3 Replies Latest reply on Nov 19, 2009 1:17 PM by aladdin9

    VSE 8.5i P8 on Vista SP2 causing Windows Security Center warning due to old API

    aladdin9

      I think I have exhaused all public known suggestions to fix this issue without success, and this is occurring on two systems now (unmanaged).  The Windows Security Center is alerting under the Malware protection section with this message "Virus protection McAfee VirusScan Enterprise is on but is reporting its status to Windows Security Center in a format that is no longer supported.  Use the program's automatic updating feature, or contact the program manufacturer for an updated version."

       

      - computers are Vista SP2 x86, one Ultimate, one Enterprise

      - both systems are unmanged, no EPO server and are stand alone systems (not part of a Windows domain)

      - both systems were running 5301 engine, DATs are current

      - restarting the WMI service, and running "winmgmt /verifyrepository" indicates no errors are found

      - stopping WMI, renaming repository and restarting to create new WMI does not fix error

      - installing (using elevated cmd prompt) hotfixes HF458640, HF472021 and 5400 engine do not fix the error

      - McAfee Agent/ Common Framework version is unknown, assumed to be 3.6 or whatever McAfee included/bundled in integrated 8.5i with update 8 repost

      - Windows defender is installed on both systems, current signature 1.69.725.0 loaded

      - I cannot determine which patch/hotfix is required by McAfee to report using the new security API in Windows Vista

       

      One system that I am currently attempting to fix has these additional symptoms:

      Event viewer, System shows following error event at boot (has occurred in past without causing WSC warnings):

           Event ID 7026 The following boot-start or system-start driver(s) failed to load: mfetdik

           Event ID 7036 The McAfee McShield service entered the running state. Is a normal info event logged just before the error

      Device Manager (show hidden devices), Non-Plug and Play Drivers, 5th "McAfee Inc." driver name mfetdik is stopped with yellow !, service cannot be started

           - error when attempting to start is The system cannot find the file specified

           - file mfetdik.sys is located in %SystemRoot%\System32\drivers\mfetdik.sys

                Version SYSCORE.13.3.0.179.x86

                Date 6/10/2009 20:50

                McAfee digital signature Thu April 23, 2009 12:23:41

                MD5 a763bbbb755c634e6f7a3d951e9cc855

               

      An old thread titled "Installation issues... (Mfetdik.sys)" from 09-25-2008, 12:17 PM lists similar issues, currently unanswered.

       

      Other odd event:

      Log Name:      System
      Source:        Microsoft-Windows-Windows Defender
      Date:          11/09/2009 09:53:05
      Event ID:      3004
      Task Category: None
      Level:         Warning
      Keywords:      Classic
      User:          N/A
      Computer:      deleted
      Description:
      Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
      For more information please see the following:
      Not Applicable
        Scan ID: {9610C3CD-44EE-4A72-9FC8-8582CD71ED86}
        User: deleted
        Name: Unknown
        ID:
        Severity ID:
        Category ID:
        Path Found: driver:mfehidk01
        Alert Type: Unclassified software
        Detection Type:

      Hope these details help.  Since these are unmanaged systems it is critcal to get the Windows Security Center back operational again so the end users can report real errors to me, not the current false positives.