6 Replies Latest reply on Dec 21, 2014 6:55 PM by susja

    How to disable Access Protection ..

    susja

      Hi,

      I need to restart McAfee services from command line. When I do it using %net stop "McAfee service name" it does not work. For now the only option to restart McAfee services for me is to restart the system.

      I believe that before stopping/starting service I have to disable Access Protection box and the uncheck Prevent McAfee services from being stopped box

      Could someone advice me how to uncheck those 2 boxes from command line? I want to do it inside batch file.

      Thanks

        • 1. Re: How to disable Access Protection ..
          wwarren

          And if you can do it via command line, so can any piece of malware that obtains your credentials.

          It would defeat the purpose of the feature, so the official answer is "It's not possible".

          • 2. Re: How to disable Access Protection ..
            susja

            - wwarren,

            Should I understand your answer that the only option to stop/start McAfee services is reboot the system?

            In my case I want to restart McAfee services after .DAT update. It should be done from batch i.e. from command line. Do you know how it could be done?

            It's hard to 'buy' that stop/start McAfee services from command line is "It's not possible"

            • 3. Re: How to disable Access Protection ..
              wwarren

              Should I understand your answer that the only option to stop/start McAfee services is reboot the system?

              No. But you should understand there is no option for bypassing Access Protection mechanisms via command line.

              In my case I want to restart McAfee services after .DAT update. It should be done from batch i.e. from command line. Do you know how it could be done?

              Press it if you must, discover a way if you must, but as soon as you do we're probably going to take measures to squelch whatever it is you're doing.

              a) There is no need to restart services after a DAT update. Taking that step hurts the performance of the node more than is needed. It also introduces risk to the environment since AV coverage is lost during that down time.

              b) If you can do it via command line, so can malware.  There is no "backdoor for legitimate purposes" that cannot be used for nefarious purposes... none that can be instrumented by a User, anyways. We can do it with code, from within Trusted processes and secured API's.

              If you must restart the service, you need to disable Access Protection first - which I will not recommend for anybody.

               

              The only way forward I see for your goal is to submit a PER, and have McAfee come up with a safe, secured methodology that can allow Admins to control our services. The more compelling the User Story the better.

              • 4. Re: How to disable Access Protection ..
                susja

                I appreciate your answer and I understood it.

                In my case I had a few PC's that were updated using xdat.exe file daily. When I ran scan On-Demand it used 'old' .DAT until I restarted services by rebooting system.

                Well .. I'm not inclined to reboot the system after each xdat.exe update but on the other hand I have to scan using a new .DAT.

                In my case everything is done using batch i.e. command line hence I see the only option as reboot the system while I understand the disadvantage of it.

                • 5. Re: How to disable Access Protection ..
                  wwarren

                  I see.

                  XDAT packages have an inherent limitation; they may require reboot for the update to complete, and until then the old DATs will be used.

                  It's simply due to the scripting technology used within the XDAT; it's not very smart, in my opinion at least.  The script engine within the McAfee Agent is much smarter, and DAT updates will never require a reboot via that method.

                  And unfortunately, running XDATs via the Agent still equates to using the XDAT, if that happened to cross your mind... it has crossed others' minds.

                  • 6. Re: How to disable Access Protection ..
                    susja

                    thanks a lot for explanation