I believe error 1920 is a fairly generic error covering the services failing to start at the end of the install.
So it could be permissions related (a locked down registry perhaps?), security hardening, an issue with the Installation Designer package, or one of the several documented causes in the Support Portal.
Does the registry flag any errors? How about the installation log? (Should be in the temp directory)
If you install the package without using Installation Designer do you get the same error?
I suggest you to delete the temporary files. Run the setup.exe as an ADMINISTRATOR and let us know how it goes.
Mal09: Thanks for the reply. I am running as Ssysop and have full Administrative rights (as I stated in my post).
I tried running the installer that I downloaded from the McAfee site without touching it with Installation Designer. It did exactly the same thing.
Looks like it installs but then attempts to roll-back at the end, and winds up removing the older version 8.5iP8 as well.
The error in the log file is 1920: McShield failed to start. Verify that you have sufficient privileges to start system services.
I have had this issue from day one of the release of version 8.7i, and was hoping Patch 2 fixed the issue.
I have tried all the suggestions that were posted in this forum for error 1920. I have removed every 8.5 registry setting and file after an uninstall.
I have tried installing McAgent version 4.0 beforehand as well.
I have encountered the Error 1920 even with the VSE 8.5i. Everything seems to work well untill that annoying pop up which either wants to you to try again or cancel. Then again the roll back thing happens.
Now that you seem to have already read all the posts pertaining to the VSE install. I suggets you to check out this URL. This lists out an advanced way of countering the Error 1920.
Please let me know if that helped. As far as the Patch 3 is concerned, These are the Release notes for it :-
McAfee recommends this release for all environments. Patch 3 is considered a High Priority Release. See McAfee Support
KnowledgeBase article KB51560 for information on ratings.
This release of the software includes the following improvements.
1. Changes were made to the service startup sequence to have less impact on the system during startup.
Patch 3 resolved issues:
1. Issue: Users would see Windows Security Center notification pop-ups at regular intervals, stating that VirusScan was disabled.
Resolution: The VirusScan Enterprise Windows Security Center reporting tool now only updates its status when the state of
VirusScan changes, rather than at regular intervals.
2. Issue: The On-Access Scanner service failed to start after running Chkdsk at startup. (Reference: 450357)
Resolution: The Anti-Virus Filter driver no longer treats the disks as having been dismounted after the Chkdsk procedure is
3. Issue: Some VBScript types were not being properly scanned on Windows 2008 R2. (Reference: 505001)
Resolution: The ScriptScan application has been updated to account for changes in the Windows 2008 R2 platform.
4. Issue: A 3B bugcheck (blue screen) could occur immediately after an unexpected device-removal. (Reference: 519656)
Resolution: The Link driver has been revised to cease processing outstanding IO requests immediately upon being notified that
device removal has occurred.
5. Issue: When an Access Protection warning existed in McAfee Security Status window, the warning status clear function caused a
crash. (Reference: 517265)
Resolution: The VirusScan tray files now have updated logic to handle the Access Protection messages in the McAfee Security
6. Issue: When an On-Demand Scan task was created manually via console, but had not yet run, the task started up at the next
reboot. (Reference: 521200)
Resolution: The VirusScan task manager service prevented an uninitialized variable, which caused the task to indicate that a
scan was in progress.
7. Issue: On-Demand Scan tasks on Windows 2008 failed to authenticate to network shares with specified credentials. (Reference:
Resolution: The On-Demand Scanner now requests the necessary elevated privileges to authenticate on Windows 2008.
8. Issue: The On-Demand Scanner /LOG switch logged only part of the data from the scan in the specified location, while the rest
of the information was still recorded in the default location. (Reference: 525694)
Resolution: When Scan32.exe is executed via command line, it now reads from the default settings and overwrites, but does
not save, the setting based on what is specified with the command-line switches.
9. Issue: With VirusScan installed alongside the McAfee Agent 4.5 in an unmanaged environment, the VirusScan legacy tray icon
did not load. (Reference: 523823)
Resolution: The VirusScan Statistics tray icon now properly queries the McAfee Agent for version and managed/unmanaged
state before deciding to load itself.
10. Issue: Removing the current Patch from the system did not replace the Patch_ registry data from the previous Patch.
Resolution: The Microsoft Patch (MSP) installer now reverts the Patch_ registry information to the previous version.
11. Issue: If VirusScan was set to show its tray settings with minimal options, the McAfee Agent 4.5 tray icon did not display an
item under Managed Products. (Reference: 528792)
Resolution: The VirusScan Statistics tray plug-in now uses the legacy Help/About as a menu option when VirusScan is set to
Show the system tray icon with minimal menu options.
