I have recently updated 20k workstations and have noticed that 10k having an issue with On Access Scan. OASState is set in registry to 1 and having red circle on the OAS icon in console. Also no activity in Access PRotection log or in onAceessScan log however On Access Scan works as set in policy! Have tried do the EICAR test and has been blocked as it should to! I am confused because VSE 8.8 p4 reports that OAS is disabled not not logging anything but it really works.
Have manually changed OASState to 3 and have restarted the endpoint but state back to 1 and log files remains no updated. I am lookin to resolve this issue ASAP by some policy or registry change instead of reinstall Engine, Super DAT or VSE on 10k machines!! Any ideas??
Well, thanks for link. Quite good article however it doesn't give me an quick option to resolve the issue. Just finished patch 25k endpoints to VSE8.8p4 which took 3 months. Upgrade them to patch5 is not a solution for me as I have other activities planed than patch everything again. I am looking to fix issue with 10k clients by some policy or registry modification which I can apply relatively quick. Any ideas?
I wanted to ensure you saw the best option first.
If you want some dirtier options I suggest reaching out to Support for guidance. We could hand you a hotfix that was released for Patch 4 but only went to select customers (3 total if I recall correctly) because we really didn't want to encourage its usage (because Patch 5 was nigh around the corner at the time). And there is a registry value you could play with but its long-term usefulness may be hurtful rather than helpful.
This is raised with McAfee since week and their recommendation is patch VSE 8.8 to patch 5 or patch 6 which I cannot accept as a resolution. I will to try install patch 6 from the ePO tomorrow. They also suggest to use MVT. Not sure what this tool is but will try too.
it is even worse than I expected. Unable to upgrade or fix. Command msiexec.exe /I VSE880.msi REINSTALL=ALL REINSTALLMODE=samu REBOOT=R doesn't work because installer cannot find files. Giving Ignore option but finally gives up. All files seems to be this same broken on 10k endpoints. Still trying trick installer to fix files or force install patch 6 from ePO without pulling DAT.
MSIEXEC returnes Error 1309: "Error reading from file" (during installation) error code. I can access, read files fine however some of them are missing...