7 Replies Latest reply on Jan 13, 2017 1:20 PM by wyrm

    ENS 10.2 OnAccess - Programs fail to run after installation

    cybercop

      We've just rolled our ENS 10.2 to about 8,000 client systems and have found that OnAccess scanning appears to be blocking various programs but not recording the problem in any log, i.e. no McAfee Logs, no Windows logs. As soon as you disable OnAccess Scanning the problem disappears. So far I've found the following problems

      1. Outlook 2007 - When users attempt to save an email to a network folder, Outlook shows an error message. “The messaging interface has returned an unknown error". The file still saves initially but subsequent attempts to save the file will fail. Switch OnAccess Scanning off and the problem goes away. I've found a registry hack that seem to work for a while then breaks again (possibly when the agent refreshes policy). The fix is:

      HKCU\Software\Microsoft\Office\12.0\Word\Options

       

      DWORD: DisableRobustifiedUNC

       

      Value: 1

        2.  Medical Program fails to run.  When OnAccess scanning is switched off, problem disappears. When Executable is added to low risk policy and Low risk policy is set to scan on write, problem disappears in this case.

        3.  Citrix ICA fails to run, when OnAccess Scanning is disabled, it runs.

       

      As stated there are no log files generated even Debug mode fails to reveal the problems.

        • 1. Re: ENS 10.2 OnAccess - Programs fail to run after installation
          sol

          You will need to determine what file of those programs need to be excluded. We had this happening with a couple programs and we excluded the imaging file/s

          What was recommended was to place those devices in the low risk policy group and that worked for us

          • 2. Re: ENS 10.2 OnAccess - Programs fail to run after installation
            cybercop

            I know, only trouble is I don't think its a good idea to exclude Outlook.exe or place it in a low risk group.... I suspect as there is no error log being generated, its another conflict. It took them long enough to admit to the SysCore issue.

            • 3. Re: ENS 10.2 OnAccess - Programs fail to run after installation
              sol

              I would contact support on this one. You are correct, Outlook should not be causing that issue. Its a well known app.

              • 4. Re: ENS 10.2 OnAccess - Programs fail to run after installation
                cybercop

                I have, they are not being particularly helpful. I've supplied MEr's and process monitor logs and nothing forthcoming. I've been using and supporting McAfee products since the Dr Solomon day's so that's a lot of experience. I've never had as many problems until recently.

                • 5. Re: ENS 10.2 OnAccess - Programs fail to run after installation
                  sol

                  Then you have no choice... do as I do, if I am not getting assistance I contact my sales rep and I let them deal with it

                  • 6. Re: ENS 10.2 OnAccess - Programs fail to run after installation
                    sol

                    This is how we have our OnAccess scanning set. I don't think it is necessary to have the "When Writing to Disk" checked. The file has been scanned when it was read, it does not need to be scanned again to write, correct? This was the suggestion we got from McAfee. It made sense and it save on resources and scanning time

                     

                    Scanning
                    When to scan:
                        

                     

                                                                                                                                                                                   
                        

                     

                                                                                                                                                                                   
                        
                    • 7. Re: ENS 10.2 OnAccess - Programs fail to run after installation
                      wyrm

                      I ran into a similar issue (blocks would not be logged) with the installation package of an obscure program we use.  The setup.exe, which launches a bunch of subprocesses, would be blocked, with nothing being logged.  In my case, it was caused by a combination of both the Firewall module and Exploit protection being enabled.  In some cases, I needed to disable the firewall and/or exploit protection temporarily to resolve.

                       

                      I had to halt my ENS 10.2 deployment due to that bug, plus the brutal network performance issues (performance issue resolved in HF1164434).

                       

                      In my case, both issues were resolved in ENS 10.5.

                       

                      You may want to test 10.5 and see if the issue still occurs.