4 Replies Latest reply on Feb 17, 2009 2:38 PM by brentil

    Problems with Buffer Overflow Protection on a University network

      Hello,

      I've searched through the forums here looking for a possible resolution to a problem I'm having with VirusScan Enterprise 8.0.0 -- without much luck. Please excuse me if my question below has been covered already.

      Specifically, I work at a radio station that relies on the I.T. infrastructure of the University we reside on. I have a Henry Matchbox AES-USB device that allows my studio's audio board console to interface directly with my computer workstation via USB.

      However, I've determined that random disconnections between these two devices is due to the Buffer Overflow Protection feature in McAfee's VirusScan Enterprise 8.0.0. When Buffer Overflow Protection is "Disabled," there is no problem at all, and I'm able to smoothly interface audio between my computer and the console. However, when "Enabled" the connection frequently experiences interruptions (and the system randomly plays the connect/disconnect chime you hear when you plug in a USB device).

      The manufacturer of the AES-USB device has also told me that the Buffer Overflow Protection feature is likely the source of this problem.

      I contacted the University I.T. department, and they disabled the Buffer Overflow Protection feature on my machine -- but I've noticed that it automatically turns itself back on after a period of time (usually within a day). So the problem is persisting. Both IT and I suspect that this is occuring due to the fact that I am using a corporate version of VirusScan that is set to default back to the Buffer Overflow Protection setting of "Enabled" (since this is the default setting for all user machines on our network).

      Thus, I'm not sure how to resolve this problem. If I were to create exclusions in the Buffer Overflow Protection window: a.) I'm not sure the changes would stay permanent, and b.) I would not know which services to exclude (perhaps the audio program I use the most with my USB-AES, which is the Adobe Audition audio program?). I have 16 Patch Versions of McAfee's VirusScan Enterprise 8.0.0 -- which seems to be the most available.

      My question is: Is there a way that I.T. can permanently disable Buffer Overflow Protection OR permanently set exclusions for my computer alone, without it also effecting every other computer within the IT network (which is the entire university). Our I.T. Dept is not sure how to do this.

      Your help would be greatly appreciated!

      Specifics about my version of VirusScan and my computer's system info are below.

      Thanks!

      - Stephen W.

      VirusScan Enterprise 8.0.0 (ver. 8.0i)
      License Type: licensed
      Buffer Overflow Protection Definitions: 131
      Virus Definitions: 5520
      Created On: February 8 2009
      Scan Engine: 5300
      Number of virus signatures in extra driver: None
      Names of viruses that extra driver can detect: None
      Patch Versions: 16

      OS Name Microsoft Windows XP Professional
      Version 5.1.2600 Service Pack 2 Build 2600
      OS Manufacturer Microsoft Corporation
      System Name KLDURST-XP
      System Manufacturer Gateway
      System Model E-6100
      System Type X86-based PC
      Processor x86 Family 15 Model 3 Stepping 4 GenuineIntel ~2992 Mhz
      Processor x86 Family 15 Model 3 Stepping 4 GenuineIntel ~2992 Mhz
      BIOS Version/Date Intel Corp. BZ87510A.15A.0114.P13.0404211705, 4/21/2004
      SMBIOS Version 2.3
      Windows Directory C:\WINDOWS
      System Directory C:\WINDOWS\system32
      Boot Device \Device\HarddiskVolume1
      Locale United States
      Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
      User Name UMES\sawilliams2
      Time Zone Eastern Standard Time
      Total Physical Memory 2,560.00 MB
      Available Physical Memory 1.31 GB
      Total Virtual Memory 2.00 GB
      Available Virtual Memory 1.96 GB
      Page File Space 6.35 GB
      Page File C:\pagefile.sys
        • 1. RE: Problems with Buffer Overflow Protection on a University network
          Laszlo G
          It looks like your computer is managed by an ePO server, that can make your changes beeing reverted back if made directly on the computer instead of through the ePO.

          If the IT people are making changes through ePO they should not have any problem with it
          • 2. Thanks!
            Thanks so much, ulyses31. I will let our IT department know about this! I'll post here again if this was successful or not. Appreciate your help!
            • 3. USB still disconnecting at random
              Hi,

              I just wanted to follow-up on my earlier post. Our IT department permanently turned off the Buffer Overflow Protection feature on my particular computer. However, the problem I described earlier regarding the random USB disconnections is persisting -- making me wonder if VirusScan is even the problem at all.

              I've Google-searched this topic for several months and tried everything I can think of to resolve this problem, including unchecking the Power Management options on the USB Root hubs in Device Manager. I'm even using a powered USB Hub, in case the device connecting to my computer is seeking more power than the computer can supply (thus causing the disconnections to occur).

              While the powered hub has reduced the frequency of the disconnections, they still occur enough to making using the device with any regularity difficult. I have noticed that it takes about 3 hours before the problem really starts to manifest itself, so I suppose that's progress at least.

              Does anyone think that VirusScan might the culprit here (e.g. blocked ports, scanning activity, etc.) or am I barking up the wrong tree? Thanks for your advice.

              Stephen
              • 4. RE: USB still disconnecting at random
                brentil
                You could always try disabling the VirusScan to see if it works or not. Have the IT staff help you completely disable it to test with it off.