Removing Malware: Ubuntu and SCCM Endpoint Protection

I had a poor soul who was hit by encryption malware. It appears that the person was infected at home, which encrypted files on that person’s DropBox account, which where then detected by SCCM Endpoint Protection on the company laptop.

To be safe, I wanted to make sure that the point of infection was in fact that home computer, and not a work laptop. However, I didn’t want to boot Windows, just in case.

Here’s what I did:

First I downloaded and booted  copy of Ubuntu 14.04 LTS Live/Installation DVD.

Then I downloaded SCCM Endpoint Protection for Mac and Linux from the Microsoft Volume License Service Center.

(Hint: you won’t see the download separately in the product chooser. Choose the *entire* SCCM Endpoint Protection category, then it will appear as separate download)

The download will be an ISO containing the Mac and Linux clients as well as the documentation. I mounted the ISO and copied the relevant files to a flash drive (since the laptop DVD drive was in use from the Ubuntu Live DVD).

Copy scep.amd64.deb.bin (assuming you’re using 64-bit Ubuntu) from the Linux/[version] folder to the liveuser’s home directory. You will need to make the file executable by running:

chmod +x scep.amd64.deb.bin

Then extract the .deb file by running


and agreeing the license agreement.

Next, I had to futz around a bit with 32-bit compatibility. In the end, this did the trick:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install lib32z1 lib32ncurses5 lib32bz2-1.0

You can now (at last) install the Endpoint protection client by running

sudo dpkg -i scep-4.5.10.amd64.deb

Next came a quick configuration of the web interface.

sudo nano /etc/opt/microsoft/scep/scep.cfg

Edit the [wwwi] section.
Make sure you set

agent_enabled = yes
listen_addr = ""
listen_port = port_of_your_choice (i used 8443)
username = "username_of_your_choice"
password = "password_of_your_choice"

Then restart the SCCM Endpoint Daemon

sudo /etc/init.d/scep restart

Make sure you’ve mounted the infected drive. It should appear in the left Launch  bar as a hard drive icon. Click the icon to mount it.

Browse to https://localhost:8443 from that machine.
Log in with the username and password that you set in the configuration file.

Click “Control” in the top menu then “Update” in the left-hand menu. Click the “Update” button to update the definitions.

sccm linux av updateWait until it has finished updating. You can check the status by clicking “View” for the appropriate entry on that page.

Once the update is finished, click “On-Demand Scan” on the left nav bar.

Choose “In-depth Scan” from the dropdown menu.
Under “Scan Targets” enter:


Then click “Scan files”

sccm scan files

This will scan mounted drives including the mounted Windows drive.

To view the progress, click “View” next to the newly created job entry.

That’s it, happy malware removing!


DataTable() Fix in Mono 4.0

If you recently upgraded to Mono 4.0 and you use DataTables to return SQL results (in my case from Postgresql), you may have received a heart attack similar to mine when you were bombarded with the error:

SourceTable is required to be a non-empty string

This appears to be related to Bug #29557:

Thought .Net is perfectly happy allow

DataTable whatever = new DataTable();

Mono will throw an exception.
It is looking for you to name the data table.

To fix, simply change

DataTable whatever = new DataTable();


DataTable whatever = new DataTable("some_name");

Happy compiling!

Making MBPro work on TP-LINK Archer C7

The circle of life continues, and with it another router dies. I’ve had my eye on the Ubiquiti UniFi AC for a while, but the reviews have been very mixed. I’m hoping things get worked out in future firmware, but I can’t see spending that much on a dice roll. Instead,  I figured I’d get an inexpensive hold-over until those are worked out.

On the advice of The Wirecutter, I went with the TP-Link Archer C7 v2. You can imagine my disappointment, then, when I could hardly keep my MacBook Pro (15 inch, Early 2011) connected. Digging through forums, it looks like I’m not alone.

Luckily, upgrading to the v14 firmware seems to have fixed the connection problems. On the downside, my config was completely wiped clean. So if anyone out there is struggling with getting their MacBook Pro working on the C7, the firmware upgrade should do the trick, but make sure you just down your configuration!

NuGet Is Just Better

I was working on getting Postgresql, Visual Studio Remote Debugger, and PHP running on Server 2012 R2 so that I can up my debugging-fu, rather than just relying on Console.WriteLine.

Ran into some DLL hell trying to get npgsql working. I saw NuGet mentioned while Binging for solutions, so I figured I’d give it a try. Where has this been all my coding life?

A few clicks, and remote debugging is up and running. I even copied the compiled files over to my production box, and everything is working fine in Centos on Mono as well. What a great way to spend a Friday morning off!

Deleting Child Objects Recursively in Unity

It took me a bit of Binging to find a method that worked the way I needed.

1st, create a public GameObject to hold the parent of the items you are looking to delete. Set this either from the Unity Editor or in code.

Then simply call a foreach loop on the parent GameObject as below to delete all children.

foreach (Transform child in searchResultParent.transform)

Windows 10 Live ID with Custom Username

[Updated with instructions for latest Preview iso]

I finally got around to installing the Windows 10 Technical Preview. Loving the speed, Cortana, and new Start Menu! Though I am hoping those icons get some tweaking before release.

I did the really slick “sign in with Windows Live Account” thing, but didn’t like the “adamd” username it gave me.

You will be asked “Who owns this PC?”

If you want to choose your own username, but still have the Windows Live coolness, answer :

“My organization.”

Then “Join a domain.”

You won’t have to join a domain, but you will no be able to create a local account :)

Once you’ve signed in

Click Start and choose Store (beta)

start-storeClick the portrait icon

store-manEnter the password you used when you created your initial account during setup

passwordSign in with your Windows Live ID

-to-windows-liveClick Switch

switchAnd voilà! All the handy-dandy fun of using a Windows Live ID with a profile path you’ve come to know and love.


Restore OneDrive Happiness

I managed to make my OneDrive (aka lifeline) on Mac OS unhappy today. It would crash immediately upon opening.

I Bing’d around a bit, and came up with this fix:

Open Finder
Press: Shift-Command-G
Enter this path: ~/Library/Containers/ Support/onedrive/settings

Delete the file that ends in .dat

Reopen OneDrive and everything should be copacetic.

PS: This will cause OneDrive to rescan all of your files, but will not delete any files locally.

And on and on

Halcyon and On and On came on Pandora. Always fills me with nostalgia for my high school days running Mandrake Linux with a stripped down Enlightenment WM and listening to techno on XMMS.
So much so, I fired up the old Packard Bell Pentium 166 for a classic listening session. Oh memories.

Mandrake 6