McAfee 8.7i, Error = 0×7d1 : The specified driver is invalid

In McAfee 8.7i, there is an issue where the McAfee Shield disabled itself and refused to start.

In event viewer I get two errors, the first:
—————————————————————————————————————–

Log Name: Application
Source: McLogEvent
Date: xxxxxxxxxxx
Event ID: 5004
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: xxxxxxxx
Description:
Could not contact Filter Driver.
Error = 0×7d1 : The specified driver is invalid.
—————————————————————————————————————–

the second event shows McAfee started successfully:
—————————————————————————————————————–

Event ID: 5000

McShield service started.
Engine version : 5300.2777
DAT version : 5399.0000

Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None
—————————————————————————————————————–

This issue is caused by a bad value in the registry. This error also prevents repairing the application and will generate an Error 1920: Service McAfee McShield (McShield) failed to start.

The fix to this issue is to modify several registry keys:

1. run REGEDIT
2. Navigate to HKLM\System\CurrentControlSet\Services\[mfebopk, mfeapfk, mfeavfk]
3. Modify the ImagePath to be the full path to the driver– for example change:
“system32\drivers\mfebopk.sys” to “C:\Windows\System32\Drivers\mfebopk.sys”
4. The service should now start. Alternately you can goto add remove programs and run a repair which should also fix this issue.

Feel free to add comments for others encountering this issue.

One-time passwords on Cisco routers

One-time passwords on Cisco routers

Cisco routers preconfigured for SDM have default username/password cisco/cisco. As many users forget to disable or change the default username after configuring their router with SDM, they could end up with an exposed router.

Cisco has patched this vulnerability in IOS release 12.4(11)T that includes the one-time password/secret option of the username command, allowing you to define a username/password combination that can be used only once.
For example, the username cisco one-time secret cisco would define the default username that can be used only for single access to the router. After the first login, the username disappears from the running configuration and thus cannot be reused.

There are, however, two caveats associated with this feature:

* If you log into the router using any other username, the one-time username remains valid (it’s not removed on the first successful login to the box, which would make more sense in the SDM context);
* The one-time username is removed only from the running configuration, if you don’t save the new configuration to the NVRAM, the username will reappear after the router reload.

Your Cisco Router as DHCP / DNS Server

If you want to use your router as a DHCP server. Than should you do the following thing.

no ip dhcp use vrf connected
ip dhcp excluded-address 1
!
ip dhcp pool CLIENT
import all
network
default-router
dns-server
domain-name .local
lease 32
!
ip domain name .local
ip domain-lookup
ip name-server 208.67.222.222 ( or your provider dns addresses )
ip name-server 208.67.220.220 ( or your provider dns addresses )
!
ip inspect name dns
!
ip dns server

End result could be done with a ping.
example i did a ping to www.google.com

Banaan-877#ping www.google.com
Translating “www.google.com”…domain server (208.67.222.222)

Translating “www.google.com”…domain server (208.67.222.222) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.69.34.231, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms

Cisco SSL VPN Configuration ( easy / simple example )

Currently I’m busy to find out how to optimize a Cisco SSL VPN Configuration. First I needed to know how I should configure my router. I knew some former colleagues made such configuration for a customer which I knew that worked.

So now I’m posting one of my own. Which I now can use easier during my work.

interface Loopback252
description Cisco SSL VPN Client for WebVPN
ip address < loopback addres / subnetmask >
ip flow ingress
ip route-cache same-interface
ip route-cache policy

ip local pool ILP_WVPN_CLIENT < dhcp pool for the ssl vpn client >

webvpn gateway WVG_WEBVPN
ip address < external router ip address > port 443
http-redirect port 80
ssl trustpoint < your certificate >
inservice
!
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
webvpn context webvpn
title “Site Title”
logo file flash://webvpn/Logo file.jpg or .gif
color Black
secondary-color Black
title-color Black
ssl authenticate verify all
!
url-list “URL_<name>”
!
nbns-list “NBL_<name>”
nbns-server < your dns server > master
nbns-server < your second dns server > timeout 10 retries 5
login-message “< Sign in message >”
!
policy group PGR_WEBVPN
url-list “URL_<name>”
nbns-list “NBL_<name>”
functions svc-enabled
banner “< you welcome banner text>”
hide-url-bar
svc address-pool “ILP_WVPN_CLIENT”
svc default-domain “<your domain name>”
svc keep-client-installed
svc split dns “< your domain name> “
svc split include < internal LAN addres / subnet addres>
svc dns-server primary < your dns server >

svc dns-server secondary < your secondary dns server >
svc wins-server primary < your wins server >
svc wins-server secondary < your secondary wins server >
default-group-policy PGR_WEBVPN
aaa authentication list WVPN
gateway WVG_WEBVPN domain webvpn
logging enable
inservice

ip http server
ip http secure-server

and if you use IPS signatures you should deny the inspect on you vpn traffic!

Configuration Example Wireless for a Cisco Router 87xW

Below I put an example configuration of enabling the Wireless functionality of the Cisco Router Series 870W.
This configuration is easier than what your options are in the webinterface. And now you can disable also the ip http server on the router with no ip http server.

dot11 syslog
!
dot11 ssid EXAMPLE
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii EXAMPLE

interface Dot11Radio0
description Radio Interface
no ip address
no ip route-cache cef
no ip route-cache

encryption mode ciphers tkip

ssid EXAMPLE

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country NL both
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

bridge irb
bridge 1 protocol ieee
bridge 1 route ip

interface Vlan1
no description LAN ( Description )
no  ip address < IP Address > < Subnet>
no  ip nat inside
no  ip virtual-reassembly
no  ip route-cache same-interface
no  ip route-cache policy
no  ip route-cache flow
no  hold-queue 100 in
no  hold-queue 100 out
no ip address
no ip proxy-arp
bridge-group 1

interface bvi1
description LAN ( Description )
ip address < IP Address > < Subnet>
ip nat inside
no shutdown
ip virtual-reassembly
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
hold-queue 100 in
hold-queue 100 out