Event ID 7022

KB ID 0000138 

Problem

Event ID 7022

The McAfee Framework Service service hung on starting.

The Framework service starts before the network is up.

Solution

1. Start > run > Regedit {enter}.

2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMcAfeeFramework.

3. In the right hand window locate DependOnService > Double click it.

4. Add the following to the bottom of the list, “Netman” without the quotes.

Related Articles, References, Credits, or External Links

NA

Event ID 7001

KB ID 0000137 

Problem

Event ID 7001

The McAfee ePolicy Orchestrator 3.5.0 Server service depends on the McAfee ePolicy Orchestrator 3.5.0 Event Parser

Service which failed to start because of the following error: The operation completed successfully.

The domain admin password has been changed and ePO is using the old one.

Solution

1. Start > run > services.msc

2. Locate the following three services.

i. MacAfee ePolicy Orchestrator {version} Discovery and Notification services.

ii. MacAfee ePolicy Orchestrator {version} Event Parser.

iii. MacAfee ePolicy Orchestrator {version} server.

3. Right Click each one of the services above > Properties > “Log On” tab > This account.

4. Enter the account e.g. domainnameadministrator > enter and confirm the password.

5. Repeat for each service.

6. Locate the following file on your server CFGNAIMS.EXE and run it.

7. Select the “administrator” tab and enter the correct credentials.

8. You can now either right click the services then select “Start” or reboot.

Related Articles, References, Credits, or External Links

NA

Event ID 4107

KB ID 0000304 

Problem

Event ID 4107

Failed extract of third-party root list from auto update cab at: <Microsoft URL>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

There’s a lot of info on this error out there in forums, and 99% of it had nothing to do with my problem.

Its basically a certificate error, to get to the bottom if it you need to dig a bit deeper.

Solution

If you have been hunting for a fix, and got here, you may of already tried some or all of these which DID NOT WORK, downloading and installing the certs from the link in the error,or deleting all your expired root certs.

1. First you need to get some detailed logging on what’s failing, Click Start > Control Panel > Administrative tools > Event Viewer > Expand Applications and Services > Microsoft > Windows > CAPI2 > Right click “Operations” > Select “Enable Log” >Then reboot.

2. Return to the same place in Event Viewer > And open the errors listed there, as you can see “In My Case” the problem is McAfee, after I removed McAfee and installed the latest version (8.7i with patch 3 at time of writing), the error ceased.

Note: Your problem may not be McAfee, but at least you now have a better idea of what it is 🙂

Related Articles, References, Credits, or External Links

NA

Event ID 257 and 258

KB ID 0000116 

Problem

Event 257

VirusScan Enterprise, message: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from <source> IP <IP> user <user> running VirusScan Enter 8.0 OAS)

Event 258

Would be blocked by port blocking rule (rule is in warn-only mode)

Solution

McAfee Anti Virus

 

This harmless alert, which can be ignored. To stop this logging to the event log, open the Viruscan Console, go to Tools -> Alerts -> Additional alerting options, and select “Suppress all except severe alerts (severity <4)”.

If you are using ePO, you will have to adjust the policies in the same manner.

For ePO Managed Machines.

1. Log into ePO, Select “System Tree” > Assigned Policies > Change the prodict to “Virus Scan Enterprise (version) > Alert Policies > My Default.

2. Change the drop down from workstationserver as approriate > Additional allerting Options > “suppress all exept severe alers (severtity <4) > Save.

 

Related Articles, References, Credits, or External Links

NA

Adprep /forestprep fails 2003 > 2008 Domain Upgrade

KB ID 0000026 

Problem

While attempting to upgrage a domain to Windows 2008 (schema version 44) you get an error like this..

[Status/Consequence]
Error message: Error(110) while running ""C:WINDOWSsystem32LDIFde.exe" -o Obj
ectGuid -d "CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,CN=Configurat
ion,DC=DOMAIN,DC=local" -u -f "C:DOCUME~1ADMINI~1LOCALS~1TempTMP9791.tmp" -j
"C:WINDOWSdebugadpreplogs20090325153712" -s servername.DOMAIN.local". Cou
ld not move file C:WINDOWSdebugadpreplogs20090325153712LDIF.err to C:WIND
OWSdebugadpreplogs20090325153712DisplaySpecifierUpgradeLdifError.001.txt. T
he system cannot find the file specified.
(0x80070002).
[User Action]
Check the log file ADPrep.log, in the C:WINDOWSdebugadpreplogs2009032515371
2 directory for more information.