12. Issue: When a specific scan task had both Defer scan when using battery power and User may defer scheduled scans options
set, the user was still prompted to defer the scan when on battery power. (Reference: 537126)
Resolution: The On-Demand Scan plug-in was changed so that the property option, User may defer scheduled scans, is not
encountered first, so it doesn’t override the other selections.
13. Issue: The user dialog box for the scan task option, User may defer scheduled scans, did not appear when VirusScan 8.7i was
managed by the McAfee Agent 4.5. (Reference: 534348)
Resolution: The VirusScan Statistics tray plug-in was updated to include this same functionality from the VirusScan Statistics
legacy tray icon.
14. Issue: Using the %ProgramFiles% variable to exclude folders and files did not translate all possibilities across 64-bit and 32-bit
operating systems. To ensure you exclude any possible “Program files” location (including “Program Files (x86)”), you had to
enter the exclusions two ways: 1) “%programfiles%” 2) “%programfiles(x86)%” (Reference: 491796)
Resolution: The Access Protection Filter API now always translates the %ProgramFiles% variable into all lowercase to prevent
the operating system from misinterpreting the intended location.
15. Issue: Some access protection policies were enforced by ePolicy Orchestrator when the Access Protection feature was not
installed to the system. (Reference: 503635)
Resolution: The VirusScan Management Plug-in now recognizes when the Access Protection feature is installed or not and
enforces policies accordingly.
16. Issue: The Task name entry for the default "Full Scan" used the translation string name instead of the translated name.
Resolution: The Announcer library now uses the proper translation name instead of the string.
17. Issue: The Network Port Access Protection Rule window under the user-defined access protection policies did not always display
an OK or Cancel button. (Reference: 517382)
Resolution: The VirusScan 8.7i extension has been updated to properly display the buttons.
18. Issue: The threat event 1119 event showed an incorrect Engine and DAT version when an update failed or was cancelled.
Resolution: The AutoUpdate application now reports the proper information for the event.
19. Issue: The process name involved in a Buffer Overflow detection did not show in the ePolicy Orchestrator query "Top 10 Buffer
Overflows Detected". (Reference: 459789)
Resolution: VirusScan Reports extension was corrected to display the information under the proper column name.
20. Issue: The query "Number of Detections by Tag" did not execute properly on ePolicy Orchestrator 4.5. (Reference: 460304)
Resolution: The VirusScan Reports extension now uses the proper column validation.
21. Issue: The Access Protection and Buffer Overflow rule file that was contained in the VirusScan extension introduced an
incorrectly defined variable that prevented the McAfee Agent from calling back to the ePolicy Orchestrator server if custom
policies were made to the rules. (Reference: 530900)
Resolution: The VirusScan Extension has been updated to include a revised Access Protection and Buffer Overflow rule that does
I saw KB59863 from McAfee last Fall when I first started working with 8.7i and this issue appeared. I did try their solution and it did work for a manual installation.
However this is not a solution for the creation of an clean automated installer that can be distributed to all my users. I cannot have them entering anything manually in the middle of the install. I had tried using an mst to push these corrected registry settings down, but it did not work.
Thank you for the response.
Let me dwelve more into this and see what I can get for you. You seem to have tried all the tricks already
All the best !
Thanks Sameer. I just confirmed again that it is still the same problem with the 3 registry settings path.
Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5004
User: NT AUTHORITY\SYSTEM
Description:Could not contact filter driver
Error=0x7d1: The specified driver is invalid
Product: McAfee VirusScan Enterprise
According to KB59863 this was supposed to be resolved in Patch 1. However I have found with both Patch 1 and Patch 2's repost, that the error still happens. I am trying a few other tricks to see if I can get past it in an unattended/silent installer scenario and will let you know if I can come up with something.
But I would hope that McAfee would trully address this problem as they claimed in the KB posting.
This sounds like an issue that needs to have a call logged and be escalated to Tier 3 support if the issue is believed to have been fixed in Patch 1/2 and is still around.
A possible suggestion would be to create a registry file of the affected keys and use the functionality in the Installation Designer to import that registry file during install. I don't know if that would work or not - but could be worth a try.
There are technotes indicating that some HP software may also be a cause of this issue - are they factory image HP's perchance?
I have tried forcing the correct 3 registry settings into an mst but so far that is not working. I just cracked open the original msi, and I do not see those specific registry settings in the msi itself. So they must be created by the service instead and anything in my mst is being overwritten?
We are using DELL workstations with XP, with our own clone image and not factory installed.
I have tried it both with 8.5 installed previously, as well as a fresh image without McAfee. Both ways fail with 8.7i P2.