7 Replies Latest reply on May 11, 2017 2:17 PM by jabii

    VSE On-Access Scan Disabled

    chrisakinika

      Hi All,

       

      We are currently running a mix of Patch 4 & Patch 9 versions of VSE.  Randomly, they the on-access scan process will stop ont he endpoint and not re-enable through any of the VSE options.

      All policies in ePO have on-access enabled and it appears to be on in the VSE control panel.  I have seen a couple of instances where the McShield service has stopped, but even re-enabling this (when possible) does not re-enable OAS.

      The only solutuion I have found so far it to completely remove VSE (whichever version) and then reinstall.  This reenabled OAS when the install is complete, but in some instances (thought not all) it is only temporary.

       

      Any help procided would be greatly appreciate!

        • 1. Re: VSE On-Access Scan Disabled
          tao

          Within "Access-Protection" are any of the following set to Block & Report?

           

          Prevent modification of McAfee files and settings

          Prevent modification of McAfee Common Management Agent files and settings

          Prevent modification of McAfee Scan Engine files and settings

          Prevent hooking of McAfee processes

          Prevent termination of McAfee processes

           

          Also, double check the McAfee services are set to restart service under the recovery tab

          • 2. Re: VSE On-Access Scan Disabled
            chrisakinika

            Hi Tao

             

            Prevent modification of McAfee files and settings  Yes

            Prevent modification of McAfee Common Management Agent files and settings Yes

            Prevent modification of McAfee Scan Engine files and settings Yes

            Prevent hooking of McAfee processes Yes

            Prevent termination of McAfee processes Yes

             

            "Prevent McAfee services from being stopped" is also ticked in "Access Protection Settings" section of policy.

            • 3. Re: VSE On-Access Scan Disabled
              tao

              Since those are set to block/report; review what is listed under "Processes to exclude".  Also, perhaps reviewing the logs under Temp/McAfee would provide some insight as to what may be causing the issue.

              • 4. Re: VSE On-Access Scan Disabled
                chrisakinika

                Nothing excluded and from the logs I've checked, nothing is flagging up as a possible cause.

                • 5. Re: VSE On-Access Scan Disabled
                  tao

                  Interesting that you have nothing listed under "Processes to exclude"; by default there should be a list of mcafee files

                  • 6. Re: VSE On-Access Scan Disabled
                    chrisakinika

                    Sorry, I was checking the wrong section.

                    "Processes to exclude" are all the items included in the "McAfee Default" policy (the live policy is a clone of this, with the default exclusions included).  I've not manually made any modifications.

                    • 7. Re: VSE On-Access Scan Disabled
                      jabii

                      I'm having the same issue.

                      Usually i'm updating 1000-1500 systems in one time to VSE & HIPS patch 9 from different versions (4-8), but for 5-10 pc's from all, mcshield service go to disabled from i don't know what reason.

                      On some systems from 10 pc's only 2 or 3 works with setting the mcshield on automatic. For the rest of them we need to unintall, clean registry, reboot, install again.