locked
McAfee Antivirus isn't detected RRS feed

  • Question

  • We are running IAG2007 SP2, our clients all use Windows XP SP3, IE7 and McAfee 8.5.0.781.

    While on most clients virusscanner detection works as expected, some clients fail. Restarting the machine or re-installation of the whalecomponents does not fix the problem.

    How can I find out what is causing this?

    Version : 3.7.2.0.37

    Kit version : 3.7.0.0.14
    Service Pack: 2.18
    Update : 2.37

    C:/Whale-Com/e-Gap/von/conf/PolicyDefinitions.xml : 1.44
    C:/Whale-Com/e-Gap/von/conf/PolicyTemplate.xml : 1.74
    C:/Whale-Com/e-Gap/von/InternalSite/WhaleDetection.vbs: 1.85
    Friday, October 16, 2009 1:16 PM

Answers

  • cleaudevink,

    In addition to checking if McAfee is installed,  IAG also checks if the virus definitions have been updated or not.   Please verify this.

    Secondly, given that this works for some clients but not others... this is a client issue, you need to figure out what's the different between someone it works for.. and someone it doesnt work for. 

    Lastly, use the webmonitor and verify that the person who logged in and denied access because of thier endpoint actually has the endpoint detection components installed.

    Thank you
    Dennis

    • Marked as answer by Erez Benari Friday, October 16, 2009 10:51 PM
    Friday, October 16, 2009 3:31 PM

All replies

  • cleaudevink,

    In addition to checking if McAfee is installed,  IAG also checks if the virus definitions have been updated or not.   Please verify this.

    Secondly, given that this works for some clients but not others... this is a client issue, you need to figure out what's the different between someone it works for.. and someone it doesnt work for. 

    Lastly, use the webmonitor and verify that the person who logged in and denied access because of thier endpoint actually has the endpoint detection components installed.

    Thank you
    Dennis

    • Marked as answer by Erez Benari Friday, October 16, 2009 10:51 PM
    Friday, October 16, 2009 3:31 PM
  • The AV was up to date, and client components were installed. The system has been re-imaged in the mean time, so I cannot debug anymore. When the issues comes up again, I'll re-open the thread.
    Thursday, October 22, 2009 10:06 AM
  • It could have been that there is a GPO pushed down on the client that prevents the security center service from starting. I have seen this a few times recently. IAG looks into the WMI space that security center uses to determine the installed A/Vs; if its running; if its up to date. Next time it occurs make sure that the service is operational.
    Thursday, October 22, 2009 9:29 PM
  • Hello Guys

    This problem is happening  with avg antivirus. The iag sp2 update 2 was suppose to solve this issue but its the problem is happening. I did a fair bit of research on avg problem and it has to do with the coding done in the whaledetection.vbs script. If look that u will file the coding done for the older version on the antivirus.The whale detection script is used by the iag to extract the version of the antivirus from the registry and till now the microsoft have not update the file for the latest version of antivirus avilable in the market:).

    Cheers
    Bill

    Cheers Bill
    Friday, October 23, 2009 7:14 PM
  • Hi,

    We're not updating the script since our legacy endpoint detection is combined with WMI detection exactly as Window Security Center does.

    To make sure if there is the specific client problem or a known common issue, please check the following:

    1. What's a client OS? Is it Vista SP1/SP2?
    2. How the policy is defined? Is it defined by the Advanced Policy Editor by selecting AVG row only?

    Please reply if the answer on the both questions is Yes.
    Friday, October 23, 2009 10:29 PM
  • Hi,

    I am experiening a similar problem where, IAG does not permit user running on McAfee TOPS 5.0. This is the latest release of McAfee Tops.

    Is there anyone who has information on how to resole this matter concerning this product not being detected.
    Wednesday, December 2, 2009 12:47 PM