0 Replies Latest reply on Apr 1, 2016 3:40 PM by putnam

    McAfee Endpoint Security and Unified Write Filter (UWF)

    putnam

      Hi all,

       

      I am trying to get McAfee set up on a Windows 10 machine that has Unified Write Filter enabled. The machine will be set up in the lobby of my workplace as a USB virus scanning station. Through group policy I have created a locked-down Kiosk account which allows a user to plug in their USB, have the USB folder show up on the desktop, and right click to scan. Everything works perfectly for that. However, I want another layer of security by enabling Microsoft's built in Unified Write Filter, so even if something malicious happens to the computer we can easily reset any changes by restarting the computer. Unified Write Filter seems to break McAfee, however.

       

      I can see McTray and click on it, but clicking on McAfee Endpoint Security does nothing. MFEConsole.exe won't open. I have all of the McAfee folders and registry keys excluded from the filter (see below), yet it won't initialize. I've tried running procmon to see if anything is getting blocked, however sifting through thousands of entries hasn't given me any headway into solving the problem. It seems that there are more 'ACCESS DENIED' entries when UWF is turned off (and MFEConsole.exe working) than there are when the service is broken.

       

      Has anyone ever made McAfee work with Unified Write Filter? Here are the exclusions that I have:

       

      C:\Program Files\McAfee

      C:\Program Files\Common Files\McAfee

      C:\Program Files (x86)\McAfee

      C:\Program Files (x86)\Common Files\McAfee

      C:\ProgramData\McAfee

      C:\Users\All Users\McAfee

      C:\Users\Kiosk\AppData\Local\McAfee

       

      HKLM\SOFTWARE\McAfee

      HKLM\SOFTWARE|WOW6432Node\McAfee