This content has been marked as final. Show 9 replies
Thanks for the "heads-up" on this issue..
We are still at the 8.7 Patch1 and are currently making plans for Patch2
Since you said the ePO console eventually corrects it:
Does sending a wakeup call to an affected machine enable the On-access scanner?
Do you get any event logs on these machines?
Is it only happening on some machines and not others?
If you do resolve the issue, I would be very interested in hearing what you did to correct it.
I just woke up one system and that does set the settings back.
I wonder if the system is pending a reboot for the patch to fully install and thus leaves the OAS in a disabled state?
The problem is with patch 2. A reboot does not cause the on access scan to be turned on. Not every single pc had this happen but I observed that patch 2 installation resets the setting done in the installation package.
The patch seems to reset all the settings INCLUDING any scanning exclusions.
I haven't found this behaviour documented for 8.5 or 8.7 but if you look at this web page for 8.0:
"VirusScan Enterprise 8.0i Patch releases are Microsoft Patch (.MSP) files. When installing a patch, the whole product is reinstalled with information from the .MSP file added. Because the product is being reinstalled, custom settings made to the original installation files using McAfee Installation Designer (MID) are reapplied."
This is the intended functionality of .MSP files. Post-installation changes should be made using another MID package or one of the McAfee management solutions, ePolicy Orchestrator (ePO) or Protection Pilot.
Delete VSECFG.CAB (typically located at "%ProgramFiles%\McAfee\VirusScan Enterprise\MID\" directory). VSECFG.CAB is initially created when VSE was installed. The Patch restores whatever settings are within VSECFG.CAB. All subsequent changes since the initial installation are lost. Deleting VSECFG.CAB removes the original settings so that the current settings remain. See code below for a batch file example.
Now, when you run the Patch 2 setup.exe, it has no settings to restore, leaving the current settings in place, when the patch has finished installing.
:: To preserve existing settings delete original defaults stored in vsecfg.cab file
if exist "%ProgramFiles%\McAfee\VirusScan Enterprise\MID\VSECFG.CAB" del "%ProgramFiles%\McAfee\VirusScan Enterprise\MID\VSECFG.CAB"
Thanks very much for that, tested and all works ok.
Blasting the script out with sms in preparation for the full 8.7 deployment! grin
HI. Do you mean delete VSECFG.CAB on the user machine or the installation location?
Now, you can delete VSECFG.CAB from the MID directory. Remember to re-enable the previously stored settings, as they will not automatically return.
Let us know how you make out.
User machine, as this is the machine getting Patched, correct? The patch restores settings stored locally (where the patch is actually getting applied) for VSECFG.CAB in the MID directory.