Access to this path or file is denied

I have been using ipscan.exe for years.  It's a great little tool that will list everything on a network, including switches, hubs, printers, workstations, etc.  Recently I have been unable to access the program.  I get the message Access to the specified path or file is denied.  The banner at the top of the window that pops up giving the message lists the path of the file, for example c:\windows\system32\ipscan.exe.   I normally run this from a Windows 2000 workstation, but I am getting this message from all the workstations (Windows XP Pro) and servers (Windows 2000 and 2003 server).  Is there any way of telling when access is deined, why access is denied?   That would be a big help?
jvanderwAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

johnb6767Commented:
RegMon for Windows v7.04
http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx

FileMon for Windows v7.04
http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx

Set the filter at the top to highlight "access denied", and and try and recreate the errors....Then go to these and look for the red, and it will tell you where the permissions are shot....

Or even use the new and improved utility form Sysinternals, that contains them both....

Process Monitor v1.22
http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx
0
xunrage_Commented:
It is included in the antivirus/antispyware database. Probably the antivirus/antispyware block its execution.
0
JohnjcesCommented:
I concur with xunrage_.

Our AV, Symantec Endpoint Protection, marks it as a hacking tool and will not allow it to be run and has on occasion removed it.

We had to white list as a good program.

What AV are you using?

John
0
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

jjthomas3Commented:
Another [less likely] possibility is that your Network Administrators have set a group policy object banning the use of the program. Our corporate LAN/WAN uses GPO (Group Policy Objects) to ban the use of programs such as NC.EXE (Net Cat) and other suspect programs used by hackers (and legit users alike).

If Symantec (if you're running it)  is the root cause you should see the program in the "Quarantined Files" view by double-clicking on the SAV shield in the task bar, then expanding the "VIEW" node, and then clicking on "Quarantine", if you see ipscan.exe listed.....then that would be the issue.

If it is a group policy object you would run GPEDIT.MSC from the Run box (START --> RUN). Once inside the Group Policy Editor (GPEDIT.MSC) you would expand "Windows Settings" then "Security Settings" then "Software Restriction Policies" and finally highlight "Additional Rules".  If you see IPSCAN.EXE or its path listed here then your issue is GPO.

[lastly and least likely] Also you might check the Windows Firewall as well, software restrictions can also be set by the Windows firewall.
0
jjthomas3Commented:
Oh, on a side note....were you running the program from a remote share or is the file installed on every machine from which you access has been denied to the path /file ?
0
jvanderwAuthor Commented:
jjthomas3, I am "trying" to run this on several machines.  It doesnt require an installation, it is a simple .exe program.  Before  the problem I could laundh te program from any location.  I would launch from \windows\system32\   no problems.  No, can't launch from anywhere.  
I want to find out what is causing the no access, then act on that.  I think I will be successful trying
the utilites and suggestions above.  Thanks
                                     
0
jvanderwAuthor Commented:
jjthomas3, I am "trying" to run this on several machines.  It doesnt require an installation, it is a simple .exe program.  Before  the problem I could laundh te program from any location.  I would launch from \windows\system32\   no problems.  No, can't launch from anywhere.  
I want to find out what is causing the no access, then act on that.  I think I will be successful trying
the utilites and suggestions above.  Thanks
                                     
0
jvanderwAuthor Commented:
Johnjces; What AV are you using?
I am using Symantec Endpoint protection,  version 11.01.  I just upgraded from Symantec Enterprise security AV system version 10.01.  Version 11.01 is a huge change.  This version has a complely different look and feel, no more Symantec System Center Console.  No there is a Symantec Endpoint Protection Manager.  It's a completely different interface.  it's lost some of it's edge.  It may have expanded on it's capabilities, but the look and feel of the manager is horrible.  
So, in answer to your question, it's Symantec Endpoint protection version 11.01.  Version 10. was much better IMHO.


0
JohnjcesCommented:
jvanderw

I too am using the Endpoint protection version 11. I concur about your feelings with Endpoint Protection manager. It is a resource hog! I want safety and some of our users have to wait 20 minutes after booting to effectively use their PCs as I have a "brief" scan at startup set. The AV server we have set up for EPP will use 100% CPU when a new update comes in as it massages it and readies it to be sent to the clients.

Anyway, I had to specifically allow ipscan.exe. we use it all the time. Great tool! I guess it's pretty good for hackers as well.

There is a place under your console, err.. Endpoint Protection Manager, where you can white list it. It took a few times, boots, before I could use it even though I forced an update.

Version 10 was good. But, I think 11 is better in its "sniffing" abilities. We really got hammered in October when we had 10 and it should of heuristically found this virus which was a rewrite or repackage of a known virus. AVG Fre was the first to point us in the right direction.

Anyway, I'll bet that EPP is blocking the file. It did me for some time till I figured out where to whitelist files!

John
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jvanderwAuthor Commented:
You were right on target with this.  Why does it take several boots to get this thing to finally take?  
So, it was great hearing from someone else who uses this EPP.  My first instinct was to roll back the v10, but ultimatly I choose to stick with v11.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities

From novice to tech pro — start learning today.