Event ID 7001

KB ID 0000137 

Problem

Event ID 7001

The McAfee ePolicy Orchestrator 3.5.0 Server service depends on the McAfee ePolicy Orchestrator 3.5.0 Event Parser

Service which failed to start because of the following error: The operation completed successfully.

The domain admin password has been changed and ePO is using the old one.

Solution

1. Start > run > services.msc

2. Locate the following three services.

i. MacAfee ePolicy Orchestrator {version} Discovery and Notification services.

ii. MacAfee ePolicy Orchestrator {version} Event Parser.

iii. MacAfee ePolicy Orchestrator {version} server.

3. Right Click each one of the services above > Properties > “Log On” tab > This account.

4. Enter the account e.g. domainnameadministrator > enter and confirm the password.

5. Repeat for each service.

6. Locate the following file on your server CFGNAIMS.EXE and run it.

7. Select the “administrator” tab and enter the correct credentials.

8. You can now either right click the services then select “Start” or reboot.

Related Articles, References, Credits, or External Links

NA

McAfee Groupshield for Exchange is not currently available

KB ID 0000015 

Problem

The Groupsheild config file has corrupted replace it with the default one (note this means you will loose any custom configured settings – you might want to restore one from backup).

Solution

1. Start > Run > services.msc {enter}

2. Locate the “McAfee Groupshield for Exchange Service” and stop it.

3. Right click the taskbar > Task Manager > Processes

If any of the following are running STOP THEM (right click > end process tree).

postmaster.exe postgress.exe RPCServ.exe

4. Navigate to C:Program FilesMcAfeeGroupShield for Exchangeconfig.

5. Rename McAfeeConfig.xml to McAfeeConfigOLD.OLD.

6. Copy C:Program FilesMcAfeeGroupShield for Exchangeconfig_409 to C:Program FilesMcAfeeGroupShield for Exchangeconfig.

7. Start the McAfee Groupshield for Exchange Service.

 

Related Articles, References, Credits, or External Links

NA

ePO “Action Denied” when attempting a repository Pull

KB ID 0000021

Problem

The ePO Servers “Repository Database” is in a “Locked” state. when you attempt a manual repository pull you will see the following error.

Solution

1. Locate the SiteMgr.ini file and open it for editing.
2. Edit the Status so it reads 0

i.e.

[General]
Status=0
CallerGUID={252EEC96-F261-4172-80EB-22701C2978CF}

3. Start > run > services.msc {enter}
4. Restart the following Services

McAfee ePolicy Orchestrator 3.5.0 Discovery and Notification Services
McAfee ePolicy Orchestrator 3.5.0 Event Parser (this will restart the ePO Server Service)
McAfee Framework Service

5. Perform a manual repository Pull.

 

Related Articles, References, Credits, or External Links

NA

Deploy McAfee Anti Virus Via GPO

KB ID0000057

Problem

Without ePO deploying McAfee can be time consuming and they go out of their way to hide the .msi file from you

Solution

1. Assuming you have already downloaded the software from the NAI secure portal (you will need you agreement number) extract the files to your server and navigate to that folder at command prompt. Issue a “setup /a” command.

2. Go and have a coffee.

3. Next.

4. Extract the files to a location that you can deploy then to your client machines. > Install.

5. The files will be created.

6. Finish.

7. Reboot.

8. Make sure he files are where they are supposed o be.

9. Share the folder you are distributing from.

10. Make sure the users have at least read and execute permissions.

11. On the DC Start > Run > dsa.msc {enter} Right click the domain (Or OU with the computers in) > Properties.

12. Group Policy Tab > New > Give it a sensible name > Edit.

13. Navigate to Computer Configuration > Software Settings > Right Click > New Package.

14. Remember use the UNC path to the .msi file DO NOT Navigate to the local drive letter or all the clients wont be able to see it! > Open.

15. OK.

16. And there she is – close the group policy editor and all other open windows.

17. Remember your clients will need an update to get the latest virus definitions…..

18… Unless you wait till 17:00 hours or do them manually.

Related Articles, References, Credits, or External Links

NA

McAfee (McShield) Fails to Start with Event ID 5004

KB ID 0000023

Problem

With McAfee 8.7i the on access scanner fails to start, and while attempting to start the service manually the process fails with the following error,

Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5004
Date: 10/02/2009
Time: 15:38:54
User: NT AUTHORITYSYSTEM
Computer: WARDEN
Description:
Could not contact Filter Driver.
Error = 0x7d1 : The specified driver is invalid.

