Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
3341 Views 10 Replies Latest reply: Mar 15, 2013 11:50 AM by hjcanton RSS 1 2 Previous Next
Meshack Newcomer 34 posts since
Dec 10, 2010
Currently Being Moderated

Mar 11, 2013 2:58 AM

McAfee and Windows Updates

Hi everyone,

Please advise whats the best way to work with McAfee antivirus and windows updates because to me it seems McAfee blocks them.

I have a problem when deploying CCM2012 agent and when i remove McAfee it works, now i have 300 clients with McAfee and i cant imagine removing mcafee in all of them to have updates working.

How do i go about this please ?

 

Am using McAfee Enterprise 8.7 and EPO 4.5

 

Message was edited by: Meshack on 3/11/13 2:58:50 AM CDT
  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Mar 11, 2013 4:47 AM (in response to Meshack)
    Re: McAfee and Windows Updates

    Hi,

     

    Perhaps Access Protection module in VirusScan could be blocking a process that belongs to that CCM2012 agent deployment mechanism so it cannot fulfill the deployment. Usually such deployment involves downloading the install package (or pushing it to the client, the method varies), say, in the Temp folder an running it from there. Maybe Access Protection has a rule in place that blocks that particular action and the rule does not yet contain the above mentioned process in its exclusion list (visible when you open the rule in question for editing within virusScan console).

     

    You can check if this is the case by opening the Access Protection log and matching the deployment date and time with an entry of "Blocked by.." line of the - approx. - same date and time. that entry will tell you the name of the rule that triggered.

     

    If that confirms then you need to put the filename that you see in that entry on the exclusion list of the rule that is named in the same entry.

     

    Attila

  • pato Apprentice 107 posts since
    Apr 1, 2010
    Currently Being Moderated
    2. Mar 11, 2013 4:48 AM (in response to Meshack)
    Re: McAfee and Windows Updates

    Do you get any error messages while deploying CCM2012?

    Mcafee should log it in one of it's logfiles if it blocks anything. You could see it in the Mcafee Console, click on Access Protection (or any other task) and select Task -> View Log.

  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    3. Mar 11, 2013 8:34 AM (in response to pato)
    Re: McAfee and Windows Updates

    View the AP log and put the blocked process in respective rule exclusions. No need to remove VSE


    Post Timings: 6.00 AM to 3.00PM PDT
  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    6. Mar 12, 2013 6:05 AM (in response to Meshack)
    Re: McAfee and Windows Updates

    Hi,

     

    I1m not a SCCM expert but surely the problem has to be dealt with on both sides monitoring log files (SCCM and McAfee). Once you find out that the problem is with local run of the agent and not - say - pushing the agent onto the client, we can step forward and take out elements of the process until the problem goes away.

     

    I do not suppose HIPS has got to do anyting with blocking an app from running (rather, it is application control). We do not use HIPS so I just guessing.

     

    I suggest you isolate the issue to a McAfee VirusScan module. for example by disabling modules (AP, Scriptscan, etc.) in virusscan, and then when you finish with modules, you could try stopping McShield (to surely isolate everything) and see if it works that way.

     

    Attila

  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    7. Mar 12, 2013 9:14 AM (in response to Attila Polinger)
    Re: McAfee and Windows Updates

    Hi

     

    Add an exclusion of this programe in "Unwanted program policy".


    Post Timings: 6.00 AM to 3.00PM PDT
  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    8. Mar 12, 2013 9:19 AM (in response to alexn)
    Re: McAfee and Windows Updates

    Dear Alexn...,

     

    with all due respect, I'd like to ask you to be more specific than to throw a half sentence to a fellow administrator who needs help. What do you mean "of this program" ? Which section do you refer to here? Why do you think this will help?

    I know that an exclusion in unwanted programs is done not by filename but by detection name and only meaningful if he finds a detection of the "program" as something unwanted in the respective log. Let us wait until he confirms such a detection in his system.

     

    Thanks.

     

    Attila

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points