McAfee Agent 184.108.40.2067
VirusScan Enterprise 220.127.116.115
ePO Server = Windows 2008 R2 64Bit
Workstation = Windows XP SP3
Having a problem with one particular workstation where VirusScan failed to install. Below is the error I see on the Agent Monitor:
I found an artical on the KB saying that I should try a manual install of the software. When trying that, the install stops half way through saying it was interupted. Found another artical about the interruption and the SYSTEM account might not have permission to where the install files are. Checked that and the SYSTEM account has full persmission.
Has anyone come across this problem?
If anyone can help, that would be great.
Can you find the install log for the VSE install. You should find it in the local profile temp folder, for XP C:\Documents and Settings\(User_Name)\Local Settings\Temp\McAfeeLogs. The log file to look for will start with "vse8.8.0.core_install".
I may have the same problem.
McAfee System Core Installer
Copyright 2005-2011 McAfee Inc.
All Rights Reserved Version SYSCORE.18.104.22.1685
Mon Jan 06 01:35:42 2014
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe -i VSE88P2 -q -l C:\WINDOWS\TEMP\McAfeeLogs\vse8.8.0.core_install_010614_013542.log -etl C:\WINDOWS\TEMP\McAfeeLogs\vse8.8.0.core_install_010614_013542.etl -x vse.xml OAS EmailScan ScriptScan
[01:35:42:738] - ETL TRACING ON
[01:35:42:738] - Parsing XML vse.xml
[01:35:42:738] - ***ParseXMLFile()***
[01:35:42:738] - action = pa_validate
[01:35:42:769] - ParseXMLFile: Found <CoreInstall> element
[01:35:42:769] - MD5 for document is 0c37d62ac38c1e56cf4120591cd7bb82
[01:35:42:769] - ParseXMLFile: Found <Signature> element
[01:35:42:769] - parseSignature:
[01:35:42:769] - parseSignedInfo:
[01:35:42:769] - parseReference:
[01:35:42:769] - parseDigestValue:
[01:35:42:769] - parseDigestValue: exit=0
[01:35:42:769] - parseReference: exit=1
[01:35:42:769] - parseSignedInfo: exit=1
[01:35:42:769] - parseSignatureValue:
[01:35:42:769] - CheckDataSignature:
[01:35:42:847] - CheckDataSignature: ERROR: The certificate could not be verified
[01:35:42:847] - CheckDataSignature: return=2148204809 (0==SUCCESS)
[01:35:42:847] - parseSignatureValue: exit=0
[01:35:42:847] - parseSignature: exit=0
[01:35:42:847] - ERROR: ParseXMLFile: signature check failed
[01:35:42:847] - action = pa_validate
[01:35:42:847] - ParseXMLFile: exit=0
[01:35:42:847] - Install error: failed to validate
[01:35:42:847] - Returning 4294967295
Hmm possibly related articles:
Anyone figured this out?
Haven't really figured out exactly why the install fails but this is what I know will get around the issue. If you change the date on your PC to prior to 12/31/2013 the install will go through. Or if you check your certificate store for the mentioned, "VeriSign Class 3 Code Signing 2004 CA" and delete the install will also go through. In KB77683 it says the issue should only happen if you have an expired version of that cert but I was seeing the issue even with the cert that expires 2014.07.15. In Win7 I found the cert in the Intermediate CA store. Not sure if it would be in the same place on XP.
Also I have already put a ticket in with support and their solution was to use the workarounds or install VSE 8.7 and wait until patch 4 for 8.8 comes out.
Message was edited by: system48 on 1/9/14 3:09:58 PM CST
Changed the date on the machine and that seems to have worked.
So McAfee doesn't know what the cause of the problem is?
Thanks for the help on this by the way. All my stats are now looking good (I'm a bit OCD when my ePO Dashboard doesn't look clean )
I think somebody posted a few days ago an issue with a Mcafee certificate that run out on the 31.12.2013 which causes issues with the installation. Luckily the date trick works.
We are looking into this still with hopes to come up with a better option than a workaround.
KB article KB77683 will be the best point of reference for latest info (the article is still in review for publishing as of this posting as we made some edits recently, for example, it's not just XP/2k3 that's affected)
There has been an update of the article today
We're encountering the same issue on Windows 7 with both our standalone VSE 8.8 P2 installs and via ePO. Setting the date back does allow the installation to succeed but is not a practical option for us. We spoke with McAfee support and the only thing that they could offer is to install VSE 8.8 P1 and wait for P4 to come out. The problem is that doesn't P4 need P2 to be installed first anyway? If so, we'd be in the same position when we have to get P4 deployed.
Also where are you finding the VeriSign Class 3 Code Signing 2004 CA certificate on Windows 7? We searched the machine including the trusted certificate store and cannot find it at all.
Oddly enough, the P1 install succeeds even though its certificate expired in 2011. The P2 certificate expired at the end of 2013.
It appears both certificates chain up to VeriSign Class 3 Code Signing 2004 CA so I'm not sure why one works while the other doesn't. We'd rather not have to check the P1 installation back into ePO but it may be the only option unless somebody else has a better idea?
we must wait until P4 come out.
We have also contact McAfee Support, and or case was escaleted to the next level (t3)the answer is wait until Patch 4. This is typical McAfee....
KB77683 is risible!
You will fintd VeriSign Class 3 Code Signing 2004 and CA is valid.
sorry or OS is German