By Max Ranzau
From the Crush, Kill & Destroy Dept. This is an aricle about using RES Automation Manager to defeat a live virus infection and cleaning up the colatteral damage afterwards, in case you’re dealing with many computers. With the help of others, I’ve put together a solution, as well as providing some valuable generic takeaways, like how to change special permissions in the registry and how to use the Windows PendingFileRenameOperations queue from within Automation Manager.
<<< Click here to read the article.
From the spring cleaning dept. Ever got frustrated with having a Global Authorized File list which is a mile long? Been wanting to break down your appguard and read-only blanketing security into more manageable chunks? Then this article is for you. It will show you a very slick way of organizing security authorizations using blank/empty applications as placeholders and how you can easily move security settings inbetween them. Note the moving is a PowerFuse 2010 feature.
The article contains a nice buildingblock for you to try out also.
Click here to view the RG026 article.
Here’s a bit of info which may come in handy for those of you who spend a lot of time cloning machines and contemplating using Wisdom to manage the clones. As you may know, there are 3 methods in RES Wisdom for identifying the agent:
- Using the WUID option
- The MAC address of the first NIC and
- 3) a combo of the computername and domain name.
In an environment where cloning is performed, using option 1 is not recommended as it may lead you to agents disapearing from the Wisdom console. This is due to the fact that the WUID is written into the HKLM portion of the registry, hence it will be part of the image. This is why we usually recommend either using MAC address or domain+computername as the Agent identification method here
When you uninstall the Wisdom Agent, it’s a quite clean operation. However the WUID value will remain on the target machine when you uninstall it. Although this is per design, it may have some unforseen consequences if you are in the middle of building your clone template. Hence it would be nice to know what to clean out in order to forget the Wisdom agent has ever touched a machine.
The registry keys you are looking for are:
If you need to clean out the Wisdom agent completely, make sure you delete both the WUID keys.
Update: August 24th 2010 – This topic has been integrated into Technote RG028.
A technote was published in the technote library in late March. This one will help you clean up any embarrasing log entries, which you need to clean out for one reason or another. Suppose you are running PowerTrace with WebTrace enabled in your environment and you or somebody else manage to surf to a webpage which everybody just rather forget about, then you need to find a way to surgically remove the skeletons from the closet, as you may want to retain the remainer of your PowerTrace logs.
In order to do this, you need to have the proper credentials for the PowerFuse datastore.
The article available here, will show you how to deal with this problem. A nifty buildingblock for Wisdom has also been included in the article.
A brand new article has been posted to the Technote Library. This time we’re diving into the PowerTrace tables. Being new to PowerFuse, some will be inclined to switch on everything, including PowerTrace turned to the Maxx, resulting in a potentially very unwanted huge heap of logdata and perhaps even a slow performing DBMS too.
This article explains how to both cure that situation if things have gone megabad, but also how to prevent it from happening in the future.
Click here to read the full article.
This technote and associated Wisdom BuildingBlock is inspired by a public posting at the RES Forum, specifically on how to access certain elements of the PowerFuse datastore. Now, before we proceed let’s get one thing straight. If you start messing around with your datastore on your own, the key operating phrase here is: ON YOUR OWN, i.e. don’t go crying to RES Support if you screw up and haven’t backed up your database. Responsible admins only, capice?
Right - with that being clear, what’s all this about then? Well, one of the things which would be very usefull would be having the ability to clear individual logfiles. Let’s say for example that you want to keep your AppGuard log, but want to flush the IP-security log, perhaps because you configured it to learning mode, and you’re now swamped with a bunch of useless log entries and you want to blow those out and start over. Unfortunatly it’s not currently possible through the GUI to delete individual logs. So, with the help of a nifty SQL statement this is possible.
The technote wil demonstrate how you can clear out specific logs, without having to clear all logs at once. A Wisdom Buildingblock has been created to help get it right. Resguru.com will assume absolutely NO responsibility nor liability from the result of utilizing anything published in this article, or anything else on this blog for that matter.
With all said and done, click the brick to read the article: