toad 10.1.1.8

FYI–I put in a help desk with our security folks about this and got this reply:

“I actually did that this morning because there were like 40 alerts saying that toad.exe was a virus. We’ll know better tomorrow if it helps because sometimes it takes awhile for the new policies to go out.”

Looks promising. Will update tomorrow.

  • Pete J.

Queries run when you connect. Lots of them actually, depending on your settings.

Excellent, let us know.

I, for one, am curious why McAfee would be interrogating Toad now where they didn’t before. I can’t think of what we may have added that would flag it. Back in earlier versions of Delphi there was a worm which could alter the system source unit files of Delphi applications, causing the exe to appear as having a virus. And I think back then that some anti-virus programs simply flagged Delphi applications as viruses because of that potential - actualized or not. But I thought we were past all that with subsequent releases of Delphi/Toad/Anti-virus apps.

So I wonder if there is something about the exe now which McAfee doesn’t like. There are a lot more knowledgeable people than I on this board on this subject, maybe they’ll ring in. But I can’t think of anything that we added specifically.

I also have the slow to open drag. Nothing appears for quite sometime and I
eventually learned it was loading (even though you could not see anything) and I
stopped opening a ton of sessions.

Darlene R. Ulmet

Financial Analyst II

Decision Support Services

Baylor Health Care System

Phone: (214) 820-1936

Fax: (214)820-8284

Email: Darlene.Ulmet@BaylorHealth.edu

One thing that more and more AV programs are doing is something called
“predictive” or “preventive” heuristics – just a
fancy way to say they watch application behavior for things that seem unusual
and flag them as viruses. This is meant to catch stuff before they actually can
produce a virus signature file update for new stuff found. And example is an exe
that creates another 3exe or load something to run in memory other than itself
to run – and many other such things.

I wonder if our exe compressor is being the issue. What I mean is as AV programs
try harder and harder to catch anything they can – especially with the
predictive or preventative stuff –maybe the expand an exe on the fly has
fallen into the suspect category?

Just thinking out load. Maybe the exe compressor (if that’s the issue) is
something we just don’t need anymore ???

SUCCESS! It turns out to be a conflict with McAfee. I opened Toad 10.1 this morning after our security person whitelisted it with McAfee (see my other posting where she stated that McAfee had over 40 virus warnings with Toad) in a record 13 seconds from click to connect window!

I then opened my other apps and tried a second Toad session which promptly came up in 9 seconds.

My exact steps to solve this performance problem with Toad 10.1:

  1. Had our security admin whitelist Toad in McAfee.
  2. At her suggestion, I rebooted the PC at the end of the day, leaving my profile logged out.
  3. Again at her suggestion, I allowed the overnight hours for the new policies to be pushed out. She said it takes several hours sometimes for these changes to take effect.

Mark, I think Bert is right. I seem to have read something along that line recently where AV companies can’t write new virus signatures fast enough to keep up with the onslaught of new viruses so they are looking for certain key behaviors that might indicate a threat. What those are for Toad though I have no idea.

Thanks everyone for your help. Toad has the best support I’ve seen for any software product.

HTH–

  • Pete J.

Hi Pete,

Is there any other way round this?

The powers that be at Stockport wont allow us to whitelist software.

Thanks

Alison

Guessing they won’t let you un-install your virus software either…

Yes, that was a joke.

Hello Alison–Seriously? I have to wonder if this decision is from a manager or from a security expert, because it is a grossly misinformed.

As I’m sure you know, software can only do so much. It depends on humans to provide settings to better guide its behavior to suit the needs of the enterprise. Certainly they allow changes to settings of other software like Oracle Database? If so, why not AV software?

I’m no expert on AV, but since this appears to be the problem and hence the solution, the only other solution I can think of is to turn off your AV. I’m guessing that is worse than whitelisting, so perhaps educating them as to exactly what whitelisting means and why they will probably be running into more and more problems as AV’s switch to monitoring behaviors rather than signatures. Time to update the policy maybe?

I don’t mean to sound sarcastic; I’m sure it’s not your fault. Maybe you can come back in a week and ask for a “settings change” to your AV to allow Toad 10 to run unhindered. :wink:

  • Pete J.

I gave up on McAfee as it kept eating my disk space and resources. When I
built/rebuilt my PCs I set up AVG as my AntiVirus solution and its firewall, the
whole bit, bought on my own dime. I’m the admin for my PCs since I have to
care for my own PCs as our techs are afraid of my PCs and/or me. Also gave
Acrobat Reader the heave-ho at rebuild time.

My Toad Suite is happy, I’m happy and AVG seems to be doing its job just
fine since my November 2009 Win7 64bit rebuild.

I have had to explain my AntiV and PDF reader choices to a couple of managers
but they had seen my PC running slow and crashing at least daily before I made
the changes as part of my most recent rebuild. The prior rebuild to their specs
crashed and burned in less than 6 months.

They also know my Ubuntu laptop gets same abuse and keeps rolling along but are
not keen on me changing OS on my PC…yet J .

Deborah M Flad, DBA
Office: 302.633.2694 Emergencies: 302.528.3652
“Please consider your environmental responsibility before printing this e-mail”
image002.png

On Thu, 2010-02-18 at 18:49 +0000, Pete wrote:

Hello Alison--Seriously? I have to wonder if this decision is from a manager or from a security expert, because it is a grossly misinformed.

As I'm sure you know, software can only do so much. It depends on humans to provide settings to better guide its behavior to suit the needs of the enterprise. Certainly they allow changes to settings of other software like Oracle Database? If so, why not AV software?

I'm no expert on AV, but since this appears to be the problem and hence the solution, the only other solution I can think of is to turn off your AV. I'm guessing that is worse than whitelisting, so perhaps educating them as to exactly what whitelisting means and why they will probably be running into more and more problems as AV's switch to monitoring behaviors rather than signatures. Time to update the policy maybe?

I don't mean to sound sarcastic; I'm sure it's not your fault. Maybe you can come back in a week and ask for a "settings change" to your AV to allow Toad 10 to run unhindered. :wink:

I'm not the OP but I can see their reasoning. They're putting security
over convenience. This isn't tweaking a setting. This is "can you swear
this can never become infected." Usually the only things whitelisted are
things that are so low level, the very act of scanning/protecting them
causes the system to malfunction.

Joseph Charpak
jcharpak@worldnet.att.net