cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

Earlier this year, McAfee added the Adobe Reader (acrord32.exe) to the list of protected process (defined in vscan.bof). One fix could be for McAfee to remove this process and issue a new vscan.bof, which will be picked up as part of the normal autoupdate process. However, this would leave users running pre-X versions of Adobe Reader vulnerable

Unblack
Level 10
Report Inappropriate Content
Message 12 of 17

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

The hotfix worked for me.

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

I'd rather not install a "not-so-well-tested" hotfix just to be able to add an exclusion. Seems kinda strange that I would need to download and install a hotfix in order to use one of the features of VirusScan to exclude files.

I too would like to know what McAfee and Adobe is doing to correct this? And don't tell me that I need to wait until VirusScan Enterprise 8.8...

aladdin9
Level 10
Report Inappropriate Content
Message 14 of 17

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

Adobe 10.0.1 released today now supports VSE 8.7 per the updated cpsid_86063 and the release notes Acrobat_Reader_ReleaseNote_10.0.1.pdf  see page 5 Bug Fix "2791093 Reader is now compatible with McAfee Virus Scan Enterprise 8.7.0i when Protected Mode is enabled." 

Follow up question does anyone have VSE 8.8 installed yet and does Adobe 10.0.1 work with protected mode?

mjmurra
Level 12
Report Inappropriate Content
Message 15 of 17

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

Have installed it on a Win XP Pro machine and it does seem to resolve the incompatibility with VSE 8.8 as well.

Highlighted

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

We have version VSE 8.8 and Adobe Reader 10.01 and neither adding AcroRd32.exe nor the full path truly fixes the issue. And it's confirmed that reapplying the BOP manually fixes it.

What it comes down to is that the ePO Agent reads the ePO policy from the server and sees the BOP exclusion and when there is no Module or API in the policy it (or automatically in the policy from ePO database) inserts a REG_SZ value *.* for the key HKLM\Software\McAfee\SystemCore\VSCore\On Access Scanner\BehaviorBlocking\BOPExclusionAPI_0 (0 to however many BOP Exclusions you have). This seems the be the "extra registry setting" that the above post was talking about. Applying the exclusion manually resets the value so that it's completely blank.

It seems to me that it's VSE 8.8, or a patch that hasn't been installed yet, that makes it so that it doesn't like the *.* value but does work with the null value just fine. According to https://kc.mcafee.com/corporate/index?page=content&id=KB70257 you need to have the extension checked in even for 8.8, and I thought we had when we added 8.8 in.

JayMan
Level 10
Report Inappropriate Content
Message 17 of 17

Re: Adobe Reader X Protected Mode Not Compatible with VSE 8.7?

Jump to solution

I definately had the 198 extension for VSE8.7 in my ePO before checking in 8.8 & running the policy migrator.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community