Re: McAfee preventing Windows 7 logons

[Eric Lukens <eric.lukens () UNI EDU>]

I too have had multiple problems with A/V (two different A/V companies
even) causing issues with C:\Users\Default. In my case, there wasn't even a
false positive, but for whatever reason the scanner got hung up in there
long enough that Windows got annoyed. Adding an exclusion for real-time
scanning to C:\Users\Default fixed the problem.

-Eric

On Mon, Oct 8, 2012 at 12:41 PM, Schoenefeld, Keith P. <
Keith_Schoenefeld () baylor edu> wrote:

>  What happens if you do a complete scan of the entire C:\Users\Default
> directory?  Since the contents of that directory are effectively copied
> into a new directory when a new user is created, a false positive detection
> would cause an issue.  In addition, if McAfee is taking action that is
> blocking it and you aren’t seeing it on an ePO server, it seems like it’s
> either a bug in the software or a configuration setting that needs to be
> toggled so that blocks are being reported back to ePO (or logged locally).
> As an additional troubleshooting technique, you could probably turn on
> auditing (for both success and failure) on an affected system, and see
> what’s being blocked and what’s being allowed when a new user logs on.****
>
> ** **
>
> -- KS****
>
> ** **
>
> Keith Schoenefeld****
>
> Information Security Analyst****
>
> Baylor University****
>
> 254-710-6667****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Smith, Bob
> *Sent:* Monday, October 08, 2012 9:47 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] McAfee preventing Windows 7 logons****
>
> ** **
>
> We are experiencing what appears to be a growing problem with Windows 7
> and McAfee 8.8 preventing logons via AD.  There isn’t much information to
> provide since we have been unable to see any logged activity either in
> Windows or in the McAfee logs to help diagnose the problem, yet when we
> disable the Access Protection feature the logons will proceed normally.
> The other odd behavior we are seeing is that this seems to only affect new
> users/logons.  For example, existing users who had successfully logged on
> to the computer previously (either prior to installing or upgrading to
> McAfee 8.8) do not have the problem.  We believe that McAfee (or something
> else?) is preventing the creation of new profiles in the c:\users directory.
> ****
>
>  ****
>
> Some of the workarounds being used are safe mode booting, let the user
> logon (basically creates the profile), and then reboot in normal mode after
> the profile is created on the computer.  We also tried putting in an
> exception for the c:\users directory and the logons can proceed normally.*
> ***
>
>  ****
>
> If someone has experienced this problem and has a viable solution we would
> like to hear from you.****
>
>  ****
>
> Thanks.****
>
>  ****
>
> Bob Smith****
>
> AVP IITS & Information Security Officer****
>
> Longwood University****
>
> www.longwood.edu/infosec****
>
>  ****
>
>  ****
>
>  ****



-- 

Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434http://www.uni.edu/elukens/