cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
andyross
andyross
Level 10
Report Inappropriate Content
Message 1 of 21
‎03-17-2010 05:14 AM

Outlook causing access protection error?

Since yesterday's (March 16) update, Enterprise 8.5 on my computer started logging this:

3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\EngineVersionMajor    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Create
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\EngineVersionMinor    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Create
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\AVDatVersion    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Create
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\AVDatDate    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Create
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\TrjDatVersion    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Delete
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\TrjDatDate    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Delete
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\PUPDatVersion    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Delete
3/16/2010    3:07:52 PM    Blocked by Access Protection rule     TFGNY\Andy    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE    \REGISTRY\MACHINE\SOFTWARE\McAfee\AVEngine\PUPDatDate    Common Standard Protection:Prevent modification of McAfee Scan Engine files and settings    Action blocked : Delete

The above was when the update occured.It also relogs whenever Outlook starts up. I'm hoping it's just a glitch in this update?

0 Kudos
Reply
20 Replies
ksanderson
ksanderson
Level 7
Report Inappropriate Content
Message 2 of 21
‎03-17-2010 05:20 AM

Re: Outlook causing access protection error?

I'm also seeing the same behavior - it looks like I was still writing my question while you posted yours. I can't see what's changed apart from the routine DAT update - we're now running 5922.

0 Kudos
Reply
andyross
andyross
Level 10
Report Inappropriate Content
Message 3 of 21
‎03-17-2010 07:23 AM

Re: Outlook causing access protection error?

I'm seeing this on multiple computers. Maybe it has something to do with that other update involving Buffer Overflow protection in another thread?

0 Kudos
Reply
ksanderson
ksanderson
Level 7
Report Inappropriate Content
Message 4 of 21
‎03-17-2010 08:54 AM

Re: Outlook causing access protection error?

It may be related. It wasn't checked into our Current branch last night as it's set to only download DAT's, but it was checked into Evaluation. The clients that are exhibiting the Access Protection errors are picking up their DATs from the Current branch, so havent' picked up the Buffer Overflow DAT.

I've pushed the Buffer Overflow DAT to the Current branch, but at the moment it doesn't appear to have changed the issue.

0 Kudos
Reply
Highlighted
andyross
andyross
Level 10
Report Inappropriate Content
Message 5 of 21
‎03-17-2010 01:12 PM

Re: Outlook causing access protection error?

I updated to today's DAT (5923), and no change. I do notice that in the About box, there is this:

Buffer Overflow and Access Protection DAT Version:        480

I don't remember if that was ever listed before. I wonder if they changed some rules that are causing the errors?

0 Kudos
Reply
Schoeys
Schoeys
Level 7
Report Inappropriate Content
Message 6 of 21
‎03-18-2010 03:44 AM

Re: Outlook causing access protection error?

We got this too after the 5922 update, the update to 5923 hasn't cured the error. Have logged a call with McAfee support will post their reply when I get an answer. Interestingly though this hasn't affected a few test PC's with virus scan 8.7 installed, or could just have been lucky that the PC wasn't switched on and missed the 5922 update.

Will post the fix, if I get one from support.

0 Kudos
Reply
jmcleish
jmcleish
Level 13
Report Inappropriate Content
Message 7 of 21
‎03-18-2010 04:53 AM

Re: Outlook causing access protection error?

I've had reports of the same thing on 8.5 (p8)  but not 8.7 (p3)

I too think its got something to do with the BO dat upgrade.


17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Product(s) running the latest DATs.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Verifying BocDet_VSE.McS.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Downloading BocDet_VSE.McS.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Searching available updates for BOC DAT.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Downloading PkgCatalog.z.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Verifying PkgCatalog.z.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Extracting PkgCatalog.z.
17/03/2010    17:24:05    NT AUTHORITY\SYSTEM    Loading update configuration from: PkgCatalog.xml
17/03/2010    17:24:06    NT AUTHORITY\SYSTEM    Starting BOC DAT update.
17/03/2010    17:24:06    NT AUTHORITY\SYSTEM    Downloading vscan.bof.
17/03/2010    17:24:06    NT AUTHORITY\SYSTEM    Update succeeded to version 480.

0 Kudos
Reply
ksanderson
ksanderson
Level 7
Report Inappropriate Content
Message 8 of 21
‎03-18-2010 05:12 AM

Re: Outlook causing access protection error?

I don't know if it's relevent, but I've only found these alerts from machines where the users are local administrators. I'll assume that for non-administrators, Windows security steps in to prevent access to the keys rather than VirusScan's Access Protection.

0 Kudos
Reply
andyross
andyross
Level 10
Report Inappropriate Content
Message 9 of 21
‎03-18-2010 05:30 AM

Re: Outlook causing access protection error?

At the moment, it's more of a nuisance. I wonder if it's safe to add Outlook to the exceptions?

0 Kudos
Reply
andyross
andyross
Level 10
Report Inappropriate Content
Message 10 of 21
‎03-19-2010 07:50 AM

Re: Outlook causing access protection error?

It's not just those with local admin privs. I'm also seeing it on a Citrix server, where the login is just a regular user.

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC