Knowledge Center

Access Denied error displays on the Windows Logon screen after SysCore 15.3 or later is installed
Technical Articles ID:   KB85648
Last Modified:  5/6/2019


McAfee SysCore version 15.3 and 15.4:
McAfee VirusScan Enterprise (VSE) 8.8 with Patch 5 or later
McAfee Host Intrusion Protection (Host IPS) 8.0 with Patch 5 or later
McAfee Agent (MA) 5.0.1 or 5.0.2
McAfee DAT Reputation 1.0.3


  • Effective May 31, 2019, the service provider that McAfee uses to host our FTP service will no longer provide FTP capabilities. For details, see KB91260.
  • Links to FTP sites within this article have been removed.


In some environments, the Windows Logon screen displays the error Access Denied instead of, or after, the logon prompt until the Access Protection feature in VSE is disabled.

System Change

You performed any of the following updates:
  • VSE 8.8 installed with, or upgraded to, Patch 5 or later
  • Host IPS 8.0 installed with, or upgraded to, Patch 5 or later
  • MA version 5.0.1 or 5.0.2 upgraded or deployed to client systems 


This issue is resolved with McAfee DAT Reputation for Enterprise 1.0.4, which is available from the CommonUpdater download sites with DAT Reputation ON and Safety Pulse OFF.

IMPORTANT: This release is a mandatory upgrade for all customers running DAT Reputation. This update resolves:
  • The issue described in this Knowledge Base article. 
  • An issue where VirusScan Enterprise Access Protection logs a rule violation for the DAT Reputation file McDatRep.exe, which is documented in KB85155
  • The release also includes a new certificate which is required because of an upcoming expiry date.
  • An updated DAT Reputation ePO Extension 1.0.2 is included in the posted DAT Reputation 1.0.4. This new extension is an optional update for existing DAT Reputation users and provides Windows 10 operating system endpoint support.
Update Release Schedule:


Reboot the affected system into Safe mode, then reboot in normal mode again.


Use a remote administration utility, such as PSexec or a start-up script, to run the following command:
"C:\Program Files\Common Files\McAfee\SystemCore\vtpinfo.exe" /ResetVTPCache


Use ePolicy Orchestrator to temporarily disable Access Protection:
  1. Create an Access Protection policy with the feature disabled.
  2. Assign the policy to one or more affected systems.
  3. Send a wake-up call to the systems.
  4. Log on normally. 
  5. Reset Access Protection back to the previously assigned policy.

Rate this document


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.