Mcafee ON Access Scanner Disabled after EXTRA.DAT & Framework 4.6 Sp2 Problems

by butsch 20. August 2012 18:20

 Not a good week for McAfee. The guys were so afraid of W32 Disttrack that several Bugs at once have happened.

1 ON Access Scanner Disabled and yes NO Virus Protection
2 Framework 4.6 SP2 Problems

Framework 4.6 SP2 has made Hangers while DE-installing the version.



Corporate KnowledgeBase ID:



Last Modified:


August 20, 2012



McAfee VirusScan Enterprise 8.8 (all patch versions)


CRITICAL: If you use VSE 8.8 and have NOT yet implemented DAT 6807 or 6808, DO NOT apply either of these DAT versions. GO DIRECTLY to DAT 6809 or later.

McAfee has identified an issue with DAT 6807 and 6808 that is causing intermittent issues with VirusScan Enterprise (VSE) 8.8.x. Specifically, these DATs can affect McShield.exe and may cause issues with the On-Access Scanner.

The following symptoms can also help to determine if you are affected by this issue:

  • The On-Access Scanner (McShield.exe) will appear to be working. The process is running and visible in the Windows Task Manager. 
  • Process Explorer shows no file handle open to the MfeRuntime*.DAT file.
  • DAT updates after 6807 appear to happen successfully. The DATs are copied into place, but are not loaded by McShield.exe.
  • The registry values for the DAT versions are out of sync:
    • The DAT version in the following location will be older (either 6807 or 6808):

    • The DAT version in the following location will show the latest update:

      HKLM\Software\Network Associates\ePolicy Orchestrator\Application Plugins\Viruscan8800\DATVersion

  • In the ePolicy Orchestrator (ePO) console, the system properties for computers with this issue will report the DAT/Engine versions as follows:

DAT Date


DAT Version


Engine Version



If you have NOT deployed DAT 6807 or 6808, go directly to DAT 6809 or later.

McAfee is investigating this issue and is working on a SuperDAT to remediate it. This article will be updated as newer information becomes available, please check back for updates.


Workaround from for EPO 4.5/4.6 users

1) Filter all Servers and clients that you think have problem (Filters are ex. Scan-Modul-Version 0.0000 = Bad ones)

2) Generate a fresh GROUP and a Client Task to Remove VSE 8.8 ONLY

3) Generate a fresh Group and a Client Task to Install VSE 8.8 ONLY

4) Move your clients PER group to that Number 2 group > Agent Reactivate > Check if deinstalled

5) Move your clients BACK to your regular Groups or thje Group "3" and then back to your Regular groups

This will FIX the Update process on XP/W7, Server 2003-2008R2




Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: