8 Replies Latest reply on Mar 30, 2015 6:02 AM by aborgeld

    On Acces Scanner is disabled

    aborgeld

      Hi,


      On 100 clients we have a problem that the On Access scanner is disabled and stays disabled.

      Updating all software (via EPO) and resetting the services won't work. It stays disabled, even when you trigger the enable function.

       

      Did somebody run to the same issue already? Is there a way to solve this or even prevent this?

       

      Kind regards,

       

      Andre

        • 1. Re: On Acces Scanner is disabled
          llamamecomoquieras

          Can you check if McAfee Validation Service is disable? If that is the issue the antivirus is corrupted and you may need to use a ripper tool to uninstall and then install again the antivirus.

           

          If you need the ripper tool you may need to open a case with McAfee and requested.

           

          Regards,

           

          Jose

          • 2. Re: On Acces Scanner is disabled
            aborgeld

            Hi Jose,


            No even the validation service is running.

             

            Kind regards,

             

            André

            • 3. Re: On Acces Scanner is disabled
              dukebox

              I assume you are running Virusscan 8.8 patch 4

              We have seen this behavior when the DAT file is somewhat "corrupted".. I say somewhat because the files are there..but if you do about you see the engine but not the DAT file version..and On-access do not start...

              only fix is to run the superdat or stopping the mcafee services and copying the DAT files from a working computer C:\Program Files (x86)\Common Files\McAfee\Engine\AVV*.dat.

               

              That`s how we workaround the problem for now...it is not elegant..would be preferable if Virusscan would heal itself..restoring previous DAT or repairing..because when it is in this state..all dat update are failing...We haven`t opened a case for this yet..but we will

               

              We stumble on that only because our VPN security checks if on-access scanner is running and we seems to get more and more issue around that.

              • 4. Re: On Acces Scanner is disabled
                mr.townsend83

                Good Morning! At our organization we are seeing a wide range of issues that seem to stem from this. We even see issues where applications are failing (VPN as well due to network health requirements) but the only thing that we are able to see is when a certain application fails we begin seeing Accessprotection log entries of that application even though it is set to "Warn" we cant help but feeling that the issue is directly related. We started seeing these events occur around Mid January to the start of Feb this year and they are appearing to grow in number. Is there anything else that I can supply our team (who believes there is not an issue) we have witnessed 100's of these issues that cannot be explained other than what is in the AP log after all other troubleshooting fails.

                • 5. Re: On Acces Scanner is disabled
                  wwarren

                  There are multiple potential causes behind a "OAS is disabled" symptom.

                   

                  Initial data points to check to help discover Why, are:

                  1. Application Event log.   What is the last "McLogEvent" entry that has an ID of 5000 or higher?

                  • Any McLogEvent ID higher than 5000 is indicative of a problem.
                  • If the ID is 5000, then see what it says for DAT and Engine version.

                   

                  2. Windows Registry.  Compare these two values:

                  HKLM\Software\McAfee\DesktopProtection, OASState
                  HKLM\Software\McAfee\SystemCore\VSCore\On Access Scanner\McShield\Configuration, OASEnabled

                  A healthy system has both set to 3. Any variance indicates poor health, however, if OASEnabled=3 then the issue is probably cosmetic.

                  • 6. Re: On Acces Scanner is disabled
                    ansarias

                    Navigate below steps on one of affected machine.

                     

                    1. Open registry with admin rights.

                    2. navigate to registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

                    3. search for McShield and check the START value in right side.

                    4. If its set to 4 than change to 2 and restart the machine.

                    5. after restart check the McAfee OAS status.

                     

                    If START value is set to 2 than issue with McAfee antivirus and reinstall it from ePO console through Agent deployment task.

                    where in command line (Under deployment task) give command as = REINSTALLMODE=amus /q

                     

                    IMPORTANT: The switch REINSTALLMODE must be in CAPITALS.

                     

                    Try above 2 options and let me know results.

                     

                    • 7. Re: On Acces Scanner is disabled
                      mr.townsend83

                      I have to ask because I recently found a potential cause for this. OAS, going crazy and VPN intermittently wont connect. I once assumed it was for client health reasons but how would Mcafee and other programs behave if a trusted certificate was recently revoked?

                      • 8. Re: On Acces Scanner is disabled
                        aborgeld

                        Hi Guys,

                         

                        Thanks for the post. Strange that i cannot mark more answers as correct.

                         

                        Kind regards,

                         

                        André