cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
nurnay
nurnay
Level 7
Report Inappropriate Content
Message 11 of 22
‎11-18-2015 08:25 AM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

Yes, I'm running the latest agent. I can run McTray.exe with no error, but when I do, the VirusScan icon disappears and I have no McAfee icons whatsoever. When I reboot, the VirusScan icon returns, McTray is not running. I have the following warnings in my AccessProtection log:

11/18/20158:19:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\VSTSKMGR.EXECommon Standard Protection:Prevent termination of McAfee processesAction blocked : Terminate
11/18/20158:19:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\MFEANN.EXECommon Standard Protection:Prevent termination of McAfee processesAction blocked : Terminate
11/18/20158:19:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXECommon Standard Protection:Prevent termination of McAfee processesAction blocked : Terminate
11/18/20158:19:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\VSTSKMGR.EXECommon Standard Protection:Prevent termination of McAfee processesAction blocked : Terminate
11/18/20158:19:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\MFEANN.EXECommon Standard Protection:Prevent termination of McAfee processesAction blocked : Terminate
11/18/20158:19:38 AMBlocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXECommon Standard Protection:Prevent termination of McAfee processesAction blocked : Terminate
11/18/20158:20:01 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
11/18/20158:20:10 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
11/18/20158:20:20 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
11/18/20158:20:29 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
11/18/20158:20:41 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
11/18/20158:20:52 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
11/18/20158:21:40 AMWould be blocked by Access Protection rule  (rule is currently not enforced)NT AUTHORITY\SYSTEMC:\WINDOWS\SYSTEM32\WSCRIPT.EXEC:\Windows\Temp\ConfigMgrStartup.vbs.logAnti-spyware Maximum Protection:Prevent execution of scripts from the Temp folderAction blocked : Create
0 Kudos
gpickers
gpickers
Level 9
Report Inappropriate Content
Message 12 of 22
‎11-18-2015 01:52 PM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

Hello nurnay,

Your VirusScan Enterprise Access Protection rules are blocking SVCHOST.EXE from terminating the following McAfee processes:

C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\VSTSKMGR.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\MFEANN.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE

The other warnings are not actively blocking as outlined by (rule currently not enforced).

In order to resolve this, add the exclusions to your Access Protection Policies in ePO.

Under the Common Standard Protection category edit the Prevent termination of McAfee processes rule.

Here you can add either the full path or just the executable files for the three McAfee processes of which the termination has been blocked.

Alternatively you can temporarily disable access protection from ePO for the endpoint that you are deploying the agent to, if you do not wish to add the exceptions to your policy permanently (just remember to re-enable access protection once the deployment is complete).

Whether you have applied the exclusions or temporarily disable access protection, re-deploy the McAfee Agent and see if the tray icons perform as expected.

Sadly this is not applicable to the original issue raised by DPE as they have outlined they are not using VirusScan Enterprise.

Hope this helps,

George

0 Kudos
nurnay
nurnay
Level 7
Report Inappropriate Content
Message 13 of 22
‎11-18-2015 04:09 PM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

This is only happening sporadically. And only on Windows 10 machines. All have the same settings in McAfee.

0 Kudos
jhall2
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 14 of 22
‎11-18-2015 04:12 PM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

There is a known issue in which running previous versions of McAfee Agent extensions with McAfee Agent 5.0.2 results in this behavior. Can you check the McAfee Agent extension version and upgrade to 5.0.2 if not currently?

0 Kudos
nurnay
nurnay
Level 7
Report Inappropriate Content
Message 15 of 22
‎11-18-2015 04:23 PM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

I'm showing the 5.0.2.118 extension, although the McAfee Agent is at 5.0.2.132. Is there a newer extension? If so, where can I get it? I don't see anything newer under Software Manager.

Thanks!

0 Kudos
Highlighted
petedc
petedc
Level 9
Report Inappropriate Content
Message 16 of 22
‎02-24-2016 08:14 AM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

Not sure if you have your issue figured out but i think i have an answer for you.

I recently had the same issue where the logs showed MCTray.exe being blocked and the MA icon not starting with the exact same error message you were getting.

I opened a ticket with McAfee and they found that there were some incompatibilities with having the Self Protection feature turned on with several different applications.

My particular one was with CCMEXEC.exe SCCM client and a few others that escape me right now.  But the issue was the self protection feature and not the other applications.

See the screen shot below.

Just go to your Agent polices and uncheck the Enable Self Protection feature.  After that the MA icon showed up and no more errors.

ePO policy setting.JPG

DPE
DPE
Level 7
Report Inappropriate Content
Message 17 of 22
‎06-08-2016 05:49 AM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

Hi petedc,

Sorry for the very late reply. Your suggestion worked. I unclicked 'Self protection' in my policy, upgraded the McAfee Agent to 5.0.2, and now the system tray icon is showing.

What exactly is the 'Self Protection' option doing? And is it a wanted scenario having this option disabled?

0 Kudos
jagadeeshp
jagadeeshp
Level 11
Report Inappropriate Content
Message 18 of 22
‎03-08-2016 01:06 AM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

Hi DPE,

did you check installing the agent manually.try to download frame package from epo and install it and let me know if u are facing same issue.

0 Kudos
tvuk
tvuk
Level 7
Report Inappropriate Content
Message 19 of 22
‎04-25-2016 01:25 AM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution

I am experiencing the same problem with the same errors in %temp%\McAfeeLogs - UdatrUI could not lauch McTray.

I have disabled the Self Protection feature of McAfee Agent but it did not help, the software is the very latest (Agent version 5.0.2.333, extension version 5.0.2.118). The only software installed, apart from Agent, is Device Encryption 7.1.3 (Agent and client). The disks are encrypted so Agent uninstall is out of the question.

The issue started after upgrade (old version, Agent 4.6 and EE 6.2.1 worked just fine).

0 Kudos
bretzeli
Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 20 of 22
‎06-15-2016 03:16 AM

Re: McAfee Agent 5.0.2 issue - System tray icon not showing

Jump to solution


* One would be SELF PROTECT for Windows

* Second one would be this is WANTED of RDP/Terminal Server if you use RDP to connect to the client

   

Problem

The McAfee icon is not present in the system tray during a remote session using terminal services.

The McAfee icon is not present in the system tray during a remote connection that uses session ID=2.

The MA 5.x updatereui.log records the following entry:

<date/time stamp>     I     #4304     Cmalib     The environment variable SESSIONNAME = RDP-Tcp#0

The MA 4.8 Agent_<computer_name>.log records the following entry:

<date/time stamp>  I Fsv 1076 UsrSpCt  UpdaterUI won't be launched for Terminal Services client session (sessionID=2)

 

Cause

The McAfee system tray icon is displayed only in console sessions or a local session. The UDATERUI.EXE process runs only on the local session or console sessions. It does not run during terminal server client sessions.

This issue is not specific to Windows Terminal Services, and affects any remote connection utility that connects to Session ID 2. This is intended to prevent a user-loaded process from running for each individual user session.

    

Solution

If you require the McAfee Agent user interface function on other terminal services client sessions, you can run UDATERUI.EXE manually.

0 Kudos
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

      • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center