When I go to http://icanhascheezburger.com, which is a WordPress Blog showing cute cat pictures with (sometimes) funny captions, the page loads OK, but then I get this pop-up error a few seconds later.

However, I did some research on js-kit.com, and found that it is a site that makes plug-ins for people to rate things in blog pages. There’s nothing sinister about it. I googled the heck out of it looking for anyone who was saying it was a malicious thing. I found none.
I went directly to the URL listed as being dangerous, and I got the following warning, again from Trend Micro:

So I went to www.js-kit.com, without the “ratings.js” on the end, and I learned that it is a site written by people who create plug-ins for blog sites, so people can rate how cool they thought particular items were. Again, nothing sinister.

However, I also noticed that when the page loaded, the Internet Explorer icon next to the Address Bar showed an icon that looks a little bit like the Trend Micro icon. It’s blue, it’s circular, and it has some squiggles in it – but it’s NOT the same icon, and they are not pretending to be Trend. They’re not spoofing, but I can see why a moron might think so. Here is the comparison between the two:

Trend icon:

JS-Kit icon:

Maybe an idiot might think those were the same icon, but I don’t.

Further information about JS-Kit:
They build plug-ins for blogs. Their site tells how to embed the plug-ins. It’s really pretty straightforward. Here are the instructions:

…and here is a URL to their FAQ, telling all about what they do.
http://wiki.js-kit.com/FAQ+-+Navigator

I called Trend Micro support and asked about it. The tech did not have any idea why it was blocked, and when I showed him the JS-Kit icon, he actually made noises like he thought it was fishy, that it was a good reason for them to be blocked. I had to educate him about how the icons may be SIMILAR, but they are NOT the same.

I’ve submitted this information to Trend Micro. Hopefully they will see how dumb they are being and it will be removed from their block list.

In the meantime, I guess I’ll add it to my exclusion list.

Update: I just got this from Trend Micro Support (potentially sensitive info blocked out):

From: Trend Micro Technical Support
Sent: Wednesday, October 21, 2009 11:03 AM
To: Paul Sterley
Subject: [SR#-#-##########] [WFBS 6.0] Website Blocked

Hi Mr. Sterley,

Good Day!

The URL that you submitted has now been untagged on our detection list.

Please confirm.

It is beneficial for our records to be up to date, by simply REPLYING Back to this email. Please let me know if I was able to resolve your Concern(s) so I may formally close this case for you. A simple “Close this case” note would do.

Again, thank you for your time.

Sincerely yours,

Xxxxxxx Xxxxxxxx

Systems Engineer

NABU SMB Support, Trend Micro Inc.

Tags: JS-Kit, Trend Micro

I dont know yet whether this is a problem that all SBS2008 machines will have with Trend Micro Worry-Free Business Security, or whether it’s just a weird problem that mine had.

I kept getting e-mails from the Trend Micro Security Server with the following message:
Trend Micro Security Server – At least one Exchange server is outdated.

LiveStatus showed At least one Exchange server is outdated.
Expanded the Updates row and clicked the Deploy Now button as directed. No results.

In the Security Settings tab, selected the Exchange agent, and saw that the patterns are out of date.

In Reports -> Log Query, I ran the following report:
Time range: Today
Type: Exchange server
Content: Update logs

I saw this message, repeated: Web server authentication was unsuccessful. An invalid username or password was entered. Please check your settings and make any necessary changes, and then try again.

Tech Support told me to manually copy the updated pattern files (lpt$vpn###) in place, just in case the files were corrupt. This updated them once, but they refused to update automatically afterward.

Tech Support told me to create a new application pool in IIS which uses the LocalSystem built-in account, and switch the SMEX Website to use this new app pool. This was very promising, given the error message in the log, but it didn’t work.

Tech support told me to uninstall and reinstall the messaging security agent.

Tech support told me to reboot the server (the “Hail Mary” approach).

Finally, what solved the problem was an intuitive leap. I figured “Well, I’ve given the website all of the permissions it could want, and I’m still getting a web authentication error. Wait, what’s this other website here called OfficeScan?”

I assigned the custom application pool (the one that uses LocalSystem) to the OfficeScan website, and I have not had a problem updating since.

Tags: Trend Micro, WFBS