cancel
Showing results for 
Search instead for 
Did you mean: 
eg211
Level 10
Report Inappropriate Content
Message 1 of 7

Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi There,

Agent 5.6.2.209 / ENS 10.6 oct update

We have deployed Agent and ENS for over 800 clients, and we found some clients' (less than 10)DAT version keep staying at v0.5, means it never updated - always got an error "failed to find valid repository" when we try to run the DAT update task.

After checking the mfemactl.log we found all these clients have some 3rd party softwares installed, and these software's dll file is injecting into mcscript_inuse.exe and caused this issue, so we exported the certificate from those dlls and added as trusted certificate in ENS common policy, and indeed the issue is gone.

I kept an eye on those 3rd party softares, 3-4 clients have a VPN software named Astrill installed, one client has a Tencent Game Center (like Steam) installed,  one client has a file encryption software (Tipray) installed, one client has a security software (Qihu 360) installed, and one client has some kind of net scanning software (NetSafety) installed.

It seems many kindly of softwares are able to cause this issue.

I understand that those 3rd party software are trying to inject into agent process and agent process terminate itself by using the self-protection menchanism to prevent 3rd party software running suspicious codes.

I want to know except adding the certificates that signed those DLLs into ENS common policy, Is there any other better solutions? to us it's seems not always safe to trust those certs.

Thanks in advance.

6 Replies
McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi eg211,

I would suggest you to raise a case with ENS Team to help you out further. Our Support can also help in identifying the third party and later trusting a third-party digital certificate of signed third-party DLLs injecting into McAfee processes. This support requires opening a Service Request. To expedite processing, the steps to achieve these tasks are provided in the below article.

https://kc.mcafee.com/corporate/index?page=content&id=KB88085

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

eg211
Level 10
Report Inappropriate Content
Message 3 of 7

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

HI @LKS ,

Thanks, I'm afraid we don't have much time to follow up the case as it only impacted a few client machines.

For now I just want to know if there has better solutions to this issue 🙂

Highlighted
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

We can uninstall product whose dll is injecting to Mcscript_Inuse.exe, reboot the machine and reproduce the issue.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

You can try a couple of things.  Run sysprep tool (available on download page and it may or may not resolve the issue), trust the certs, contact vendor for any updates that might resolve, or remove the offending product.  Those are pretty much your options when it comes to dll injections.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Hi @eg211,

Honestly, this is a very good Post! You have your question well framed, you have done your research and you even have a solution in place!

This issue comes up due to the fact that a third party software is injecting or trying to inject it's dll into our product and hence quite frankly, we have little to do here other than allow them to inject if you entirely trust them. It is basically allowing them to bypass our safety mechanism! Now in the case of security software, our recommendation is pretty straightforward - Please do not install 2 Security Software that has same or similar features on the same machines. It is  pretty much like having more than one person trying to do the same job, at the same time, in the same place. It may work for a few, but most of the time, it fails!

Other softwares like VPNs or Gaming softwares definitely must be dealt with by contacting the respective vendor as I am not sure why they would want their dll injecting in to our product.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
eg211
Level 10
Report Inappropriate Content
Message 7 of 7

Re: Failed to update DAT due to 3rd party dll injection into mscript_inuse.exe

Thanks everyone, I understand.

I see most the client machines that failing to update DAT are the customer's IT department's computers. because they have domain admin right and able to install softwares.. sometimes it's really hard to control it...

Want to Ask a Question?

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community