cancel
Showing results for 
Search instead for 
Did you mean: 

Do you use the Prevent Windows Process Spoofing?

Do you use the Prevent Windows Process Spoofing?

This sounds like a good setting but does work seamlessly.

Regards

1 Reply
PhilR
Level 12
Report Inappropriate Content
Message 2 of 2

Re: Do you use the Prevent Windows Process Spoofing?

See https://mysupport.mcafee.com/eservice/Article.aspx?id=KB68448

Problem

After installing VirusScan Enterprise (VSE) 8.7i Patch 3  and restarting your computer, the Windows desktop is not displayed with the  Access Protection rule Standard Protection: Prevent Windows Process spoofing enabled.

Windows Task Manager shows that Explorer.exe is  not running.

System Change

Installed Patch 3 for VSE 8.7i and restarted computer.

Cause

The Access Protection rule Standard Protection: Prevent  Windows Process spoofing is enabled and configured to Block. The  issue is caused by changes to vscan.bof, a content file for Access  Protection rules and buffer overflow protection.

This issue has been  reported for the Explorer.exe process. Other Windows processes are not  affected.

Solution

This issue is resolved by an updated vscan.bof content file on the  McAfee Common Updater site. This updated file will be automatically downloaded  and applied to all VSE systems (regardless of patch level) in the same was as  daily DAT files.

This means Patch 3 can be applied and systems will  never encounter the issue.

The updated package is also attached to this  article.

NOTE: This content  file is also used by VirusScan Enterprise 8.5i. After the update, both VSE 8.7i  and 8.5i will report version 480 for the Buffer Overflow and Access  Protection DAT Version.

Workaround

Disable the Access Protection rule.
NOTE: Because Explorer.exe is not  running, there is no Start button or VirusScan Enterprise (VSE) icon in  the system tray.

To open the VirusScan Console

  1. Press CTRL+ALT+DEL.
  2. Click Task Manager, File, New Task (Run...).
  3. Navigate to C:\Program Files\McAfee\VirusScan  Enterprise\mcconsol.exe.
  4. Click OK.
  5. Right-click Access Protection and select  Properties.
  6. Select Anti-virus Standard Protection.
  7. Select Prevent Windows Process spoofing and deselect the  Block option.

    NOTE: Optionally, you can deselect Report to completely  disable the rule.
  8. Click OK.

Related Information

If you log into your system quickly, you might not  encounter this issue, even when the rule to block spoofing of Windows processes  is enabled. This is because Explorer.exe is running before the Access  Protection Rule takes effect.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community