none
Strange behavior by systems with VSTO RRS feed

  • Question

  • We have a strange behavior on our Windows 7 systems since a recent patch for VSTO (10.0.30319.01).  Every system that has this installed has had a problem with McAfee HIPS and network traffic. Obviously when I think about network traffic this update does not seem like something that might impact the behavior of the network, but as far as we can tell we were fine before this update, and after this update we had problems. 

    Is there anything about this update that might impact how systems talk on the network?

    Where can I find a list of updated files for this update?

    The following information is ancillary to this question and is provided in the event that there does appear to be a correlation. 

    Symptoms:

    Prior to this update we would use NESSUS to scan our network and never experience a problem. About the time that this update was deployed, workstations with this update started tripping port security on our Cisco switches when scanned by NESSUS.  Only systems with this update have ever tripper port security in this manner. We were able to determine through packet captures that the MAC addresses in the packet capture were reversed for a very small subset of ICMP packets that appear to be triggered by the NESSUS scan. We are able to resolve this issue by making minor temporary adjustments to the HIPS firewall. Specifically disabling and re-enabling the McAfee HIPS firewall appears to be all that is needed to correct this issue.

    Though I understand that this forum is not for support of McAfee HIPs, all of our systems run McAfee HIPS, and only those with the VSTO version noted above demonstrate this issue. About 1% of our systems have this problem. The other 99% are not impacted but do not have VSTO...

    I also realize that this might be a coincidence. Just trying to eliminate one possibility.

    Tuesday, October 21, 2014 7:09 PM

All replies

  • Hello,

    Why do you think the issue is related to VSTO?

    Do you have any specific VSTO based add-in installed on the affected machines? If so, may be some assemblies conflict with an antivirus installed? Does it make sense?

    Tuesday, October 21, 2014 7:38 PM
  • My only reason for looking at VSTO is because every system that had it has a problem and every system that does not doesn't have the problem.  The date when this patch went in corresponds to when our problem started.

    I am not a developer. Just an admin. How can I get a list of assemblies associated with this patch so that I can look for over lap?

    Tuesday, October 21, 2014 7:45 PM
  • Hi Oldguard,

    Based on the description, there are some issues you got after install the new version of VSTO runtime. To confirm these issues was caused by this update, I suggest that you uninstall it to see whether this issues still exsits.

    >>How can I get a list of assemblies associated with this patch so that I can look for over lap?<<

    As far as I know, there is no document to describe the assemblies associate with VSTO patch. However we can download the latest version from link below:
    Visual Studio 2010 Tools for Office Runtime

    Hope it is helpful.

    Best regards

    Fei


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, October 22, 2014 6:58 AM
    Moderator
  • Removal does not help... On shared assemblies, I am not sure removal would actually remove updated shared components. My experience is that uninstall is not often as clean as install... We will be engaging McAfee on this issue as well.
    Friday, October 24, 2014 4:17 PM
  • Hi OldGuard,

    Have you fixed this issue now? Did you have any response from McAfee?

    Regards & Fei


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, November 6, 2014 9:45 AM
    Moderator
  • Nope. We have removed the systems from the network because we cannot isolate the issue.
    Thursday, November 6, 2014 12:53 PM
  • We have noted that in some cases making minor adjustments to the HIPS firewall does not fix the issue.
    Thursday, November 6, 2014 12:55 PM