Adprep was unable to update forest information. [Status/Consequence] Adprep requires access to existing forest-wide information from the schema maste r in order to complete this operation. [User Action] Check the log file, ADPrep.log, in the C:WINDOWSdebugadpreplogs200903251537 12 directory for more information.

Solution

1. Start > Run > services.msc {enter}

2. Locate all the McAfee services and stop them.

3. Rerun adprep /forestprep

Related Articles, References, Credits, or External Links

NA

Deploy McAfee Anti Virus Via GPO

KB ID0000057

Problem

Without ePO deploying McAfee can be time consuming and they go out of their way to hide the .msi file from you

Solution

1. Assuming you have already downloaded the software from the NAI secure portal (you will need you agreement number) extract the files to your server and navigate to that folder at command prompt. Issue a “setup /a” command.

2. Go and have a coffee.

3. Next.

4. Extract the files to a location that you can deploy then to your client machines. > Install.

5. The files will be created.

6. Finish.

7. Reboot.

8. Make sure he files are where they are supposed o be.

9. Share the folder you are distributing from.

10. Make sure the users have at least read and execute permissions.

11. On the DC Start > Run > dsa.msc {enter} Right click the domain (Or OU with the computers in) > Properties.

12. Group Policy Tab > New > Give it a sensible name > Edit.

13. Navigate to Computer Configuration > Software Settings > Right Click > New Package.

14. Remember use the UNC path to the .msi file DO NOT Navigate to the local drive letter or all the clients wont be able to see it! > Open.

15. OK.

16. And there she is – close the group policy editor and all other open windows.

17. Remember your clients will need an update to get the latest virus definitions…..

18… Unless you wait till 17:00 hours or do them manually.

Related Articles, References, Credits, or External Links

NA

My McAfee “Shield” has a Red Background / Red Brackets

KB ID 0000201 

Problem

Occasionally you may look at the McAfee shield in your taskbar and see that it has a red surround.

 

Solution

Don’t Panic! This is completely normal, it happens if McAfee has a message for you, in any one of the following scenarios,

1. The system has detected and cleaned a Virus.
2. A file action has been blocked (Or has been set to report).
3. An access protection rule has been broken.

To see what’s going on, right click the shied > And check the options.

For example, in this case there are entries in the “Access Protection Log File”.

To Prove it, on this machine Communicating on on Port 25 is blocked by McAfee (1). When I try and force a port 25 connection via Telnet (2). The traffic is blocked and logged in the Access Protection log (3).

 

Related Articles, References, Credits, or External Links

NA

 

Event ID 2098

KB ID 0000325 

Problem

Event ID 2098

Failed to write to the Product Log. 80040230:McEFILEIOERROR

This is usually caused by a fault in the Groupshield databases, you need to generate new ones.

Solution

1. Click Start > run > services.msc {enter} > Locate the “McAfee Groupshield” > right Click > Stop.

2. Navigate to C:Program FilesNetwork AssociatesMcAfee GroupShieldbin > Locate detecteditems.bin and detecteditems.bin.qtn, then delete them.

3. In the same folder locate productlog.bin and delete that also.

4. Finally back in the services console restart the “McAfee Groupshield” service.

 

Related Articles, References, Credits, or External Links

NA

 

Mail Error “Corrupt Content Alert”

KB ID 0000370 

Problem

Seen when receiving mail though an Exchange server running McAfee Groupshield version 7

 

Solution

1. On the server in question launch the Groupshield Management console > Select On-Access > Master Policy.

2. Select “Corrupt Content”.

3. Edit.

4. Change the drop down to “Allow Through” > Save.

5. Finally make sure you click “Apply”.

Note: I’ve seen posts that suggest you may also need to apply McAfee hotfix 447121 for this to work, I did NOT have to do this on the following version…

though at the time of writing version 7.0.1 has already been released, so I’d suggest simply rolling up to that.

 

Related Articles, References, Credits, or External Links

NA

McAfee Groupshield – Adding Email Disclaimers

KB ID 0000432 

Problem

With Exchange 2007 and 2010 you can add a disclaimer with a transport rule. But if you are still using Exchange 2003 then you don’t have that luxury.

I had a client with a broken Groupshield 6 installation today, and his main concern was his disclaimers. (You can longer get Groupshield 6 so I had to install version 7).

Solution

1. Open the Groupshield console.

2. Select Policy Manager > Gateway > Click “Master Policy”.

3. Select “Disclaimer Text”.

4. Edit.

5. Type/Paste in the text of your disclaimer (Sorry no images).

6. Don’t forget to apply the changes.

Related Articles, References, Credits, or External Links

NA