cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
araczek
Level 7
Report Inappropriate Content
Message 1 of 7

Changing configuration settings in registry - VirusScan

In trying to resolve a security scan finding I am trying to modify the registry but my changes don't seem to stick. Here is one example:

Manual Fix Procedures

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\

On Access Scanner\mcshield\Configuration so that the value of Alert_UsersCanRemove is 0.

;Change the registry key HKLM\Software\McAfee\VSCore\

On Access Scanner\mcshield\Configuration so that the value of Alert_UsersCanRemove

There are other settings also. I make the change but it does not stay, it reverts back to the "finding" value. I at first changed

only the setting under VScore. But then I noticed te same thing under TVD. So the question is why doesn't the value stay and

why are there 2 spots to make a change?

ePO is running on the network. VirusScan is v8.5. I did try changing the registry setting at home but it still changed back (not connected

to the network, epo or Group Policy). Anyone have an answer?

6 Replies
GWIRT
Level 12
Report Inappropriate Content
Message 2 of 7

Re: Changing configuration settings in registry - VirusScan

Moved to VSE Community.

sthayden
Level 9
Report Inappropriate Content
Message 3 of 7

Re: Changing configuration settings in registry - VirusScan

Under your access protection rules, if the Prevent modification of McAfee files and settings is checked, you wont be able to make changes to that. That is a policy managed by EPO so it comes down as policy to block those changes. You may want to check your logs to see if it is that policy that is blocking those changes.

araczek
Level 7
Report Inappropriate Content
Message 4 of 7

Re: Changing configuration settings in registry - VirusScan

Thanks. Actually, I do not have access protection loaded. This is a development LAN not connected to the Internet and Access Protection would be too

restrictive. Just have Buffer Overflow Prot, On-Delivery email scanner, Unwanted Programs Policy, On-Access scanner, Quarantine Manager, Full Scan

and Autoupdate.

But as I believe I mentioned why are there 2 spots in the registry, VSCORE and TVD? And do BOTH spots need to be changed to satisfy the scan? I actually did change the one setting in both spots (had to create keys in TVD) and it still reverted back. Maybe McAfee framework is doing this?

AT A LOSS.

araczek
Level 7
Report Inappropriate Content
Message 5 of 7

Re: Changing configuration settings in registry - VirusScan

An update, I turned off the McAfee Framework Service and the registry stays intact. So why is Framework reverting the registry settings?

...AR

Mal09
Level 12
Report Inappropriate Content
Message 6 of 7

Re: Changing configuration settings in registry - VirusScan

Sounds like you have a policy set in EPO which is being enforced and overwriting your change on the desktop.

I don't use 8.5 any more (using 8.7), but you should find the GUI equivalent of the Registry key under "On Access Scan Properties"/ "General Settings" / "Messages" / "Actions available to user" - "Remove Messages from the list". When that setting is ticked, it will be 1 in the registry, unticked is 0.

There should be a corresponding setting in EPO for the VirusScan policy. It needs to be changed there to make it enforced correctly.

imcimor
Level 7
Report Inappropriate Content
Message 7 of 7

Re: Changing configuration settings in registry - VirusScan

For anyone who comes across this, I experienced the same thing. I found this resolved my problem:

  1. Open up the VirusScan ConsoleSelected Access Protection Properties
  2. In the Categories window, select Common Standard Protection
  3. In the right window, there are 3 columns; Block, Report, & Rules

The rules I unblocked to allow the modifications to the registry were:

  • Prevent Modification of McAfee files and Settings
  • Prevent Modification of McAfee Common Management Agent files and settings
  • Prevent Modification of McAfee Scan Engine files and settings

Afterwards, make sure you enable Block again when you are finished with your modifications. I leave Report checked for auditing purposes.

This is based on 8.7i

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community