Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

• 7 bit - 8 bit Conversions
• A Word or Phrase in the file search Not Working on XP
• Add item to right-click menu of My Computer
• Altiris Problem
• Archived Foreign Help Files
• Arm Architecture
• ASCII Chart
• Assigning Certificates to WB EXEs
• Autoit vs WinBatch
• Automating Disk Administrator
• Batch Graphics Conversion
• Binary and Logical Operators Explained
• Binary versus Logical Operators
• Bitwise Anding Explained
• Check Whether Long File Names Okay
• Console Applications with Winbatch
• Controlling Winamp Remotely
• Create Exchange account
• Create User Profile
• CSA Error in compiled Winbatch Scripts
• Currently Logged on User on Specified Machine
• Cute BAT file trick to embed WinBatch code in a DOS BAT file
• Date format of Last Scandisk and Defrag
• dbfFormatToTextConverter.wbt
• Dealing with Multiple Monitors
• Deleting File or Directory that Contains a Percent Sign
• DFS Mappings
• Digital Signature
• Directory Limits
• Disable Menus in File Browser
• Disappearing Error Messages
• DNS aliases
• EBCDIC To ASCII
• ENUM counting structure
• Exact Line Number of Error Reported
• Examples of Bitwise And Or Operators
• EXE Refuses to Run
• F-prot exe Errorlevel Strangeness Workaround
• File Comparison Utilities
• Help File Find Aborts with Unable to Display Find Tab 177
• How to Drag and Drop a file onto a Icon
• How to Get FaxWorks to Wait for Fax Finish
• How to use a WM_USER command in a SendMessage
• HTML COLOR LIST
• HTML Dialog Extender No Longer Supported
• If Versus Switch
• Infrared Ports
• INI File Limitations
• Innoculan Virus Scanner and EXEs
• Interacting with MS Exchange
• Issue with Downloaded CHM files
• Less than and Greater than Operator Problems
• Logical And with FileExist Statement
• Long Filenames in Root Directory
• MacAfee Scannow
• Mailto and ShellExecute
• Max Path in WinBatch
• McAfee virus scanner problem
• Message Boxes are Off the Screen
• Missing DEFAULT.WBT file when using Win31 Secrets Disk
• Modal Dialog Freezes Script
• MS Office Setup and Installation
• Multi-Threaded WinBatch Scripts
• Multiple FileExist Test
• Multiple Threads in WinBatch
• Netscape and Disk Cache not getting Flushed
• Office 2007 and WinTitle
• Open file - Security Warning when Running Script
• Performance Monitoring and WinBatch
• Please Wait. WinBatch Processing .... Message
• PostGreSQL Tips
• Previously documented commands
• Problem with IntControl 57
• Producing Barcodes
• Product Download Issues
• Query a DHCP Server
• Reading MP3s ID3 Tags
• Registry OCX
• Remote CD-ROM Detection
• Retrieving SNMP from an Agent
• Revision to Shammas Book Page 182
• Run McAfee VirusScan ASAP
• Scan Disk Restarting - Some Possibilities
• Scramble UnScramble Function
• Scriptit is a Compiled Winbatch EXE
• SCSI Commands
• Search for entry in Hosts file
• Shift Operators
• Shutting down Win 3.1
• Simple Fax Program
• Simplified Extender SDK from User
• SMS Interactive Service
• Snapshot and BMP to JPG Converter
• Spaces in Filenames
• SpecialHTMLCharacters
• Superceded Version Notice Outdated Version Warning
• TaskManager with No Title Bar Issue
• Textract - Grab Information from the Screen
• Ultraedit Wordfile Maker
• Unable to display the Find tab 177
• Unable to Run WinBatch Scrip
• Unblock a file
• UNC Universal Naming Convention
• USB Support in WinBatch
• User comments on WinBatch
• Using Notepad under NT3.51-4 converts text files to Unicode
• VB constants in WIL equivalence
• VCheck Proxy Password Prompt
• Volume Shadow Copy Service
• Warning Notice for Game Players
• Ways Winbatch Can Communicate with Other Applications
• Webboard and Opera Browser
• WIL File Handles Left Open on a Share
• Wildcard Masks
• Wildcarding with FileItemize and DirItemize
• WinBatch and Windows CE
• WinBatch as the Foreground Application
• WinBatch Ascii Codes
• WinBatch Falsely Flagged as a Virus
• Winbatch File Extensions
• WinBatch Helpfile Problems
• WinBatch on Mutliple Core CPU
• Winbatch Running in Disconnected Citrix Session
• Winbatch versus Windows Scripting Host
• WinBatch Versus WSH
• Winbatch vs Java
• Windows 2000 Compatiblity
• Windows 2000 Task Scheduler Problem
• Windows PE
• WinPe ADSi Support
• Wrapper for Office Products Issue
• Wrong WinVersion Reported

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

CSA Error in compiled Winbatch Scripts

---

Question:

All the workstations in our company is protected by the Cisco Security Agent (CSA)application against malicious codes/applications.

When running a compiled Winbatch script, this CSA blocks the application from running and the system returns a "Batch Initialization Error, Error #998".

The CSA agent log entry for this error is "[Csamanager]: Event: The process 'F:\Apps\Tracker\FiservTracker.Exe' (as user D8NP0021\csr22) attempted to call the function LoadLibraryA("kernel32") from a buffer (the return address was 0x1c0d5c13). The code at this address is '0d1c8b1d c8570d1c e8820800 0050ff13 8d959efe ffff89c6 89c3b8be 580d1c8b' This either happens when a process uses self-modifying code or when a process has been subverted by a buffer overflow attack. The operation was denied."

This error happens to all compiled Winbatch scripts, unless an exception rule in CSA is made for that particular application.

Does anyone know of any fix to this problem?

Answer:

I suspect the Cisco Security Agent is being overly cautious and is misdiagnosing what is going on.

Years ago many of the anti-virus vendors had some issues with WinBatch, but it seems they refined their algorithms and now realize similar operations are not really an issue.

Apparently Cisco is not yet familiar with WinBatch.

WinBatch itself does not have self-modifying code and a buffer is not involved with the LoadLibraryA function at that point.

I would suspect you would have to contact Cisco about this and ask them.

Note: There is a chance that CSA is griping about activities that occur as a result of using compressed DLL and/or EXE files. NeoLite compression was removed from the compiled EXE files, but it was still present on the WIL run-time DLLs and extender DLLs for quite some period of time. The Neolite decompression code does do some stuff that may freak out some AV packages.

WinBatch 2005E Nolonger uses any compression. You might try updating to see if that resolves the issue.

---

Article ID:   W17039

File Created: 2007:07:03:14:27:48

Last Updated: 2007:07:03:14:27:48