Like a lot of people out there we use McAfee and ePolicy for our corporate anti-virus, anti-malware etc. Most of the time this is a bit of a “set and forget” application but sometimes it throws you a curve ball.
Like this morning for instance.
I was just in the middle of a hurried (and harried!) discussion regarding an Exchange upgrade we’re having to undertake earlier then planned (more on that some other time) when the first signs of a problem dribbled in. Well by dribbled in I mean that my IM went off with messages from multiple sites and my phone burst into life. You know, the usual kind of thing.
The initial problem was that people couldn’t access shared drives which then progressed to not being able to access local drives including My Documents. After a bit of research it turns out that McAfee was blocking explorer.exe as a spoofed process!
Needless to say this went straight into the “Not Cool” category and we started working on it. As suspected, we hadn’t made any changes overnight to our ePolicy setup or rules but the issue was definitely being enforced by something. Further investigation turned up that the rules on the clients weren’t the same as those on the server. A bit of double checking and tick/unticking of settings and the rules were back where they should be and ready to roll.
After a brief period where the rules replicated to all repositories and yet more PCs were reported as affected, we were ready to beat it all back into shape. A short reboot later and most affected machines were back on the straight and narrow.
Those that didn’t want to play were quickly logged on to by an admin and the McAfee apps launch via cmd. It was interesting to find out that mcconsole.exe is the McAfee Console and you can force updates from the cli using mcupdate.exe – yes, things are actually named logically it seems!
Anyway after that was solved it’s back to my main stress of the moment – how to upgrade a multi-site, multi-version Exchange infrastructure with as little headaches as possible. Looks our for more posts on this in the coming weeks!
Ramblings From The Litter Tray of Life 