Tag Archives: av

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.3 – CSP1 Build # 420827

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.3 – CSP1 Build # 420827

11.7.3 CSP1 Build # 420827 Resolves the following issues:

  • [BUG72788] Resolved issue causing the AV scanning process to crash and restart.

You can request 11.7.3 – CSP1 Build # 420827 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM Firewall UTM Device – Cannot browse some sites and logs report GAV job open failed (failed to connect to scand at scand)

Cannot browse some sites and logs report GAV job open failed (failed to connect to scand at scand)

You may find that you cannot access or browse some websites when you are using a Watchguard XTM Firewall or UTM device and the GAV (gateway antivirus) is enabled.  When you review the appliance logs you see the following event logged GAV job open failed (failed to connect to scand at scand).  In this instance the anti-virus proces or component of the XTM device has probably crashed or stopped responding.


You might be able to permantently resolve this issue by upgrading to a newer XTM OS i.e. 11.4.2 to 11.5.2 or you may simply need to apply the latest CSP release for the XTM OS build you are using i.e. 11.4.2 CSP9 (Service Pack).  Newer OS releases and Service Packs often included fixes for these sorts of GAV issue.

A workaround would be to schedule a reboot of your Watchguard XTM appliance, this will reset the GAV (gateway antivirus) and should allow pages to load correctly again.

[RESOLVED] Your computer may stop responding when you run an application, Software Firewall or anti-virus package that uses the Windows Filtering Platform API

Your computer may stop responding when you run an application, Software Firewall or anti-virus package that uses the Windows Filtering Platform API

This issue affects the following operating systems:

  • Windows 7 – Service Pack 1
  • Windows Small Business Server 2011 – Service Pack 1
  • Windows SBS 2011 – Service Pack 1
  • Windows Server 2008 R2 – Service Pack 1
  • Windows Small Business Server 2008 – Service Pack 2
  • Windows SBS 2008 – Service Pack 2
  • Windows Server 2008 – Service Pack 2
  • Windows Vista – Service Pack 2

In this situation, the computer may perform slowly or stop responding and network activity may be affected.  You find that a system restart may resolve this issue in some instances.

This issue occurs because the FwpsStreamInjectAsync0 function causes the interrupt request level (IRQL) to leak.  You can resolve the issue by updating to the latest Netio.sys driver.  The download link can be found within Microsoft KB 2664888 http://support.microsoft.com/kb/2664888


Windows Filtering Platform (WFP) General Description

Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. The WFP API allows developers to write code that interacts with the packet processing that takes place at several layers in the networking stack of the operating system. Network data can be filtered and also modified before it reaches its destination.

By providing a simpler development platform, WFP is designed to replace  previous packet filtering technologies such as Transport Driver Interface (TDI)  filters, Network Driver Interface Specification (NDIS) filters, and Winsock Layered Service Providers (LSP). Starting in Windows Server 2008 and Windows Vista, the firewall hook and the filter hook drivers  are not available; applications that were using these drivers should use WFP instead.

With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications’ use of sockets API (application-based policy). WFP also provides infrastructure for  IPsec policy management, change notifications, network diagnostics, and stateful filtering.

More info can be found here http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx


Sage Accounts and Sage Payroll – Crashing or Poor Performance

Sage Accounts and Sage Payroll are two very popular accounting products and in general work nicely on a well configured computer/network.

The most common issues that affect Sage Accounts and Payroll are listed below

  • Verify that your computer at least meets the minimum requirements to run your version of Sage Payroll or Sage Accounts (You cannot expect optimum performance from a machine that only just meets these basic requirements or that is below the outlined specs.  You might be able to upgrade the Memory in your existing machine to improve its performance or it may be time to consider a new machine)
  • Consumer Oriented Anti-Virus Products (These are usually bloated and will consume a large percentage of the system resources, the inbuilt software firewall may disrupt or interfere with the accessing of Sage Data files on other machines.  If you have a network strongly consider a corporate anti-virus product that does not bog down your machine and can be centrally configured rather than relying on each user to add exceptions for specific Sage files)
  • Accessing your Sage Data via a Wireless or VPN Connection (Both these type of connection only offer limited throughput and are prone to unexpected disconnections due to external factors, losing connection to your Sage Data whilst you are using it can result in a crash or worse still corruption. Consider having network data cabling installed or if this is not possible in your building/home then Ethernet Over the Mains may offer a suitable alternative)
  • Outdated Network Adapter Drivers (Your network adapter may have drivers installed that date back to 2005 or 2006 when you first purchased your computer, even most new computers do not have the very latest network adapter drivers installed.  Please take a look at my previous article for information on how you can find out if your network adapter driver is upto date and performing optimally)
  • Old Data Cabling and Network Hubs (Consider upgrading your internal cabling to Cat 5e or Cat 6, these both support speeds up to 1000Mbps or 1Gbps, this offers a significant boost over older 10Mbps networks.  You may also find that if your cabling is already suitable that your Network Hub or Switch is only capable of these slower speeds.  The best performance can be achieved by using a Managed Gigabit Switch, this will offer 1000Mbps to any computer/server/laptop that has a suitable network adapter installed or at least 100Mbps to those machines with older network adapters)
  • Unpatched Machine (Your desktop or server may be missing important Service Packs or updates that improve the overall responsiveness of the system or correct issues related to poor network or disk throughput.)
  • Operating System Hotfixes (Sometimes if an issue is not widely acknowledged Microsoft will release a requestable Hotfix rather than post the update to all users, this Hotfix may make it into a subsequent Service Pack but until this is released you may need to request appropriate hotfixes from Microsoft via http://support.microsoft.com )
  • Data Corruption or Repair may be required (If your data has been damaged in the past then a repair may be required to make it consistent, it is also possible that your Sage Data could be compacted to reduce the overall size and thus improve performance when accessing the data)

Hopefully you find this information useful, it does not cover all possible issues but should generally aid most Sage users.  Please always make several backups of your Sage Data before making any changes to your system or Sage.  Ideally you should make sure that at least one of these backups is to external media (USB pen, DVD/CD, External Hard Disk).