1 2 Previous Next 10 Replies Latest reply: Mar 15, 2013 11:50 AM by hjcanton RSS

    McAfee and Windows Updates


      Hi everyone,

      Please advise whats the best way to work with McAfee antivirus and windows updates because to me it seems McAfee blocks them.

      I have a problem when deploying CCM2012 agent and when i remove McAfee it works, now i have 300 clients with McAfee and i cant imagine removing mcafee in all of them to have updates working.

      How do i go about this please ?


      Am using McAfee Enterprise 8.7 and EPO 4.5


      Message was edited by: Meshack on 3/11/13 2:58:50 AM CDT
        • 1. Re: McAfee and Windows Updates
          Attila Polinger



          Perhaps Access Protection module in VirusScan could be blocking a process that belongs to that CCM2012 agent deployment mechanism so it cannot fulfill the deployment. Usually such deployment involves downloading the install package (or pushing it to the client, the method varies), say, in the Temp folder an running it from there. Maybe Access Protection has a rule in place that blocks that particular action and the rule does not yet contain the above mentioned process in its exclusion list (visible when you open the rule in question for editing within virusScan console).


          You can check if this is the case by opening the Access Protection log and matching the deployment date and time with an entry of "Blocked by.." line of the - approx. - same date and time. that entry will tell you the name of the rule that triggered.


          If that confirms then you need to put the filename that you see in that entry on the exclusion list of the rule that is named in the same entry.



          • 2. Re: McAfee and Windows Updates

            Do you get any error messages while deploying CCM2012?

            Mcafee should log it in one of it's logfiles if it blocks anything. You could see it in the Mcafee Console, click on Access Protection (or any other task) and select Task -> View Log.

            • 3. Re: McAfee and Windows Updates

              View the AP log and put the blocked process in respective rule exclusions. No need to remove VSE

              • 4. Re: McAfee and Windows Updates

                Sorry i didnt indicate, i had checked the AP logs but i couldnt find any logs blocking the push installation process. When i remove the antivirus the installation goes without issues. in some cases even after removing the antivirus it doesnt go through but i guess its because of HIPs which i've tried removing using mcafee removal tool but i didnt succeed.

                Has anyone managed clients with CCM operations & McAfee and have them work well without McAfee mcafee blocking anything pushed through CCM.

                • 5. Re: McAfee and Windows Updates

                  Attila, please see my reply

                  • 6. Re: McAfee and Windows Updates
                    Attila Polinger



                    I1m not a SCCM expert but surely the problem has to be dealt with on both sides monitoring log files (SCCM and McAfee). Once you find out that the problem is with local run of the agent and not - say - pushing the agent onto the client, we can step forward and take out elements of the process until the problem goes away.


                    I do not suppose HIPS has got to do anyting with blocking an app from running (rather, it is application control). We do not use HIPS so I just guessing.


                    I suggest you isolate the issue to a McAfee VirusScan module. for example by disabling modules (AP, Scriptscan, etc.) in virusscan, and then when you finish with modules, you could try stopping McShield (to surely isolate everything) and see if it works that way.



                    • 7. Re: McAfee and Windows Updates



                      Add an exclusion of this programe in "Unwanted program policy".

                      • 8. Re: McAfee and Windows Updates
                        Attila Polinger

                        Dear Alexn...,


                        with all due respect, I'd like to ask you to be more specific than to throw a half sentence to a fellow administrator who needs help. What do you mean "of this program" ? Which section do you refer to here? Why do you think this will help?

                        I know that an exclusion in unwanted programs is done not by filename but by detection name and only meaningful if he finds a detection of the "program" as something unwanted in the respective log. Let us wait until he confirms such a detection in his system.





                        • 9. Re: McAfee and Windows Updates

                          Thank Attila,

                          Am working with microsoft support to get see what else could be the problem other than McAfee

                          1 2 Previous Next