3 Replies Latest reply on May 1, 2009 6:37 AM by ebnetwrkn

    Issues with Mcafee Agent 4.0.0.1180 and 5301 Engine

      Hello All,

      I am the ePO admin for my org and I have inherited an ePO system that appears to be funky. I have set exception via ePO for systems that are running SQL according to best practices by Microsoft and McAfee. I can't figure out what is going on--McAfee tech support and I both agree that all settings are correct-BO turned off, ScriptScan turned off, SQL processes for low-risk scanning. I was looking at possibly the DAT signatures being a bit more thorough, but that seems unlikely. So I am looking at two other things the McAfee agent which is currently at version 4.0.0.1180 and the engine which is at 5301.

      Has anyone come across any issues with this configuration
      Virusscan Enterprise 8.0 and 8.5 (managed by ePO)
      McAfee Agent 4.0.0.1180
      Engine 5301
        • 1. RE: Issues with Mcafee Agent 4.0.0.1180 and 5301 Engine
          secured2k
          While reading over your post, you didn't really explain what was going wrong?
          • 2. Re: Issues with McAfee Agent and 5301
            My apologies if I was not clear

            I am trying to isolate if I am. having issues with a system that is running SQL2005 in which when end users run queries against the db with the av (mcshield) enabled gives sql timeout errors. I spoke with McAfee tech support who indicated that I am following along with Microsoft's best practices as far as establishing sql exclusions are concerned (turning off buffer overflow, stopping script scanning, and setting sql processes as low risk scanned items).

            So my next thing to look at since none of these items perviously mentioned are enabled is the mcafee agent which is at 4.0.0.1180 and is also running the current 5301 engine.

            I was wondering if there is anyone out there thatis using the McAfee agent/engine combination in which parties are having issues in which items are set to be excluded for other programs such as sql but are still be scanned by mcshield.

            This is on a windows 2k srv with sp4 and running vse 8.5 patch 6 with the mcafee agent and engine mentioned above. This system is also managed by ePO (that is how the exclusions were pushed and are present on the system).

            Hopefully this is enough info for you and any help that you give will be appreciated.

            Thanks
            • 3. RE: Issues with Mcafee Agent 4.0.0.1180 and 5301 Engine
              secured2k
              While I don't have a setup like yours, I can only guess 2 things are going on. It could be the access protection driver which includes some basic firewall abilities or the scanner process (mcshield and it's filter drivers) doing something that blocks your users' queries. Excessive CPU usage would be obvious if it was an Engine/DAT issue.

              If you think it might be the McAfee Agent or VSE 8.5i, there have been patches for both products. Patch 2 for MA and Patch 8 for VSE 8.5i. I would suggest you look over the known and resolved issues released since the versions you are running.

              Besides that the only thing to do is debug the system and look for leaks or other conflicts.