Please advise whats the best way to work with McAfee antivirus and windows updates because to me it seems McAfee blocks them.
I have a problem when deploying CCM2012 agent and when i remove McAfee it works, now i have 300 clients with McAfee and i cant imagine removing mcafee in all of them to have updates working.
How do i go about this please ?
Am using McAfee Enterprise 8.7 and EPO 4.5
Message was edited by: Meshack on 3/11/13 2:58:50 AM CDT
Perhaps Access Protection module in VirusScan could be blocking a process that belongs to that CCM2012 agent deployment mechanism so it cannot fulfill the deployment. Usually such deployment involves downloading the install package (or pushing it to the client, the method varies), say, in the Temp folder an running it from there. Maybe Access Protection has a rule in place that blocks that particular action and the rule does not yet contain the above mentioned process in its exclusion list (visible when you open the rule in question for editing within virusScan console).
You can check if this is the case by opening the Access Protection log and matching the deployment date and time with an entry of "Blocked by.." line of the - approx. - same date and time. that entry will tell you the name of the rule that triggered.
If that confirms then you need to put the filename that you see in that entry on the exclusion list of the rule that is named in the same entry.
Do you get any error messages while deploying CCM2012?
Mcafee should log it in one of it's logfiles if it blocks anything. You could see it in the Mcafee Console, click on Access Protection (or any other task) and select Task -> View Log.
Sorry i didnt indicate, i had checked the AP logs but i couldnt find any logs blocking the push installation process. When i remove the antivirus the installation goes without issues. in some cases even after removing the antivirus it doesnt go through but i guess its because of HIPs which i've tried removing using mcafee removal tool but i didnt succeed.
Has anyone managed clients with CCM operations & McAfee and have them work well without McAfee mcafee blocking anything pushed through CCM.
I1m not a SCCM expert but surely the problem has to be dealt with on both sides monitoring log files (SCCM and McAfee). Once you find out that the problem is with local run of the agent and not - say - pushing the agent onto the client, we can step forward and take out elements of the process until the problem goes away.
I do not suppose HIPS has got to do anyting with blocking an app from running (rather, it is application control). We do not use HIPS so I just guessing.
I suggest you isolate the issue to a McAfee VirusScan module. for example by disabling modules (AP, Scriptscan, etc.) in virusscan, and then when you finish with modules, you could try stopping McShield (to surely isolate everything) and see if it works that way.
with all due respect, I'd like to ask you to be more specific than to throw a half sentence to a fellow administrator who needs help. What do you mean "of this program" ? Which section do you refer to here? Why do you think this will help?
I know that an exclusion in unwanted programs is done not by filename but by detection name and only meaningful if he finds a detection of the "program" as something unwanted in the respective log. Let us wait until he confirms such a detection in his system.