We recently installed MOVE 2.6 Multiplatform agents on a few VDI machines and the log file are growing very quickly with similar entries...
From the "mvagent" log file located in the <Program Files>\McAfee\MOVE AV Client\ folder:
Sep 13 2013:10:09:05.552: SYSTEM: fsh_hooks.c : 115: Denying write to file: '\Device\HarddiskVolume1' due to integrity being modified by process: 'iexplore.exe'.
I also have the same events for 'iexplore.exe', 'explorer.exe', 'OUTLOOK.exe" , VpxClient.exe' and 'MfeFfProxy32.exe'
I understand that these are processes associated with the applications running on my VDI.
What is causing this and is there a way to stop these events ?
Go to Solution.
After a discussion with McAfee Support, it appears that this is a bug related to its self protection feature which should be fixed in MOVE Multiplatform 3.0.
MOVE by default has integrity checking enabled on its services, file and registry keys. In this case, this features seems to be also checking the entire drive for any process...
By running the following the following command, I was able to to stop those logs :
mvadm.exe config set IntegrityEnabled=6
This will enable integrity protection for the service and registry only and should only be done as a temporary work around
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC