Mcafee Profiler to analyze slow Mcafee clients

by butsch 20. August 2015 00:00

Well sure you hear it often. It's slow because of the virus protection. Well understand Artemis, Understand how deep things scan or not? Never mind > Mcafee has a tool for all larger customers who want to identify possible Exclusion files or Directory on their system to step down on heavy load. We don't want to discuss about if it's a good idea but sometimes you may have to.

The Profiler comes as MSI package and yes you can roll out the thing with EPO if you like and collect centralized Logfiles somewhere.

After the scan you can clearly see a source for Mcafee being slower. It's an English Windows 7 with German Office and also other German Software. So the MUI references are used heavy. These are the files we talk about.






Mcafee EPO Server Problem no Protection Policy visible (blank/empty)

by butsch 12. August 2015 06:15


Mcafee EPO Server Problem no Protection Policy visible (blank/empty)


After Upgrade to Version 5.3 and installed EPO to non c: drives and you did not enable 8.3 for that drive

After upgrade of a VSE product first time after you installed new EPO to non c: drives and you did not enable 8.3 for that drive


When you view the VSE Access Protection policy within the ePO console, the policy appears to be blank. This is because the manual only says to check and enable 8.3 naming convention on c: drives and forgets to mention other drives?






Check your drives where you have installed EPO binaries:

The Volume state is: 0 < This is how it should look


Here is how to change it and reboot.


fsutil.exe 8dot3name set d: 0 



Happens also if you upgrade to VSE 8.8 PATCH 5 AND you are a smart guy who installs EPO Binaries on D: like they teach you. (And not on c: because all that grows goes on D: ;-)


* Enable 8.3 Naming Convention (Short) for the Disk you have EPO Path installed and reboot did the trick ( fsutil.exe 8dot3name set d: 0 )

* Export all Policies and Assignments!!

* Remove Extension for VSE 8.8 Patch 5



* Download 8.8 patch 5 Repost and extract Extension files (two) from

* Import Extension from VSE 8.8 Packages (VIRUSCAN8800(392).zip, VIRUSCAN8800(392).zip)


* Import your exported Policies







DO NOT FORGET to import and EXPORT POLICIES, you will lose them if remove the VSE Extension!





McAfee ePolicy Orchestrator (ePO) 4.x, 5.0, 5.1

McAfee VirusScan Enterprise (VSE) 8.8 patch 4 and 5




When you view the VSE Access Protection policy within the ePO console, the policy appears to be blank.


An Administrator cannot modify the existing (default) Access Protection policies.




ePO was installed to a drive other than the C: drive on the local system. The ePO Extensions for VSE rely on the existence of the VSCAN.bof content file to display the necessary policy information. The file must be located in one of the following ePO directories:


<Drive:>\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software\Current\BOCVSE_1000\DAT\0000\




<Drive:>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\BOCVSE_1000\DAT\0000\



Solution from Mcafee

Perform a Master Repository pull in ePO and ensure that the option to check for Access Protection and Buffer Overflow content is selected. This will place the necessary content file in the required location.



Windows 10 corporate support, Mcafee VSE and WSUS status 05.08.2015

by butsch 5. August 2015 03:38


Windows 10, WSUS Integration

If you support Server 2012R2 and 8.1 then you have the Updates on the WSUS you will see the new Categorys straight away.

Windows 10, Mcafee VSE 8.8 with Patch 6 which should be released 26. August 2015


Product Version


Release Notes

Known Issues

Release Date

EOL Date


VSE 8.8 Patch 6 (under development)




Target July 30, 2015 for private release
Target Aug 26, 2015 for full release


Adds support for the Windows 10 platform.

NOTE: Patch 6 is currently available in managed release. To obtain the patch and participate in the managed release program, contact your Support Account Manager.



Client Management | Hotfixes / Updates | Mcafee VSE, EPO, DLP | WSUS

W7, 64BIT, WMI Hotfixes do date post SP1

by butsch 29. July 2015 06:30


WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.


IE11patch Infos:


YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system


001 (YES)




002 (YES)




003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

2465990 > SUPERSEEDED > Replaced by > 2617858 (

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)


004 (YES)




005 (NO)







Client Management | Deployment | Hotfixes / Updates | Scripting | WMI | WSUS

WSUS: Do not Install KB3022345 it sends info back to MS over SSL

by butsch 27. July 2015 10:55

Not only ET wants to phone home! Microsoft is bombing even corporate customers and small business customers with Updates they don't want and never agreed. KB3022345 seems to be a patch for Clients and servers which send a lot of Information encoded over SSL to Microsoft Servers. They must be in short time for their Windows 10 releases and catching every application on the world. As if we did not supply enough Information with tools like MACT ( they now get the info unasked. Feel free to block on your private or corporate Firewall. And no nobody has pre-selected Windows 10 Download and testbunny mode.

Update: KB3022345

Hosts which are connected:,,

Port: HTTPS/SSL/443

Update for customer experience and diagnostic telemetry

This update has been replaced by the latest update for customer experience and diagnostic telemetry that was first released on June 2, 2015. To obtain the update, see 3068708 Update for customer experience and diagnostic telemetry.

Helping the overall application experience

The Diagnostics Tracking service collects diagnostics about functional issues on Windows systems that participate in the Customer Experience Improvement Program (CEIP). CEIP reports do not contain contact information, such as your name, address, or telephone number. This means CEIP will not ask you to participate in surveys or to read junk email, and you will not be contacted in any other way.

For any released product with an option to participate in CEIP, you can decide to start or stop participating at any time. Most programs make CEIP options available on the Help menu, although for some products, you might have to check settings, options, or preferences menus. Some prerelease products that are under development might require participation in CEIP to help ensure the final release of the product improves frequently used features and solves common problems that exist in the prerelease software.

 Please also see Windows 10 NAG screen posting we made: