4 Replies Latest reply on Sep 22, 2009 8:44 PM by nevillezone

    Firewall Install - Knickers in a twist

    JohnBarker
      I use Orchestrator to deliver and enforce policies for Virus Scan 7.1 and Firewall 8.0 to approx 100+ computers, this is working well for 99% of the computers except for 1 (mine to be exact), I have most likely caused the software to get its knickers in a twist by testing the software on my machine before rolling it out to the masses BUT here are the symptoms.

      If I try to get the agent to push Mcafee Firewall to my machine i see that the agent accepts the install package, verifies it but then bombs out on the actual install leaving a pop up advising the install is complete please reboot, however after a reboot the software is not installed and it starts all over again.

      I have attempted to install the software manually from the CD and get a clue as to whats happening from an error message :-

      TheMcAfee Firewall installer has detected that the system has not been restarted since a previous product installation / uninstall. Cannot continue until the system has restarted.

      Needless to say no amount of restarts gets around this problem, I have searched the local drives and registries for a flag set but to no avail.

      Has anyone else seen this or can advise how to get around this, perhaps there is a registry cleaner for firewall?

      thanks in advance to any solutions anyone can provide.

      John
        • 1. RE: Firewall Install - Knickers in a twist
          I have the same problem in one of my testmachines. Didn't find any solution. Already removed all regentries, including the legacykey's. But it stays problem.
          • 2. RE: Firewall Install - Knickers in a twist
            Got it working:

            Follow these instructions (I also removed all files from temp.)

            Fix
            Manual Removal of Desktop Firewall. Please note these instructions do not touch on the framework service and are therefore intended for machines where ePO Agent or VirusScan Enterprise are currently installed. If these other products are not installed and you wish to remove the Framework Service please see the NOTE at the end.

            1) Registry Section

            Please take extra care to only remove the items listed and not their containing keys. Backup the registry prior to performing these steps and if in doubt about the use of the registry and the registry editor (regedit) please consult Microsoft documentation on the subject.

            Some keys if they cannot be removed using regedit, may need to be removed with regedt32. regedt32 allows you to alter the permissions on a key so that the account of the logged on administrator has full control, and can therefore delete them as required.

            To open the registry editor: Start, Run, regedit (press enter)

            To open regedt32: Start, Run, regedt32 (press enter)

            Please navigate to and delete the keys below:


            HKEY_CURRENT_USER\AppEvents\Schemes\Apps\McAfee Desktop Firewall

            HKEY_CLASSES_ROOT\McAfee Firewall Rules

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{718CF0D 3-DCDF-428E-9F6C-258F065C8D6D}

            HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\FIREWALL8000

            HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\McAfee Fire

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE -BFC1-08002BE10318}\{8A8C9088-028F-4794-A988-BB5AE6BBEF16}

            *** Take care here to remove only the final key "{8A8C9088-028F-4794-A988-BB5AE6BBEF16}"
            and NOT the containing key "{4D36E975-E325-11CE-BFC1-08002BE10318}"

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\firehook

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FireP M

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FireS vc

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FireT DI

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireHook

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirePM

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireSvc

            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireTDI


            ---

            2) Disk contents to be removed


            Caution: The below items can vary and they depend on the Operating System and Install Drive.

            a) Substitute the C:\ for the drive you had the product installed to (e.g. d:\ )

            b) The below "McAfee Desktop Firewall for Windows 2000" item should be replaced with which ever version has been installed.
            e.g on a windows XP machine you should have "McAfee Desktop Firewall for Windows XP"

            For any files which will not be deleted, please make a note of them and complete the remaining files. Once all have been done, please reboot and then go back to remove any files or folders which were not removed the first time round.


            Folders to be removed. In each case please aslo remove all contents of the folders:

            c:\Documents and Settings\All Users\Application Data\Network Associates\McAfee Fire\ c:\Documents and Settings\All Users\Start Menu\Programs\McAfee Desktop Firewall\ c:\Documents and Settings\Default User\Application Data\Network Associates\McAfee Fire\ c:\Documents and Settings\Default User\Local Settings\Application Data\Network Associates\McAfee Fire\ c:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\

            The following files should be removed if they still exist, take care to remove these files, and these files only:

            On Windows XP please substitute WINNT for WINDOWS (e.g. c:\windows\MDFTEMP.txt)

            c:\WINNT\MDFTEMP.txt
            c:\WINNT\inf\FireHook.inf
            c:\WINNT\inf\FireHook.PNF
            c:\WINNT\system32\FireCL.dll
            c:\WINNT\system32\FireCNL.dll
            c:\WINNT\system32\FireCore.dll
            c:\WINNT\system32\FireCUI.dll
            c:\WINNT\system32\FireEpo.dll
            c:\WINNT\system32\FireNHC.dll
            c:\WINNT\system32\FireNotify.dll
            c:\WINNT\system32\McAfeeFire.chm
            c:\WINNT\system32\drivers\FireHook.sys
            c:\WINNT\system32\drivers\firelm01.sys
            c:\WINNT\system32\drivers\FirePM.sys
            c:\WINNT\system32\drivers\FireTdi.sys

            Reboot.




            Note
            To remove the framework service:

            Change directory to the location of the file frminst.exe using the command prompt (Start, Run, cmd, press enter)

            Default is: c:\program files\network associates\framework service\frminst.exe

            execute the following command:

            frminst.exe /ForceUninstall

            Reboot
            • 3. excellent
              JohnBarker
              Yoda, Thankyou very much just tried it and works fine now...

              I had actually done most of what you wrote but had been hesitant about being so aggressive in the registry so the key was in fact deleting the registry lines that called the firexxx.dll's and then removing the dll's themselves...

              cheers again

              John
              • 4. what about my having VPN?
                Hi Yoda,
                I followed your steps but didn't find most of the registries and the folders under C drive.
                I still got the error message after deleting the following registries:

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FirePM

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FireSv c

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FireTD I

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireHook

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirePM

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireSvc

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireTD

                is it because our company VPN? Do I need to switch to local computer?
                Please instruct me.
                Thanks