I installed VSE 8.7i Patch 3 yesterday on a couple machines.
This morning when a user went to log in they just had a blue screen (not the BSOD).
This is what I found in the Application log:
"Blocked by access protection rule. Access to object C:\WINDOWS\explorer.exe was blocked by rule Anti-virus Standard Protection:Prevent Windows Process spoofing."
There was never an issue previous to installing Patch 3. I tried it on another system with the same result.
Any ideas why with Patch 3 installed it would be decting explorer.exe as a spoofed windows process?
The error that you got is not Patch 3 specific.
It simply relates to one of the actions taken by the Virus Scan Enterprise 8.7i which has stopped the explorer.exe from Widnows Spoofing. If you keep getting the same messages again and again, I suggest you go to the Access protection and then DISABLE > WINDOWS PROCESS SPOOFING.
That should take care of the issue. Also, I find it a little suscpicious to see the explorer causing that behaviour. You might also want to try and runa scan and see if that helps.
Thanks for the response.
I did resolve the issue by disabling the windows process spoofing in my GPO this morning (otherwise the users could not use their computers). I appreciate the info though (should have been more clean in my initial post).
The reson this was preventing them from working is explorer.exe is the windows GUI shell. So even though they were able to log into the system, they had no interface to access anything.
The reason I posted the question was because I've been using VSE since 8.5i and I've never had to disable the windows process spoofing before. It was only after I installed patch 3 that VSE started to recognize explorer.exe as being a spoofed windows process.
I did perform a system scan and it came back clean.
Thanks again for your response.
Mcafee has released a KB for this = > KB68448
Explorer.exe fails to load after installing Patch 3 for VirusScan Enterprise 8.7i
If you want to recreate the conditions of this problem let the "Launch folder windows in a separate process" from Windows Explorer->Tools->Options. If this option is ON and McAfee's Virusscan Enterprise "Prevent windows process spoofing" option is also ON, then on the first reboot explorer.exe won't start; if you disable ANY of the options mentioned above, explorer will start; also if the both options are ON and you have a shortcut to My Computer in quicklaunch toolbar, you will get the following message: "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item.". I'm not sure, but I believe this issue is introduced with patch 3; I don't rember this behaviour on 8.7i patch2.
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to acces the item."
For this problem visit http://escritordecodigo.blogspot.com/2008/09/no-puedo-instalar-nada-en-windows-2003.html
Control PAnel -> Add or Remove Programs -> Remove IE Enhanced Security
As same as you, when i installed patch 3 on Windows 2003 Server, the quicklaunch toolbar icons and language toolbar dissapeared. Have you the same problem???