried 'em all. I tried to download the version for networked machines (at the advice of MS) but that failed.

Again, Auto-Updates aren't an option (as suggested by Microsoft) because SP2 is no longer supported.

The possibility of security risk is my concern.

Thanks,

Dan.
 

A:No XP Service Pack 3 - a Security Threat?

Read other 16 answers
RELEVANCY SCORE 51.2

Looks like a slow month, lol. 1 Critical, 4 Important, and 1 Moderate.

Microsoft Security Bulletin Advance Notification for March 2012

A Guy

A:Microsoft Security Bulletin Advance Notification for March 2012

Does a slow month a sign of malware creators and hackers slowing down?

Read other 1 answers
RELEVANCY SCORE 51.2

Tuesday, December 16, 2008 12:28 PM by MSRC TEAM
Advance Notification for December 2008 Out-of-Band Release


Hi this is Christopher Budd,
We’ve just published our Advance Notification for an out-of-band security bulletin release. We plan to release the security update tomorrow, Dec. 17, 2008 to address the vulnerability we’ve discussed in Microsoft Security Advisory 961051. Our target time, as always, is 10:00 a.m. Pacific Time. We’ll be holding two special webcasts to give you details and take your questions..................more

For full details leading to this Out-of -Band Release, please go to the following Thread in this Forum;

Vista Forums>System Security>The Microsoft Security Response Centre - new Security Advisory Released.

Read other answers
RELEVANCY SCORE 51.2

This is an advance notification of six security bulletins that Microsoft is intending to release on Tuesday June 12, 2007.
http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
 

A:Microsoft Security Bulletin Advance Notification for June 2007

Reminder!
 

Read other 1 answers
RELEVANCY SCORE 51.2

Quote:

This is an advance notification of security bulletins that Microsoft is intending to release on February 14, 2012.

This bulletin advance notification will be replaced with the February bulletin summary on February 14, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on February 15, 2012, at 11:00 AM Pacific Time (US & Canada). Register now for the February Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates.


Microsoft Security Bulletin Advance Notification for February 2012

ANS for February 2012, and some notes on SDL - MSRC - Site Home - TechNet Blogs

A:Microsoft Security Bulletin Advance Notification for February 2012

Thanks JMH for keeping us abreast of such things.

Read other 3 answers
RELEVANCY SCORE 50.8

I receive automatic notification from the MSRC for upcoming Security Bulletin releases via their Windows Live Alert Service. I subscribe to the service with two different email accounts - Windows Mail and Windows Live Mail.

This is the text content from the most recent MSRC advisory as received via Windows Mail;

.....and this is the latest text content for the same advisory as received via Windows Live Mail [Hotmail];

As is clearly obvious, the text in the latter email is quite corrupted and unreadable. Is this an email account settings problem? It's got me beat.

Incidentally, get ready for a load of Security updates, some critical, set for release Tuesday 8 June 2010 and affecting Windows, Windows Office and Internet Explorer.

A:Microsoft MSRC advance notification blog - Garbled text content?

Hi Tony, I don't use Windows live mail & not knowing anything about live this might be a stupid question "is it scanned by an email scanner"

I know email scanners can do this, but if it is not then that rules out that theory.

Read other 8 answers
RELEVANCY SCORE 50.4

Webroot is passionate about protecting businesses and consumers from cyber threats. We are the smartest and best at combating today?s most complex cybersecurity challenges and are constantly anticipating how to extend the value of our threat identification,
prediction, and remediation to the connected world.1888:479:2528

Read other answers
RELEVANCY SCORE 50.4

This  is something I have with all the computers that I have, When you go to the advance control the Treble and balance are grayed out, I have the sound drivers in and the sound works, and I like to get this fixed as the sound on this computer needs all the help it can get

Iam have a Dell latitude d630
DQDT8G1

A:Advance Not working

Hello. It is normal for the bass & treble to be grayed out on those old models. I think that eq feature was never implemented in the hardware.

Read other 5 answers
RELEVANCY SCORE 50.4

 
Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context.
We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page.

 
http://blogs.technet.com/b/msrc/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx

 

A:Microsoft Kills Public Patch Tuesday Advance Notifications; Now for Paid Members

 
...customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies. While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations.

 
What feedback did they get from their little customers?

Read other 13 answers
RELEVANCY SCORE 50

After downloading spywareblaster and spybot and then restarting my computer a warning jumped on my screen before l had an internet connection.
It was warning of a severe threat called bookedspace?

And it wanted to know if l wanted it or not and if not they would remove it.

Help.
 

A:New microsoft threat warning!!!!!!!!!

Read other 12 answers
RELEVANCY SCORE 50

Webroot is passionate about protecting businesses and consumers from cyber threats. We are the smartest and best at combating today?s most complex cybersecurity challenges and are constantly anticipating how to extend the value of our threat identification,
prediction, and remediation to the connected world.
 1:888:479:2528 

Read other answers
RELEVANCY SCORE 50

Hello,

Great site. Long time lurker, first time poster. Anyway, I'm having an issue with my Gateway to Gateway VPN connection. I have outlined the settings for both sites and I feel I should mention that this was an established connection that was working until I came in this morning. Nothing has changed (as far as I know) but for some reason I am not able to reconnect. Can you see any reason why this would be? Of course I've changed the WAN IPs and Shared Key for security purposes.

Thanks!

Daniel

Site A
Router: Cisco RSV4000
--------
Local Group Setup -
Local Security Gateway Type: IP Only
IP address: 12.34.56.78
Local Security Group Type: Subnet
IP address: 192.168.189.1
Subnet Mask: 255.255.255.0

Remote Group Setup -
Remote Security Gateway Type: IP Only
IP Address: 87.65.43.21
Remote Secutity Group: Subnet
IP Address: 192.168.190.1
Subnet: 255.255.255.0

IPSec Setup -
Keying Mode: IKE with Preshared Key

Phase 1 -
Encryption: 3DES
Authentication: MD5
Group: 768-bit
Key Lifetime: 28800

Phase 2 -
Encryption: 3DES
Authentication: MD5
Perfect Forward Secrecy: Enabled
Preshared Key: MySuperSecreateKey2012
Group: 768-bit
Key Lifetime: 3600
Site B
Router: Linksys RV082
--------
Local Group Setup -
Local Security Gateway Type: IP Only
IP address: 87.65.43.21
Local Security Group Type: Subnet
IP address: 192.168.190.0
Subnet Mask: 255.255.255.0

Remote Group Setup -
Remote Security Gateway Type: IP Only
IP Address: 12.34.56.78
Remote Secutity Group: Subnet... Read more

A:Gateway to Gateway VPN issue - Was working, isn't nownow.

Have you looked at the router logs? There should be some entry in there stating what is breaking. It might be something with the Phase 1/IKE negotiation. But you'll have to check the logs to be sure.
 

Read other 2 answers
RELEVANCY SCORE 49.6

Hi, Guys.

How to use Microsoft Advanced Threat Analytics? And it is setup? and how to address suspicious activities being detected via ATA?

Thank you.

Read other answers