Mcafee Profiler to analyze slow Mcafee clients

by butsch 20. August 2015 00:00

Well sure you hear it often. It's slow because of the virus protection. Well understand Artemis, Understand how deep things scan or not? Never mind > Mcafee has a tool for all larger customers who want to identify possible Exclusion files or Directory on their system to step down on heavy load. We don't want to discuss about if it's a good idea but sometimes you may have to.

The Profiler comes as MSI package and yes you can roll out the thing with EPO if you like and collect centralized Logfiles somewhere.

After the scan you can clearly see a source for Mcafee being slower. It's an English Windows 7 with German Office and also other German Software. So the MUI references are used heavy. These are the files we talk about.






Mcafee EPO Server Problem no Protection Policy visible (blank/empty)

by butsch 12. August 2015 06:15


Mcafee EPO Server Problem no Protection Policy visible (blank/empty)


After Upgrade to Version 5.3 and installed EPO to non c: drives and you did not enable 8.3 for that drive

After upgrade of a VSE product first time after you installed new EPO to non c: drives and you did not enable 8.3 for that drive


When you view the VSE Access Protection policy within the ePO console, the policy appears to be blank. This is because the manual only says to check and enable 8.3 naming convention on c: drives and forgets to mention other drives?






Check your drives where you have installed EPO binaries:

The Volume state is: 0 < This is how it should look


Here is how to change it and reboot.


fsutil.exe 8dot3name set d: 0 



Happens also if you upgrade to VSE 8.8 PATCH 5 AND you are a smart guy who installs EPO Binaries on D: like they teach you. (And not on c: because all that grows goes on D: ;-)


* Enable 8.3 Naming Convention (Short) for the Disk you have EPO Path installed and reboot did the trick ( fsutil.exe 8dot3name set d: 0 )

* Export all Policies and Assignments!!

* Remove Extension for VSE 8.8 Patch 5



* Download 8.8 patch 5 Repost and extract Extension files (two) from

* Import Extension from VSE 8.8 Packages (VIRUSCAN8800(392).zip, VIRUSCAN8800(392).zip)


* Import your exported Policies







DO NOT FORGET to import and EXPORT POLICIES, you will lose them if remove the VSE Extension!





McAfee ePolicy Orchestrator (ePO) 4.x, 5.0, 5.1

McAfee VirusScan Enterprise (VSE) 8.8 patch 4 and 5




When you view the VSE Access Protection policy within the ePO console, the policy appears to be blank.


An Administrator cannot modify the existing (default) Access Protection policies.




ePO was installed to a drive other than the C: drive on the local system. The ePO Extensions for VSE rely on the existence of the VSCAN.bof content file to display the necessary policy information. The file must be located in one of the following ePO directories:


<Drive:>\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software\Current\BOCVSE_1000\DAT\0000\




<Drive:>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\BOCVSE_1000\DAT\0000\



Solution from Mcafee

Perform a Master Repository pull in ePO and ensure that the option to check for Access Protection and Buffer Overflow content is selected. This will place the necessary content file in the required location.



Windows 10 corporate support, Mcafee VSE and WSUS status 05.08.2015

by butsch 5. August 2015 03:38


Windows 10, WSUS Integration

If you support Server 2012R2 and 8.1 then you have the Updates on the WSUS you will see the new Categorys straight away.

Windows 10, Mcafee VSE 8.8 with Patch 6 which should be released 26. August 2015


Product Version


Release Notes

Known Issues

Release Date

EOL Date


VSE 8.8 Patch 6 (under development)




Target July 30, 2015 for private release
Target Aug 26, 2015 for full release


Adds support for the Windows 10 platform.

NOTE: Patch 6 is currently available in managed release. To obtain the patch and participate in the managed release program, contact your Support Account Manager.


31.08.2015 And here comes Patch 6 and you already wait for release 7 (DLP 9.4 DOES Not work, Protection rules not visible)


McAfee VirusScan Enterprise (VSE) 8.8


This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see: PD26069

Release to World (RTW): August 26, 2015
Known Issues

  • Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which may cause the system to hang. Customers using DLP 9.4.0 are advised to delay installing VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release will be required prior to installing VSE 8.8 Patch 6. This article will be updated as more detail becomes available.

