cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mcvoodoo
Level 8
Report Inappropriate Content
Message 1 of 3
‎03-23-2016 02:46 AM

Upgrade to VSE 8.8 Patch 7 Results in NAPRDMGR.EXE Access Protection Log Entries

Hi,

I'm in the process of testing VSE 8.8 patch 7 (moving from patch 5) and I've noticed that since the upgrade my test machines are reporting the following entries in the access protection log:

23/03/201608:29:16Blocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXEC:\ProgramData\McAfee\datreputation\Logs\datreputation.txtMcAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settingsAction blocked : Create
23/03/201608:29:16Blocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXEC:\ProgramData\McAfee\datreputation\Logs\notices.txtMcAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settingsAction blocked : Create
23/03/201608:29:16Blocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXEHKLM\SOFTWARE\WOW6432NODE\MCAFEE\DATREPUTATION\McAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settingsAction blocked : Write

At first I thought this might be due to the fact I was running an old DAT reputation extension, but upgrading to the latest one available (1.0.2.129) but upgrading to this hasn't cleared the issue. I believe I'm running the latest extension for VSE (8.8.0.448) too.  For information, the test machines are running McAfee Agent 4.8.0.1500.

I did read an article saying that if you've altered the Access Protection rule policy then the policy would not pick up the latest exclusions detailed in products extensions, but the entries still appear when i revert back to "McAfee Default" which I do expect to be updated.

The workstations don't seem to be suffering any ill effects as a result.  I could add manual exclusions but I'd really like to understand why a McAfee process is being blocked from writing to a McAfee file.

Anyone else seeing this issue?  Any ideas why it might be happening?

Thanks

MVC

0 Kudos
Reply
2 Replies
nashcoop
Level 11
Report Inappropriate Content
Message 2 of 3
‎03-24-2016 12:38 PM

Re: Upgrade to VSE 8.8 Patch 7 Results in NAPRDMGR.EXE Access Protection Log Entries

I've seen similar issues in access protection logs when upgrading from VSE 8.8 w/P5 (8.8.0.1385) to VSE 8.8 Patch 7.  Primarily I've seen it on a few XP systems we still have in our environment, but also a couple of W7 O/S's.  Our Helpdesk has reported that these few systems are generating thousands of alert emails.  The Access Protection Rule "Common Standard Protection: Prevent modification of McAfee Common Management Agent files and settings" is triggering "Action blocked: Write" alerts and references MFEVTPS.exe, NAPRDMGR.exe, VSTSKMGR.exe, MFEANN.exe, and SCAN32.exe.  I've tried  reference the "Installation Sequence Chart" here: McAfee KnowledgeBase - Intel Security - Security Bulletin: Protected resource access bypass vulnerab...  but all of the upgrade options start with VSE 8.8.0.1478 which isn't my scenario.

0 Kudos
Reply
mcvoodoo
Level 8
Report Inappropriate Content
Message 3 of 3
‎04-25-2016 02:34 PM

Re: Upgrade to VSE 8.8 Patch 7 Results in NAPRDMGR.EXE Access Protection Log Entries

It seems that this is caused by the fact I had DAT reputation disabled when DAT reputation was upgraded from 1.0.3 to 1.0.4.  Installing VSE 8.8 patch 7 doesn't cause the problem, it just exposes it.  Details can be found in KB86569, though I've had mixed results when testing the fix.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC