cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 2

Mcafee VirusScan 8.7i + Patch 4 blocking thunderbird.exe via Access Protection

This afternoon, I install the latest McAfee VirusScan 8.7i with Patch 4 on a user's system. The users system is running Windows 7 64 bit. As soon as McAfee was insatlled, I got a report that his email program Thunderbird version 3.1 was no longer wokring and not able to send emails. Checking the Access protection log, I can see the following error:

1/12/2011    2:56:42 PM    Blocked by port blocking rule     C:\Program  Files (x86)\Mozilla Thunderbird\thunderbird.exe    Anti-virus Standard  Protection:Prevent mass mailing worms from sending mail    74.125.157.109:587


These systems are managed by our EPO server and do have an exclusion to allow thunderbird.exe and even thunder*.exe. Not too sure why it is being blocked unless it is the 16 character issue related to Patch 4. Is it possible that McAfee is not seeing the (x86) path due to it being a 64 bit system.


Has anyone seen this a know of a quick fix. I already have a support call related to another program being blocked by access protection and am awaiting the hotfix for that.


1 Reply
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Mcafee VirusScan 8.7i + Patch 4 blocking thunderbird.exe via Access Protection

It appears that this issue only occurs on Windows 7. It does not happen on XP systems. McAfee gave me a hot fix613356 to fix another issue. This was with an exclusion that was over 16 characters. Just installed the hotfix on my Windows 7 laptop. This failed with Thunderbird like my end-users computer. This hotfix has fixed the thunderbird issue. The strange thing is thunderbird.exe is only 15 characters long. The hotfix is for issues with exclusions that are 16 characters and more.

Release Notes - McAfee® VirusScan® Enterprise 8.7i HotFix 613356

Thank you for using McAfee software. This document contains important  information about this release. McAfee strongly recommends that you  read the entire document.

About this HotFix

For a list of supported environments for VirusScan Enterprise 8.7i on  Microsoft Windows, see McAfee Support KnowledgeBase article KB51111.

  • Patch Release: 12-10-2010

This release was developed for use with:

  • McAfee VirusScan Enterprise 8.7i Patch 4
  • McAfee AntiSpyware Enterprise 8.7i

Files affected:

    File name Version
    mfeapfk.sys14.1.0.677
    mfeavfk.sys14.1.0.677
    mfebopk.sys14.1.0.677
    mfehidk.sys14.1.0.677
    mferkdet.sys14.1.0.677
    mfetdik.sys14.1.0.677
    mfevtps.exe14.1.0.677
    mytilus3.dll14.1.0.585
    mytilus3_worker.dll14.1.0.585
    mytilus3_server.dll14.1.0.585

Resolved issues

Resolved issues in this release of the software are described below:

  1. Issue: When a Windows Server Backup is scheduled on a  removable storage device and the backup storage device was unexpectedly  disconnected the Plug-and-play event would be delayed waiting on file  scans to the disconnected backup device, resulting in the system no  longer adding and removing plug-and-play devices. (Reference: 588306)

  2. Resolution: File scans being performed on backup devices,  that get unexpectedly disconnected, no longer prevent Plug-and-play  events from occurring.

  3. Issue: Kernel mode drivers should refrain from using  more than 1kb of stack space when processing I/O. However when another  filter is installed and attempts to filter McAfee's driver load attempt,  both filters can then use large amounts of stack space resulting in a  stack overflow and a double fault exception (BSOD). (Reference: 613356)

  4. Resolution: Updates to the drivers have implemented a change to move stack usage to the heap in these instances.

  5. Issue: On-Access Scanner attempts to mark the file as  writable while accessing a file marked read-only, but fails to account  for the case of 'read only' being the only attribute set on a file,  attempting to set an attribute mask of 0 (i.e. - 'do not change  attributes' when set). (Reference: 624132)

  6. Resolution: The On-Access Scanner now correctly detects  'read-only' as the only attribute set on a file and sets the 'attribute  normal' instead, which has the effect of actually removing the read-only  attribute.

  7. Issue: Process names over 16 characters listed in the  exclusion or inclusion fields of an Access Protection rule are not  being recognized in Windows Vista or later. (Reference: 626033)

  8. Resolution: Access Protection rules now can handle process names greater than 16 characters in length.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community