Loading...

Knowledge Center


Error 1722. There is a problem with this Windows Installer package (VirusScan Enterprise installation)
Technical Articles ID:   KB87162
Last Modified:  4/7/2017
Rated:


Environment

McAfee VirusScan Enterprise (VSE) 8.8 Patch 7

For details of VSE 8.8 supported environments, see KB51111.

Problem

The VSE 8.8 Patch 7 installation fails. The following errors are found in the referenced logs:

vse8.8.0.core_install_052616_175455.log

    [17:56:24:463] - ERROR! Failed to create AAC Control. err=5


VSE88Patch7ENG_install_2016_5_01--17_52_4_MSI.log

    >> Installing SysCore: "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe" -i VSE88P7 -q -mfetrust_killbit -l "C:\Users\B613929\AppData\Local\Temp\McAfeeLogs\vse8.8.0.core_install_042616_175455.log" -etl "C:\Users\B613929\AppData\Local\Temp\McAfeeLogs\vse8.8.0.core_install_042616_175455.etl" -x vse.xml OAS ELAM AAC DiskFilter firecore_driver EmailScan ScriptScan
    >> SysCore install succeeded

MSI (s) (E8:AC) [17:56:44:840]: Executing op: ActionStart(Name=Install_SysCore_AddAACStickyPolicy,,)

    <= leave custom action  Install_SysCore()

MSI (s) (E8:AC) [17:56:44:841]: Executing op: CustomActionSchedule(Action=Install_SysCore_AddAACStickyPolicy,ActionType=3074,Source=BinaryData,Target=AddAACStickyPolicy,)

MSI (s) (E8:AC) [17:56:45:902]: Note: 1: 1722 2: Install_SysCore_AddAACStickyPolicy 3: C:\windows\Installer\MSI885C.tmp 4: AddAACStickyPolicy
CustomAction Install_SysCore_AddAACStickyPolicy returned actual error code -1 (note this may not be 100% accurate if translation happened inside sandbox)

MSI (s) (E8:AC) [17:56:45:903]: Product: McAfee VirusScan Enterprise -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did NOT finish as expected. Contact your support personnel or package vendor. Action Install_SysCore_AddAACStickyPolicy, location:C:\windows\Installer\MSI885C.tmp, command: AddAACStickyPolicy


Windows System log:
WARNING      26/05/2016      17:55:55      mfehidk      None      514      N/A      Process **\MSI885C.tmp contained unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver.
WARNING      26/05/2016      17:55:57      mfehidk      None      514      N/A       Process **\DAInstall.exe contained unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver.


Windows Application log:
ERROR      26/05/2016      17:56:45      MsiInstaller      None      11722      
Product: McAfee VirusScan Enterprise -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did NOT finish as expected. Contact your support
personnel or package vendor. Action Install_SysCore_AddAACStickyPolicy. location: C:\windows\Installer\MSI885C.tmp. command: AddAACStickyPolicy  

System Change

Installation of VSE 8.8 Patch 7 full package.

Cause

This is the result of injection caused by third-party applications. The executable which is failing is a temporary MSI process (for example MSI885C.tmp) being used for validation of the AAC Policy.

This issue occurs when third-party applications hook or inject their code into McAfee processes to provide functionality. Malware also uses such a technique. VSE does not trust these third-party programs (or malware) and generates the event to inform the administrator that the McAfee process may be compromised.

Solution

You must first identify which third-party DLL is injected into the process. Review the Event ID to determine which process is involved, then follow the workarounds below to identify the third-party DLL and resolve the issue.
 

Workaround

Use Process Monitor to identify the DLL:
  1. Download Microsoft Sysinternals Process Monitor (procmon.exe):

    http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
     
  2. Reproduce the installation failure.
  3. View the Process Monitor log to identify the process reported in the event (for example, MSI885C.tmp).
  4. Inspect the list of DLLs for non-McAfee and non-Microsoft files.
  5. If you do not see the untrusted third-party application's DLL(s), click File and select Save.
  6. Provide the file to Technical Support for assistance.

    To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
    • If you are a registered user, type your User Id and Password, and then click Log In.
    • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

Workaround

 
Use Process Explorer to identify the DLL:
  1. Download Microsoft Sysinternals Process Explorer (procexp.exe):

    http://technet.microsoft.com/en-us/sysinternals/bb896653
     
  2. Run Procexp.exe on the affected computer.
  3. From the Process Explorer main menu, click Options and select Verify Image Signatures.
  4. Click View and select Show Lower Pane.
  5. Click View, Lower Pane View, and select DLLs.
  6. Click View, then click Select Columns.
  7. In the new window, click the DLL tab and select Verified Signer,  then click OK.
  8. In the upper pane, expand winnt.exe services and scroll down, then select the process reported in the event (for example MSI885C.tmp).

    The lower pane now shows all the DLLs that are loaded for the selected process.
     
  9. In the lower pane, click the Verified Signer column to organize the DLLs.

    This allows any unsigned DLLs to be grouped together as Unable to Verify.
     
  10. Inspect the list of DLLs for non-McAfee and non-Microsoft files.
  11. If you do not see the untrusted third-party application's DLL(s), click File, Save, and save as a text file.
  12. Provide the text file to Technical Support for assistance.

    To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
    • If you are a registered user, type your User Id and Password, and then click Log In.
    • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

Workaround

After you have determined the third-party application involved, use that third-party application's settings to prevent the application from hooking VSE processes.

If no options exist from the vendor to avoid hooking VSE processes or otherwise engaging with VSE code:
  1. Temporarily disable the product's services using the Microsoft Management Console (mmc.exe).
  2. Reboot the system.
  3. Attempt to reinstall VSE.

If temporarily disabling the third-party application fails to resolve the issue, the only other option is to temporarily uninstall it:
  1. Using the Windows program management tools in Control Panel, locate and uninstall the third-party application.
  2. Reboot the system.
  3. Install VSE.
  4. Reinstall the third-party application.

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.