Stopping Mcshield service with a script???

[plarocque]

Hi,

It would be to easy just to run NET STOP Mcshield, to stop the mcshield service.

Since I'm running 8.5i, I have the setting "prevent mcAfee service from being stopped" flaged on in the Access protection template. Therefore, when I try to stop the service through a script, I receive the error "Access denied". The only way I know to remove the setting is through the GUI. There must be another way of doing it so I can do it in my script and then I'll be able to stop the service.

Any clue?

Thank.

 

[BramB]

why would you want to stop the McShield? i recon you chose to use this setting for a purpose.

 

[plarocque]

WE will be instaling XP SP3 on our workstations through a script. I'll like to stop VSE just as a security, just in case VSE would decide to block something during the install.

 

[BramB]

i would suggest; if you use ePO that is, to create a group with a deviating policy that has the 'prevent mcafee services from stopping' mark unchecked. place your machines in that group and rollout to those machines as scripted. so you can limit the impact but do all activities scripted.

 

[plarocque]

That would be a way of doig it. The problem would be then to keep the control of everything. We have thousands and thousands of wksta to maintain, I am eng. group, packaging group if you prefer. The patch will be distributed by another group, and somebody else is taking care of epo...

Yes it can be done through Epo, but it is not obvious how do to it. Would be easier if everything could be done as one.

Thanks for your input.

Pierre.

 

[DTracy]

You might consider just using disable on-access scan. That pretty much stops the Virus Software. Remember that the ePO will re-activate this every X minutes.

Also, I have installed SP3 on workstations that have McAfee running and those that don't. The only difference is install speed. When McAfee is running the install is slower. Nothing is blocked in either case.

Best Regards,
David.

 

[SimonMag]

This would be very easy to do in EPO. You can create a group in the System tree and sort machines into this group based on IP Address etc. Re-Tag the machines with a temporary tag, then change the On Access policy to disable the On Access Scanner for your install.

If you are using Auto system sorting ths can then move your systems back into the groups they were in before which will then apply to policies back to these machines as they were before the move to the newly created group.

 

[plarocque]

Finally I was able to do it. The trick was to uninstall the access protection part of VirusScan, then stop the serices, do whatever has to be done, re-start the services and re-install access protection. Policy will the be re-apply automatically.

Thanks for all your inputs guys.

Talk to you soon.

 

[McAfeeGeek]

Hi Plarocque and everyone else.

I think the one thing that everyone failed to realise here is that the Access Protection option to "Prevent McAfee services from being stopped" is a form of Self-Protection introduced by McAfee in their product.

As we all know, malware nowadays gets more and more sophisticated and the last thing we would all need is some downloader having the ability of disabling McAfee through a script (just like an administrator would) and then being able to download all other sorts of malware onto the machine.

I think this is why no one knows how to disable "Prevent McAfee services from being stopped" option through a registry hack of some sort because realistically im sure someone knows (like McAfee developers) but technically its not possible.

McAfeeGeek

 

[jonesthemilk]

This is most unusual! Given that most backup software advises that Virus Scanning is disabled pre-backup and re-enabled Post, How does McAfee expect servers to get backed up then?