1. Click Start, Run, type Dcomcnfg, and click OK.
2. In the left pane, expand Console Root, Component Services, My Computer.
3. In the right pane, double-click the DCOM Config folder to expand it.
4. In the expanded DCOM Config folder, right-click FrameworkService and select Properties.
5. Click the Security tab.
6. In the Launch and Activation Permissions section, select Customize and then click Edit.
7. In the Group and user name section, select SYSTEM. Then, verify in the Permissions for SYSTEM section that Allow has been selected for:
   
   Local Launch
   Local Activation
    
8. In the section Group and user name, select INTERACTIVE. In the Permissions for INTERACTIVE section, ensure that Allow has been selected for:
   
   Local Launch
   Local Activation
    
9. Click OK.
10. In the Access Permissions section, select Customize, then click Edit.
11. In the Group and user name section, select SYSTEM. In the Permissions for SYSTEM section, ensure that Allow is selected for Local Access.
12. In the Group and user name section, select INTERACTIVE. In the Permissions for INTERACTIVE section, ensure that Allow is selected for Local Access.
    
    NOTE: If INTERACTIVE is not listed, click ADD. Enter INTERACTIVE in the section. Enter the objects' names to select type, then click Check Names. After INTERACTIVE is underlined to show validated, click OK.
13. In the section Configuration Permissions, select Customize and then click Edit.
14. In the section Group and user name, select SYSTEM. In the Permissions for SYSTEM section, ensure that Allow has been selected for Full Control.
15. In the section Group and user name, select INTERACTIVE. In the Permissions for INTERACTIVE section, ensure that Allow has been selected for Local Access.
    
    NOTE: If INTERACTIVE is not listed, click ADD. Enter INTERACTIVE in the section. Enter the objects' names to select type, then click Check Names. After INTERACTIVE is underlined to show validated, click OK.

1. Click Start, Run, type services.msc, and click OK.
2. Right-click McAfee Framework Service and select Restart.
3. Close the Services window.

1. Create a new OU within Active Directory that does not have any Group Policies applied to it. Move an affected computer into the group. Or, right-click the container that holds the affected computers you are troubleshooting, and select Block Inheritance.
2. Click Start, Run, type GPUPDATE.exe /force, and click OK.
3. Restart your computer.
4. After the restart, open the agent_computername.log and look at the bottom for the error messages listed above. Or, right-click the VirusScan Icon and select Update Now....
   
   If no errors are seen, and functionality such as Update Now is successful, a group policy is responsible for the issue.

Identify the offending policy setting:

1. Install the Microsoft Group Policy Management console (available free from http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en).
2. Open the Microsoft Group Policy Console.
3. Right-click Group Policy Results, select Group Policy Results Wizard, and choose to display the settings for one of the computers experiencing the issue.
   
   NOTE: Do not select the option to not display the policies for the selected computer.
    
4. Click Next and then Finish. Typically, a policy has been set on the services available on the computer in Computer Configuration, Windows Settings, Security Settings, System Services, McAfee Framework Service.
   
   NOTE: A list of services available in this Group Policy console is pulled from the local system on which the Group Policy Management console runs. So, you have to install the McAfee Framework Service to make it visible in the console. By default, no policy is set on this service. If you select the option to enforce a policy, the Group Policy and its access permissions overrule all permissions that were previously active for this service.
   
   Option 1: Do not enforce any group policies for the McAfee Framework Service, leaving the service as Not Defined.
   
   Option 2: Add the Everyone group with Read access to the service, in addition to the existing user permissions listed in the following matrix:
    

   Permissions	Full Control	Read	Start, Stop, and Pause	Write	Delete
   Administrators	X	X	X	X	X
   System	X	X	X	X	X
   Interactive	X	X	X	X	X
   Service	X	X	X	X	X
   Everyone		X

   
     
5. If any changes have been made, click Start, Run, type GPUPDATE.exe /force, and click OK to enforce the Group Policies.
6. Reboot the affected computer.
   
   NOTE: If multiple domain controllers exist, it might take a few minutes for the changes made to replicate around to the other domain controllers. 
    
7. Right-click Group Policy Results and select Group Policy Results Wizard to examine the Resultant Set Of Policies (RSOP). Ensure that there are no other Group Policies that cause invalid permissions to be applied to the McAfee Framework Service. The service permissions are not visible using the GPRESULT utility.
   
   NOTE: Although these Group Policy Settings are not specific to Windows XP SP2, the issue has only been observed with XP SP2.

1. On the local system, click Start, Run,
2. Type the following command and click OK:
   
   %windir%\system32\gpupdate.exe /force
    
3. Restart the Framework Service.