Microsoft recommended AV exclusions:
Please ensure that you only send the Operations Manager exclusions to the customer.
ftkally,dinozoff, did you have any success with the exclusions? We didn't. The same errors are coming back over and over in our test environment.
wwarren, are there more people reporting this issue?
Im seeing something similar with our Landesk Product. Computer with Mcafee 8.8 are getting lots of access protection rules like this
Threat Source Process Name: C:\Program Files\LANDesk\LDCLient\startasuser.exe
Threat Target File Path: C:\WINDOWS\system32\mfevtps.exe
This will include lots of other mcafee files like mcshield.exe, frameworkservices.exe, mfeann.exe. Its saying that its trying to kill the
process. This is only happening to machines with 8.8 and not 8.7
I've noticed similar LANDesk related "Startasuser.exe" messages in my McAfee Access Protection Log since upgrading to VirusScan 8.8. The times seem to match some of those found in my LANDesk\Ldclient\policy.sync.log file. I checked the LANDesk scheduled tasks and policies assigned to my test workstation and found four that had previously run. I have removed these and manually run "policy.sync.exe" as well as a LANDesk Security Scan & Inventory Scan.
Not noticed any more LANDesk related stuff appearing in the McAfee Access Protection log, but I guess time will tell whether this has resolved it.
If with ScriptScan ‘enabled’ the error does not occur, but it appears when ScriptScan is disabled,
please do the following test (with Access Protection temporarily disabled):
Select Start, Run, type cmd, locate the VirusScan installation folder.
Example: cd "c:\Program Files\McAfee\VirusScan Enterprise"
Type the following to disable completely the scriptscan dll: regsvr32.exe /u SCRIPTSN.dll
(re-enable Access protection)
1. I'm getting the same error on every 2008 R2 server, where Virusscan v8.8 is installed (which is 80 servers). If you remove v8.8, the errors stop, re-install and the errors with Scom return.
2. Tried these, but it did not help on problem: Access Protection - Off, Exclude the Scom agent folder, Disabled Script Scanning, Disabled Process Scanning in OAS
3. Created Service Ticket 3-1450149681 from the McAfee service webportal, but someone on the Support team closed it. I never got a resolution.
4. If I un-register the scriptsn.dll, then that stops the error. I've done this on 2 systems so far (78 more to go).Message was edited by: Stanw on 4/7/11 2:41:51 PM CDT