Hi all, its my firts time posting here, im a new epo admin, and i have the following problem:
When i try to install some windows updates in my clients, (windows xp sp3), it give me some error, when i check my logs, i found the following:
8/19/2010 3:38:39 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM f:\1426dd23b9109cde18bc1989bb\update\wdssetup.exe \REGISTRY\MACHINE\Software\Classes\.ascx\PersistentHandler Anti-virus Maximum Protection:Prevent alteration of all file extension registrations Action blocked : Write
I have tried dissabling the following rules: Anti-virus Maximum Protection:Prevent alteration of all file extension registrations.
Prevent Windows Process spoofing.
But i can't install the updates, i'm trying to deploy WSUS.
Sorry for my bad english, and thanks for the asistance.
Greetings,
Amaury M.
Dominican Republic.
epo 4.0 and vsf 8.7i
Solved! Go to Solution.
Hidarkvicoamao ,
This can be easily solved.
Please go to to the McAfee Access Protection Properties.
The 3rd option. which is the Antivirus Standard Protection, The 1st option :- Prevent Registry editor and task manager from being disabled'. Now this gets very aggressive. This features just doesnt allow any changes to be made to the Registry Editor.
Please uncheck it and everything should work fine.
Thank you
Sameer
I'm still working with this problem, i'm doing some researchs, i let you know for some new info.
Well i go to close this discussion, i see nobody know how to help or dont wanna.
But i will try until success in the solution of this problem.
Well thanks in advance.
Hello,
just saw your thread here.
One of the Virusscan Access Protection rules is set to block and report for a rule whose name is displayed (Prevent alteration of...). Possibly the WSUS installation wants to register some of the files for its own management and the Access Protection prevents this form happening.
Please go to the appropriate Virusscan policy that applies to the given client and select Access Protection category. Find the rule and deselect the block and report option both.
Watch out that you might need to do it for servers and workstations, too (the selectionis within the policy property page of the above category).
Wait until clients are doing an ASCI or wake up this client.
Attila
i go to test and let you know, thanks.
Hidarkvicoamao ,
This can be easily solved.
Please go to to the McAfee Access Protection Properties.
The 3rd option. which is the Antivirus Standard Protection, The 1st option :- Prevent Registry editor and task manager from being disabled'. Now this gets very aggressive. This features just doesnt allow any changes to be made to the Registry Editor.
Please uncheck it and everything should work fine.
Thank you
Sameer
Hi Samir,
please could you support your suggestion in light of the original question? What is the meaning of it? I don't see it now.
Thanks:
Attila
Thanks Attila Polinger, your response help me a lot, i have left the report option checked, now i have tested and is working great.
Thanks a lot.
Darkvicoamao
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA