1 2 Previous Next 16 Replies Latest reply on May 5, 2010 1:44 PM by ittech

    VSE 8.7i Patch 3 Issue?

      Hi,

       

      I installed VSE 8.7i Patch 3 yesterday on a couple machines.

       

      This morning when a user went to log in they just had a blue screen (not the BSOD).

       

      This is what I found in the Application log:

       

      "Blocked by access protection rule.  Access to object C:\WINDOWS\explorer.exe was blocked by rule Anti-virus Standard Protection:Prevent Windows Process spoofing."

       

      There was never an issue previous to installing Patch 3.  I tried it on another system with the same result.

       

      Any ideas why with Patch 3 installed it would be decting explorer.exe as a spoofed windows process?

       

      Thanks!

       

      Doug.

        • 1. Re: VSE 8.7i Patch 3 Issue?

          Quidity,

           

          The error that you got is not Patch 3 specific.

           

          It simply relates to one of the actions taken by the Virus Scan Enterprise 8.7i which has stopped the explorer.exe from Widnows Spoofing. If you keep getting the same messages again and again, I suggest you go to the Access protection and then DISABLE > WINDOWS PROCESS SPOOFING.

           

          That should take care of the issue. Also, I find it a little suscpicious to see the explorer causing that behaviour. You might also want to try and runa scan and see if that helps.

           

          Sameer

          • 2. Re: VSE 8.7i Patch 3 Issue?

            Hi Sameer,

             

            Thanks for the response.

             

            I did resolve the issue by disabling the windows process spoofing in my GPO this morning (otherwise the users could not use their computers).  I appreciate the info though (should have been more clean in my initial post).

             

            The reson this was preventing them from working is explorer.exe is the windows GUI shell.  So even though they were able to log into the system, they had no interface to access anything.

             

            The reason I posted the question was because I've been using VSE since 8.5i and I've never had to disable the windows process spoofing before.  It was only after I installed patch 3 that VSE started to recognize explorer.exe as being a spoofed windows process.

             

            I did perform a system scan and it came back clean.

             

            Thanks again for your response.

             

            Doug.

            • 3. Re: VSE 8.7i Patch 3 Issue?

              Now i'm scared to do the patch

              • 4. Re: VSE 8.7i Patch 3 Issue?

                I'd log it with McAfee. Potentially sounds like a Patch 3 introduced "issue" to me... Especially because you were able to replicate it.

                • 5. Re: VSE 8.7i Patch 3 Issue?

                  Mcafee has released a KB for this = > KB68448

                   

                   

                  Explorer.exe fails to load after installing Patch 3 for VirusScan Enterprise 8.7i

                   

                  Problem

                  After installing VirusScan Enterprise (VSE) 8.7i Patch 3 and restarting the computer, the desktop will not display.

                   

                  Windows task manager shows that Explorer.exe is not running.

                   

                  System Change

                  Installed Patch 3 for VSE 8.7i and restarted computer.

                  Cause

                  The Access Protection rule Standard Protection: Prevent Windows Process spoofing is enabled and configured to Block.

                   

                  This issue has been reported for the Explorer.exe process. Other Windows processes might also be affected.

                  Solution

                  McAfee is investigating this issue. As a temporary measure, implement the workaround shown below.

                   


                  NOTE: For environments that must have this Access Protection Rule enabled and set to Block, McAfee is working on a hotfix. When the hotfix is available, it will be attached to this article.

                   

                  To receive email notification when this article is updated, click Subscribe at the top of the page. (You must be logged in at https://mysupport.mcafee.com to subscribe.)

                  Workaround

                  Disable the Access Protection rule
                  1. Click Start, Programs, McAfee, VirusScan Console.
                  2. Right-click Access Protection and select Properties.
                  3. Select Anti-virus Standard Protection.
                  4. Select Prevent Windows Process spoofing and deselect the Block option. Optionally, deselect the Report option but this can remain enabled.
                  5. Click OK.
                  • 6. Re: VSE 8.7i Patch 3 Issue?

                    Darkshyre,

                     

                    Thank you so much for the post. Thanks for sharing the info.

                     

                    Very informative inded. as far as the workaround is concerned, We already figured that out so McAfee is late on that front

                    • 7. Re: VSE 8.7i Patch 3 Issue?
                      tornadoro

                      Hello all.

                      If you want to recreate the conditions of this problem let the "Launch folder windows in a separate process" from Windows Explorer->Tools->Options. If this option is ON and McAfee's Virusscan Enterprise "Prevent windows process spoofing" option is also ON, then on the first reboot explorer.exe won't start; if you disable ANY of the options mentioned above, explorer will start; also if the both options are ON and you have a shortcut to My Computer in quicklaunch toolbar, you will get the following message: "Windows cannot acces the specified device, path, or file. You may not have the appropriate permissions to acces the item.". I'm not sure, but I believe this issue is introduced with patch 3; I don't rember this behaviour on 8.7i patch2.

                      • 8. Re: VSE 8.7i Patch 3 Issue?
                        jsmred2red

                        Hello tornadoro

                        "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to acces the item."
                        For this problem visit  http://escritordecodigo.blogspot.com/2008/09/no-puedo-instalar-nada-en-windows-2 003.html

                        It´s easy:
                        Control PAnel -> Add or Remove Programs -> Remove IE Enhanced Security

                        As same as you, when i installed patch 3 on Windows 2003 Server, the quicklaunch toolbar icons and language toolbar dissapeared. Have you the same problem???

                        • 9. Re: VSE 8.7i Patch 3 Issue?
                          tornadoro

                          Hello jsmred2red!

                          What you say might be true but, ..the problem above appears on windows xp sp3 with internet explorer 8. No, I don;t have the same problem I'm afraid, it's a new one

                          1 2 Previous Next