1. Knowledge Base Article
Page 1 of 6
Created On: 28-Oct-2013
Author: Eric Roberson
Title
Computers running McAfee Antivirus (beta) become unresponsive during
startup
Description of Issue
Computers running McAfee Antivirus hang or freeze when starting up
or while logging onto the network.
Information in this solution applies only to pilot/test computers for
McAfee Antivirus (beta).
Description of Resolution
This solution contains several parts. Follow each section carefully. The
variable {computername} refers to the remote or target computer.
PREREQUISITE: Recover an unresponsive computer
This section must be performed locally on the remote computer. Consider
connecting to the remote computer using Remote Desktop Protocol (RDP.)
1. If the computer hangs during startup, press CTRL + ALT + END to
start task manager.
2. Click the Processes Tab, then click Image Name to sort the list of
running processes.
3. Click the MfeFFCore.exe process, then click End Process.
4. The computer will log on successfully after stopping the MfeFFCore.exe
process.
PART 1: Copy necessary files to remote computer
Parts one, two, and three may be performed remotely without user
intervention. Before completing these sections, go to Part 4: Confirm
Functionality to determine whether these steps are necessary.
1. On the target computer, check for
{computername}c$windowssystem32psexec.exe. If necessary,
copy EDCAPP25MMQT$PSEXEC.EXE to
{computername}c$windowssystem32.
2. Open a command using an account with elevated privileges (eg.
A_UserID). Type net use ohcfs01groups * /u:lyb{user_ID},
2. Knowledge Base Article
Page 2 of 6
then press Enter. When prompted, enter the password for a regular
user ID.
3. Type Copy ohcfs01groupseveryonesleep.exe
{computername}C$Batch.
4. Type Copy ohcfs01groupseveryoneframepkg.exe
{computername}C$Batch.
5. Type Net use ohcfs01groups /d. Press the letter ‘Y’ to
disconnect when prompted. Continue to Part 2: Apply the Soulution.
PART 2: Apply the solution
1. Open a command using an account with elevated privileges (eg.
A_UserID). Type psexec –s –h {computername} cmd.exe.
2. Type hostname to verify connectivity to the remote computer.
3. Type c:batchframepkg.exe /forceuninstall, then press Enter.
Wait for the command to complete, which may take five minutes or
longer.
4. Type SET TEMP=C:BATCH, then press Enter.
3. Knowledge Base Article
Page 3 of 6
NOTE: The command line SET TEMP=C:BATCH is case sensitive.
Please use All CAPS.
5. Type C:BatchFramePkg.exe /install=agent /forceinstall
/DataDir=C:Batch, then press Enter. Wait for the command to
complete, which may take ten minutes or longer.
NOTE: This command line is case sensitive. Be sure to use correct
upper and lower case letters.
4. Knowledge Base Article
Page 4 of 6
6. Restart the computer. Type shutdown /r /f /t 600 /c “Save your
work! Restarting computer in 10 minutes to complete antivirus
agent installation.”
7. Type ping -4 {computername} –t –w 15000. Continue to Part 3
once a ping response is received.
PART 3: Retrieve updated policy
Retrieve the updated policy so new encryption keys are copied and files are
decrypted on the remote computer.
1. Open a command using an account with elevated privileges (eg.
A_UserID). Type psexec –s –h {computername} cmd.exe.
2. Type hostname to verify connectivity to the remote computer.
3. Type CDProgram FilesMcAfeeCommon Framework, then press
Enter.
4. Type each of the following commands, waiting 60 seconds between
typing each command:
CmdAgent.exe /C
CmdAgent.exe /E
CmdAgent.exe /P
5. Restart the computer. Type shutdown /r /f /t 600 /c “Save your
work! Restarting computer in 10 minutes to complete antivirus
agent installation.”
PART 4: Confirm functionality
Confirm necessary decryption keys are present and files are being decrypted.
1. Connect to the remote computer using RDP.
2. Browse to the folder C:Program FilesMcAfeeEndpoint
Encryption for Files and Folders. Double click MfeFFConsole.exe.
3. Click the Status Report button at the top left, then expand Available
Keys in the column on the right.
5. Knowledge Base Article
Page 5 of 6
4. If both encryption keys appear, then the solution has been applied
successfully and the new policy is in effect.
5. To check for files waiting to be decrypted, open Windows Explorer.
Right click the C: drive, then click McAfee Endpoint Encryption >
Search Encrypted.
6. Click the Search button at the top right. If no encrypted files are
found, then the solution has been applied successfully and the new
policy is in effect. Also consider checking the following directories for
encrypted files:
C:localdocs (both Win XP and Win 7)
C:ProgramData (Win 7 only)
C:Documents and SettingsAll UsersApplication Data (Win XP
Only)
6. Knowledge Base Article
Page 6 of 6
NOTE: Please allow enough time for the decryption process after
applying Steps two and three above.
Additional Information
For additional support, contact the End User Computing or Information
Technology Foundation teams.
Revision History
Revision Number Date Editor Summary of revision
0.1 28-Oct-2013 Eric Roberson First Draft
1.0 28-Oct-2013 Eric Roberson Technical Edit
Tags
McAfee Endpoint Encryption, Decrypt, Decryption, Encrypt, Encryption,
Antivirus