cancel
Showing results for 
Search instead for 
Did you mean: 
quidity
Level 7
Report Inappropriate Content
Message 1 of 17

VSE 8.7i Patch 3 Issue?

Hi,

I installed VSE 8.7i Patch 3 yesterday on a couple machines.

This morning when a user went to log in they just had a blue screen (not the BSOD).

This is what I found in the Application log:

"Blocked by access protection rule.  Access to object C:\WINDOWS\explorer.exe was blocked by rule Anti-virus Standard Protection:Prevent Windows Process spoofing."

There was never an issue previous to installing Patch 3.  I tried it on another system with the same result.

Any ideas why with Patch 3 installed it would be decting explorer.exe as a spoofed windows process?

Thanks!

Doug.

16 Replies

Re: VSE 8.7i Patch 3 Issue?

Quidity,

The error that you got is not Patch 3 specific.

It simply relates to one of the actions taken by the Virus Scan Enterprise 8.7i which has stopped the explorer.exe from Widnows Spoofing. If you keep getting the same messages again and again, I suggest you go to the Access protection and then DISABLE > WINDOWS PROCESS SPOOFING.

That should take care of the issue. Also, I find it a little suscpicious to see the explorer causing that behaviour. You might also want to try and runa scan and see if that helps.

Sameer

quidity
Level 7
Report Inappropriate Content
Message 3 of 17

Re: VSE 8.7i Patch 3 Issue?

Hi Sameer,

Thanks for the response.

I did resolve the issue by disabling the windows process spoofing in my GPO this morning (otherwise the users could not use their computers).  I appreciate the info though (should have been more clean in my initial post).

The reson this was preventing them from working is explorer.exe is the windows GUI shell.  So even though they were able to log into the system, they had no interface to access anything.

The reason I posted the question was because I've been using VSE since 8.5i and I've never had to disable the windows process spoofing before.  It was only after I installed patch 3 that VSE started to recognize explorer.exe as being a spoofed windows process.

I did perform a system scan and it came back clean.

Thanks again for your response.

Doug.

Re: VSE 8.7i Patch 3 Issue?

Now i'm scared to do the patch

Mal09
Level 12
Report Inappropriate Content
Message 5 of 17

Re: VSE 8.7i Patch 3 Issue?

I'd log it with McAfee. Potentially sounds like a Patch 3 introduced "issue" to me... Especially because you were able to replicate it.

Re: VSE 8.7i Patch 3 Issue?

Mcafee has released a KB for this = > KB68448

Explorer.exe fails to load after installing Patch 3 for VirusScan Enterprise 8.7i

Problem

After installing VirusScan Enterprise (VSE) 8.7i Patch 3 and restarting the computer, the desktop will not display.

Windows task manager shows that Explorer.exe is not running.

System Change

Installed Patch 3 for VSE 8.7i and restarted computer.

Cause

The Access Protection rule Standard Protection: Prevent Windows Process spoofing is enabled and configured to Block.

This issue has been reported for the Explorer.exe process. Other Windows processes might also be affected.

Solution

McAfee is investigating this issue. As a temporary measure, implement the workaround shown below.


NOTE: For environments that must have this Access Protection Rule enabled and set to Block, McAfee is working on a hotfix. When the hotfix is available, it will be attached to this article.

To receive email notification when this article is updated, click Subscribe at the top of the page. (You must be logged in at https://mysupport.mcafee.com to subscribe.)

Workaround

Disable the Access Protection rule
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Right-click Access Protection and select Properties.
  3. Select Anti-virus Standard Protection.
  4. Select Prevent Windows Process spoofing and deselect the Block option. Optionally, deselect the Report option but this can remain enabled.
  5. Click OK.

Re: VSE 8.7i Patch 3 Issue?

Darkshyre,

Thank you so much for the post. Thanks for sharing the info.

Very informative inded. as far as the workaround is concerned, We already figured that out so McAfee is late on that front

Re: VSE 8.7i Patch 3 Issue?

Hello all.

If you want to recreate the conditions of this problem let the "Launch folder windows in a separate process" from Windows Explorer->Tools->Options. If this option is ON and McAfee's Virusscan Enterprise "Prevent windows process spoofing" option is also ON, then on the first reboot explorer.exe won't start; if you disable ANY of the options mentioned above, explorer will start; also if the both options are ON and you have a shortcut to My Computer in quicklaunch toolbar, you will get the following message: "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item.". I'm not sure, but I believe this issue is introduced with patch 3; I don't rember this behaviour on 8.7i patch2.

Re: VSE 8.7i Patch 3 Issue?

Hello tornadoro

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to acces the item."
For this problem visit  http://escritordecodigo.blogspot.com/2008/09/no-puedo-instalar-nada-en-windows-2003.html

It´s easy:
Control PAnel -> Add or Remove Programs -> Remove IE Enhanced Security

As same as you, when i installed patch 3 on Windows 2003 Server, the quicklaunch toolbar icons and language toolbar dissapeared. Have you the same problem???

Re: VSE 8.7i Patch 3 Issue?

Hello jsmred2red!

What you say might be true but, ..the problem above appears on windows xp sp3 with internet explorer 8. No, I don;t have the same problem I'm afraid, it's a new one

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community