First you need to identify which McAfee component is blocking. Most probably it will be Access Protection.
Please check McAfee logs under Desktop Protection folder and check all logs and see c:\program files\microsoft office\msaccess.exe if you can find in any logs.
Also confirm if you have installed HIPS on those machines ?
Please let us know results.
Thank you for your answer!
I did not find any Desktop protection folder but I think I have found another way to see the logs. I found this to be quite interesting since it's coming directly from the computer I was working yesterday in trying to understand the cause of the problem. Here is what i saw:
Server ID: VM-MCAFEE-PRD1 Event Received Time: 9/2/14 2:41:28 PM Event Generated Time: 9/2/14 2:40:19 PM Agent GUID: Detecting Prod ID (deprecated): VIRUSCAN8800 Detecting Product Name: VirusScan Enterprise Detecting Product Version: 8.8 Detecting Product Host Name: WKS09001MSB Detecting Product IPv4 Address: 172.16.104.128 Detecting Product IP Address: 172.16.104.128 Detecting Product MAC Address: DAT Version: 0 Engine Version: 0 Threat Source Host Name: Threat Source IPv4 Address: 172.16.104.128 Threat Source IP Address: 172.16.104.128 Threat Source MAC Address: Threat Source User Name: Threat Source Process Name: C:\Program Files\FireBase\Office\MSACCESS.EXE Threat Source URL: Threat Target Host Name: WKS09001MSB Threat Target IPv4 Address: 172.16.104.128 Threat Target IP Address: 172.16.104.128 Threat Target MAC Address: Threat Target User Name: CITY\ponsjo Threat Target Port Number: Threat Target Network Protocol: Threat Target Process Name: Threat Target File Path: _:NTDLL.KiUserExceptionDispatcher::4374f0 Event Category: Host intrusion buffer overflow Event ID: 1099 Threat Severity: Critical Threat Name: BO:Writable BO:Heap Threat Type: buffer overflow Action Taken: would block Threat Handled: true Analyzer Detection Method: OASEvents received from managed systems Event Description: Buffer Overflow detected and NOT blocked
Moved this provisionally to VirusScan Enterprise.
That is just informational log where McAfee is not blocking anything.
Try to add MSACCESS.EXE into buffer overflow exclusion and see if it fixes the issue or not.
ansarias Well, not 100% agree with you on this.
As per the event avobe, this issue is related in KB81308 and can affect to Office Applications to work, in the case Microsoft Access
Yes, That's why I have asked to add into exclusion to stop further notifications and interrupt.
Yes it is good to create an exclusion, but they should not add exclusions if possible, so better to follow the document and in the last case create the exclusion.
Have a nice day!
I effectively created an exclusion and it worked. Now the firemen can use their software without problems.
Thank you for your help!
Have a nice day