This content has been marked as final. Show 14 replies
What's the best way to accomplish this?
"Create a temporary exclusion for the process Fixcss.exe."
Just a personal preference here, but I've had NO TROUBLE installing SP3 after simply disabling the "On Access" scanner temporarily from the system try during the installation. (RIGHT click, choose "Disable On Access Scanner".) Since SP3 requests a reboot after installing, after the restart, the "On Access Scanner" starts up again automatically.
So far, I've done SP3 installations on about 40 XP machines with either VS 8.0i or 8.5i and the temporary disabling of the "On Access Scanner" has worked fine.
Hope this helps.
On-access default proceses >> exclusioions >> fixcss.exe exclude on read/write.
Been trying to get my head around default, low-risk and high-risk policies but keep getting dizzy. Not sure when is the best situation to use or enable these. Anyone seen a good explantion when it is best to use these rather then just setting the default? Yup seen the KB and product info.
Pushing SP3 via WSUS to about 1,500 workstations so wanted to push a policy to all
I have also done this on manual installs but it depends on your threat environment.
Does anybody know of any actual problems with installing SP3 without taking any of the above measures? The reason I ask is that i have rolled SP3 out via wsus to 50 or so systems, and apart from some AV alerts saying that Fixcss is trying to modify some McAfee registry keys i have seen no other issues.
It is also worth noting that VSE 8.5 seems to report that software is trying to modify these keys when in actual fact the keys are just being read. (Our Asset management software scans the registry and can also create these alerts)
Bosh, it would depend on whether you have things set to block or just report
The alerts are all blocks. I've just looked at one of the logs and we get 50 or so entries similar to the below but are 'Action Blocked : Create' and then 50 or so 'Action blocked : Delete'
Blocked by Access Protection rule NT AUTHORITY\SYSTEM c:\windows\softwaredistribution\download\90e2b77e52bde5a61cb581fd9eb73789\updat e\fixccs.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mfehidk\$%&'()*+,-./0123$%&'()* +,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Delete
All seems fine with both AV and SP3 but wonder if i may run into problems further down the line.
Actually, reading a few posts down (http://forums.mcafeehelp.com/showthread.php?t=221529) it seems these alerts are triggered for several reasons, however they don't seem to be problematic.
The name of the process to be excluded is almost certainly incorrect in the above article as the warnings in my log files relate to fixccs.exe and NOT fixcss.exe
This is the same way I've been running the SP3 update and no issues on about 45-50 machines so far w/ 8.5i patch 7.