1 Reply Latest reply on Jul 23, 2015 10:12 AM by Peter M

    fcag appears to be corrupting file writes by WiseScript Package Editor scripts

    technojanitor

      McAfee/Wise details are shown below.

       

      This is affecting about a dozen scripts that I know of, will report a specific instance here (the breakage of concern at the moment)

       

      MakeCIAEnvs.exe (compiled Wise Script) writes another Wise script file.

       

      MakeCIAEnvs scans a directory that has 80 or 90 files, and writes 5 lines of text for each file found, appending to a text file written to the c:\temp directory. The file isn't created via Wise create-a-temp-file function (Wise doesn't know about the file or try to remove it automatically at the end of the script execution.) I have no control over file opening/file closing, each line is written by 1 write by the WiseScript Insert Line into Text File function.

       

      So; there should be text-blocks for each of the 80 or 90 files:

       

      item: Set Variable

      Variable=WFM_INSTFILES

      Value=install\WFM1.exe:

      Flags=00000001
      end

       

      But if I run MakeCIAEnvs 5 times in a row, I'll get 5 different results, each of which is corrupted to a different degree, essentially incomplete for the section of code written as above. 10 or 20 or 33 or 57 or ... of the code blocks are simply missing. Sometimes in the middle of a code block.

       

      If I run MakeCIAEnvs on a PC that is nearly identically imaged but has had all McAfee removed (I have no way to turn it off), the program works consistently and perfectly during every run.

       

      So; when I run Procmon during the run on my packaging/production PC, I see fcag.exe all over the text file I'm TRYING to write to.

       

      If I take MakeCIAEnvs (or any of the other compiled Wise scripts that are having their results similary corrupted) to an otherwise identically imaged PC that has had all McAfee removed (I have no way to disable it temporarily), program runs are reliable and consistent and work every time, with identical inputs. We aren't running any other security software.

       

      Please advise.

      ================================================================================ ===============================

      Wise Installation Studio 7.0

      ================================================================================ ===============================

      MCAFEE DETAILS

      System Information 

      Computer Name: ***********

        

      McAfee Host Intrusion Prevention 

      Version number: 8.0

      Build date: Sunday, December 15, 2013

      Build Number: 8.0.0.2919

      License Type: Licensed

      Expiration Date 

      Language: Automatic

      Security Content Version: 8.0.0.6491

      Security Content Created On: Wednesday, July 08, 2015

      Patch: 4

        

        

      McAfee Agent 

      Version number: 4.8.0.1500

      Managed 

      Last security update check: 7/23/2015 8:18:14 AM

      Last agent-to-server communication: 7/23/2015 8:57:39 AM

      Agent to Server Communication Interval (every): 4 hours

      Policy Enforcement Interval (every): 16 minutes

      Agent ID: {30A48FC2-E146-4BC1-818E-4B6B0CB1C75A}

      ePO Server/Agent Handler 

      DNS Name: 10.2.14.66

      IP Address: 10.2.14.66

      Port Number: 3443

      DNS Name: BHIHOUEPOAH03

      IP Address: 147.108.222.50

      Port Number: 3443

      DNS Name: BHIHOUEPOAP01.ent.bhicorp.com

      IP Address: 172.30.100.110

      Port Number: 3443

        

        

      McAfee ePO Deep Command Discovery Plugin 

      Version number: 2.1.0.377

      Language: Multiple

        

        

      McAfee DLP Endpoint 

      Version number: 9.3.425.4

      Language: English (United States)

        

        

      McAfee File and Removable Media Protection 

      Version number: 4.3.1.114

      Language: Multiple

        

        

      McAfee VirusScan Enterprise + AntiSpyware Enterprise 

      Version number: 8.8.0 (8.8.0.1247)

      Build date: 1/16/2014

        

      Anti-virus License Type: licensed

        

      Scan engine version (32-bit): 5700.7163

        

      Scan engine version (64-bit): 5700.7163

        

      DAT version: 7870.0000

      DAT Created on: 7/22/2015

        

      Number of Signatures in extra.dat: 0

      Name of threats that extra.dat can detect: None 

      Buffer Overflow and Access Protection DAT version: 659

        

      Installed Patches: 4

        

      Installed Modules: 

        

       

      Copyright © 1995-2013 McAfee, Inc. 

      All Rights Reserved. 

      www.mcafee.com 
      =============================================================================