Skip Ribbon Commands
Skip to main content

McAfee 8.7i "Could not contact Filter Driver", On Access Scan Disabled

 

Andrew Walman

06/11/2008

McAfee have recently released VirusScan Enterprise 8.7i, with various performance improvements over 8.5i. So we rolled it out using ePolicy Orchestrator, and then noticed some of the servers had the On-Access Scan disabled. Further inverstigation revealed the upgrade had been successful on these servers, but then the service was struggling to start reporting the following error in the application event log:
 
Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5004
Date:  06/11/2008
Time:  10:17:22
User:  NT AUTHORITY\SYSTEM
Computer: MACHINENAME
Description:
Could not contact Filter Driver.
 Error = 0x7d1 : The specified driver is invalid.
 
After trawling through the McAfee help forums, it turns out a lot of people are experiencing the same problem (another great example of product testing from McAfee) and it's to do with the system volume being a dynamic disk, which is a more common situation on servers - but it could equally affect workstations. The fix is to update the registry on the affected server, or wait till patch 1 (apparently due in February) before deploying 8.7i to anything with a dynamic disk.
 
Incidentally, if you've already deployed 8.7i and found this problem, retrograding to 8.5i doesn't seem to fix it - you'll need the registry update or patch.
 
Details of the registry fix are here - essentialy you'll be updating the path to mfeapfk, mfeavfk, and mfebopk which live under HKLM\SYSTEM\CurrentControlSet\Services\, with the full path to the driver - e.g. c:\windows\system32\drivers\mfeapfk.sys. You'll need to do this once 8.7i has finished installing, then simply start the McAfee McShield Service again - no reboot required.
 
As always, take care when editing the registry - http://support.microsoft.com/kb/256986/EN-US/
 
UPDATE 8/12/08
We've since observed this same error on Windows XP without dynamic disks, after a full disk check was performed. The same registry edit fixed the problem
 
UPDATE 10/12/08
The latest round of Windows updates has caused the problem to reoccur on servers that previously were fixed by the registry edit - slightly different error messages this time, and it was only fixed with a reinstall of Enterprise v8.7 and reapplying the registry fix above. Error 1:
 
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date:  09/12/2008
Time:  21:31:45
User:  N/A
Computer: MACHINENAME
Description:
The McAfee Inc. mfehidk service failed to start due to the following error:
The filename, directory name, or volume label syntax is incorrect.
 
Error 2:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date:  09/12/2008
Time:  21:31:45
User:  N/A
Computer: MACHINENAME
Description:
The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:
The filename, directory name, or volume label syntax is incorrect.


 
 

 About us

Fuse Collaboration Services is a Cloud Solution Provider and Microsoft Gold Partner specialising in delivering SharePoint, Skype for Business, and Azure cloud-based solutions. Based in Northampton, UK.

Microsoft Gold Partner Logo showing 5 competencies

Read more

 Latest Tweets

 Latest Blog

 

 

Get single sign-on for all apps3995<p class="lead">​​​Are you looking for an identity-as-a-service (IDaaS) solution that solves your biggest IT challenges without compromising user experience?</p><p class="lead">With Azure Active Directory, the Microsoft IDaaS solution, you can streamline the employee experience with single sign-on capabilities and reduce the complexity of managing identity, security, and access to your company’s critical data. You get a proven solution that allows you to&#58;​</p><hr />​ <div class="lead"><div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image004.png" alt="" />​ ​ <div class="media-body">​​Quickly adopt cloud services​</div></div></div>​ <div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image006.png" alt="" /> <div class="media-body">Improve application security</div></div></div>​ ​</div>​ <div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image008.png" alt="" /> <div class="media-body">Empower employees with access to world-class cloud apps</div></div></div><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image010.png" alt="" /> <div class="media-body">Monitor application usage and protect your business</div></div></div></div>​ <div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image012.png" alt="" /> <div class="media-body">Easily and securely manage employee and vendor access</div></div></div><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image014.png" alt="" /> <div class="media-body">Secure remote, mobile access to on-premises apps</div></div></div>​ </div><div class="row"><div class="col-md-6">​ <div class="media"> <img class="img-responsive pull-left" src="/ourblog/Blog%20Site%20Images/image016.png" alt="" /> <div class="media-body">Implement consistent, self-service application access management</div></div></div>​​​ </div></div><hr /><p class="lead"><a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=218eb0be-10f6-490a-82a7-a7fd47c8de90">Contact Fuse</a> to discuss how we can help implement IDaaS within your organisation, using our expertise and experience to reduce risk and project length.​</p> <div class="well well-lg"><p class="lead">Are you curious about how Azure Active Directory can work for you? <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=4fc45909-2b6d-48b9-bcf9-a446e9d472d6&amp;TermSetId=c98895cd-d37f-4406-9cff-5480b4f829b6&amp;TermId=721159e3-34c0-40dc-8028-ae2e2f2e79e4">Let us show you how​</a>!​</p></div>​​a.walman@fusecollaboration.com | Andrew Walman | 693A30232E777C6675736563735C612E77616C6D616E i:0#.w|fusecs\a.walman17/01/2018 00:00:002018-01-17T00:00:00Zno matter where they liveAzure Active Directory, the Microsoft IDaaS solution24/02/2018 00:15:562757htmlFalseaspx

 Contact us

Our address
12 Brookfield, Duncan Close
Moulton Park, Northampton
NN3 6WL
P: +44(0)1604 797979
Contact Us