Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: McAfee preventing Windows 7 logons
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Mon, 8 Oct 2012 18:02:08 +0000

Are you running Artemis?  If so, it could be the problem.  Try running on recommended levels if so.  Also, are you 
copying files down in your login scripts that McAfee could be having trouble with?  (Like auditing agents or anything 
like that?)  Just a guess.  We’ve been running v8.8 for a while and have seen no such issues.  Did this just start 
recently or as soon as you deployed v8.8?

Dexter Caldwell
Dir. Systems & Networks
Information Technology Services
Furman University
3300 Poinsett Hwy
Greenville, SC 29613
email: dexter.caldwell () furman edu
office: 864-294-3566
facsimile: 864-294.3001


D/C

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]
Sent: Monday, October 08, 2012 1:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] McAfee preventing Windows 7 logons
Importance: Low

What happens if you do a complete scan of the entire C:\Users\Default directory?  Since the contents of that directory 
are effectively copied into a new directory when a new user is created, a false positive detection would cause an 
issue.  In addition, if McAfee is taking action that is blocking it and you aren’t seeing it on an ePO server, it seems 
like it’s either a bug in the software or a configuration setting that needs to be toggled so that blocks are being 
reported back to ePO (or logged locally).  As an additional troubleshooting technique, you could probably turn on 
auditing (for both success and failure) on an affected system, and see what’s being blocked and what’s being allowed 
when a new user logs on.

-- KS

Keith Schoenefeld
Information Security Analyst
Baylor University
254-710-6667

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE 
EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Smith, Bob
Sent: Monday, October 08, 2012 9:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] McAfee preventing Windows 7 logons

We are experiencing what appears to be a growing problem with Windows 7 and McAfee 8.8 preventing logons via AD.  There 
isn’t much information to provide since we have been unable to see any logged activity either in Windows or in the 
McAfee logs to help diagnose the problem, yet when we disable the Access Protection feature the logons will proceed 
normally.  The other odd behavior we are seeing is that this seems to only affect new users/logons.  For example, 
existing users who had successfully logged on to the computer previously (either prior to installing or upgrading to 
McAfee 8.8) do not have the problem.  We believe that McAfee (or something else?) is preventing the creation of new 
profiles in the c:\users directory.

Some of the workarounds being used are safe mode booting, let the user logon (basically creates the profile), and then 
reboot in normal mode after the profile is created on the computer.  We also tried putting in an exception for the 
c:\users directory and the logons can proceed normally.

If someone has experienced this problem and has a viable solution we would like to hear from you.

Thanks.

Bob Smith
AVP IITS & Information Security Officer
Longwood University
www.longwood.edu/infosec<http://www.longwood.edu/infosec>




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault