Skip to Content.

cat-users - [cat-users] SEP problem update

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


[cat-users] SEP problem update


Chronological Thread 
    < Chronological >      < Thread >
  • From: Tomasz Wolniewicz <twoln AT umk.pl>
  • To: Mischa Diehm <mischa.diehm AT unibas.ch>
  • Cc: "'cat-users AT geant.net'" <cat-users AT geant.net>
  • Subject: [cat-users] SEP problem update
  • Date: Tue, 20 Aug 2013 11:11:12 +0200
  • List-archive: <https://mail.geant.net/mailman/private/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Hi,
I would like to summarize some findings regarding the Symantec Enterprise Protection problem. I have heard that Symantec technical support tried to explain the problem, but rather obviously missed the point. Therefore I have created a test scenario so that people will be able to test things by themselves and possibly poke Symantec some more.

The problem is that you cannot install a wireless profile using the netsh command if this is called from the NSIS installer.
To limit the complexity, I have created a really simple test, which you can download from:
http://cat.eduroam.pl/tmw/SEP_test.zip

Inside this zip you will find three files cmd_start.exe, cmd_start.NSI and wlan_prof.xml

cmd_start.NSI is the source used by NSIS to generate cmd_start.exe, so that you can see what is inside and generate your own copy if you like.

cmd_start.exe does nothing except to start a cmd window. From this window you can then try to add the provided test profile by:
netsh wlan add profile filename="wlan_prof.xml"
This profile adds a network called SEP_test, so it will not break any of your other settings.

If you run cmd_start.exe on a 64-bit machine protected by SEP then you will most likely get a SEP warning first but if you decide to run it anyway, you will observe that the cmd window is running with a SEP icon displayed in your taskbar. Already this shows that SEP is running this in some protected environment. If you try to add the profile with netsh you will most likely see:

Profile format error 0x80420011:
The network connection profile is corrupted.

Of course there is nothing wrong with this profile, the message is just misleading.
To confirm that things are OK, just start a cmd window in a normal way and repeat the command, you will see that all goes fine.
One additional interesting observation is that you can use the "broken" window do delete any profile you have, for instance:
netsh wlan delete profile SEP_test
SEP does not protect your system from this, just blocks adding profiles.

If you do the same on a 32 system, then all runs just fine, also you do not see the SEP icon in the taksbar.

I hope this helps.

Tomasz

--
Tomasz Wolniewicz

twoln AT umk.pl
http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576




  • [cat-users] SEP problem update, Tomasz Wolniewicz, 08/20/2013

Archive powered by MHonArc 2.6.19.

Top of Page