6 Replies Latest reply on Mar 28, 2012 3:17 AM by darkshyre

    Do McAfee Services ever get Disabled automatically.

      Greetings All,


      I was going through the Non Compliant Systems in which i found few systems where in 3 Services of McAfee out of 5 were disabled due which the system was not able to communicate with the ePO server.


      My Question is anyone has ever come accross such situations? or else I will have to go thru security logs for who has tampered on the above mentioned non compliant systems.


      Hope for a positive discussion ahead.





      Message was edited by: mrugesh on 3/15/12 2:07:03 AM CDT
        • 1. Re: Do McAfee Services ever get Disabled automatically.

          No Services shouldn't get disabled automatically.

          What versions of Software are you running ?


          Have you got Access Protection set to prevent the stopping of services.



          • 2. Re: Do McAfee Services ever get Disabled automatically.

            Actually there are times when Mcafee services DO get disabled automatically. Especially if you are infected with FakeAVs or by Sality virus.


            These are high risk threats and are very destructive malware. Make sure all OS updates are complete and VSE DATs are updated as well.


            Sality infects all EXE files and eventually infecting OS system files that will result to OS corruption.

            • 3. Re: Do McAfee Services ever get Disabled automatically.

              Hmmm its quite hard to beleive


              i have not seen any McAfee services start up type got disabled by the threats only the OAS and access protection will get disabled and the status of the services still remains started are paused either the user may disabled the McAfee servies as my knowledge and observations. if am wrong kindly suggest more informations

              • 4. Re: Do McAfee Services ever get Disabled automatically.

                Yes it does seem hard to believe but it does happen..


                It happened to us before and i'll share it here so it doesn't happen to anyone else.


                We are a company that has several branches nationwide and unfortunately only 80% of our workstations are in the Active Directory and are being updated by WSUS/SCCM with OS patches and AV updates regularly. The 20% that mostly resides on the farthest regions and has the most dum* a** end-users has all the privileges with their workstations.


                In short, those people can do anything they wanted on their workstations no matter what...even install FakeAVs thinking that it's better than Mcafee since it was ABLE to detect a LOT of viruses..note that they don't update their OS patches either..


                So we have a case one day that those computers with Mcafee are being disabled automatically then after 3-5 days of infection (w/o doing anything) all of the EXE files got corrupted then eventually crashed the workstation. By the time we got there, we weren't able to install any SW anymore even execute a commandline scan (except when doing it in safe mode of course)


                Bottomline we did the commandline scan and cleaned most of the malware but  the executables are already ruined so we resolve it by reformatting the workstation which of course caused more suffering for us

                • 5. Re: Do McAfee Services ever get Disabled automatically.

                  Even i have also got more pain due to this S*** Sality issue but as of now McAfee is giving more protection to the sality issue that the olden days .One thing most of the end users forgot to update their MS latest patches as well as hotfixes to close the loop holes.


                  And  my question is weather the satrt up type of McAFee services gets disabled by the threat ...... ?





                  Message was edited by: lakshmanans on 3/28/12 3:06:44 AM CDT
                  • 6. Re: Do McAfee Services ever get Disabled automatically.

                    Indeed Mcafee has strengthened protection with these types of malware but if youre DAT version is from July 2010 and you don't have at least 1 OS patch installed then you will definitely got infected.


                    The answer to your question is YES. If youre already infected you cannot modify this anymore whatever super user account (even the built-in Administrator account) you use. I mean, you can change it to Automatic but after a few seconds it will revert back to Disabled. And this happened to almost 40 workstations so it is NOT an isolated case. I'm not saying that this is caused by Sality as it may have been one of the "effects" of the FakeAVs installed by the Dum* A** end-users of ours. What i'm saying is when we got there we saw a lot of Sality and FakeAVs within the workstations.


                    That is why we tried reinstalling the VSE since it was already compromised. But to our misfortune, the virus already infected Windows system files causing several more errors when you try to uninstall / install / or even running ANY software.