Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

McAfee_Causes_Computer_To_Hang

157 views

Published on

  • Be the first to comment

  • Be the first to like this

McAfee_Causes_Computer_To_Hang

  1. 1. Knowledge Base Article Page 1 of 6 Created On: 28-Oct-2013 Author: Eric Roberson Title Computers running McAfee Antivirus (beta) become unresponsive during startup Description of Issue  Computers running McAfee Antivirus hang or freeze when starting up or while logging onto the network.  Information in this solution applies only to pilot/test computers for McAfee Antivirus (beta). Description of Resolution This solution contains several parts. Follow each section carefully. The variable {computername} refers to the remote or target computer. PREREQUISITE: Recover an unresponsive computer This section must be performed locally on the remote computer. Consider connecting to the remote computer using Remote Desktop Protocol (RDP.) 1. If the computer hangs during startup, press CTRL + ALT + END to start task manager. 2. Click the Processes Tab, then click Image Name to sort the list of running processes. 3. Click the MfeFFCore.exe process, then click End Process. 4. The computer will log on successfully after stopping the MfeFFCore.exe process. PART 1: Copy necessary files to remote computer Parts one, two, and three may be performed remotely without user intervention. Before completing these sections, go to Part 4: Confirm Functionality to determine whether these steps are necessary. 1. On the target computer, check for {computername}c$windowssystem32psexec.exe. If necessary, copy EDCAPP25MMQT$PSEXEC.EXE to {computername}c$windowssystem32. 2. Open a command using an account with elevated privileges (eg. A_UserID). Type net use ohcfs01groups * /u:lyb{user_ID},
  2. 2. Knowledge Base Article Page 2 of 6 then press Enter. When prompted, enter the password for a regular user ID. 3. Type Copy ohcfs01groupseveryonesleep.exe {computername}C$Batch. 4. Type Copy ohcfs01groupseveryoneframepkg.exe {computername}C$Batch. 5. Type Net use ohcfs01groups /d. Press the letter ‘Y’ to disconnect when prompted. Continue to Part 2: Apply the Soulution. PART 2: Apply the solution 1. Open a command using an account with elevated privileges (eg. A_UserID). Type psexec –s –h {computername} cmd.exe. 2. Type hostname to verify connectivity to the remote computer. 3. Type c:batchframepkg.exe /forceuninstall, then press Enter. Wait for the command to complete, which may take five minutes or longer. 4. Type SET TEMP=C:BATCH, then press Enter.
  3. 3. Knowledge Base Article Page 3 of 6 NOTE: The command line SET TEMP=C:BATCH is case sensitive. Please use All CAPS. 5. Type C:BatchFramePkg.exe /install=agent /forceinstall /DataDir=C:Batch, then press Enter. Wait for the command to complete, which may take ten minutes or longer. NOTE: This command line is case sensitive. Be sure to use correct upper and lower case letters.
  4. 4. Knowledge Base Article Page 4 of 6 6. Restart the computer. Type shutdown /r /f /t 600 /c “Save your work! Restarting computer in 10 minutes to complete antivirus agent installation.” 7. Type ping -4 {computername} –t –w 15000. Continue to Part 3 once a ping response is received. PART 3: Retrieve updated policy Retrieve the updated policy so new encryption keys are copied and files are decrypted on the remote computer. 1. Open a command using an account with elevated privileges (eg. A_UserID). Type psexec –s –h {computername} cmd.exe. 2. Type hostname to verify connectivity to the remote computer. 3. Type CDProgram FilesMcAfeeCommon Framework, then press Enter. 4. Type each of the following commands, waiting 60 seconds between typing each command:  CmdAgent.exe /C  CmdAgent.exe /E  CmdAgent.exe /P 5. Restart the computer. Type shutdown /r /f /t 600 /c “Save your work! Restarting computer in 10 minutes to complete antivirus agent installation.” PART 4: Confirm functionality Confirm necessary decryption keys are present and files are being decrypted. 1. Connect to the remote computer using RDP. 2. Browse to the folder C:Program FilesMcAfeeEndpoint Encryption for Files and Folders. Double click MfeFFConsole.exe. 3. Click the Status Report button at the top left, then expand Available Keys in the column on the right.
  5. 5. Knowledge Base Article Page 5 of 6 4. If both encryption keys appear, then the solution has been applied successfully and the new policy is in effect. 5. To check for files waiting to be decrypted, open Windows Explorer. Right click the C: drive, then click McAfee Endpoint Encryption > Search Encrypted. 6. Click the Search button at the top right. If no encrypted files are found, then the solution has been applied successfully and the new policy is in effect. Also consider checking the following directories for encrypted files:  C:localdocs (both Win XP and Win 7)  C:ProgramData (Win 7 only)  C:Documents and SettingsAll UsersApplication Data (Win XP Only)
  6. 6. Knowledge Base Article Page 6 of 6 NOTE: Please allow enough time for the decryption process after applying Steps two and three above. Additional Information For additional support, contact the End User Computing or Information Technology Foundation teams. Revision History Revision Number Date Editor Summary of revision 0.1 28-Oct-2013 Eric Roberson First Draft 1.0 28-Oct-2013 Eric Roberson Technical Edit Tags McAfee Endpoint Encryption, Decrypt, Decryption, Encrypt, Encryption, Antivirus

×