Error 1722. There is a problem with this Windows Installer package (VirusScan Enterprise installation)
技術的な記事 ID:
KB87162
最終更新: 1/27/2020
環境
McAfee VirusScan Enterprise (VSE) 8.8 Patch 7
For details of VSE 8.8 supported environments, see KB51111.
問題
The VSE 8.8 Patch 7 installation fails. The following errors are found in the referenced logs:
vse8.8.0.core_install_052616_175455.log
[17:56:24:463] - ERROR! Failed to create AAC Control. err=5
VSE88Patch7ENG_install_2016_5_01--17_52_4_MSI.log
>> Installing SysCore: "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe" -i VSE88P7 -q -mfetrust_killbit -l "C:\Users\B613929\AppData\Local\Temp\McAfeeLogs\vse8.8.0.core_install_042616_175455.log" -etl "C:\Users\B613929\AppData\Local\Temp\McAfeeLogs\vse8.8.0.core_install_042616_175455.etl" -x vse.xml OAS ELAM AAC DiskFilter firecore_driver EmailScan ScriptScan
>> SysCore install succeeded
MSI (s) (E8:AC) [17:56:44:840]: Executing op: ActionStart(Name=Install_SysCore_AddAACStickyPolicy,,)
<= leave custom action Install_SysCore()
MSI (s) (E8:AC) [17:56:44:841]: Executing op: CustomActionSchedule(Action=Install_SysCore_AddAACStickyPolicy,ActionType=3074,Source=BinaryData,Target=AddAACStickyPolicy,)
MSI (s) (E8:AC) [17:56:45:902]: Note: 1: 1722 2: Install_SysCore_AddAACStickyPolicy 3: C:\windows\Installer\MSI885C.tmp 4: AddAACStickyPolicy
CustomAction Install_SysCore_AddAACStickyPolicy returned actual error code -1 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (E8:AC) [17:56:45:903]: Product: McAfee VirusScan Enterprise -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did NOT finish as expected. Contact your support personnel or package vendor. Action Install_SysCore_AddAACStickyPolicy, location:C:\windows\Installer\MSI885C.tmp, command: AddAACStickyPolicy
Windows System log:
WARNING 26/05/2016 17:55:55 mfehidk None 514 N/A Process **\MSI885C.tmp contained unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver.
WARNING 26/05/2016 17:55:57 mfehidk None 514 N/A Process **\DAInstall.exe contained unsigned or corrupted code and was blocked from performing a privileged operation with a McAfee driver.
Windows Application log:
ERROR 26/05/2016 17:56:45 MsiInstaller None 11722
Product: McAfee VirusScan Enterprise -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did NOT finish as expected. Contact your support
personnel or package vendor. Action Install_SysCore_AddAACStickyPolicy. location: C:\windows\Installer\MSI885C.tmp. command: AddAACStickyPolicy
システムの変更
You installed the VSE 8.8 Patch 7 full package.
原因
This issue results from injection caused by third-party applications. The executable which is failing is a temporary MSI process (for example MSI885C.tmp) being used for validation of the AAC Policy.
This issue occurs when third-party applications hook or inject their code into McAfee processes to provide functionality. Malware also uses such a technique. VSE does not trust these third-party programs or malware. It generates the event to inform the administrator that the McAfee process might be compromised.
解決策
You must first identify which third-party DLL is injected into the process. To determine which process is involved, review the Event ID and then follow the workarounds below to identify the third-party DLL and resolve the issue.
回避策
Use Process Monitor to identify the DLL:
- Download Microsoft Sysinternals Process Monitor (procmon.exe):
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
- Reproduce the installation failure.
- View the Process Monitor log to identify the process reported in the event (for example, MSI885C.tmp).
- Inspect the list of DLLs for non-McAfee and non-Microsoft files.
- If you do not see the untrusted third-party application DLLs, click File and select Save.
- Provide the file to Technical Support for assistance.
To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
- If you are a registered user, type your User Id and Password, and then click Log In.
- If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.
回避策
Use Process Explorer to identify the DLL:
- Download Microsoft Sysinternals Process Explorer (procexp.exe):
http://technet.microsoft.com/en-us/sysinternals/bb896653
- Run Procexp.exe on the affected computer.
- From the Process Explorer main menu, click Options and select Verify Image Signatures.
- Click View and select Show Lower Pane.
- Click View, Lower Pane View, and select DLLs.
- Click View, then click Select Columns.
- In the new window, click the DLL tab and select Verified Signer, then click OK.
- In the upper pane, expand winnt.exe services and scroll down, then select the process reported in the event (for example MSI885C.tmp).
The lower pane now shows all DLLs that are loaded for the selected process.
- In the lower pane, click the Verified Signer column to organize the DLLs.
This action allows any unsigned DLLs to be grouped as Unable to Verify.
- Inspect the list of DLLs for non-McAfee and non-Microsoft files.
- If you do not see the untrusted third-party application DLLs, click File, Save, and save as a text file.
- Provide the text file to Technical Support for assistance.
To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
- If you are a registered user, type your User Id and Password, and then click Log In.
- If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.
回避策
After you have determined the third-party application involved, use that third-party application's settings to prevent the application from hooking VSE processes.
If no options exist from the vendor to avoid hooking VSE processes or otherwise engaging with VSE code:
- Temporarily disable the product's services using the Microsoft Management Console (mmc.exe).
- Reboot the system.
- Attempt to reinstall VSE.
If temporarily disabling the third-party application fails to resolve the issue, the only other option is to temporarily uninstall it:
- Using the Windows program management tools in Control Panel, locate and uninstall the third-party application.
- Reboot the system.
- Install VSE.
- Reinstall the third-party application.
|
