Can you check if McAfee Validation Service is disable? If that is the issue the antivirus is corrupted and you may need to use a ripper tool to uninstall and then install again the antivirus.
If you need the ripper tool you may need to open a case with McAfee and requested.
No even the validation service is running.
I assume you are running Virusscan 8.8 patch 4
We have seen this behavior when the DAT file is somewhat "corrupted".. I say somewhat because the files are there..but if you do about you see the engine but not the DAT file version..and On-access do not start...
only fix is to run the superdat or stopping the mcafee services and copying the DAT files from a working computer C:\Program Files (x86)\Common Files\McAfee\Engine\AVV*.dat.
That`s how we workaround the problem for now...it is not elegant..would be preferable if Virusscan would heal itself..restoring previous DAT or repairing..because when it is in this state..all dat update are failing...We haven`t opened a case for this yet..but we will
We stumble on that only because our VPN security checks if on-access scanner is running and we seems to get more and more issue around that.
Good Morning! At our organization we are seeing a wide range of issues that seem to stem from this. We even see issues where applications are failing (VPN as well due to network health requirements) but the only thing that we are able to see is when a certain application fails we begin seeing Accessprotection log entries of that application even though it is set to "Warn" we cant help but feeling that the issue is directly related. We started seeing these events occur around Mid January to the start of Feb this year and they are appearing to grow in number. Is there anything else that I can supply our team (who believes there is not an issue) we have witnessed 100's of these issues that cannot be explained other than what is in the AP log after all other troubleshooting fails.
There are multiple potential causes behind a "OAS is disabled" symptom.
Initial data points to check to help discover Why, are:
1. Application Event log. What is the last "McLogEvent" entry that has an ID of 5000 or higher?
- Any McLogEvent ID higher than 5000 is indicative of a problem.
- If the ID is 5000, then see what it says for DAT and Engine version.
2. Windows Registry. Compare these two values:HKLM\Software\McAfee\DesktopProtection, OASState
HKLM\Software\McAfee\SystemCore\VSCore\On Access Scanner\McShield\Configuration, OASEnabled
A healthy system has both set to 3. Any variance indicates poor health, however, if OASEnabled=3 then the issue is probably cosmetic.
Navigate below steps on one of affected machine.
1. Open registry with admin rights.
2. navigate to registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
3. search for McShield and check the START value in right side.
4. If its set to 4 than change to 2 and restart the machine.
5. after restart check the McAfee OAS status.
If START value is set to 2 than issue with McAfee antivirus and reinstall it from ePO console through Agent deployment task.
where in command line (Under deployment task) give command as = REINSTALLMODE=amus /q
IMPORTANT: The switch REINSTALLMODE must be in CAPITALS.
Try above 2 options and let me know results.
I have to ask because I recently found a potential cause for this. OAS, going crazy and VPN intermittently wont connect. I once assumed it was for client health reasons but how would Mcafee and other programs behave if a trusted certificate was recently revoked?
Thanks for the post. Strange that i cannot mark more answers as correct.