9 Replies Latest reply on Oct 2, 2009 11:57 AM by rmetzger

    8.7 P2 and OAS

      On several XP systems when I install Patch 2 on a system that has 8.7i + hotfix + p1, the on access scan is disabled.

      I rebooted and then waited. Eventually either EPO reset this or the user clicked enable but we saw this on 3 or 4 different systems. I don't see anything in the release notes about this.

      And I do configure Virusscan to enable on access scan after system startup.
        • 1. RE: 8.7 P2 and OAS
          cliff620
          Thanks for the "heads-up" on this issue..
          We are still at the 8.7 Patch1 and are currently making plans for Patch2

          Since you said the ePO console eventually corrects it:
          Does sending a wakeup call to an affected machine enable the On-access scanner?

          Do you get any event logs on these machines?

          Is it only happening on some machines and not others?

          If you do resolve the issue, I would be very interested in hearing what you did to correct it.

          Cliff
          • 2. RE: 8.7 P2 and OAS
            I just woke up one system and that does set the settings back.
            • 3. RE: 8.7 P2 and OAS
              Dvanmeter
              I wonder if the system is pending a reboot for the patch to fully install and thus leaves the OAS in a disabled state?
              • 4. RE: 8.7 P2 and OAS
                The problem is with patch 2. A reboot does not cause the on access scan to be turned on. Not every single pc had this happen but I observed that patch 2 installation resets the setting done in the installation package.

                The patch seems to reset all the settings INCLUDING any scanning exclusions.

                I haven't found this behaviour documented for 8.5 or 8.7 but if you look at this web page for 8.0:

                https://kc.mcafee.com/corporate/index?page=content&id=KB57285&actp=search&search id=1254249071566

                Cause
                "VirusScan Enterprise 8.0i Patch releases are Microsoft Patch (.MSP) files. When installing a patch, the whole product is reinstalled with information from the .MSP file added. Because the product is being reinstalled, custom settings made to the original installation files using McAfee Installation Designer (MID) are reapplied."

                Solution
                This is the intended functionality of .MSP files. Post-installation changes should be made using another MID package or one of the McAfee management solutions, ePolicy Orchestrator (ePO) or Protection Pilot.
                • 5. Patches reset to last MID\VSECFG.CAB settings.
                  rmetzger

                  Delete VSECFG.CAB (typically located at "%ProgramFiles%\McAfee\VirusScan Enterprise\MID\" directory). VSECFG.CAB is initially created when VSE was installed. The Patch restores whatever settings are within VSECFG.CAB. All subsequent changes since the initial installation are lost. Deleting VSECFG.CAB removes the original settings so that the current settings remain. See code below for a batch file example.
                  :: To preserve existing settings delete original defaults stored in vsecfg.cab file
                  if exist "%ProgramFiles%\McAfee\VirusScan Enterprise\MID\VSECFG.CAB" del "%ProgramFiles%\McAfee\VirusScan Enterprise\MID\VSECFG.CAB"
                  Now, when you run the Patch 2 setup.exe, it has no settings to restore, leaving the current settings in place, when the patch has finished installing.

                  Have fun.
                  Ron Metzger
                  • 6. RE: Patches reset to last MID\VSECFG.CAB settings.
                    csteels
                    Thanks very much for that, tested and all works ok.

                    Blasting the script out with sms in preparation for the full 8.7 deployment! grin
                    • 7. RE: Patches reset to last MID\VSECFG.CAB settings.
                      HI. Do you mean delete VSECFG.CAB on the user machine or the installation location?
                      • 8. Remember to Temporarily disable the Self-Protection.
                        rmetzger

                        Now, you can delete VSECFG.CAB from the MID directory. Remember to re-enable the previously stored settings, as they will not automatically return.

                        Let us know how you make out.

                        Ron Metzger
                        • 9. Same PC as Patch is applied.
                          rmetzger


                          User machine, as this is the machine getting Patched, correct? The patch restores settings stored locally (where the patch is actually getting applied) for VSECFG.CAB in the MID directory.

                          Ron Metzger