Tagged mcafee

Removal tool for McAfee pre-installed and trial anti-virus software

McAfee LogoIf you’ve read any of my previous posts about creating a McAfee installer for our campus that would remove all pre-installed versions of other anti-virus software, you’ll know that the best thing Symantec’s ever done is create the Norton Removal Tool. This nifty piece of software is really the only program that gets into the nitty-gritty, seedy underbelly world of Norton and strips it clean out of your system, rendering it usable again.

While I’ve been using Symantec’s tool in my installer (which installs our site license of McAfee VirusScan Enterprise 8.5i) for over a year now, there hasn’t been a defense against the rising tide of cheap, junkware McAfee products that are showing up on more and more of the Dell computers our students buy. Thankfully, one of my colleagues found a link on a Dell forum (NOT the McAfee site–hide the shame, hide it!!!) which revealed the existence of a similar removal tool for McAfee products. There are some helpful instructions on that link, or you can just download and run the tool directly from here.

As an interesting side note, I’ve had a machine actually running Enterprise 8.5i that’s thrown me nothing but trouble. I’ve ‘completely’ uninstalled McAfee and the ePO Agent 4.0, but I simply can’t make the problem go away (framework error, whee!). I’m going to try this new tool soon on that machine, to see if it actually solves the problem. I’ll post again when I have some results.

‘Deferred execution in system context’ makes Vista happier

iswin_logo_400Since I started creating MSI installers for Windows XP’s Windows Installer, there are a few bad habits that I’ve apparently let slip into my work, and Vista is quickly showing me when and how. The first one I found is that Vista’s Installer doesn’t let you mess around at will, as long as you’re installing from an account with administrative privileges, as XP basically does. Instead, you have to carefully consider what you’ll be doing with your install logic, then run any Custom Actions in a such a way as to pass Windows Installer’s new, far more robust, checks.

Stefan Krueger of installsite.org has written up a nice list of 7 reasons (PDF) why your installer might fail in Vista, even though it cooks right along in XP. I immediately noticed I was guilty of #2, and thanks to Stefan and the recent acquisition of InstallShield 2008, I was able to quickly modify my previously unusable installer (based on Alan‘s successful Ghost AI version) for McAfee ePO and have it run on Vista for the first time.

It’s interesting also to note that #6 on the list explains that the built-in Administrator account in Vista is actually different from the other ‘administrator’ accounts created in the OS. That’s why right-clicking an executable and choosing ‘Run as Administrator’ can often have different results in Vista than simply running it through, say, your own administrative account.

Of course, it’s not always a good idea to go ahead and run your CA in the system context. I found out why pretty quickly when all of our systems started reporting in with the username ‘SYSTEM’ in ePO, denying us a sometimes useful piece of information that we used to have in XP, namely the last logged-in user on a particular system. But, while we’re still in the wild west era of Windows Vista, anything that makes an installer work is welcome news.

windows, vista, XP, MSI, installshield, epo, mcafee, installer

AWNB will now feature a ‘McAfee Issues’ category

After careful consideration and a review of my postings, I’ve come to the inevitable conclusion that I need a category related directly to McAfee, purveyors of the fine VirusScan Enterprise product I’ve come to know and love so well. Heavens to Betsy, how will I ever convert all of those posts seamlessly and quickly? With the Armenian Eagle’s Category Converter plugin–one of the best WP plugins out there–of course. First in line, though, is upgrading to WP 2.1 (Ella), which is a real pain with all the hacked javascript going on on this blog.
wordpress, category converter, plugin, wp, virusscan, mcafee, armenian eagle, wordpress 2.1

“Could not start CMA process” error in McAfee VirusScan Enterprise 8.0i with ePolicy Orchestrator (ePO)

The school I work at is lucky enough to have a site license for McAfee VirusScan Enterprise 8.0i, working in concert with McAfee ePolicy Orchestrator (ePO). As anti-virus software goes, McAfee makes the best (and more importantly, updates it every hour), even though it causes its share of headaches. One of these headaches is the “Could not start CMA processes” error that crops up from time to time, seemingly at random. The culprit is in fact ePO, which places a log file in “…\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db” and then goes ahead and messes itself all up, forcing you to reinstall it…then begins the fun. Every time you try and reinstall it, even forcing the install, it fails miserably.

The quick way to your temp folder…
temp folder

The error message, however, does point you to the NAILogs folder in your Temp folder. You can get there easily by going to Start -> Run -> %temp% -> Ok. Open the NAILogs folder. If the log shows an error to the effect that it couldn’t create the “Db” folder in “Common Framework,” simply go back to the “Application Data” folder and toast the “Network Associates” folder. Then, reinstall ePO and watch it work perfectly.

