Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

MBSA 2.0 and xp sp2 firewall

23 views
Skip to first unread message

dnews

unread,
Jul 11, 2005, 10:23:35 AM7/11/05
to
Hello,

When i try to scan remote xp sp2 computer it's fail with a message about
firewall then i read the faq about MBSA 2.0 and i find this
" The use of DCOM for remote scanning through Windows Firewall on all
versions of Windows XP may require a post-SP2 hotfix as described in
Microsoft Knowledgebase article 895200, "Availability of the Windows XP COM+
Hotfix Rollup Package 9"."
Must i do install this patch to scan remote xp sp2 computer with mbsa 2.0.
When i stop the firewall service on remote xp sp2, the scan works fine.


Rob Wickham [msft]

unread,
Jul 11, 2005, 1:26:23 PM7/11/05
to
We recommend using a personal firewall for the obvious protection it can
provide, but if you cannot install the COM+ hotfix, you can also create an
exception for the program / service "dllhost.exe" that should allow the scan
to succeed. Other programs running inside the dllhost.exe service may not
receive "full" protection. If you are attempting to perform a remote scan
with MBSA, it would appear that you have a local network and you could check
to see if you have another edge firewall providing basic protection (such as
a router that connects your network to your ISP or the Internet.)

--
Rob Wickham [msft]
This posting is provided "as is" with no warranties, and confers no rights.
"dnews" <lya...@lamine.com> wrote in message
news:uApJhQih...@TK2MSFTNGP09.phx.gbl...

JayB

unread,
Jul 11, 2005, 7:03:01 PM7/11/05
to
I also seem to be having this problem with scanning through Windows Firewall
with MBSA 2 so I want to make sure I'm clear on the options. Does the COM+
hotfix rollup resolve this issue and allow the scan to work using dynamic
endpoints, or does it still require a fixed endpoint and a corresponding
firewall exception? We alsready have the Remote Admin. exception configured
via Group Policy. Also, is that hotfix rollup available for download
anywhere or do i have to contact PSS?

Thanks.
-Jay

Rob Wickham [msft]

unread,
Jul 12, 2005, 1:41:24 PM7/12/05
to
The hotfix is needed by contacting PSS unless you make the dllhost.exe
process an exception on the firewall. Otherwise, with the hotfix you would
need to map a custom port as an exception and map it to the COM+ endpoint as
described in the MBSA 2.0 FAQ. This can also be done via Group Policy, but
the remote admin exception should also be a viable alternative once the
hotfix is installed.

--
Rob Wickham [msft]
This posting is provided "as is" with no warranties, and confers no rights.

"JayB" <Ja...@discussions.microsoft.com> wrote in message
news:DF62E890-290E-497F...@microsoft.com...

John

unread,
Jul 12, 2005, 4:09:33 PM7/12/05
to
What is the correct syntax for adding the dllhost.exe program
exception?

C:\WINDOWS\SYSTEM32\dllhost.exe has a colon in it already. This screws
up the definition of the policy.

Can anyone help?

JayB

unread,
Jul 12, 2005, 5:23:06 PM7/12/05
to
Use a variable- like %windir%\system32\dllhost.exe.
-Jay
0 new messages