Educause Security Discussion mailing list archives
Re: McAfee preventing Windows 7 logons
From: Eric Lukens <eric.lukens () UNI EDU>
Date: Mon, 8 Oct 2012 13:41:51 -0500
I too have had multiple problems with A/V (two different A/V companies even) causing issues with C:\Users\Default. In my case, there wasn't even a false positive, but for whatever reason the scanner got hung up in there long enough that Windows got annoyed. Adding an exclusion for real-time scanning to C:\Users\Default fixed the problem. -Eric On Mon, Oct 8, 2012 at 12:41 PM, Schoenefeld, Keith P. < Keith_Schoenefeld () baylor edu> wrote:
What happens if you do a complete scan of the entire C:\Users\Default directory? Since the contents of that directory are effectively copied into a new directory when a new user is created, a false positive detection would cause an issue. In addition, if McAfee is taking action that is blocking it and you aren’t seeing it on an ePO server, it seems like it’s either a bug in the software or a configuration setting that needs to be toggled so that blocks are being reported back to ePO (or logged locally). As an additional troubleshooting technique, you could probably turn on auditing (for both success and failure) on an affected system, and see what’s being blocked and what’s being allowed when a new user logs on.**** ** ** -- KS**** ** ** Keith Schoenefeld**** Information Security Analyst**** Baylor University**** 254-710-6667**** ** ** *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Smith, Bob *Sent:* Monday, October 08, 2012 9:47 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] McAfee preventing Windows 7 logons**** ** ** We are experiencing what appears to be a growing problem with Windows 7 and McAfee 8.8 preventing logons via AD. There isn’t much information to provide since we have been unable to see any logged activity either in Windows or in the McAfee logs to help diagnose the problem, yet when we disable the Access Protection feature the logons will proceed normally. The other odd behavior we are seeing is that this seems to only affect new users/logons. For example, existing users who had successfully logged on to the computer previously (either prior to installing or upgrading to McAfee 8.8) do not have the problem. We believe that McAfee (or something else?) is preventing the creation of new profiles in the c:\users directory. **** **** Some of the workarounds being used are safe mode booting, let the user logon (basically creates the profile), and then reboot in normal mode after the profile is created on the computer. We also tried putting in an exception for the c:\users directory and the logons can proceed normally.* *** **** If someone has experienced this problem and has a viable solution we would like to hear from you.**** **** Thanks.**** **** Bob Smith**** AVP IITS & Information Security Officer**** Longwood University**** www.longwood.edu/infosec**** **** **** ****
-- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 319-273-7434http://www.uni.edu/elukens/
Current thread:
- McAfee preventing Windows 7 logons Smith, Bob (Oct 08)
- Re: McAfee preventing Windows 7 logons Schoenefeld, Keith P. (Oct 08)
- Re: McAfee preventing Windows 7 logons Eric Lukens (Oct 08)
- Re: McAfee preventing Windows 7 logons Smith, Bob (Oct 11)
- Re: McAfee preventing Windows 7 logons Eric Lukens (Oct 08)
- Message not available
- Re: McAfee preventing Windows 7 logons Dexter Caldwell (Oct 08)
- Re: McAfee preventing Windows 7 logons Schoenefeld, Keith P. (Oct 08)