补丁for Explorer.exe does not run after installing Patch 3

显示全部楼层 · 发表于 2010-3-17 06:33:38

Corporate knowledgebase ID: KB68448 Published: Mar 16, 2010
Problem

After installing VirusScan Enterprise (VSE) 8.7i Patch 3 and restarting your computer, the Windows desktop is not displayed with the Access Protection rule Standard Protection: Prevent Windows Process spoofing enabled.

Windows Task Manager shows that Explorer.exe is not running.

System Change

Installed Patch 3 for VSE 8.7i and restarted computer.

Cause

The Access Protection rule Standard Protection: Prevent Windows Process spoofing is enabled and configured to Block. The issue is caused by changes to vscan.bof, a content file for Access Protection rules and buffer overflow protection.

This issue has been reported for the Explorer.exe process. Other Windows processes are not affected.

Solution
This issue is resolved by an updated vscan.bof content file on the McAfee Common Updater site. This updated file will be automatically downloaded and applied to all VSE systems (regardless of patch level) in the same was as daily DAT files.

This means Patch 3 can be applied and systems will never encounter the issue.

The updated package is also attached to this article.

NOTE: This content file is also used by VirusScan Enterprise 8.5i. After the update, both VSE 8.7i and 8.5i will report version 480 for the Buffer Overflow and Access Protection DAT Version.
WorkaroundDisable the Access Protection rule.
NOTE: Because Explorer.exe is not running, there is no Start button or VirusScan Enterprise (VSE) icon in the system tray.

To open the VirusScan Console

Press CTRL+ALT+DEL.
Click Task Manager, File, New Task (Run...).
Navigate to C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe.
Click OK.
Right-click Access Protection and select Properties.
Select Anti-virus Standard Protection.
Select Prevent Windows Process spoofing and deselect the Block option.

NOTE: Optionally, you can deselect Report to completely disable the rule.
Click OK.

Related Information

If you log into your system quickly, you might not encounter this issue, even when the rule to block spoofing of Windows processes is enabled. This is because Explorer.exe is running before the Access Protection Rule takes effect.

Attachments 1

VSE87HF557464.zip

显示全部楼层 · 发表于 2010-3-17 06:39:14

自动更新已开始推送
溢出保护也随之升级到480

显示全部楼层 · 发表于 2010-3-17 08:20:32

谢谢

是直接释放这个zip文件到mcafee目录下吗？

显示全部楼层 · 发表于 2010-3-17 08:46:55

谢谢

是直接释放这个zip文件到mcafee目录下吗？
kalos 发表于 2010-3-17 08:20

直接运行自动更新就行了，跟平时的更新没区别
这个附件是更新的内容

显示全部楼层 · 发表于 2010-3-17 10:06:05

楼主不打算用中文翻译一遍吗？想过去能看明白的人不多！

显示全部楼层 · 发表于 2010-3-17 10:11:39

楼主不打算用中文翻译一遍吗？想过去能看明白的人不多！
wccs 发表于 2010-3-17 10:06

呵呵，毕业后就越来越懒了。。。。。。。

显示全部楼层 · 发表于 2010-3-17 11:46:47

本帖最后由 Enterole 于 2010-3-17 11:48 编辑

啊~~~感谢兰州提供消息！
感谢感谢

显示全部楼层 · 发表于 2010-3-17 13:22:31

这回不错，通过更新就行，不用单打补丁

显示全部楼层 · 发表于 2010-3-17 14:16:02

能自动更新到就行！省得手动麻烦！

显示全部楼层 · 发表于 2010-3-17 17:58:09

官方解决问题还是很及时的啊！

[砖头] 补丁for Explorer.exe does not run after installing Patch 3

评分