0 Replies Latest reply on Oct 3, 2012 1:45 PM by lovelace

    Security for Mac 1.2: On-access Scan: Not Working

      Problem:

       

      I have recently upgraded to McAfee Security for Mac version 1.2.0. When I open the McAfee Security Console, the Dashboard shows the warning "Your Mac is at Risk" and "On-access Scan: Not Working."

       

      History:

       

      I recently upgraded from version 1.0; that version was not working when I began managing this server.

       

      Environment:

       

      McAfee Security for Mac Version 1.2.0 (1444)

      Anti-malware

           - Version 9.2.0 (4645)

           - Engine Version: 5400.1158

           - DAT Version 6853.0000

           - DAT Creation Date: 10/2/12

       

      Xserve

      Mac OS X Version 10.7.4

      2x2.26 GHz Quad-Core Intel Xeon

      12 GB 1066 MHz RAM

       

       

      What I have tried:

       

      - Restarted McAfee

      - Restarted the machine

      - Performed an update (Successful, but did not resolve the issue)

      - Performed a "Scan Now" (Successful)

      - Checked the Console Logs:

           - Found in /var/log/system.log:

                - Oct  3 12:33:51 producer com.apple.launchd[1] (com.mcafee.ssm.ScanManager): Throttling respawn: Will start in 10 seconds

                - The above message repeats every 10 seconds

           - Found in /var/log/McAfeeSecurity.log:

                - Oct  3 12:33:51 producer McAfee: [81968]: Info: LogTime: 2012-Oct-03 12:33:51 AVAS: PID: 81230 : ScanManager::main() Starting ScanManager

                - The above message repeats every 10 seconds

      - Following the lead of the launchd error I investigated /Library/LaunchDaemons/com.mcafee.ssm.ScanManager (Copied near the bottom)

           -The only thing I noticed that seemed out of place was the <key>OnDemand</key><false />

           - Per the documentation available from apple this was depreciated so I replaced it with <key>KeepAlive</key><true /> which I believe to be the updated syntax

           - Still not sure what the <key>GroupName</key><string>Virex</string> refers to

                - I tried deleting it

                - I tried creating a group with that name but I wasn't sure what (if any) user would need to be in it or what permissions it would need

                - Neither produced any changes

      - I tried manually running /usr/local/McAfee/AntiMalware/VshieldScanManager as root

           - No effect: did put an extra message in McAfeeSecurity.log (same message, just outside its normall 10 second period)

           - Return code of 0

           - Nothing sent to stdout or stderror

      - I tried reinstalling it

           - In the past I have had trouble getting it to stay uninstalled. I do what I think uninstalls it and then a few days later it is back so I may not be doing this correctly

       

      Contents of /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist: (comments start with #)

       

      <?xml version="1.0" encoding="UTF-8"?>

      <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

      <!-- Copyright (C) 2011  McAfee, Inc. All rights reserved. -->

      <plist version="1.0">

      <dict>

                <key>GroupName</key>                                                  #Messed with this key, see above

                <string>Virex</string>

                <key>Label</key>

                <string>com.mcafee.ssm.ScanManager</string>

                <key>KeepAlive</key>                                                      #Messed with this key, see above

                <true />

                <key>ProgramArguments</key>

                <array>

                          <string>/usr/local/McAfee/AntiMalware/VShieldScanManager</string>

                </array>

      </dict>

      </plist>

       

       

       

       

       

      I would appreciate any help or suggestions to get this working.  Let me know if I can provide any more information.