cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MarcVogl
Level 7
Report Inappropriate Content
Message 51 of 84

Re: problem after upgrading VSE8.8 to patch 4

I am realy looking forward to other Security Products if we will be looking to renew our licence next time in 2 Years.. until then i am looking how Intel will bring the security software on a higher level. And if there will be no big step in to a better usability - Mcafee will be no longer used.

Re: problem after upgrading VSE8.8 to patch 4

Where can I disable BUP in EPO 5? I am new to EPO..

MarcVogl
Level 7
Report Inappropriate Content
Message 53 of 84

Re: problem after upgrading VSE8.8 to patch 4

Open your Browser,

Open the Epo console,

-> Navigate Systemtree

-> Click on what part of the tree you want to change the rules

-> on the right u will see System | Client Rules | Client Task | Group ...

(sorry perhaps the name is different got german Epo)

-> Go to Client Rules and choose the Product Virus Scan Enterprice

here you will find:  Rules for Buffer Overflow Protection

-> If you have the Default Setting be carefull, if you just want to change only one Part of your strukture

it is important to break the rule, make a 2nd & rename it too perhaps BOP_OFF. Save it change it to

BOP_OFF and go into it. 

You can Enable/Disable Bop, change from warning mode to save mode.

You can Enable/Disable the dialog box that appears if something is blocked  (if its out the problem

is still there! But your telefon will be much much MUCH more quiet)

AND you can make exeptions by Process | Module or / And API - the problem is if the BOP logs not enogh data

to get a clean answer... like BOP > SVCHOST.EXE - Module: unknown Prozess: unknown API: unknown blablabbla..

.. you will have a BIG Problem to disable the EXACT Process Programm or what ever.

The better way is to change the Suite to Kaspersky - perhaps if mcafee loose all companys they learn the lesson.

Re: problem after upgrading VSE8.8 to patch 4

thanks MarcVogl.

I have edited my rule and disabled the BOP.

I then updated all my clients with the policy update check enabled.

Bop remains enabled on my clients. WHat to do?Naamloos.png

MarcVogl
Level 7
Report Inappropriate Content
Message 55 of 84

Re: problem after upgrading VSE8.8 to patch 4

1) Wait (somtimes it took  ~5-10 Minutes to reach all clients)

2) Check out the Version of the Agent and VSE - perhaps one is old, then the Rule can get no update becourse of a

Comunication Problem.

3) Push the Epo Agent Installation. Sometimes the agent is bad and works not like it should.

4) Try to do a manual Synchronisation from the and watch the log - is the server connecting? If yes somthing is wrong,

try to install the VSE -> disable the prevention on the local VSE and be shure to take the hook out from the seve Securiy mechanism.

Stop the Framework Service and uninstall the VSE from "Programms" in your windows. Navigate to your Data Repository - choose the

VSE Installer and make a NEW installaton. That takes time.. if its done Start Yor PC new.

5) Try to find out if the Client conects and if it gets the update of the Rules.

Sometimes if EVERYTHING is not working fine - its better to uninstall via EPO Rule. First uninstall the VSE & then the Agent -

THEN Reinstall both and 80% of your system is well - the rest is need to fixed oder installed manualy becourse something is

wrong.

Those fu..ing Problems you will learn to hate becourse when ever everything is running well - and youre upgrading or install a Patch

thats your Work for the next weeks until everything is working well again. So i decide looking forward to Kaspersky..

epo4city
Level 7
Report Inappropriate Content
Message 56 of 84

Re: problem after upgrading VSE8.8 to patch 4

This is so ridiculous!!  Why am I getting BO errors from explorer.exe on windows 7 SP1 systems that have every single security update from MS installed?  What more can I update to prevent them?

McAfee, You need to remove this extra BO protection you've introduced with P4 cause it's doing nothing except giving security admins a huge headache!!  Do you guys even test this stuff before pushing it out to your paying customers?  I mean at least give us a heads up warning that we may experience BO errors after updating to P4 and we could be prepared to deal with it!!

wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 57 of 84

Re: problem after upgrading VSE8.8 to patch 4

epo4city wrote:

This is so ridiculous!! 