On a side note, this file is the target mentioned in a vulnerability disclosure listed on knowledge.mcafee.com entitled McAfee ePolicy Orchestrator Information Disclosure Vulnerability [NAI29993]. Apparently, a remote machine can access the log file through a web page, if the setting to allow such a thing is turned on. Turn it off, and you’re fine.

McAfee VirusScan Enterprise 8.0i, McAfee, ePO, ePolicy Orchestrator, CMA process, CMA, error, could not start CMA process, uninstall ePO, install ePO, VirusScan, Virus Scan, log file, log, install McAfee, temp folder, All Users, vulnerability

PC De-Crapifier makes darn good use of AutoIt 3

Anyone who works in the IT field (especially education) has had to, at one time or another, deal with the pesky crap that computer manufacturers ship out with the pre-installed version of Windows XP that comes standard. For those of us in higher ed, this means that, come September, a thousand brand-new desktops and laptops will arrive on campus, all chock-full of brand-new crap software just waiting to slow it down and block the installation of our McAfee VirusScan Enterprise 8.0i w/ePO solution. Fortunately, Jason York over at yorkspace.com has taken it upon himself to create an AutoIt script called the PC De-Crapifier that removes all the pre-installed Scheisse that comes on new Dell computers (although York has renamed the script with a more generic title, after Dell’s brand people contacted him). The script toasts the pesky McAfee Personal Firewall, Security Center, SpamKiller, and VirusScan Online trials, and offers you the chance to get rid of a bunch of other useless stuff. As a nice bonus, it automatically (if you choose) disables things like QuickTime from running on startup and sucking up valuable system resources. Given the nature and completeness of the script, I’d have to say Jason’s been there before, and hopefully, by using his script, we won’t have to be yet again this year. Mmmmmm….

autoit3, autoit, autoit 3, pc de-crapifier, pc decrapifier, startup, dell, higher ed, trial software, mcafee, mcafee personal firewall, security center, spamkiller, virusscan online, quicktime, remove, run on startup, yorkspace.com, yorkspace, autoit script, remove mcafee

Killing a system process or service in an MSI with InstallShield 11.5

TASKKILL.EXE (artist rendition)

When creating installers, it’s often necessary to stop running processes before beginning the actual install. For example, while creating an install of McAfee’s VirusScan Enterprise 8.0i, I discovered I needed to kill about 10 different processes associated with the free trial of McAfee Security Center and Personal Firewall that’s been showing up on all the new Dell laptops being shipped to my work. The trial is seriously insidious, since declining the free 90-day offer and closing all the appropriate windows, andexiting from anything McAfee-like in the system tray does nothing to stop those processes. They just keep on going, unless you end them from the Task Manager.
Now, for the purposes of rolling out VirusScan Enterprise to over 1,000 computers in the course of a few days, it would be rather impractical to ask users with varying degrees of computer savvy to terminate processes in a designated order prior to installing VSE.
Now, InstallShield has the built-in ability to call VBscripts within a Windows Installer (MSI), and you can launch a batch file from the installer easily by calling cmd.exe, as described on this MacroVision support page.
However, I found the VBscript solution was limited in its scope, as the ability to terminate a process does not extend to services. In order to kill a service (or SYSTEM process), you need to write a separate VBscript to kill services, since the command to terminate a process in userland will not translate over.
As to the batch file approach, you need to install the file first, then run it, since you can’t stream it into the binary data, so it plays havoc with your installer if you need to terminate processes before you copy files.
After trying a few batch files launched from the command line, and meeting with varying degrees of failure (probably due to my ignorance of proper sequencing), it occurred to me that there was a really simple way around this mess: taskkill.
Taskkill, otherwise known as the command I was launching from the batch file I was copying over to the destination machine in a nested MSI, can be launched in InstallShield 11.5 quite easily. Basically, you point the Working Directory over to the [SystemFolder] in a Custom Action, where taskkill.exe lives on every Windows NT based system. Then, enter the following command line:

“[SystemFolder]taskkill.exe” /f /im (processname)

In other words, to kill notepad.exe, type:

“[SystemFolder]taskkill.exe” /f /im Notepad.exe

Remember to set the Custom Action to ‘Synchronous (Ignores exit code)’ to avoid erroring out because of a lack of response from taskkill.exe after it terminates the designated process. I suggest placing these actions immediately after the CostFinalize action in the Execute sequence of the standard install.
Using this method, I was able to easily kill all 10 processes running with McAfee’s free trial software, and toast the software itself by running its uninstaller. An elegant and simple solution, arrived at through truly miserable and misguided trial and error.

Installer, InstallShield 11.5, InstallShield, Custom Action, synchronous, exit code, process, processes, service, services, execute sequence, mcafee, virusscan, mcafee security center, mcafee personal firewall, costfinalize, taskkill, taskkill.exe, system process, system service, terminate process, kill a process, kill process, free trial, vbscript, batch file