Knowledge Center

DISM.exe generates an Error: 5 or Access Denied when VSE 8.8 Access Protection is enabled
Technical Articles ID:   KB76867
Last Modified:  6/30/2016


McAfee VirusScan Enterprise (VSE) 8.8 (with or without a patch)
Microsoft Windows Assessment and Deployment Kit (WADK) 8
Microsoft Deployment Image Servicing and Management (DISM)
Microsoft Deployment Toolkit (MDT) 2012


This article has been created to assist customers who encounter the issue described in the following Microsoft Technet post: 



When an administrator tries to build a boot ISO image using either MDT or ImageX, the system displays an error when DISM.exe is used to add packages:

Processing 1 of 1 - Adding package WinPE-HTA-Package~31bf3856ad364e35~x86~~6.2.9200.16384
An error occurred - WinPE-HTA-Package Error: 0x80070005

Error: 5

Access is denied

System Change

Installed or upgraded to VSE 8.8 or installed a patch for VSE 8.8.


VSE Engineering and Microsoft have thoroughly investigated this issue.

The Access Protection feature of VirusScan Enterprise includes a registry filter driver that monitors registry Application programming interface (API) calls. The VSE filter performs an Access Check on the attempt by DISM.exe to delete a registry value. The security design of the Microsoft code denies the Access check. Note that the VSE code does not block the check, it simply defers to the operating system to ensure the process has sufficient privileges to perform the delete operation. When it does not, Windows returns ACCESS DENIED and the VSE filter returns the same.

DISM.exe would normally have the ability to delete the target registry value. It fails because the registry API security design prevents DISM.exe from passing its credentials when it makes the call to delete the registry value. Thus, when the VSE filter driver sees the request, it does not know what the credentials are, so it defers to the operating system, which then returns the ACCESS DENIED message. The VSE registry filter enforces the Access Check to avoid exploiting a vulnerability. In this case, the issue occurs with a VSE filter driver, but it could also happen with other third-party filters.


Microsoft is unable to address the two known issues in the registry API due to the complexity and ramifications to the operating system.

Working with Microsoft, a workaround was implemented in VSE 8.8 patch 5.

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.

Updates are available when you log on to the ServicePortal at: https://support.mcafee.com/downloads.

Rate this document


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.