1 Reply Latest reply on Sep 16, 2013 1:23 PM by bblanchard

    MOVE Multiplatform Log File Flooding

    bblanchard

      We recently installed MOVE 2.6 Multiplatform agents on a few VDI machines and the log file are growing very quickly with similar entries...

       

      From the "mvagent" log file located in the <Program Files>\McAfee\MOVE AV Client\   folder:

       

      Sep 13 2013:10:09:05.552:   SYSTEM: fsh_hooks.c :  115: Denying write to file: '\Device\HarddiskVolume1' due to integrity being modified by process: 'iexplore.exe'.

       

      I also have the same events for 'iexplore.exe', 'explorer.exe', 'OUTLOOK.exe" , VpxClient.exe' and 'MfeFfProxy32.exe'

       

      I understand that these are processes associated with the applications running on my VDI.

       

      What is causing this and is there a way to stop these events ?

        • 1. Re: MOVE Multiplatform Log File Flooding
          bblanchard

          After a discussion with McAfee Support, it appears that this is a bug related to its self protection feature which should be fixed in MOVE Multiplatform 3.0.

          MOVE by default has integrity checking enabled on its services, file and registry keys. In this case, this features seems to be also checking the entire drive for any process...

           

          By running the following the following command, I was able to to stop those logs :

           

          mvadm.exe config set IntegrityEnabled=6

           

          This will enable integrity protection for the service and registry only and should only be done as a temporary work around

           

          Message was edited by: bblanchard on 9/16/13 1:23:07 PM CDT