IT Infrastructure blog

February 26, 2012

McAfee Agent uninstallation Or McAfee Client uninstallation

Definitely in every IT person life there would be a time to remove Antivirus client from servers or client machines. Yes i had also in a situation that have to remove McAfee Antivirus client from one of the Windows 2008 R2 machine.

In our enviornment we are using McAfee EPO Antivirus server (4.5.0)  and VSE 8.7 versions. In all machines client agent has been  installed and getting regular updates from EPO server.

Removal Process of McAfee Client

First remove McAfee Virus Scan enterprise from control panel.

 

 

 

Once it done try to remove McAfee agnet but it won’t allow you from GUI.

You have to do it the uninstallation from command prompt by using below switch

 

 

 

 

 

c:\Program Files\McAfee\Common Framework\frminst.exe /forceuninstall

Ref: https://kc.mcafee.com/corporate/index?page=content&id=KB65863

December 5, 2011

How to change McAfee Database in another SQL server

Filed under: McAfee EPO — Akther @ 11:48 am
Tags: ,

We are using McAfee EPO 4.5 Antivirus server version in our enviornment to protect our clients and servers. The application is installed in Windows 2003 server and SQL Database for this application is pointed to seperate MS Windows 2008 server.

One day the SQL server had some ahrdware issues and it went down. We had a backup of EPO and we need to restore in to another SQL server to back Antivirus enviornment.

Steps need to do this activities are below

 

–      Open SQL Management Studio and create a new database called EPO

–      Restore the database to EPO

Once restore completed go the mcAfee EPO server and put the below link in Internet explorer

https:\\EPOservername:8443\core\config

Give the new Database server name there and given the credential

 

You have the option to test the connection. Once it done restart the EPO server.

Your EPO server is point to new Database server.

 

 

June 25, 2011

McAfee blocked Hub transport server releasing emails from queue

Filed under: Exchange 2007,McAfee EPO — Akther @ 2:53 pm
Tags:

Yesterday users complained that they have send email to outside but recipient did not received yet. And some of the users are received mail delayed email from Exchange server

Here is the delayed message

—————————————————————————————————————————————————–

Delivery is delayed to these recipients or distribution lists:

From : Microsoft Exchange 

To: Muhammad Akther

Subject: hi

This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.

 Delivery of this message will be attempted until 6/26/2011 3:18:53 PM (GMT+03:00) Kuwait, Riyadh. Microsoft Exchange will notify you if the message can’t be delivered by that time.

—————————————————————————————————————————————————–

ok. we realized that some thing wrong in Exchagne server or in relay. First loged in to Exchange Hub Transport server and checked all the services are up and running. It was running. Then went to Queue viewer to see is there any mails are stuck there. We could able  see that so much mails are stuck in Queue

Then we tried to Telnet to Email Gateway ( we are using McAfee Secure mail instead of Edge Transport server) port 25. It’s rejected the telnet session. So the issue has confirmed. Hub cannot talk to Email Gateway.

Next we checked what is blocking from Hub to Mail gateway . Is it firewall? or Antivirus ? or some thing else. The culprit was McAfee Antivirus.  There was a patch updated on Mcafee and the solution we found it from one of the Mcafee KB

Here is the solution. you have to go to McAfee EPO server and do the below changes

Problem

Outbound SMTP email is blocked by VirusScan Enterprise (VSE) 8.5i and 8.7i Access Protection rule for Port 25.
 

Cause

The Access Protection feature of VirusScan Enterprise 8.x allows specific ports to be blocked. Although standard exclusions are set, these rules must be revised manually according to the environment.
 

Solution

Manually exclude the process that is being blocked.
 
NOTE: Make sure to use the exact process name as found in the Access Protection log.
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Right-click Access Protection and select Properties.
  3. Click the Access Protection tab.
  4. Under Categories on the left, select Anti-virus Standard Protection.
  5. In the right pane, select Prevent mass mailing worms from sending mail, then click Edit.
  6. In the Processes to exclude section, type the process name, then click OK to close the Rule details window.
  7. Click Apply then close the Access Protection Properties window. 

 

After encforce policy in Hub Transport Server Emails start releasing from queue.

Reference :

 https://kc.mcafee.com/corporate/index?page=content&id=KB50707

Regards

Akther

 

Create a free website or blog at WordPress.com.