cancel
Showing results for 
Search instead for 
Did you mean: 

Access Protection does not like VSE 8.8 install

I got the three lines below in my Access Protection log file during the installation of VSE 8.8

3/7/2011 3:04:14 PM Blocked by Access Protection rule  NT AUTHORITY\SYSTEM C:\Windows\system32\msiexec.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

3/7/2011 3:04:15 PM Blocked by Access Protection rule  NT AUTHORITY\SYSTEM C:\Windows\system32\msiexec.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

3/7/2011 3:04:15 PM Blocked by Access Protection rule  NT AUTHORITY\SYSTEM C:\Windows\system32\msiexec.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

The machine had VSE 8.7 with antispy and hips installed.   I assigned a task from ePO (4.5 p4) to the machine to deploy VSE 8.8.  The install started at 3:02:35 and ended about 3:06 according to the agent log.  So these events occured in the middle of the install process.   I do not believe this is a real blockage as the installs seem to be functioning fine a number of test machines.  But we are seeing a few issues with Access Protection false positivies.   This is just the most glaring.

Thanks

5 Replies

Access Protection does not like VSE 8.8 install

If you are having an issue with 64 bit machines.....find the below McAfee article....

This might help ..... https://kc.mcafee.com/corporate/index?page=content&id=KB53876

....Sundar....

Access Protection does not like VSE 8.8 install

Yes the initial system was a 64 bit Win 7 system running VSE 8.7 with HIPS and anti spy.   The only place I have seen this is in upgrade process.  We have related issues on VSE 8.8 after install.   Again McAFee installation msi should be able to account for this and surpress the issues.   I do not believe our configuration of default rules and installation of VSE 8.7, Antispy, and HIPS 7.0 is very far from typical.   I would think this is well inside the mainstream expected use.   As such McAfee should test the senario and account for such issues.

The KB pointed gives a description that matches what Tier III is telling how access protection works in VSE 8.8.   And in fact the same problems exist in VSE 8.8.   There is report in this forum of an issue and then there are the issues we are having with SMS Agent host service causing false positives.  The issue is not fixed in VSE 8.8

Access Protection does not like VSE 8.8 install

As i told you the best practice is to disable access protection. you could wait a long long time before McAfee to fix that problem .

Highlighted

Access Protection does not like VSE 8.8 install

you should disable Access protection and User access control before the installation.

Access Protection does not like VSE 8.8 install

If the product is well written and tested that should not be necessary.   The installation scripts within the MSI should be able to handle that, if needed.   After all McAfee is in a much better position to test the installation process than any customer.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community