7 Replies Latest reply on Feb 18, 2009 3:42 AM by ladiesman217

    Help please

      Im running vista 64 bit and virusscan 8.7i

      I keep getting this errors in protection log????????


      2009/02/15 08:14:17 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:14:17 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:14:17 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:14:18 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:21:10 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:21:10 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:21:10 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:21:49 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:22:24 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:22:24 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:22:55 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:22:55 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:33:34 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:43:29 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:43:36 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:43:36 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:44:35 PM Blocked by Access Protection rule NT AUTHORITY\NETWORK SERVICE C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:45:09 PM Would be blocked by Access Protection rule (rule is currently not enforced) Stephen-PC\Stephen C:\Windows\Explorer.EXE C:\Users\Stephen\AppData\Local\Temp\Temp1_VIRUSCAN8700.zip\tools\ePOPolicyMigra tion.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute
      2009/02/15 08:51:45 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
      2009/02/15 08:51:45 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
        • 1. RE: Help please
          Sounds like you've got malware.. Please do this:

          On a separate, CLEAN computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:

          Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

          Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
          http://www.besttechie.net/tools/mbam-setup.exe

          Malwarebytes Manual Updater link
          http://www.malwarebytes.org/mbam/database/mbam-rules.exe

          Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:

          SuperAntispyware
          http://www.superantispyware.com/

          SuperAntispyware Manual Updater
          http://www.superantispyware.com/definitions.html
          ____________

          In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder.

          Hope this helps.

          Grif
          • 2. RE: Help please
            I did a clean install on vista 64 bit how can i have spyware? I know for a fact i don't have spyware...

            When i installed the same thing on vista 32 bit i had no problems.....

            Why is that>
            • 3. RE: Help please
              tonyb99
              you do not have malware

              that access protection rule is not supported with vista 64 bit and those errors are expected.

              see this write up on the issue:

              Common Standard Protection Rule: Prevent Termination of McAfee Processes, is triggered on 64-bit systems
              https://kc.mcafee.com/corporate/index?page=content&id=KB53876
              • 4. RE: Help please
                Is this issue ganna be fixed? and when
                • 5. RE: Help please
                  tonyb99
                  they advise if you use epo then disable the rule and if you dont then:

                  Environments not managed via ePolicy Orchestrator will receive a solution in Patch 1 for for VirusScan Enterprise 8.7i.

                  PS. I have updated the link as it picked up the wrong bit of the knowledgebase when i linked it.
                  • 6. RE: Help please
                    Good job Tony.. Sorry, I missed the 64 bit info in the first post..

                    Grif
                    • 7. RE: Help please
                      thanks for the info man....