cancel
Showing results for 
Search instead for 
Did you mean: 

fcag appears to be corrupting file writes by WiseScript Package Editor scripts

McAfee/Wise details are shown below.

This is affecting about a dozen scripts that I know of, will report a specific instance here (the breakage of concern at the moment)

MakeCIAEnvs.exe (compiled Wise Script) writes another Wise script file.

MakeCIAEnvs scans a directory that has 80 or 90 files, and writes 5 lines of text for each file found, appending to a text file written to the c:\temp directory. The file isn't created via Wise create-a-temp-file function (Wise doesn't know about the file or try to remove it automatically at the end of the script execution.) I have no control over file opening/file closing, each line is written by 1 write by the WiseScript Insert Line into Text File function.

So; there should be text-blocks for each of the 80 or 90 files:

item: Set Variable

Variable=WFM_INSTFILES

Value=install\WFM1.exe:

Flags=00000001
end

But if I run MakeCIAEnvs 5 times in a row, I'll get 5 different results, each of which is corrupted to a different degree, essentially incomplete for the section of code written as above. 10 or 20 or 33 or 57 or ... of the code blocks are simply missing. Sometimes in the middle of a code block.

If I run MakeCIAEnvs on a PC that is nearly identically imaged but has had all McAfee removed (I have no way to turn it off), the program works consistently and perfectly during every run.

So; when I run Procmon during the run on my packaging/production PC, I see fcag.exe all over the text file I'm TRYING to write to.

If I take MakeCIAEnvs (or any of the other compiled Wise scripts that are having their results similary corrupted) to an otherwise identically imaged PC that has had all McAfee removed (I have no way to disable it temporarily), program runs are reliable and consistent and work every time, with identical inputs. We aren't running any other security software.

Please advise.

===============================================================================================================

Wise Installation Studio 7.0

===============================================================================================================

MCAFEE DETAILS

System Information 

Computer Name: ***********

  

McAfee Host Intrusion Prevention 

Version number: 8.0

Build date: Sunday, December 15, 2013

Build Number: 8.0.0.2919

License Type: Licensed

Expiration Date 

Language: Automatic

Security Content Version: 8.0.0.6491

Security Content Created On: Wednesday, July 08, 2015

Patch: 4

  

  

McAfee Agent 

Version number: 4.8.0.1500

Managed 

Last security update check: 7/23/2015 8:18:14 AM

Last agent-to-server communication: 7/23/2015 8:57:39 AM

Agent to Server Communication Interval (every): 4 hours

Policy Enforcement Interval (every): 16 minutes

Agent ID: {30A48FC2-E146-4BC1-818E-4B6B0CB1C75A}

ePO Server/Agent Handler 

DNS Name: 10.2.14.66

IP Address: 10.2.14.66

Port Number: 3443

DNS Name: BHIHOUEPOAH03

IP Address: 147.108.222.50

Port Number: 3443

DNS Name: BHIHOUEPOAP01.ent.bhicorp.com

IP Address: 172.30.100.110

Port Number: 3443

  

  

McAfee ePO Deep Command Discovery Plugin 

Version number: 2.1.0.377

Language: Multiple

  

  

McAfee DLP Endpoint 

Version number: 9.3.425.4

Language: English (United States)

  

  

McAfee File and Removable Media Protection 

Version number: 4.3.1.114

Language: Multiple

  

  

McAfee VirusScan Enterprise + AntiSpyware Enterprise 

Version number: 8.8.0 (8.8.0.1247)

Build date: 1/16/2014

  

Anti-virus License Type: licensed

  

Scan engine version (32-bit): 5700.7163

  

Scan engine version (64-bit): 5700.7163

  

DAT version: 7870.0000

DAT Created on: 7/22/2015

  

Number of Signatures in extra.dat: 0

Name of threats that extra.dat can detect: None 

Buffer Overflow and Access Protection DAT version: 659

  

Installed Patches: 4

  

Installed Modules: 

  

 

Copyright © 1995-2013 McAfee, Inc. 

All Rights Reserved. 

www.mcafee.com 
=============================================================================

1 Reply
exbrit
Level 21
Report Inappropriate Content
Message 2 of 2

Re: fcag appears to be corrupting file writes by WiseScript Package Editor scripts

Moved provisionally to ePO for faster support.

---

Peter

Moderator