2 Replies Latest reply on Aug 7, 2008 7:26 PM by dk1

    Pop-up alerts not working with Patch 6.1?


      I am trying to get the pop-up alerts like "Virus Detection Occurred" on the local PC, when the on-access scanner detects something.

      For some reason, this doesn't seem to be happening with the new patch 6.1, even though it used to on Patch 5.

      On a Win 2003 SP2 server, running VirusScan 8.5i Patch 5, the EICAR test file would give the popup when detected. After upgrading to patch 6.1 this no longer occours even after a reboot. However, it does make an entry in the on access protection log- it says it was detected and the file deleted.

      The same behaviour was exhibited on a PC running XP SP3 usiong the VirusScan 8.5i patch 6.1. It's not just the EICAR test file either, I actually copied some quarantined trojans off our mail server onto my desktop, it deleted them and made an entry in the log, but I didn't get a popup.

      I've looked through the settings in VirusScan Console and under the On Access scanner properties, on the Messages tab, the box is ticked for "Show the messages dialog when a detection occours".

      I have looked through ePolicy Orchestrator policies for VirusScan Enterprise 8.5.0 and this setting is also enabled under "Access Protection General Policies" for both workstation and server. Under "On Access Default Processes policies", I have configured "Configure one scanning policy for all processes" so the "General Policies" settings should be the ones that are applied to the PC's. There are no broken inheritances for these policies.

      Under Alert Policies, I have set to suppress informational alerts (<1). All 5 options for "components that generate alerts" is ticked. I have set the option to Enable Alert Manager alerting although I am not using alert manager. I can't enable centralised alerting for some reason (won't let me save the policy). Is it OK to click "Disable Alerting" on this screen if I'm not using alert manager? Will I still get email notifications from EPO?

      Is this a bug with the new patch version or is there a setting that I need to configure somewhere? we still get emails from the EPO server about these detections, but I would rather the users get a notification as well to put them on their guard.

      some details:
      EPO on Win 2003SP2 server
      Scan Engine 5200.2160
      Mcafee Agent
      Desktops running Win XP SP3
      Servers running Win 2003 SP2
        • 1. RE: Pop-up alerts not working with Patch 6.1?
          Just a thought....Since Patch # 6.1 really isn't required unless the new 5300 scan engine was previously installed on the computer (With the 5200 scan engine, you should have instead installed the standard Patch #6.), have you tried installing the new scan engine from the link below.:

          http://www.mcafee.com/apps/downloads/security_updates/engines.asp?region=us&segm ent=enterprise

          Hope this helps.

          • 2. RE: Pop-up alerts not working with Patch 6.1?
            I'm planning to roll out engine 5300 in a week or so, after the patch. Didn't want to do both at the same time in case something went wrong, plus load on the network from the update files copying to repositories etc...

            Anyway, this problem seems to have gone away on a few machines, but they needed a couple of reboots... They give the popup warning now with the EICAR test file. I've also seen the problem where there are 2 mcshield.exe process running, and one appears to chew 100% of a CPU core (eg uniprocess PC uses 100% cpu, dual core PC uses 50% etc). After a reboot this seems to go away but its very erratic.

            I'll try the new engine next week and see how things pan out.