cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 9

Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi There,

Agent 5.6.2.209 / ENS 10.6 oct update

We have deployed Agent and ENS for over 800 clients, and we found some clients' (less than 10)DAT version keep staying at v0.5, means it never updated - always got an error "failed to find valid repository" when we try to run the DAT update task.

After checking the mfemactl.log we found all these clients have some 3rd party softwares installed, and these software's dll file is injecting into mcscript_inuse.exe and caused this issue, so we exported the certificate from those dlls and added as trusted certificate in ENS common policy, and indeed the issue is gone.

I kept an eye on those 3rd party softares, 3-4 clients have a VPN software named Astrill installed, one client has a Tencent Game Center (like Steam) installed,  one client has a file encryption software (Tipray) installed, one client has a security software (Qihu 360) installed, and one client has some kind of net scanning software (NetSafety) installed.

It seems many kindly of softwares are able to cause this issue.

I understand that those 3rd party software are trying to inject into agent process and agent process terminate itself by using the self-protection menchanism to prevent 3rd party software running suspicious codes.

I want to know except adding the certificates that signed those DLLs into ENS common policy, Is there any other better solutions? to us it's seems not always safe to trust those certs.

Thanks in advance.

8 Replies
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi eg211,

I would suggest you to raise a case with ENS Team to help you out further. Our Support can also help in identifying the third party and later trusting a third-party digital certificate of signed third-party DLLs injecting into McAfee processes. This support requires opening a Service Request. To expedite processing, the steps to achieve these tasks are provided in the below article.

https://kc.mcafee.com/corporate/index?page=content&id=KB88085

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

HI @LKS ,

Thanks, I'm afraid we don't have much time to follow up the case as it only impacted a few client machines.

For now I just want to know if there has better solutions to this issue 🙂

Hem
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

We can uninstall product whose dll is injecting to Mcscript_Inuse.exe, reboot the machine and reproduce the issue.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

You can try a couple of things.  Run sysprep tool (available on download page and it may or may not resolve the issue), trust the certs, contact vendor for any updates that might resolve, or remove the offending product.  Those are pretty much your options when it comes to dll injections.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi @Former Member,

Honestly, this is a very good Post! You have your question well framed, you have done your research and you even have a solution in place!

This issue comes up due to the fact that a third party software is injecting or trying to inject it's dll into our product and hence quite frankly, we have little to do here other than allow them to inject if you entirely trust them. It is basically allowing them to bypass our safety mechanism! Now in the case of security software, our recommendation is pretty straightforward - Please do not install 2 Security Software that has same or similar features on the same machines. It is  pretty much like having more than one person trying to do the same job, at the same time, in the same place. It may work for a few, but most of the time, it fails!

Other softwares like VPNs or Gaming softwares definitely must be dealt with by contacting the respective vendor as I am not sure why they would want their dll injecting in to our product.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Thanks everyone, I understand.

I see most the client machines that failing to update DAT are the customer's IT department's computers. because they have domain admin right and able to install softwares.. sometimes it's really hard to control it...

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi @Former Member,

Thank you for your kind update. I certainly understand the situation as well. It is always a tough choice between security and convenience. Kudos to you for keeping us updated!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

I have been in IT for years, so I understand the dilemma, but even IT needs to be security conscious - that is their job.  Hopefully running sysprep or updating the software that is causing the injections will resolve the issue for you.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community