    To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.

  • VirusScan Enterprise for Storage (VSES) customers: VSE 8.8 patches 5 and 6 are not supported for use with VSES. Do not deploy VSE 8.8 Patch 5 or 6 to nodes running VSES. Instead, Intel Security recommends you deploy VSE 8.8 Patch 4 to nodes running VSES.

CRITICAL: There are currently no critical known issues.
Reference Number Related Article Issue Description
1090227 KB85551 Issue: VirusScan threat events do not parse to the ePO database with VirusScan Enterprise Reports Extension
Workaround: Check in the Patch 5 Reporting Extension ( until an updated extension becomes available.
Status: Intel Security is investigating this issue. See the related article for workaround steps.


Reference Number Related Article Issue Description
966892 KB84913 Issue: Access Protection rules are not visible in the ePolicy Orchestrator console after checking in the Patch 5 or Patch 6 management extension.
Resolution: See the related article. This is tentatively planned to be resolved in VSE 8.8 Patch 7, which is not currently available.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
1074199 n/a Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.
Resolution: Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection:Prevent modification of McAfee files and settings).
n/a n/a Issue: Detection count is inconsistent with detections displayed in the On-Demand Scan (ODS) progress window.
Resolution: The product is functioning as designed.

If you require a change to this functionality in a future version of the product, you can submit a Product Enhancement Request (PER) by logging in at:

To register as a new user, click McAfee Customers Register Here at the top of the page. For additional information, see KB60021.
1065335 KB84084 Issue: Modification to the Artemis FQDN field for the Network Heuristic Check feature requires a reboot on the client before the change takes effect.
Resolution: Restart the McShield service or reboot the system.
1077854 n/a Issue: Outlook closes unexpectedly (crashes) when sending mail after installing VSE 8.8 Patch 6 on systems with DLP 9.4.0 (RTW).
Resolution: Upgrade to DLP 9.4 Patch 1 (expected Q4 2015 release date) or later.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
n/a = not available


Client Management | Hotfixes / Updates | Mcafee VSE, EPO, DLP | WSUS

W7, 64BIT, WMI Hotfixes do date post SP1

by butsch 29. Juli 2015 06:30


WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.


IE11patch Infos:


YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system


001 (YES)




002 (YES)




003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

2465990 > SUPERSEEDED > Replaced by > 2617858 (

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)


004 (YES)




005 (NO)







Client Management | Deployment | Hotfixes / Updates | Scripting | WMI | WSUS

WSUS: Do not Install KB3022345 it sends info back to MS over SSL

by butsch 27. Juli 2015 10:55

Not only ET wants to phone home! Microsoft is bombing even corporate customers and small business customers with Updates they don't want and never agreed. KB3022345 seems to be a patch for Clients and servers which send a lot of Information encoded over SSL to Microsoft Servers. They must be in short time for their Windows 10 releases and catching every application on the world. As if we did not supply enough Information with tools like MACT ( they now get the info unasked. Feel free to block on your private or corporate Firewall. And no nobody has pre-selected Windows 10 Download and testbunny mode.

Update: KB3022345

Hosts which are connected:,,

Port: HTTPS/SSL/443

Update for customer experience and diagnostic telemetry

This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To obtain the update, see 3068708 Update for customer experience and diagnostic telemetry.

Helping the overall application experience

The Diagnostics Tracking service collects diagnostics about functional issues on Windows systems that participate in the Customer Experience Improvement Program (CEIP). CEIP reports do not contain contact information, such as your name, address, or telephone number. This means CEIP will not ask you to participate in surveys or to read junk email, and you will not be contacted in any other way.

For any released product with an option to participate in CEIP, you can decide to start or stop participating at any time. Most programs make CEIP options available on the Help menu, although for some products, you might have to check settings, options, or preferences menus. Some prerelease products that are under development might require participation in CEIP to help ensure the final release of the product improves frequently used features and solves common problems that exist in the prerelease software.

 Please also see Windows 10 NAG screen posting we made: