close

Endpoint Security Bucuresti

Posted by Deepak Kumar | Posted in , , , , | Posted on 20-01-2011 8
As a Proactive DBA, you must monitor All SQL Server errors having severity level between 17 to 25. Any errors from level 20 to 25 are serious in nature however for 17 to 19 a DBA involvement is required for resolution. Here is self explanatory MS description of error levels, steps to get automatic alert as soon as any of error occurs and list of error messages. 17 Insufficient ResourcesThese messages indicate that the statement caused SQL Server to run out of resources or have exceeded limit set by the database administrator. 18 Nonfatal Internal Error DetectedThese messages indicate that there is some type of internal software problem, but the statement finishes, and the connection to SQL Server is maintained. 19 Error in ResourceThese messages indicate that some non configurable internal limit has been exceeded and the current batch process is terminated. 20 SQL Error in Current Process These messages indicate that a statement has encountered a problem. Because the problem hasaffected only the current process, it is unlikely that the database itself has been damaged. 21 SQL Fatal Error in Database dbid ProcessesThese messages indicate that you have encountered a problem that affects all processes in the current database; however, it is unlikely that the database itself has been damaged. 22 SQL Fatal Error Table Integrity SuspectThese messages indicate that the table or index specified in the message has been damaged by a software or hardware problem. 23 SQL Fatal Error: Database Integrity SuspectThese messages indicate that the integrity of the entire database is in question because of a hardware or software problem. 24,25 Hardware ErrorThese messages indicate some type of media failure. The system administrator might have to reload the database. It might also be necessary to call your hardware vendor. T-SQL example to create a new Alert for Severity Level 17, including sending email response to Operator named as ‘SQLAdmin’. This code can be used to createalerts for remaining severity levels till 25. USE [msdb] GO EXEC msdb.dbo.sp_add_alert @name=N'Sev17', @message_id=0, @severity=17, @enabled=1, @delay_between_responses=600, @include_event_description_in=0, @job_id=N'00000000-0000-0000-0000-000000000000' GO EXEC msdb.dbo.sp_add_notification @alert_name=N'Sev17', @operator_name=N'SQLAdmin', @notification_method = 1 GO     As an alternative, you may use SSMS to create SQL Alerts. Expend SQL Server Agent, Go to Alerts, right click & choose ‘New Alert’. the following window will appear:   SQL Server 2008 Contains 294 events/messages having severity level grater than 16(SQL 2005 contains only 230). You may find the list using following T-SQL SELECT severity,message_id,is_event_logged, [Text] FROM sys.messages WHERE language_id = 1033 and severity>=17 ORDER BY severity desc, message_id asc     severity message_id is_event_logged Text 24 823 1 The operating system returned error %ls to SQLServer during a %S_MSG at offset %#016I64x in file ‘%ls’. Additional messages in the SQL Server error log and system event log may provide more detail. This is a severe system-level error condition that threatens database integrity and must be corrected immediately. Complete a full database consistency check (DBCC CHECKDB). This error can be caused by many factors; for more information, see SQL Server Books Online. 24 824 1 SQL Server detected a logical consistency-based I/O error: %ls. It occurred during a %S_MSG of page %S_PGID in database ID %d at offset %#016I64x in file ‘%ls’.  Additional messages in the SQL Server error log or system event log may provide more detail. This is a severe error condition that threatens database integrity and must be corrected immediately. Complete a full database consistency check (DBCC CHECKDB). This error can be caused by many factors; for more information, see SQL Server Books Online. 24 832 1 A page that should have been constant has changed(expected checksum: %08x, actual checksum: %08x, database %d, file ‘%ls’, page %S_PGID). This usually indicates a memory failure or other hardware or OS corruption. 24 1459 1 An error occurred while accessing the database mirroring metadata. Drop mirroring (ALTER DATABASE database_name SET PARTNER OFF) and reconfigure it. 24 3628 1 The Database Engine received a floating point exception from the operating system while processing a user request. Try the transaction again. If the problem persists, contact your system administrator. 24 5125 0 File ‘%ls’ appears to have been truncated by the operating system.  Expected size is %I64d KB but actual size is %I64d KB. 24 5159 0 Operating system error %.*ls on file “%.*ls” during %ls. 24 9015 1 The log record at LSN %S_LSN is corrupted.  24 14265 1 The MSSQLServer service terminated unexpectedly. Check the SQL Server error log and Windows System and Application event logs for possible causes. 24 17405 1 An image corruption/hotpatch detectedwhile reporting exceptional situation. This may be a sign of a hardware problem. Check SQLDUMPER_ERRORLOG.log for details. 23 211 1 Possible schema corruption. Run DBCC CHECKCATALOG. 23 1457 1 Synchronization of the mirror database, ‘%.*ls’, was interrupted, leaving the database in an inconsistent state. The ALTER DATABASE command failed. Ensure that the principal database, if available, is back up and online, and then reconnect the mirror server instance and allow the mirror database to finish synchronizing. 23 3864 1 Could not find an entry for index with ID %d on object with ID %d in database with ID %d. Possible schema corruption. Run DBCC CHECKDB. 23 5511 0 FILESTREAM’s file system log record ‘%.*ls’ under log folder ‘%.*ls’ is corrupted. 23 5533 0 The FILESTREAM file system log record that has the LSN ‘%d:%d:%d’ is missing. Log folder ‘%.*ls’ is corrupted. Restore the database from a backup. 23 5534 0 SQL log record at LSN ‘%d:%d:%d’ for database ‘%.*ls’ is corrupted.  Databasecannot recover. 23 5535 0 FILESTREAM data container ‘%.*ls’ is corrupted.  Database cannot recover. 23 5536 0 FILESTREAM deleted folder ‘%.*ls’ is corrupted.  Database cannot recover. 23 5571 0 Internal FILESTREAM error: failed to access the garbage collection table. 23 5572 0 Internal FILESTREAM error: failed to perform a filesystem operation because of a potential corruption. 23 8440 1 The conversation group exists, but no queue exists.  Possible database corruption.  Run DBCC CHECKDB. 23 8443 1 The conversation with ID ‘%.*ls’ and initiator: %d references a missing conversation group ‘%.*ls’. Run DBCC CHECKDB to analyze and repair the database. 23 8444 1 The service queue structure is inconsistent.  Possible database corruption.  Run DBCC CHECKDB. 23 8461 1 An internal service broker error detected.  Possible database corruption.  Run DBCC CHECKDB. 23 9100 1 Possible index corruption detected. Run DBCC CHECKDB. 23 9657 1 The structure of the Service Broker transmission work-table intempdb is incorrect or corrupt. This indicates possible database corruption or hardware problems. Check the SQL Server error log and the Windows event logs for information on possible hardware problems. Restart SQL Server to rebuild tempdb. 22 669 0 The row object is inconsistent. Please rerun the query. 22 683 0 An internal error occurred while trying to convert between variable-length and fixed-length decimal formats.  Run DBCC CHECKDB to check for any database corruption. 22 684 0 An internal error occurred while attempting to convert between compressed and uncompressed storage formats.  Run DBCC CHECKDB to check for any corruption. 22 685 0 An internal error occurred while attempting to retrieve a backpointer for a heap forwarded record. 22 913 1 Could not find data

I recently bumped into an interesting case when dealing with a web page blocked by BitDefender antivirus. If page is unsafe or blocked by system administrator, your browser will show a page like this:

As shown on the screenshot, the page being blocked is a version . Since I am not happy with this page being blocked, I’d like to find a solution on how to overcome this problem. And the logical step would be to try out another http client like a . For those who is not familiar with wget, it is a must have HTTP client from GNU/Linux world and can be dowloaded for Windows from here:

OK, let’s do wget and …

As you can see, wget works! Well, obviously the only difference between wget and chrome.exe is the binary name, since both are a valid HTTP clients. If Bitdefender is doing the filtering based on names of binaries, we can try to “forbid” wget by renaming it to chrome.exe and see if it fails with the same url. So, I rename wget.exe to chrome.exe and try again:

… and renaming wget.exe to chrome.exe made the Bitdefender blocking the page: 403 Blocked by Bitdefender. Now, it also means that doing reverse and renaming your chrome.exe (or any well-know browser like firefox.exe or opera.exe) to wget.exe or something.exe will allow you to bypass Bitdefender content checking policy and escape from being blocked.

This is not really a bug of Bitdefender, rather a poor design of the overall solution. I can’t really imagine that renaming binary name may allow you to escape from being monitored. I wonder, what are the other corner cases out there hidden in the code?

You can’t really find a good excuse for this bug because detecting browsers is not a rocket science. You may populate list of Add/Remove programs and check InstallLocation property and then check it when program executes, you may also detect which certificate is used to sign binary and see that it’s signed by Google or Mozilla or MS, or whatever. If you are lazy you may just build a predefine set of pathes (C:\Program Files\Firefox\*) and check all binaries from these paths. All these solutions have disadvantages and advantages but they are still a way better than just doing a check by process name.

I know that in modern IT Engineering world there is always a balance between “doing it quick and covering the marked before the competitor” and making it stable & solid. I just don’t understand why small things which can lead to a big consequences are not taken into account by a big software production companies which definitely have more resources than startups to make things right.


endpoint security devices     endpoint security cloud

TAGS

CATEGORIES