cancel
Showing results for 
Search instead for 
Did you mean: 
realsurfer
Level 7

McAfee Solidifier prevented an attempt to modify Registry key

We currently have McAfee file integrity monitor running version 5.0.1-6302.

When we try to apply a Microsoft security patch to any of our servers it bombs out and we receive the following application event:

Event Type:        Error

Event Source:    McAfee Solidifier

Event Category:                None

Event ID:              49

Date:                     8/10/2010

Time:                     8:41:50 AM

User:                     N/A

Computer:          ServerName

Description:

McAfee Solidifier prevented an attempt to modify Registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager' with value 'PendingFileRenameOperations' by process C:\WINDOWS\SoftwareDistribution\Download\b8d4e7f43ec69f97b656479e81226f75\update\update.exe (Process Id: 5392, User: Domain\myaccountname).

I discovered a potential workaround

  1. Log onto the system with the error.
  2. On the desktop, double-click Solidcore Command Line.
  3. From the Solidcore command line, type the command below and press ENTER:

    sadmin features disable integrity
  4. Exit the Solidcore command line.
  5. Re-run the patch

However after attempting this, we still are unable to apply the patch.

Any ideas?

Thanks,

Roger

0 Kudos
6 Replies
realsurfer
Level 7

Re: McAfee Solidifier prevented an attempt to modify Registry key

In fact, I'm noticing that we are unable to install any ms patches to the server.  Surely someone has run into this problem.

0 Kudos
McAfee Employee

Re: McAfee Solidifier prevented an attempt to modify Registry key

Check if you have write protection for the Registry key.

sadmin wpr –l

You should change Solidcore to update mode and apply the patch.

sadmin bu

Robert Ma

0 Kudos
realsurfer
Level 7

Re: McAfee Solidifier prevented an attempt to modify Registry key

thanks but I did this which did the trick:

attr add -a update.exe

updaters add update.exe

exit

0 Kudos
McAfee Employee

Re: McAfee Solidifier prevented an attempt to modify Registry key

I didn't know you have Application Control. The initial post I thought you are using Integrity Monitor.

0 Kudos
dschaff
Level 7

Re: McAfee Solidifier prevented an attempt to modify Registry key

Hi, Although adding both the attribute option and the updater option this is never recomended. Now any appliation named update.exe can run and install solidified software on your system.

0 Kudos
gjoshi
Level 9

Re: McAfee Solidifier prevented an attempt to modify Registry key

'Pending file rename operation' reg key is used by windows to keep track of the files are to be modified but could not be as the files are in use by running processes. Windows read this registry and modifies the files on reboot.

The registry key  comes under default protection by solidcore to prevent any malicious user to change the system files by creating entries in the registry..

0 Kudos