5 Replies Latest reply on Jan 27, 2012 11:52 AM by inachu

    vse 8.8 update result crashing computers

      Hello everybody

      We use:

       

      epo 4.5

      vse 8.7 to 8.8

      hips 7

       

      Well i did install the extensions to epo and did pull the vse 8.8 beside the 8.7

       

      Changed the task on computers from install vse 8.7 to 8.8

       

      now after 70 clients have been updated to vse 8.8 everything looks fine. But windows event id started to show id 7000 errors every 2th second.

      Some Windows 7 computers to not start anymore after installing mcafe agent + vse 8.8

       

      When i go to add remove programs on windows and try to uninstall the vse 8.8 i get an error show that windows installer cant be used?

      Windows 7 starts and is waiting for ever on black screen as if its loading something.

      Safe mode works fine.

       

      Can someone guide me where to look and at what.

      Thanks.

        • 1. Re: vse 8.8 update result crashing computers
          zero69cool

          Hi Erdal,

          Please refer to this kb article https://kc.mcafee.com/corporate/index?page=content&id=KB71179 - How to manually remove VirusScan Enterprise 8.8

          The try to install the VSE manually.

          Also post the exact error messages from the Windows Event Logs.

          Thanks

          • 2. Re: vse 8.8 update result crashing computers

            Thanks for the quick reply. The problem is now i just cant even login into those computers. Ill try those stuff on safe mode.

             

            The event id 7000 i get is now tuned to:

             

            Process **\VSTSKMGR.EXE pid (2188) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

             

            but the some computers still give this event ID 7000:

             

            The Diagnostic Service Host service failed to start due to the following error:
            A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

             

             

            • 3. Re: vse 8.8 update result crashing computers
              zero69cool

              Regarding the "Process **\VSTSKMGR.EXE pid (2188) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver." KB71083 - this issue should be resolved in McAfee Agent 4.5 patch 3.

              You can downgrade to VSE 8.7 patch 4 on the affected computers.

              • 4. Re: vse 8.8 update result crashing computers

                The new McAfee ePO 4.5 Agent (Patch 3) looks like it addresses some code signing issues.

                 

                Check out the Patch 3 release notes (items 7 & 8) for more details.  Hope this helps - please update deploying the new agent patch fixes the issue - I'm about to do a deployment and would like to know :-)

                 

                Excerpt from Patch 3 ReadMe.txt:

                Resolved issues

                Issues that are resolved in this release are listed below.

                1. Issue: The Updater process, McScript_InUse.exe, crashed with a fault address of 0x00008aa0 if the CLSID value in the McAfee point product plugin registry was corrupted to be an empty string. (Reference: 633498)

                  Resolution: The process no longer crashes. The process aborts the update for the current point product and continues to the next.

                2. Issue: If an FTP distributed repository password contained an "@" and used a proxy, the update would fail. (Reference: 615329)

                  Resolution: The update now succeeds.

                3. Issue: If an agent had two sites with the same name in the sitelist.xml file (this is an invalid state) and was unable to download files from either site, it would retry the second site indefinitely. (Reference: 619317)

                  Resolution: In a failover situation, the agent ignores duplicated names when determining the next site to try.

                4. Issue: When an error occurred during an update, the script stack was logged multiple times with "command failed" messages. This obscured the actual root error message. (Reference: 622637)

                  Resolution: The script stack is only logged once when an error occurs.

                5. Issue: The agent single tray icon executable (McTray.exe) caused a large number of audit failures for 'SeTcbPrivilege' in the system security log. This occurred each time McTray.exe started, if auditing of privilege use failure was enabled and VirusScan was installed. (Reference: 616663)

                  Resolution: The agent single tray icon executable now uses a different trust call that resolves the audit failures.

                6. Issue: The updater sometimes terminated with a fault address of 0x00008aa0 when it retried a DAT update with the next repository in the sitelist with VirusScan 8.7 Patch 4 installed. (Reference: 662417)

                  Resolution: The updater no longer terminates in this scenario.

                7. Issue: Third-party library, boost_thread-vc80-mt-1_32.dll and the agent updater installer, Framepkg_UPD.exe, were not digitally signed. (Reference: 629668)

                  Resolution: These files are now signed with the McAfee signature. 

                  NOTE: The agent's cryptographic libraries, cryptocme2.dll and ccme_base.dll, are not internally signed, but are signed with their own separate signature file and no longer cause a warning in the event log.

                   

                8. Issue: The agent's installer, MFEagent.msi, was not digitally signed. (Reference: 629668)

                  Resolution: The MSI file is now signed. 

                  NOTE: After following the steps to modify the MSI for GPO deployment, the MSI will show an invalid signature but can still be used for deployment.

                   

                9. Issue: Package type settings were ignored by agents during ePolicy Orchestrator 4.5 Global Updating. (Reference: 642266)

                  Resolution: The agent now recognizes these settings.

                   

                10. Issue: Corruption in the ePO database prevented the "Exclude new repositories by default" feature from working. (Reference: 504891)

                  Resolution: This feature now works even if the ePO database is corrupted.

                11. Issue: The Windows logon dialog box was slow to appear if the agent service startup was delayed. This delay was due to services that the agent uses during startup, such as Microsoft COM+ Event System. (Reference: 504891)

                  Resolution: The Windows logon dialog box now appears more quickly because the agent service now reports that it has completed its startup before it calls other services.

                • 5. Re: vse 8.8 update result crashing computers

                  this still begs for Mcafee to make a Macfee remover.   again mcafee is acting like we have all the time in the world to tiker with the registry.   Compound that with 200-600 computers or a whole company and it could take an entire year to get things right then by then next version is out and rinse repeat same hell.

                   

                  Make an auto uninstaller for us enterprise customers now!