3 Replies Latest reply on Jul 27, 2012 7:26 AM by web1b

    Path statements disappearing from Windows Workstations

    web1b

      As a pilot, we have installed VSE 8.8 on a handful of computers.  With a couple weeks 2 of those computers lost their entire PATH statement.  One was Windows 7 and one was XP.

      No computers without McAfee have had this issue. 

      Seems like too much of a coincidence.

      Is there any part of cleaning malware found on a scheduled scan that would cause McAfee Virusscan Enterprice 8.8 to delete the entire path variable and leave it blank?

      This has caused many things to not function on those workstations.

      Any other ideas what would case the PATH variable to be cleared with no user action on multiple computers?

        • 1. Re: Path statements disappearing from Windows Workstations
          sbenedix

          Path statement disappearing means something got changed here:  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ => Path] or here  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ => Path]. Did you check the ODS/OAS logs if there were any detections since you have installed VSE? From there you may be able to evaluate if the removal maybe related to a cleaning action, although I think that it is highly unlikely that the whole path statement gets deleted. (breaks a lot of things) I have seen Path variable disappearing while uninstalling certain software though, so it might well be related to an unclean install/uninstall.

          Create a custom Access Protection Rule to monitor/block (beware of the implications blocking may have) changes to this key, if something makes an attempt to delete it it will then be reported in the Access Protection Log File, you can check the file and take appropriate action. I wouldnt exclude a malware infection either, so a thorough examination of the machines in question is advisable. You could use => GetSusp: http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx and stinger for starters: http://www.mcafee.com/uk/downloads/free-tools/stinger.aspx

           

          Hth.

          • 2. Re: Path statements disappearing from Windows Workstations
            Tristan

            Just to pick up on a point mentioned in sbenedix's post.

             

            " I have seen Path variable disappearing while uninstalling certain software though, so it might well be related to an unclean install/uninstall."

             

            Did the two machines in question has any anti-virus installed previously? I believe VSE has a list of anti-virus software that it will attempt to uninstall before it installs itself.

             

            It's possible that this uninstall process might have created this issue. Hence why only these two machines exhibit the issue.

             

            Update: Found this https://kc.mcafee.com/corporate/index?page=content&id=KB72251

             

            Message was edited by: Tristan on 27/07/12 10:54:02 IST
            • 3. Re: Path statements disappearing from Windows Workstations
              web1b

              They had the same antivirus previously and McAfee removed it automatically , but so did the other computers that did not lose their path statements.

              Also, the issues did not start until days after McAfee was installed, so it doesn't look like removing the previous antivirus caused the issue,