We have a situation in one of our groups where some XP systems have the McAfee VirusScan 8.7i On-Access Scan disabled. When you try to re-enable it then it will get disabled again. These systems are managed via our EPO 4.0 server. Is there a report or SQL Query that can show me the systems with the On-Access disabled. In the event viewer, we are seeing Event id 5004 errors "could not contact filter driver error=0x7d1".
We called McAfee Tech support, who webex into one of our systems. they said that you needed to deleted a registry key and then run a VSE repair, this is in KB 69293. I am worried that we might have issues with other system across campus that might have this issue. Just need a way for the EPO server to find these systems incase we have a cross campus issue with VSE.
The only changes wer have been making is to install the latest BOC DAT 516 and upgrade some systems to 8.7i from 8.5i. Is it possible that the upgrade to 8.7i caused the issue. I used to force a deployment task to uninstall VSE 8.5i and then install 8.7i. But this time I have told it to perform a straight upgrade.
Does anyone have a query script that we could execute in Studio Management Express to find these problem systems.
There is an Event ID 1127 that is generated when On Access Scan is disabled. Please try querying on that event (assuming its not filtered on your ePO).