Solution

1. Click Start > run > Regedit {enter}
2. Navigate to HKLMSystemCurrentControlSetServices
3. Locate the mfebopk sub key
4. In the right hand window locate the ImagePath key
5. Change the entry from “system32driversmfebopk.sys” to C:WindowsSystem32Driversmfebopk.sys”
6. Repeat the procedure with both of the following Keys

HKLMSystemCurrentControlSetServicesmfeapfk
HKLMSystemCurrentControlSetServicesmfeavfk

For each one replace the path to the file with the full path (Usually adding c:windows to the beginning).

Related Articles, References, Credits, or External Links

NA

McAfee ‘Edit Auto Repository List’ is Greyed out.

KB ID 0000044

Problem

Post upgrade you cannot edit or alter the AutoUpdate repository list.

Solution

1. Right Click the McAfee Shield > Virus Scan Console > Double Click Access Protection.
2. Un-tick “Prevent McAfee services from being stopped”.

3. Start > Run > cmd {enter}.
4. Log onto McAfee with your AV Grant Number.

https://secure.nai.com/apps/downloads/my_products/login.asp

5. Download McAfee Agent 4 – Its under Management Solutions (MA400P2WIN).

6. Extract all those files to c:mcafee.
7. Start > run > cmd {enter}.
8. Issue the following commands.

cd c:mcafee {enter}
FRMINST /FORCEUNINSTALL {enter}

9. It will take some time to complete.
10. Issue the following command.

FRAMEPKG_UPD.EXE /UPGRADE {enter}

11. It will take some time to complete.

12. You should now be able “Edit the AutoUpdate Repository List”.

 

Related Articles, References, Credits, or External Links

NA

 

My McAfee “Shield” has a Red Background / Red Brackets

KB ID 0000201 

Problem

Occasionally you may look at the McAfee shield in your taskbar and see that it has a red surround.

 

Solution

Don’t Panic! This is completely normal, it happens if McAfee has a message for you, in any one of the following scenarios,

1. The system has detected and cleaned a Virus.
2. A file action has been blocked (Or has been set to report).
3. An access protection rule has been broken.

To see what’s going on, right click the shied > And check the options.

For example, in this case there are entries in the “Access Protection Log File”.

To Prove it, on this machine Communicating on on Port 25 is blocked by McAfee (1). When I try and force a port 25 connection via Telnet (2). The traffic is blocked and logged in the Access Protection log (3).

 

Related Articles, References, Credits, or External Links

NA

 

Installing Groupshield 7.0.2 with Antispam on Exchange 2010

KB ID 0000287 

Problem

Without reading a lot of readme files and head scratching, its confusing which Groupshield package you need, and what does what.

Solution

1. Download and extract GSE702ENL.zip

2. From within the extracted files run setupsetup.exe > Next > Next.
3. Change Licence expiry type to “Perpetual” (or 1 or 2 year as appropriate) > Tick “I Accept…” OK > Next > Next.
4. Complete > Next > Tick “Create Desktop Shortcut” > Next > Finish.

Note: GSHA.zip – Licences a trial version- if you’ve downloaded from the NAI portal your is already licensed.

To Add AntiSpam Support

1. Download and Extract GSHASL.zip

Note: ASA.zip Is for converting the trial version of AntiSpam to a Licensed Version

2. From within the extracted files run gshasl.exe > Next.
3. Change Licence expiry type to “Perpetual” (or 1 or 2 year as appropriate) > Tick “I Accept…” OK > Finish.

Related Articles, References, Credits, or External Links

NA

 

Mail Error “Corrupt Content Alert”

KB ID 0000370 

Problem

Seen when receiving mail though an Exchange server running McAfee Groupshield version 7

 

Solution

1. On the server in question launch the Groupshield Management console > Select On-Access > Master Policy.

2. Select “Corrupt Content”.

3. Edit.

4. Change the drop down to “Allow Through” > Save.

5. Finally make sure you click “Apply”.

Note: I’ve seen posts that suggest you may also need to apply McAfee hotfix 447121 for this to work, I did NOT have to do this on the following version…

though at the time of writing version 7.0.1 has already been released, so I’d suggest simply rolling up to that.

 

Related Articles, References, Credits, or External Links

NA

McAfee Groupshield – Adding Email Disclaimers

KB ID 0000432 

Problem

With Exchange 2007 and 2010 you can add a disclaimer with a transport rule. But if you are still using Exchange 2003 then you don’t have that luxury.

I had a client with a broken Groupshield 6 installation today, and his main concern was his disclaimers. (You can longer get Groupshield 6 so I had to install version 7).

Solution

1. Open the Groupshield console.

2. Select Policy Manager > Gateway > Click “Master Policy”.

3. Select “Disclaimer Text”.

4. Edit.

5. Type/Paste in the text of your disclaimer (Sorry no images).

6. Don’t forget to apply the changes.

Related Articles, References, Credits, or External Links

NA