Main Nav

We are experiencing what appears to be a growing problem with Windows 7 and McAfee 8.8 preventing logons via AD.  There isn’t much information to provide since we have been unable to see any logged activity either in Windows or in the McAfee logs to help diagnose the problem, yet when we disable the Access Protection feature the logons will proceed normally.  The other odd behavior we are seeing is that this seems to only affect new users/logons.  For example, existing users who had successfully logged on to the computer previously (either prior to installing or upgrading to McAfee 8.8) do not have the problem.  We believe that McAfee (or something else?) is preventing the creation of new profiles in the c:\users directory.
 
Some of the workarounds being used are safe mode booting, let the user logon (basically creates the profile), and then reboot in normal mode after the profile is created on the computer.  We also tried putting in an exception for the c:\users directory and the logons can proceed normally.
 
If someone has experienced this problem and has a viable solution we would like to hear from you.
 
Thanks.
 
Bob Smith
AVP IITS & Information Security Officer
Longwood University
 
 
 

Comments

What happens if you do a complete scan of the entire C:\Users\Default directory?  Since the contents of that directory are effectively copied into a new directory when a new user is created, a false positive detection would cause an issue.  In addition, if McAfee is taking action that is blocking it and you aren’t seeing it on an ePO server, it seems like it’s either a bug in the software or a configuration setting that needs to be toggled so that blocks are being reported back to ePO (or logged locally).  As an additional troubleshooting technique, you could probably turn on auditing (for both success and failure) on an affected system, and see what’s being blocked and what’s being allowed when a new user logs on.

 

-- KS

 

Keith Schoenefeld

Information Security Analyst

Baylor University

254-710-6667

 

Are you running Artemis?  If so, it could be the problem.  Try running on recommended levels if so.  Also, are you copying files down in your login scripts that McAfee could be having trouble with?  (Like auditing agents or anything like that?)  Just a guess.  We’ve been running v8.8 for a while and have seen no such issues.  Did this just start recently or as soon as you deployed v8.8?

 

Dexter Caldwell

Dir. Systems & Networks

Information Technology Services

Furman University

3300 Poinsett Hwy

Greenville, SC 29613

email: dexter.caldwell@furman.edu

office: 864-294-3566

facsimile: 864-294.3001

 

 

D/C

 

Message from eric.lukens@uni.edu

I too have had multiple problems with A/V (two different A/V companies even) causing issues with C:\Users\Default. In my case, there wasn't even a false positive, but for whatever reason the scanner got hung up in there long enough that Windows got annoyed. Adding an exclusion for real-time scanning to C:\Users\Default fixed the problem.

-Eric

Sorry for the delay in responding to the list on this issue, but it seems our techs have isolated the problem to something associated with our install of the OS through our imaging process.  When we manually install the OS and then install McAfee the problem is non-existent.  However, when we install using our image of the OS and then add McAfee the problem surfaces.  So this may not even be a McAfee problem per se.

 

Thanks for all the replies and suggestions.  If anyone is interested you can email off-list and I will gladly share our findings once they are finalized.

 

Bob

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric Lukens
Sent: Monday, October 08, 2012 2:42 PM
To: SECURITY@LISTSERV.EDUCAUSE.EDU
Subject: Re: [SECURITY] McAfee preventing Windows 7 logons

 

I too have had multiple problems with A/V (two different A/V companies even) causing issues with C:\Users\Default. In my case, there wasn't even a false positive, but for whatever reason the scanner got hung up in there long enough that Windows got annoyed. Adding an exclusion for real-time scanning to C:\Users\Default fixed the problem.

 

-Eric

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.