Friday 14 October 2016

Trend Micro OfficeScan ANOMALY: use of REX.w is meaningless - SOLUTION(not quite)


As described here, our Windows 10 "Anniversary Update" (aka "Redstone) machines suffer from a minor flaw:

C:\Users\reischle>nslookup www.areresearch.net
[0x7FF898F370E3] ANOMALY: use of REX.w is meaningless (default operand size is 64)

[some output removed]

Nicht autorisierende Antwort:
Name:    ghs.l.google.com
Addresses:  2a00:1450:4001:819::2013
          172.217.21.243
Aliases:  www.areresearch.net
          ghs.google.com

Reader "seno" commented, that TrendMicro sends out a patch on request.
After a few minutes with TrendMicro's support, they sent me a download link for the patch.

The patch goes by the name: "osce_11_sp1_win_en_hfb6178.exe".

The next day the colleague in charge of the server sent me this disappointing screenshot:

Tough luck for non-English installations
I should have guessed that from the "_en_" in the file name.
So I went back to TrendMicro's OfficeScan support and complained. They told me that their developers were working on a German version of the hotfix and that they'd let me know when it is available.

If you have an English installation, you should be fine with this patch.
Edit 20161018:
Got a German patch now, too. Works fine.

Tuesday 11 October 2016

Poor man's FPV: CX10W and Cardboard

Flying FPV on a shoestring budget

I can see myself!

Over the time I have acquired quite a few microdrones. But none of that enabled me to fly FPV. (FPV = First Person View). Although the CX-10W should do the trick, flying with an app, I was never quite happy with it.

Here is the VIDEO on both the build and flight.

There's an app for that

I discovered that there is an alternative to the IOS app recommended by cheerson. It looks like it is from the same makers, but has some extra features. - Like 3D view. Well... not really, if you have one camera. But it gives you two images to view through a "google cardboard" compatible viewer.
WiFi FPV from the AppStore (free)
There are several "FPV" apps on the appstore. The one you're looking for goes by the name "WiFi FPV" and is from "Le Wei Technology". 
2D-View -> change to 3d

3d view

App control sucks

While that is all well and good, I don't like controlling the CX-10W with the app, which doesn't work anyway with the phone a few cms in front of your eyes. But I still have the remote control of my CX-10A, which is compatible with the CX-10W.
The CX-10W can be controlled by all newer CX-10 series remotes

To the workbench!

Apart from that, I need some duck tape, three safety pins and the head band from a broken LED head lamp to make my well used google cardboard clone wearable. I had these for quite a while and they are not available any more. These are probably an OK replacement. And they already come with a strap.
This pic is missing the remote control
I attached the safety pins to the goggles, so I can remove and adjust the strap.
Pins atached. Now the strap.
Tooo easy....

Here's how to set things up

  • Switch on the drone
  • Connect phone to the drone's WiFi AP
  • Start the WiFi FPV app
  • switch to 3d-view
  • (if you want to record your flight, hit the camera button now)
  • insert phone into 3d-goggles
  • turn on remote control
  • pair with drone

And you're good to go!

Outside

There was a very slight wind from NE and the temperature was around 10C, which already affects the battery capacity. Still, I got a few minutes of flight out of the CX-10W.
You will look stupid, too with a cardboard box
in front of your face. Do we care?
I did not find flying easy. Despite the fact that I do hold a sport pilot's license and should not easily be confused by a couple of turns, I lost track of the drone very quickly. I had the feeling that I lost the video stream very often, but it did not look so bad on the recording.
Although the grass was freshly cut, it was hard to locate the tiny drone when it crashed.

Bottom line

A project that didn't cost me anything, didn't take long and was a lot of fun.
Things probably would be easier if he drone held it's hight. The newer model with a barometric pressure sensor for automatic "height hold" is only a little more expensive. I don't have one, but if I had to buy one, I'd go for the CX-10WD in the version with the remote control.


Parts list:

Wednesday 5 October 2016

Trend micro officescan and Cisco Anyconnect: Profile settings require a single local user

Too many local users

One of our Surface Pro users was unable to connect to our Vpn with his Cisco Anyconnect (3.1.10010) client.
The message was clear: He was not alone on his machine and blocking such a machine makes sense (e.g. in a terminal server environment).



The message in the ASA's log was:
Group <XXXX> User <XXXX> IP <XXX.XXX.XXX.XXX> SVC Message: 16/ERROR: Profile settings require a single local user but multiple local users are logged in..

The error message on the client was:
AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer.  A VPN connection will not be established.

The task manager's "Users" tab did not show any additional users on his machine.
But there was one additional session visible in the command shell:


C:\Users\YYY>query session
SITZUNGSNAME   BENUTZERNAME          ID  STATUS  TYP         GERÄT
services                              0  Getr.
                                      1  Inakt.
>console     YYYY                     4  Aktiv
rdp-tcp                           65536  Abhör.


C:\Users\YYY>

Power of the shell!

The inactive "Session 1" should not be there.
To find out more about it, we need PowerShell:

PS C:\Users\YYY>  Get-Process | Where SessionId -eq 1

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id  SI ProcessName
-------  ------    -----      ----- -----   ------     --  -- -----------
    372      10     1544      10456 ...00            5312   1 csrss
    314      46    13420       4288   193     3,63   9208   1 PccNTMon


Virus scanner troubles...

The user could not kill any of there processes in the task manager. But PccNTMon is part of Trend Micro' Office scan.


So we disabled that. The processes and both the processes and the session disappeared.

Anyconnect then connected without problems. - Ok as a one-time workaround, but not acceptable as a permanent solution.