Nobody is trying to ridicule anyone. The frustration is detected, and, sorry if it's giving you a hard time. The workarounds are simple though; that should help.

McAfee, You need to remove this extra BO protection you've introduced with P4 cause it's doing nothing except giving security admins a huge headache!!  

It's affecting about 2% of security admins; a subset of them will have a headache; a smaller subset will have huge headaches.

But it's also an assumption to call folks security admins if they're willfully running apps that are incompatible with Data Execution Prevention, because they're using apps that execute code from the stack or heap, which is/has been a common exploit method of malware. I'm of the belief that Security Admins would be interested in ridding themselves of such apps, therefore on the plus side, this change has alerted them to _some_ of those apps.

Nevertheless, as stated in an earlier post, we'll see what we can do for Patch 5.

Do you guys even test this stuff before pushing it out to your paying customers?  I mean at least give us a heads up warning that we may experience BO errors after updating to P4 and we could be prepared to deal with it!!

Tested, yes. Tested in your environment - well, we didn't do that. We hope somebody did.

The heads up is warranted, we could've done something about that but it was a judgment call on whether to assume alleged reports of BOP alerts from 2% of external testers were legitimate or anomalies in their testing. I say alleged because none provided data to allow us to confirm the behavior. And the lack of data, and evidence, led to a decision of it not being a "real" issue, and that to say something with no sound evidence supporting it would've sounded wishy-washy and created questions which we could not answer.

Why am I getting BO errors from explorer.exe on windows 7 SP1 systems that have every single security update from MS installed?  What more can I update to prevent them?

We can help you with that. If there's a 3rd party DLL loading into Explorer that's responsible for the DEP violations, we can help you find it. It may not be a Windows component, therefore Windows updates wouldn't help. 3rd party code often hooks into Explorer to provide fancy shell functionality. Whatever it might be, we can help you identify it - and there may be updates available for it.

If we can't find it via DLL inspection, log review, or dump analysis, then we'll need a VM - just so you're prepared for what to expect along that journey. Meanwhile, for the environment at large, an exclusion is appropriate to provide relief from alerts.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
ratlsnake
Level 7
Report Inappropriate Content
Message 58 of 84

Re: problem after upgrading VSE8.8 to patch 4

Those are all fair points provided by wwarren. Our line of work has so many (arguably infinite) amounts of unique combinations in each envrionment, not piloting something is crazy, yet more often than not it doesn't happen, as is witnessed by many of these complaints. I do acknowledge though sometime people want to do the right thing, but bean counters and cowboy-management say otherwise.

I wish my other vendors were as responsive on official forums.

sol
Level 9
Report Inappropriate Content
Message 59 of 84

Re: problem after upgrading VSE8.8 to patch 4

We have many many explore and IEexplore BO alerts every day and we are cleaning those systems as they are reported and dealing with the fall out. It does stink but I do understand and I am certainly not complaining. We have had McAfee since 1997 and it has not let us down yet knock on wood). I can't think of one single security application that has never had a tough roll out to a large coporation with numerous applciations of varying degrees.

That said... How do I get our organization on the beta testing teams? We are currenlty on the Virusscan Reputation beta team but that is the only one i have been alerted to in a long time. I want our organization to be proactive in these events so we don't face these issues at roll out time. I do have the support of leadership on this.

Thanks for all you do to help us protect what keeps our bills paid

Message was edited by: sol on 3/31/14 11:08:38 AM CDT
feeeds
Level 9
Report Inappropriate Content
Message 60 of 84

Re: problem after upgrading VSE8.8 to patch 4

When you say you are "cleaning the systems", what is the process you are using?  The frustrating part for me is that our systems are on IE9, are fully patched, etc. so we are not sure what else we can do. McAfee is not providing a log of any type that could show us what needs to be upgraded.

thanks...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community