7 Replies Latest reply on Mar 10, 2011 12:56 PM by mtb20814

    can administrator by pass on-access scan


      We are using ePO v 4.5 with VirusScan 8.7i patch 4. Is it possible to have it setup so that an "Administrator" can disable on-access? Most software vendors want on-access to be disabled during the software install. We are not a big organization, so most software installs are done by the "Administrator" visiting the workstation and performing the install.



        • 1. can administrator by pass on-access scan

          The trick in disabling OAS at the pc is to launch the VSE console & disable the "Access Protection" first. Once this has been disabled (right click, disable); you should be able to do the same to "On-Access Scanner" after a couple seconds.


          This is assuming that the administrators have access to unlock the console if required

          • 2. can administrator by pass on-access scan

            That is not what I am trying to accomplish. The users currently can do as you note above, but the policy will reset (turn back on) the on-access scanner with in a few seconds. What I am hoping to do is give "Administrators" the ability walk up to the computer, and while still logged on as the user, disable on-access scanner durning the install process. And then enable the on-access scanner after the install completes.



            • 3. Re: can administrator by pass on-access scan

              I don't think this is permissions related. When logged on as an administrator, I can go into the console and disable access protection in the VSE console, and it will automatically turn itself back on sometimes. Kinda frustrating when trying to submit a MER or do something that requires access protection to be turned off.


              Message was edited by: gabriel.deeds on 3/2/11 3:42:34 PM CST
              • 4. can administrator by pass on-access scan

                Yes, it will be re-enabled because you are making changes locally and at every policy enforcement (default is 5 minutes), poilcies from ePO will be enforced to client machine.


                I will not suggest you to disable any of McAfee components while running the MER tool orelease MER log will not have correct info.


                For example: You have disabled VSE AP while running the MER tool so in MER log, it will show that AP is disabled which is not true.

                • 5. can administrator by pass on-access scan

                  hi  you could always disable Mcshield service . But you have to change to manual and then to stop it. i hope this helps

                  • 6. can administrator by pass on-access scan

                    I believe this is what you are looking for.


                    Assumption: you are logged-on on with an admin credential


                    Open CMD prompt and type "net stop mcafeeframework" but do not hit <enter> yet.


                    Open VSE console then highlight "Access Protection" and click STOP (red square in toolbar) or right-click -> Disable.


                    Immediately go back to the command prompt window and hit <enter>.  -> Allow time for the framework service to stop.  (If you get an access denied error, try stopping Access Protection again and then try stopping the framework service again.  Timing is crucial on this.  If you wait too long or get unlucky the framework service may re-enable Access Protection in between the steps).


                    Go back to the VSE console and highlight the On-Access Scanner and click stop or right-click -> "Disable".


                    OAS is now disabled and will remain that way until you start the framework service and allow time for policy enforcement or reboot the machine.



                    Hope this helps.






                    • 7. can administrator by pass on-access scan

                      Don't think that this will work because the user is a Local Admin of the computer, but not a Domain and/or McAfee Administrator. I will give it a try and let you know what happens.