Access Protection and on-access scanner are disabled after installing VirusScan Enterprise 8.8 on a system with Host Intrusion Prevention 8.0 Patch 4 or earlier
技術的な記事 ID:
KB87668
最終更新: 1/29/2020
最終更新: 1/29/2020
Access Protection and on-access scanner are disabled after installing VirusScan Enterprise 8.8 on a system with Host Intrusion Prevention 8.0 Patch 4 or earlier
技術的な記事 ID:
KB87668
最終更新: 1/29/2020 環境McAfee Host Intrusion Prevention (Host IPS) 8.0 Patch 4 or earlier
McAfee VirusScan Enterprise (VSE) 8.8 Patches 5–8 問題Access Protection and the on-access scanner are disabled after you install VSE 8.8 Patches 5–8 on a system with Host IPS 8.0 Patch 4 or earlier.
You see the following error in the VSE Core installation log ( You see the following errors in the <Event> <!-- Level=High, Reaction=Prevent --> <EventData SignatureID="1002" SignatureName="Windows Agent Shielding - Registry Access" SeverityLevel="4" Reaction="3" ProcessUserName="DAVE-W7CLIENT\Administrator" Process="C:\PROGRAM FILES\MCAFEE\AGENT\X86\MCTRAY.EXE" IncidentTime="2016-07-20 14:07:06" AllowEx="False" SigRuleClass="Registry" ProcessId="2968" Session="1" SigRuleDirective="create"/> <Params> <Param name="Workstation Name" allowex="True">DAVE-W7CLIENT</Param> <Param name="Subject Distinguished Name" allowex="False">CN="MCAFEE, INC.", OU=ENGINEERING, OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, O="MCAFEE, INC.", L=SANTA CLARA, S=OREGON, C=US</Param> <Param name="Subject Organization Name" allowex="False">"MCAFEE, INC."</Param> <Param name="Executable Description" allowex="False">MCTRAY APPLICATION</Param> <Param name="Executable Fingerprint" allowex="False">e610ae6cd67d803ecddea2e438ef0a9a</Param> <Param name="Registry Key" allowex="True">\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MCAFEE\HIP\CONFIG\SETTINGS</Param> </Params> </Event> 07-20 14:36:49 [01028] VIOLATION: [4] ------- Violation ---- Size 1233 ---- <Event> <!-- Level=High, Reaction=Prevent --> <EventData SignatureID="1002" SignatureName="Windows Agent Shielding - Registry Access" SeverityLevel="4" Reaction="3" ProcessUserName="NT AUTHORITY\SYSTEM" Process="C:\WINDOWS\TEMP\MAE924.TMP\X64\MFEHIDIN.EXE" IncidentTime="2016-07-20 14:36:49" AllowEx="False" SigRuleClass="Registry" ProcessId="1468" Session="0" SigRuleDirective="modify"/> <Params> <Param name="Workstation Name" allowex="True">DAVE-W7CLIENT</Param> <Param name="Subject Distinguished Name" allowex="False">CN="MCAFEE, INC.", OU=ENGINEERING, OU=DIGITAL ID CLASS 3 - MICROSOFT SOFTWARE VALIDATION V2, O="MCAFEE, INC.", L=SANTA CLARA, S=OREGON, C=US</Param> <Param name="Subject Organization Name" allowex="False">"MCAFEE, INC."</Param> <Param name="Executable Description" allowex="False">MCAFEE SYSTEM CORE INSTALLER</Param> <Param name="Executable Fingerprint" allowex="False">efc0b88169d2c91c70f58dd412e7f5d4</Param> <Param name="Registry Value(s)" allowex="True">\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MCAFEE\HIP\CONFIG\SETTINGS\IPS_HIPSENABLED</Param> <Param name="New Data" allowex="True">00000000</Param> </Params> </Event> 原因Host IPS 8.0 Patch 4 and earlier does not recognize certain modern security signing requirements. These versions incorrectly identify the VSE installation as an attempt to compromise Host IPS.
解決策
This issue is resolved in VirusScan Enterprise 8.8.0 Update 9, which is available from the Product Downloads site at: https://www.mcafee.com/enterprise/en-us/downloads/my-products.html. NOTE: You need a valid Grant Number for access. See KB56057 - How to download Enterprise product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Updates are cumulative; Technical Support recommends that you install the latest one. 回避策Upgrade Host IPS 8.0 to Patch 5 or later.
影響を受ける製品言語:技術用語集 |
|