Re: odd entries in userenv.log

From: John Smith (no_at_spamplease.com)
Date: 01/09/05

• Next message: ALEX MacGILLIVRAY: "Re: Scanner & Camera Wizard"
• Previous message: Ken Blake: "Re: Can't view some web sites in IE6, WinXP Pro SP2, shows source"
• In reply to: David Candy: "Re: odd entries in userenv.log"
• Next in thread: David Candy: "Re: odd entries in userenv.log"
• Reply: David Candy: "Re: odd entries in userenv.log"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 9 Jan 2005 10:10:05 -0800

OK. This is an example of on of the entries in userenv.log:

    USERENV(354.424) 12:01:26:046 ProcessAutoexec: Cannot process
autoexec.bat.

All entries are exactly the same execpt the time stamp is different.
According to those in the know (supposedly), the "354" section of the entry
is a hex value for the PID that generated the error in the log. In my case
that PID comes back to smc.exe, which is Sygate Personall Firewall Pro.

As I posted previously, if I create an empty autoexec.bat file in the root
folder of my C:\ driver the error stops occurring. If I remove my empty
autoexec.bat file the error will again start logging in userenv.log every
few seconds. If I shut down the Sygate firewall the errors stop, even with
the autoexec.bat file still nonexistant.

I still have no idea why the firewall would be polling for the file.

"David Candy" <.> wrote in message
news:eU$jkUn9EHA.2568@TK2MSFTNGP10.phx.gbl...
Something you say is not true. What exactly I don't know. Post the
surrounding lines. But I'm out for next 3 1/2 hours (watch the sun rise at
the beach).

-- 
----------------------------------------------------------
http://www.uscricket.com
"John Smith" <no@spamplease.com> wrote in message 
news:%23TvZXEn9EHA.2452@TK2MSFTNGP14.phx.gbl...
>I actually went over to the GRC newsgroups and someone figured it out.  The
> 354 marker in the original log entries is a hex value for process the ID
> that made the entry.  On my machine that PID is for Sygate Personall
> Firewall Pro.  So it was NOT native XP components looking for the file. 
> Now
> I am curious why the hell my firewall would be polling for that file every
> few seconds.
> 

---

• Next message: ALEX MacGILLIVRAY: "Re: Scanner & Camera Wizard"
• Previous message: Ken Blake: "Re: Can't view some web sites in IE6, WinXP Pro SP2, shows source"
• In reply to: David Candy: "Re: odd entries in userenv.log"
• Next in thread: David Candy: "Re: odd entries in userenv.log"
• Reply: David Candy: "Re: odd entries in userenv.log"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Allow full port access on one IP to a sub-user ... This means that when an incoming packet hits the rule, the firewall examine ... and then having to reduce both the name obtained from the PID ... until it's destination can be verified by way of the auth demon (port 113). ... (comp.os.linux.security) Re: Norton Personal Firewall 2003 ... Most applications do not get rid of all the registry ... entries when you do an uninstall from the control panel applet. ... NPF is trying to make their firewall less ... So i'm using nav on all machines, ... (comp.security.firewalls) Bizarre firewall entries ... A few days ago I noticed some very bizarre log entries in my firewall. ... I am running a Slackware 8.0, ... 65535 ports). ... Below is a sample of the class A output reject entries from this morning. ... (comp.os.linux.security) Netscreen Malicious URL - how to? ... An example "pretend" firewall entry, ... Those entries do work for both inbound and outbound, ... external proxy server then coming back into our server. ... (comp.security.firewalls) Re: Questions on some wierd /var/log entries ... would like some input on what these entries are on about (yes, ... So port knocking is out as is moving my SSH port to ... I don't know the specifics about adding firewall rules using Suse's ... (comp.os.linux.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)