I have just started testing EERM and have configured a policy that protects the entire USB drive and makes it read only if not protected. Everything works as expected EXCEPT that it appears Autorun may be required to be enabled on a machine with EEFF (including EERM) installed.
I asked because, with autorun enabled, inserting the USB drive produces a password prompt and if the correct password is entered, everything is OK. If Cancel is clicked at the password prompt, the drive looks just like it does on a machine without EEFF installed. However, attempting to execute MfeEERM.exe on the machine with EEFF installed produces the following error.
I can't seem to cause the autorun to execute manually -- there is no context menu item visible to "execute" it (XP SP3).
Am I missing something or is autorun on USB devices a requirement for an EERM protected USB device to be used on a machine with EEFF installed?
I understand I am supposed to get transparent access when EEFF is installed. My question is: "Does this transparent access require Autorun to be enabled?"
OK, so if Autorun is NOT enabled, which is a security best practice and I believe the new default in Windows, how is the transparent access enabled? Please explain, as the only UI I see when I insert the protected USB stick without Autorun is the same Explorer window as I see on a machine without EEFF.
AFAIK it just works after you run up MFEEERM.exe and authenticate - the EERM system built into EEFF takes care of it.Message was edited by: SafeBoot on 12/3/09 10:15 AM
We're back to where we started!
The error message in the original post is what I get when I run MfeEERM.exe on a machine with EEFF installed. Is there something strange about my test machine, perhaps?
This implies that perhaps the EEFF installation didn't actually work properly. Note that I did NOT disable McAfee AV during installation and this may have caused the "silent failure" of the installation.
Mystery resolved. The EEFF McAfee people obviously never talk to the AV people ...
McAfee AV Access Protection DOES (admittedly as documented) prevent the proper installation of EEFF, but the installation doesn't notice (FAIL).
At least on our systems (8.5i with Antispyware), the installation will work if the installer is renamed to EFFsetup.exe (there are Access Protection exceptions for ???setup.exe, ??setup.exe, ?setup.exe and setup.exe) but the uninstaller will not work because it is called SbCeSetup.exe.
Attached is the Access Protection log showing this behaviour.
In my opinion, McAfee should be embarassed about one product of theirs causing another to malfunction -- either AV need exceptions to support EEFF or EEFF has to use setup program names that AV already allows, OR at the least the EEFF documentation should explain how to add the Access Protection exceptions necessary. I'm sorry, but a generic "turn off your AV before installing" is just not acceptable from anyone, least of all from an AV vendor!