Windows task manager shows that Explorer.exe is not running.
The error that you got is not Patch 3 specific.
It simply relates to one of the actions taken by the Virus Scan Enterprise 8.7i which has stopped the explorer.exe from Widnows Spoofing. If you keep getting the same messages again and again, I suggest you go to the Access protection and then DISABLE > WINDOWS PROCESS SPOOFING.
That should take care of the issue. Also, I find it a little suscpicious to see the explorer causing that behaviour. You might also want to try and runa scan and see if that helps.
Thanks for the response.
I did resolve the issue by disabling the windows process spoofing in my GPO this morning (otherwise the users could not use their computers). I appreciate the info though (should have been more clean in my initial post).
The reson this was preventing them from working is explorer.exe is the windows GUI shell. So even though they were able to log into the system, they had no interface to access anything.
The reason I posted the question was because I've been using VSE since 8.5i and I've never had to disable the windows process spoofing before. It was only after I installed patch 3 that VSE started to recognize explorer.exe as being a spoofed windows process.
I did perform a system scan and it came back clean.
Thanks again for your response.
Now i'm scared to do the patch
I'd log it with McAfee. Potentially sounds like a Patch 3 introduced "issue" to me... Especially because you were able to replicate it.
Mcafee has released a KB for this = > KB68448
Explorer.exe fails to load after installing Patch 3 for VirusScan Enterprise 8.7i
ProblemAfter installing VirusScan Enterprise (VSE) 8.7i Patch 3 and restarting the computer, the desktop will not display.
System ChangeInstalled Patch 3 for VSE 8.7i and restarted computer.
CauseThe Access Protection rule Standard Protection: Prevent Windows Process spoofing is enabled and configured to Block.
SolutionMcAfee is investigating this issue. As a temporary measure, implement the workaround shown below.
NOTE: For environments that must have this Access Protection Rule enabled and set to Block, McAfee is working on a hotfix. When the hotfix is available, it will be attached to this article.
WorkaroundDisable the Access Protection rule
- Click Start, Programs, McAfee, VirusScan Console.
- Right-click Access Protection and select Properties.
- Select Anti-virus Standard Protection.
- Select Prevent Windows Process spoofing and deselect the Block option. Optionally, deselect the Report option but this can remain enabled.
- Click OK.
Thank you so much for the post. Thanks for sharing the info.
Very informative inded. as far as the workaround is concerned, We already figured that out so McAfee is late on that front
If you want to recreate the conditions of this problem let the "Launch folder windows in a separate process" from Windows Explorer->Tools->Options. If this option is ON and McAfee's Virusscan Enterprise "Prevent windows process spoofing" option is also ON, then on the first reboot explorer.exe won't start; if you disable ANY of the options mentioned above, explorer will start; also if the both options are ON and you have a shortcut to My Computer in quicklaunch toolbar, you will get the following message: "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item.". I'm not sure, but I believe this issue is introduced with patch 3; I don't rember this behaviour on 8.7i patch2.
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to acces the item."
For this problem visit http://escritordecodigo.blogspot.com/2008/09/no-puedo-instalar-nada-en-windows-2 003.html
Control PAnel -> Add or Remove Programs -> Remove IE Enhanced Security
As same as you, when i installed patch 3 on Windows 2003 Server, the quicklaunch toolbar icons and language toolbar dissapeared. Have you the same problem???