I have found multiple occurrences within my organization where OAS has been disabled on random machines. Lately I have been tracking down machines that haven't contact EPO in the past month to find more subjects to investigate and hopefully find a pattern to help us find the root cause. Below is some information about what we are running, plus some patterns that I have found within the machines I have assessed, as well as my questions to the matter.
McAfee Agent: 4.5
VirusScan Enterprise 8.7i
I have found that OAS has been disabled around 8/6/10-8/9/10 dates. These machines all have the similar event log entry of "The McAfee McShield service depends on the following nonexistent service: mfevtp" which starts coming up around those dates
According to McAfee this event log is ONLY shown when downgrading from 8.7 to 8.5. We never downgraded any systems, so this is not our case.
I have searched my way around the forum and found some similar threads, but they didn't help. Our EPO enforces OAS being enabled on these machines. All machines that have this problem are virus/spyware free. If you guys have anything that might help with this investigation it would be very much appreciated. Thanks!!Message was edited by: joas on 3/15/11 8:56:16 AM CDT
Solved! Go to Solution.
In your post you state the cause for McShield being disabled:
"These machines all have the similar event log entry of "The McAfee McShield service depends on the following nonexistent service: mfevtp"
The cause for why mfevtp is missing is what is unknown. Only certain things can induce that, and you ruled out the most likely one.
The solution is to remove and reinstall the product, because something came along and axed a critical service.
wwarren, thank you for your response. We are uninstalling and reinstalling the product across the organization as we run into these, but it still doesn't explain what the root cause is. Thanks!
Download the VSE870MLRP4 full install zip from McAfee's download site, check that (and its extensions) into ePO.
Download and check in patch 4 as well.
Try again. This problem happened with the original VSE8.7 with no patches.
Your scan log shows engine 5300.2777, that's ancient and suggests you're installing the original RTM build of VSE 8.7.Message was edited by: PhilR on 11/03/11 09:56:33 CST
Could you confirm the options :
Enable on-access scanning at system startup
Enable on-access scanning when the policy is enforced. are checked, in On Access general policies.
If u r answer is yes,
Pls. log ticket with McAfee to find root case with follwing detials:
- MER result with log level 8 from any one of the affected system.
- Full Crash Dump for McShield.exe process from the affected system..