Skip Ribbon Commands
Skip to main content

McAfee 8.7i "Could not contact Filter Driver", On Access Scan Disabled

 

Andrew Walman

06/11/2008

McAfee have recently released VirusScan Enterprise 8.7i, with various performance improvements over 8.5i. So we rolled it out using ePolicy Orchestrator, and then noticed some of the servers had the On-Access Scan disabled. Further inverstigation revealed the upgrade had been successful on these servers, but then the service was struggling to start reporting the following error in the application event log:
 
Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5004
Date:  06/11/2008
Time:  10:17:22
User:  NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Could not contact Filter Driver.
 Error = 0x7d1 : The specified driver is invalid.
 
After trawling through the McAfee help forums, it turns out a lot of people are experiencing the same problem (another great example of product testing from McAfee) and it's to do with the system volume being a dynamic disk, which is a more common situation on servers - but it could equally affect workstations. The fix is to update the registry on the affected server, or wait till patch 1 (apparently due in February) before deploying 8.7i to anything with a dynamic disk.
 
Incidentally, if you've already deployed 8.7i and found this problem, retrograding to 8.5i doesn't seem to fix it - you'll need the registry update or patch.
 
Details of the registry fix are here - essentialy you'll be updating the path to mfeapfk, mfeavfk, and mfebopk which live under HKLM\SYSTEM\CurrentControlSet\Services\, with the full path to the driver - e.g. c:\windows\system32\drivers\mfeapfk.sys. You'll need to do this once 8.7i has finished installing, then simply start the McAfee McShield Service again - no reboot required.
 
As always, take care when editing the registry - http://support.microsoft.com/kb/256986/EN-US/
 
UPDATE 8/12/08
We've since observed this same error on Windows XP without dynamic disks, after a full disk check was performed. The same registry edit fixed the problem
 
UPDATE 10/12/08
The latest round of Windows updates has caused the problem to reoccur on servers that previously were fixed by the registry edit - slightly different error messages this time, and it was only fixed with a reinstall of Enterprise v8.7 and reapplying the registry fix above. Error 1:
 
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date:  09/12/2008
Time:  21:31:45
User:  N/A
Computer: MACHINENAME
Description:
The McAfee Inc. mfehidk service failed to start due to the following error:
The filename, directory name, or volume label syntax is incorrect.
 
Error 2:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date:  09/12/2008
Time:  21:31:45
User:  N/A
Computer: MACHINENAME
Description:
The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:
The filename, directory name, or volume label syntax is incorrect.


 
 

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Clear out the ROT!140<p class="lead">​​They might give examples of damp rot or rotten food but ROT in the IT world is an acronym and if you apply the definition of rot to your data it's not far off what this blog is essentially about.</p><p class="lead">The acronym ROT when referring to IT stands for <strong>Redundant, Obsolete and Trivial</strong> and it's used when describing your digital data that your business keeps hold of when it has no value. Employees create ROT every day without realising how much this impacts your business.</p><p>ROT can be found on network and SharePoint servers, desktops, mobile devices such as laptops and mobile phones, on premise and in the cloud. Its impact can be huge and will become even more of a worry when the new GDPR* comes into force on May 25<sup>th</sup> 2018. </p><p>​ <strong>Reasons to clear the ROT out&#58;</strong></p><ol>​ <li> <strong>It decreases the need for extra storage.</strong><br>Funding extra storage, costs businesses money; not only having to pay for the extra storage but extra storage creates the need for a bigger IT infrastructure (and more IT support staff) and hardware which all rise costs.<br></li><li> <strong>Prevents data becoming a liability risk.</strong>​ <br>For businesses that are subject to audits, clearing out the ROT is an important part of the process. Businesses need to be able to demonstrate they are compliant within a whole range of regulations and legal guidelines dependent on the sector the business operates in.<br></li><li> <strong>Improves productivity in staff</strong>. <br>The need to quickly access the right information instead of wading through irrelevant documents will increase the delivery of projects and increase productivity on a day to day basis. This in turn increases productivity and profit margins.<br></li><li> <strong>Prevents data breaches.</strong><br>Clearing out the ROT can be viewed as time consuming and not a profitable use of time. The less information your company has that has no business or legal value reduces the chance of a data breach. If there is a data breach then you open yourselves up to costly legal action that is easily preventable.<br></li><li> <strong>GDPR is coming.</strong><br>May 25<sup>th</sup> 2018 is a date that you need to have etched in your brain if you are the owner of a business. The new regulations are replacing the outdated Data Protection Act and is a well needed reaction to the change in how data is stored, transferred and managed. Individual's now have far more rights and businesses will have to ensure that they have the legal consent to process data. All personal data that you hold, where it came from and who you share it with now needs to be documented. Getting rid of obsolete data will help to prevent any breaches of GDPR.<br></li> ​ </ol> <p class="small">*GDPR(The General Data Protection Regulation) is the European Union's new legislation to protect the personal data of all EU citizens and has evolved from the need to regulate data protection by updating the 1995 Data Protection Directive (DPD). This set of regulations is now out of date due to the increasing advances in the digital and technology world.<br>Organisations have been given a two-year lead in period to become compli​ant, ending 25th May 2018.​</p><p> <strong>How can Fuse help you clear out the ROT?</strong></p><p>Fuse is a specialist in SharePoint and has an in-house team of consultants. If you currently store terabytes of data held within an on-premise infrastructure and you are worried about GDPR because your data is unstructured and therefore unmanageable, Fuse can help. Fuse implements solutions that help to analyse the data held by your organisation; structure your data; identify unwanted and duplicated data. This is all done quickly and securely. </p><p>Once your data is in a manageable format we can provide the tools that will identify and collect GDPR personal information within documents. Workflows can be created to generate documents and automate your requests for &quot;the right to be forgotten&quot;. &#160;Not only are we good at it, it will give you peace of mind as you will be preventing any GDPR breaches. Become compliant by binning the ROT! </p><div class="well well-lg"><p class="lead">​If you have any questions or would like to speak to someone about your current system, call 01604 797979 for​ a no obligation chat!</p></div>l.ozier@fusecollaboration.com | Louise Ozier | 693A30232E777C6675736563735C6C2E6F7A696572 i:0#.w|fusecs\l.ozier24/07/2017 23:00:002017-07-24T23:00:00ZIf you were to ask most people what the definition of rot is, you are more than likely to get answers along the lines of "something that's damaged, something that you can't use anymore or something that is decaying or gone bad". 26/07/2017 10:55:54htmlFalseaspx

 Contact us

Our address
12-14 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us