6 Replies Latest reply on Jul 9, 2010 5:43 PM by skiper

    temporary disable mcshield

    kardock

      hi everyone,

       

      my job is to package & deploy applications to computers. i was asked to deploy windows xp sp3.

       

      i've checked the sp3 main page from microsoft and it is highly recommanded to disable any anti-virus when installing the sp3.

       

      we use mcafee entreprise with epo and, even with an admin account, i cannot stop the service for mcafeeframework, i got the message "access denied".

       

      i also need to disable the mcshield service.

       

      is there some switches or command-line options i can use to disable the service the required time to install the sp3? can someone help me?

       

      thank you all!

        • 1. Re: temporary disable mcshield
          rmetzger

          kardock wrote:

           

          hi everyone,

           

          my job is to package & deploy applications to computers. i was asked to deploy windows xp sp3.

           

          i've checked the sp3 main page from microsoft and it is highly recommanded to disable any anti-virus when installing the sp3.

           

          we use mcafee entreprise with epo and, even with an admin account, i cannot stop the service for mcafeeframework, i got the message "access denied".

           

          i also need to disable the mcshield service.

           

          is there some switches or command-line options i can use to disable the service the required time to install the sp3? can someone help me?

           

          thank you all!

          Check out this discussion:

          http://community.mcafee.com/message/17661#17661

          and

          https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=615638&sliceId= SAL_Public&command=show&forward=nonthreadedKC&kcId=615638 or   search the KnowledgeBase for article 615638

           

          McAfee does Not recommend disabling anti-virus software to deploy WinXP, SP3.

           

          1. Click Start, Programs, McAfee, VirusScan Console.
          2. Click Access Protection, Common Standard  Protection.
          3. Select Prevent modification of McAfee files and settings and  click Edit.
          4. Under Processes to exclude, type Fixccs.exe , Services.exe, Explorer.exe, Update.exe and  click OK.
          5. Select Prevent modification of McAfee Common Management Agent  files and settings and click Edit.
          6. Repeat the exclusion process.
            NOTE: Remember to  remove the exclusions set after you have finished installing Windows XP  Service Pack 3.

           

          Hopefully this helps.

          Ron Metzger

          • 2. Re: temporary disable mcshield
            kardock

            thanks for the reply.

             

            i forgot to mention that i need to deploy this silently to thousands of computers. we cannot go to every computers to make the process described in your answer.

             

            is there a way to script the stopping of the service temporary, installing the sp3, then reboot the computer, which will restart the service?

             

            i understand mcafee does not recommand stopping the service but i can't do it otherwise.

             

            thanks!

             

            edit: i've checked the posts you linked but again, this is related to a manual installation. i need to way to script this deployment. thanks!

             

             

            Message was edited by: kardock on 4/8/10 12:58:31 PM CDT
            • 3. Re: temporary disable mcshield
              rmetzger

              kardock wrote:

               

              thanks for the reply.

               

              i forgot to mention that i need to deploy this silently to thousands of computers. we cannot go to every computers to make the process described in your answer.

               

              is there a way to script the stopping of the service temporary, installing the sp3, then reboot the computer, which will restart the service?

               

              i understand mcafee does not recommand stopping the service but i can't do it otherwise.

               

              thanks!

              Well, the VSE processes can be changed via ePO silently (though the example does not use ePO, the equivalent settings exist in ePO as well), but deploying SP3 silently after the ePO changes, that's up to you. Post SP3, the ePO changes can be reversed out as well.

               

              The problem with 'scripting' a temporary services change, is that VSE v8.5 and v8.7 self-protect against these changes, so that malware has less chances to infiltrate. So ePO is better able to manage this as a trusted authority to the workstation. From the VirusScan Console:

              Access Protection > Properties

              Uncheck 'Prevent McAfee services from being stopped'

              Again, the ePO equivalent exists.

               

              Now, from a script:

              net stop McAfeeFramework /yes
              net stop McShield /yes
              net stop McTaskManager /yes

               

              Note: You will still want to make the exclusions listed above, because the SP3 deployment will re-boot and this will restart the McAfee services stopped in the script above.

               

              Frankly, I have not had problems with SP3 deployment with VSE running. Your mileage may vary.

               

              Ron Metzger

              • 4. Re: temporary disable mcshield
                kardock

                if we change the console settings to alloy the service to be stopped, means that we have to coordinate the installation of the sp3 with these settings changes. also, we do not wish to permit users to stop the service.

                 

                so i believe this is a no win situation.

                 

                i'll try distributing the sp3 without stopping the service. i hope this will work.

                 

                thanks rmetzger!

                • 5. Re: temporary disable mcshield
                  rmetzger

                  Your welcome, and Good Luck.

                   

                  By the way, the settings can be done via ePO and controlled there as well. So, end-users are not as likely to have control over stopping services, once the SP3 deployment is complete. Of course, re-enable the self-protection when SP3 is done.

                   

                  At any rate, deploy the Exclusions listed in article 615638 from ePO and give that a try.

                   

                  Let us know how you are doing.

                  Ron Metzger

                  • 6. Re: temporary disable mcshield

                    Stopping the services won't work with McAfee 8.7i even if you have administrative rights.

                     

                    This will work:

                    psexec -s "c:\windows\system32\SC.exe" STOP MCSHIELD