Weird one...I am seeing an issue where it seems that on access scanner exclusions for general processes are not being excluded, for example;
Workstation is having a program installed through the Software Center, downloads the files to the CCMCACHE folder under ***.DBRTEMP and *** (just the folder name, not .DBRTEMP following)
Once it downloads, both folders are deleted straight away and it fails to install.
This works fine in Windows 8.1
I have the CCMCACHE and CCM folders excluded from the workstation process to scan.
If I disabled the Scan on Read from the options and leave Scan on Write - it works fine on the Windows 7 machine.....but those two folder locations are meant to be excluded already for read and write and including the subfolders within. CCMEXEC.EXE is also excluded.
Anyone shed some light on this? The policies say they are applied when viewing on the Directory Managemt --> View assigned policies
There are no access protections or other entries listed in any of the log files for McAfee, the only thing I have to go on currently is that the file that the install fails on per the CCM log viewer is different each time and has chinese type of characters as part of the failure message.
Further testing of this issue, shows that as soon as I add an exclusion into the On Access Scanner exclusion area (duplicated the mcafee default)...it fails.
Soon as I remove the exclusion, it works again.
Tested again, same.
So for some reason, the exclusions are causing the issue...as soon as I add one, doesnt matter if I use c:\windows\ccmcache\ or **\cmcache\ for example.
Will search for a KB article later and log a job with mcafee if no luck.
I ran into this same issue last week as well. When the file was downloaded to the system it would immediately get removed and after disabling OAS the SCCM deployment would work fine.
Since our VSE policy is set to manage all 3 separately we had to add ccmexec.exe into the Low Risk Process and in the same added the **\ccmcache into the exclusion folder. So far this has worked for me.
Also this was tested against VSE 8.8 patch 6 as VSE 8.8 patch 4 works fine.
When enabling the three separate policies, adding it into the low risk process, allows it to install - but as soon as I add to General, it fails (even if still in low risk).
Currently have McAfee looking at it, taking all their tools for logging, etc, been a long process so far
Works if I turn off Scan on Read, even if its in the General section - so something with general is fubar.
All the extensions are the latest;
|Name:||VirusScan Enterprise 8.8|
|Name:||VirusScan Enterprise Reports|
Although I am just installing the hotfix now for VSE, which changes the version to .430 from 412.
There are no access denied to stop the process but to further dig deeper we would need to get the reason why the failure occurs in the first place on the SCCM software.
The logs only are writing the success and no failure, the MER would not collect it.
Yesterday I advised them they have the SCCM logs with the upload of their tests already which shows the failure, so waiting again.
So updated to the hotfix yesterday (hadnt restarted yet it prompted for one) and came in this morning and blue screen on Windows 8.1, memory issue from what I saw.
Now when I restart the machine, it prompts for a restart every time now, saying McAfee needs to reboot to finish updating
Looks like time to remove and reinstall VSE and let it repatch and see if it happens
I had the same issue where on win 7 exclusions were not showing on the endpoint, we tried everything from uninstalling to reinstalling the agent & VSE also tried disabling access protection no joy, however there was one thing we did that worked we opened the VSE console on the end point > access protection properties > modified all rules to block , report etc. just to check if the policy is enforcing properly for VSE gave a wakeup and access protection was modified and also the exclusions began to appear. please try this and let me know if it works.