cancel
Showing results for 
Search instead for 
Did you mean: 
susja
Level 10
Report Inappropriate Content
Message 1 of 7

How to disable Access Protection ..

Jump to solution

Hi,

I need to restart McAfee services from command line. When I do it using %net stop "McAfee service name" it does not work. For now the only option to restart McAfee services for me is to restart the system.

I believe that before stopping/starting service I have to disable Access Protection box and the uncheck Prevent McAfee services from being stopped box

Could someone advice me how to uncheck those 2 boxes from command line? I want to do it inside batch file.

Thanks

1 Solution

Accepted Solutions
wwarren
Level 15
Report Inappropriate Content
Message 4 of 7

Re: How to disable Access Protection ..

Jump to solution

Should I understand your answer that the only option to stop/start McAfee services is reboot the system?


No. But you should understand there is no option for bypassing Access Protection mechanisms via command line.


In my case I want to restart McAfee services after .DAT update. It should be done from batch i.e. from command line. Do you know how it could be done?


Press it if you must, discover a way if you must, but as soon as you do we're probably going to take measures to squelch whatever it is you're doing.

a) There is no need to restart services after a DAT update. Taking that step hurts the performance of the node more than is needed. It also introduces risk to the environment since AV coverage is lost during that down time.

b) If you can do it via command line, so can malware.  There is no "backdoor for legitimate purposes" that cannot be used for nefarious purposes... none that can be instrumented by a User, anyways. We can do it with code, from within Trusted processes and secured API's.

If you must restart the service, you need to disable Access Protection first - which I will not recommend for anybody.

The only way forward I see for your goal is to submit a PER, and have McAfee come up with a safe, secured methodology that can allow Admins to control our services. The more compelling the User Story the better.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
6 Replies
wwarren
Level 15
Report Inappropriate Content
Message 2 of 7

Re: How to disable Access Protection ..

Jump to solution

And if you can do it via command line, so can any piece of malware that obtains your credentials.

It would defeat the purpose of the feature, so the official answer is "It's not possible".

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
susja
Level 10
Report Inappropriate Content
Message 3 of 7

Re: How to disable Access Protection ..

Jump to solution

- wwarren,

Should I understand your answer that the only option to stop/start McAfee services is reboot the system?

In my case I want to restart McAfee services after .DAT update. It should be done from batch i.e. from command line. Do you know how it could be done?

It's hard to 'buy' that stop/start McAfee services from command line is "It's not possible"

wwarren
Level 15
Report Inappropriate Content
Message 4 of 7

Re: How to disable Access Protection ..

Jump to solution

Should I understand your answer that the only option to stop/start McAfee services is reboot the system?


No. But you should understand there is no option for bypassing Access Protection mechanisms via command line.


In my case I want to restart McAfee services after .DAT update. It should be done from batch i.e. from command line. Do you know how it could be done?


Press it if you must, discover a way if you must, but as soon as you do we're probably going to take measures to squelch whatever it is you're doing.

a) There is no need to restart services after a DAT update. Taking that step hurts the performance of the node more than is needed. It also introduces risk to the environment since AV coverage is lost during that down time.

b) If you can do it via command line, so can malware.  There is no "backdoor for legitimate purposes" that cannot be used for nefarious purposes... none that can be instrumented by a User, anyways. We can do it with code, from within Trusted processes and secured API's.

If you must restart the service, you need to disable Access Protection first - which I will not recommend for anybody.

The only way forward I see for your goal is to submit a PER, and have McAfee come up with a safe, secured methodology that can allow Admins to control our services. The more compelling the User Story the better.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
susja
Level 10
Report Inappropriate Content
Message 5 of 7

Re: How to disable Access Protection ..

Jump to solution

I appreciate your answer and I understood it.

In my case I had a few PC's that were updated using xdat.exe file daily. When I ran scan On-Demand it used 'old' .DAT until I restarted services by rebooting system.

Well .. I'm not inclined to reboot the system after each xdat.exe update but on the other hand I have to scan using a new .DAT.

In my case everything is done using batch i.e. command line hence I see the only option as reboot the system while I understand the disadvantage of it.

wwarren
Level 15
Report Inappropriate Content
Message 6 of 7

Re: How to disable Access Protection ..

Jump to solution

I see.

XDAT packages have an inherent limitation; they may require reboot for the update to complete, and until then the old DATs will be used.

It's simply due to the scripting technology used within the XDAT; it's not very smart, in my opinion at least.  The script engine within the McAfee Agent is much smarter, and DAT updates will never require a reboot via that method.

And unfortunately, running XDATs via the Agent still equates to using the XDAT, if that happened to cross your mind... it has crossed others' minds.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
susja
Level 10
Report Inappropriate Content
Message 7 of 7

Re: How to disable Access Protection ..

Jump to solution

thanks a lot for explanation