Endpoint hinders windbg

Was playing around with symantec endpoint’s network threat protection just now. It is quite a mouthful but nothing really spectacular. In fact, certain settings actually broke compatibility with other apps. An example is the stealth mode web browsing, which broke windbg’s functionality of retrieving symbols from microsoft’s symbol servers (and probably mozilla’s).

Blames myself for being overzealous on enabling those features; should have known better. Wonder what will break next lol.

Symbol packages are non-cumulative

This is something that I missed on windows symbols download page:

Symbol packages are non-cumulative unless otherwise noted, so if you are using an SP2 Windows release, you will need to install the symbols for the original RTM version and for SP1 before you install the symbols for SP2.

Interesting. So are symbols packages for vista cumulative? SP2 is 281MB while SP1 is 267MB. Looking at the filenames in the package, both packages have symbols which are distinct to each service pack. Does that mean some files are removed for good when SP2 is installed or what? I have no idea since SP2 is not publicly available (and I’m neither a msdn nor technet plus subscriber). And the idea of installing symbols for RTM, SP1 and SP2 is, well, not awesome.

As a side note, although Windows Vista SP2 is not yet publicly available, its symbols are. And set the environment variable for best effect*:

Set _NT_SYMBOL_PATH = c:\windows\symbols;SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols

Set _NT_SYMBOL_PATH = c:\windows;SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols

EDIT: realised windbg searches in the symbols subdirectory of the symbol path, and edited for clarity

*best effect: use local symbols if available; download to local otherwise

Download Windows Symbol Packages
Windows Vista SP2 and Windows Server 2008 SP2 x86 retail symbols(281 MB)

Of Jaunty and IPv6

IPv6 used to be loaded as a module prior to jaunty but is now part of the kernel (probably since somewhere in 2.6.28), so disabling it via /etc/modprobe.d/aliases doesn’t work anymore. To check if IPv6 is disabled:

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

0 means IPv6 is enabled; 1 means disabled. So to disable:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

Reboot and good to go!

Nope it doesn’t work. Thanks to the heads up by jimmyjava, I proceed to verify and ipv6 continues its business as usual, regardless of /proc/sys/net/ipv6/conf/all/disable_ipv6. Gonna sit out and wait for some (kernel) updates for now…