It appears that this issue only occurs on Windows 7. It does not happen on XP systems. McAfee gave me a hot fix613356 to fix another issue. This was with an exclusion that was over 16 characters. Just installed the hotfix on my Windows 7 laptop. This failed with Thunderbird like my end-users computer. This hotfix has fixed the thunderbird issue. The strange thing is thunderbird.exe is only 15 characters long. The hotfix is for issues with exclusions that are 16 characters and more.
Release Notes - McAfee® VirusScan® Enterprise 8.7i HotFix 613356
Thank you for using McAfee software. This document contains important information about this release. McAfee strongly recommends that you read the entire document.
About this HotFix
For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see McAfee Support KnowledgeBase article KB51111.
- Patch Release: 12-10-2010
This release was developed for use with:
- McAfee VirusScan Enterprise 8.7i Patch 4
- McAfee AntiSpyware Enterprise 8.7i
File name Version mfeapfk.sys 22.214.171.1247 mfeavfk.sys 126.96.36.1997 mfebopk.sys 188.8.131.527 mfehidk.sys 184.108.40.2067 mferkdet.sys 220.127.116.117 mfetdik.sys 18.104.22.1687 mfevtps.exe 22.214.171.1247 mytilus3.dll 126.96.36.1995 mytilus3_worker.dll 188.8.131.525 mytilus3_server.dll 184.108.40.2065
Resolved issues in this release of the software are described below:
- Issue: When a Windows Server Backup is scheduled on a removable storage device and the backup storage device was unexpectedly disconnected the Plug-and-play event would be delayed waiting on file scans to the disconnected backup device, resulting in the system no longer adding and removing plug-and-play devices. (Reference: 588306)
- Issue: Kernel mode drivers should refrain from using more than 1kb of stack space when processing I/O. However when another filter is installed and attempts to filter McAfee's driver load attempt, both filters can then use large amounts of stack space resulting in a stack overflow and a double fault exception (BSOD). (Reference: 613356)
- Issue: On-Access Scanner attempts to mark the file as writable while accessing a file marked read-only, but fails to account for the case of 'read only' being the only attribute set on a file, attempting to set an attribute mask of 0 (i.e. - 'do not change attributes' when set). (Reference: 624132)
- Issue: Process names over 16 characters listed in the exclusion or inclusion fields of an Access Protection rule are not being recognized in Windows Vista or later. (Reference: 626033)
Resolution: File scans being performed on backup devices, that get unexpectedly disconnected, no longer prevent Plug-and-play events from occurring.
Resolution: Updates to the drivers have implemented a change to move stack usage to the heap in these instances.
Resolution: The On-Access Scanner now correctly detects 'read-only' as the only attribute set on a file and sets the 'attribute normal' instead, which has the effect of actually removing the read-only attribute.
Resolution: Access Protection rules now can handle process names greater than 16 characters in length.