Tagged virusscan

AWNB will now feature a ‘McAfee Issues’ category

After careful consideration and a review of my postings, I’ve come to the inevitable conclusion that I need a category related directly to McAfee, purveyors of the fine VirusScan Enterprise product I’ve come to know and love so well. Heavens to Betsy, how will I ever convert all of those posts seamlessly and quickly? With the Armenian Eagle’s Category Converter plugin–one of the best WP plugins out there–of course. First in line, though, is upgrading to WP 2.1 (Ella), which is a real pain with all the hacked javascript going on on this blog.
wordpress, category converter, plugin, wp, virusscan, mcafee, armenian eagle, wordpress 2.1

“Could not start CMA process” error in McAfee VirusScan Enterprise 8.0i with ePolicy Orchestrator (ePO)

The school I work at is lucky enough to have a site license for McAfee VirusScan Enterprise 8.0i, working in concert with McAfee ePolicy Orchestrator (ePO). As anti-virus software goes, McAfee makes the best (and more importantly, updates it every hour), even though it causes its share of headaches. One of these headaches is the “Could not start CMA processes” error that crops up from time to time, seemingly at random. The culprit is in fact ePO, which places a log file in “…\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db” and then goes ahead and messes itself all up, forcing you to reinstall it…then begins the fun. Every time you try and reinstall it, even forcing the install, it fails miserably.

The quick way to your temp folder…
temp folder

The error message, however, does point you to the NAILogs folder in your Temp folder. You can get there easily by going to Start -> Run -> %temp% -> Ok. Open the NAILogs folder. If the log shows an error to the effect that it couldn’t create the “Db” folder in “Common Framework,” simply go back to the “Application Data” folder and toast the “Network Associates” folder. Then, reinstall ePO and watch it work perfectly.

On a side note, this file is the target mentioned in a vulnerability disclosure listed on knowledge.mcafee.com entitled McAfee ePolicy Orchestrator Information Disclosure Vulnerability [NAI29993]. Apparently, a remote machine can access the log file through a web page, if the setting to allow such a thing is turned on. Turn it off, and you’re fine.

McAfee VirusScan Enterprise 8.0i, McAfee, ePO, ePolicy Orchestrator, CMA process, CMA, error, could not start CMA process, uninstall ePO, install ePO, VirusScan, Virus Scan, log file, log, install McAfee, temp folder, All Users, vulnerability

Killing a system process or service in an MSI with InstallShield 11.5

TASKKILL.EXE (artist rendition)

When creating installers, it’s often necessary to stop running processes before beginning the actual install. For example, while creating an install of McAfee’s VirusScan Enterprise 8.0i, I discovered I needed to kill about 10 different processes associated with the free trial of McAfee Security Center and Personal Firewall that’s been showing up on all the new Dell laptops being shipped to my work. The trial is seriously insidious, since declining the free 90-day offer and closing all the appropriate windows, andexiting from anything McAfee-like in the system tray does nothing to stop those processes. They just keep on going, unless you end them from the Task Manager.
Now, for the purposes of rolling out VirusScan Enterprise to over 1,000 computers in the course of a few days, it would be rather impractical to ask users with varying degrees of computer savvy to terminate processes in a designated order prior to installing VSE.
Now, InstallShield has the built-in ability to call VBscripts within a Windows Installer (MSI), and you can launch a batch file from the installer easily by calling cmd.exe, as described on this MacroVision support page.
However, I found the VBscript solution was limited in its scope, as the ability to terminate a process does not extend to services. In order to kill a service (or SYSTEM process), you need to write a separate VBscript to kill services, since the command to terminate a process in userland will not translate over.
As to the batch file approach, you need to install the file first, then run it, since you can’t stream it into the binary data, so it plays havoc with your installer if you need to terminate processes before you copy files.
After trying a few batch files launched from the command line, and meeting with varying degrees of failure (probably due to my ignorance of proper sequencing), it occurred to me that there was a really simple way around this mess: taskkill.
Taskkill, otherwise known as the command I was launching from the batch file I was copying over to the destination machine in a nested MSI, can be launched in InstallShield 11.5 quite easily. Basically, you point the Working Directory over to the [SystemFolder] in a Custom Action, where taskkill.exe lives on every Windows NT based system. Then, enter the following command line:

“[SystemFolder]taskkill.exe” /f /im (processname)

In other words, to kill notepad.exe, type:

“[SystemFolder]taskkill.exe” /f /im Notepad.exe

Remember to set the Custom Action to ‘Synchronous (Ignores exit code)’ to avoid erroring out because of a lack of response from taskkill.exe after it terminates the designated process. I suggest placing these actions immediately after the CostFinalize action in the Execute sequence of the standard install.
Using this method, I was able to easily kill all 10 processes running with McAfee’s free trial software, and toast the software itself by running its uninstaller. An elegant and simple solution, arrived at through truly miserable and misguided trial and error.

Installer, InstallShield 11.5, InstallShield, Custom Action, synchronous, exit code, process, processes, service, services, execute sequence, mcafee, virusscan, mcafee security center, mcafee personal firewall, costfinalize, taskkill, taskkill.exe, system process, system service, terminate process, kill a process, kill process, free trial, vbscript, batch file