How to Disable Access Protection from the Antivirus Virus Scan Console?

HOW TO DISABLE ACCESS PROTECTION FROM THE ANTIVIRUS VIRUS SCAN CONSOLE?

Access Protection will not allow installing VMware Tools and Nutanix Guest Tool in a Windows guest operating system when it’s running in strict mode.

  • Power on the virtual machine from web client/prism
  • Sometimes virtual disk/SAN disk block Antivirus in Virtul Machines
  • Disable Antivirus before installing/Mounting Nutanix and VMware tool.
  • You will find blocking history in windows Event Viewer.

Solution

 Remove Common Management Agent from windows clients

  1. Open run utility from windows or press win+r
  2. Type the following C:Program Files/McAfeeCommon/Framework/frminst.exe /remove=updater /product=Viruscan8600
  3. Unregister checkpoint with same location
  4. Type : C:Program FilesMcAfeeVirusScan Enterprise PIREG.EXE /d <VirusScan install folder>MCAVSCV.DLL, and click OK.
  5. Remove the Anti-Spyware Module
  6. Type : C:Program FilesMcAfeeVirusScan Enterprise CSSCAN.exe /UninstallMAS, and click OK.
  7. Delete Registry Keys
  8. Click StartRun, type regedit and click OK.
  9. Navigate to each of the following keys, right-click each key, and select Delete:
  10. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products40C30C53F1F32C249A987A75EE96F156
  11. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstallerUpgradeCodes
  12. 9FF15957780018945A6265BC95AD719D]
  13. [HKEY_CLASSES_ROOTInstallerProducts40C30C53F1F32C249A987A75EE96F156]
  14. [HKEY_CLASSES_ROOTInstallerFeatures40C30C53F1F32C249A987A75EE96F156]
  15. [HKEY_CLASSES_ROOTInstallerUpgradeCodes9FF15957780018945A6265BC95AD719D ]
  16. Unload vsplugin.dll
  17. Navigate to the following registry location:
  18. [HKEY_LOCAL_MACHINESOFTWARENetwork AssociatesePolicy Orchestrator
  19. Application PluginsViruScan8600]
  20. Right-click the key ViruScan8600.
  21. Select NewDWORD Value.
  22. Rename the New Value #1 value to Plugin Flag and press Enter.
  23. Right-click Plugin Flag and select Modify
  24. In the Value Data field type 8 and click OK.
HOW TO DISABLE ACCESS PROTECTION FROM THE ANTIVIRUS VIRUS SCAN CONSOLE?
HOW TO DISABLE ACCESS PROTECTION FROM THE ANTIVIRUS VIRUS SCAN CONSOLE?

 Stop VirusScan Services.

  1. To open the VirusScan Console, from the Start menu – click StartProgramsMcafee.
  2. Select VirusScan Console.
  3. Right-click Access Protection, and select Disable.
  4. Exit the VirusScan Console.
  5. Click StartRun, type NET STOP McShield, and click OK.
  6. Click StartRun, type NET STOP McTaskManager, and click OK.

Delete Registry Keys

  • Search the Windows Registry for and delete instances of 40C30C53F1F32C249A987A75EE96F156:
    • Click StartRun, type regedit and click OK.
    • Select EditFind, type: 40C30C53F1F32C249A987A75EE96F156 and click Find Next.
    • Right-click any matching key found and select Delete.

 Delete VirusScan Services.

  1. Navigate to and select the following registry key:

    [HKEY_LOCAL_MACHINESystemControlSet001ServicesMcShield]
  2. Right-click the key and select NewDWORD Value .
  3. Rename the New Value #1 value to DeleteFlag and press Enter.
  4. Right-click DeleteFlag and select Modify
  5. In the Value Data field type 1.
  6. Create another new DWORD value named VSEFlag and change the Value Data to 1.
  7. Navigate to the following registry location:

    [HKEY_LOCAL_MACHINESystemControlSet001ServicesMcTaskManager]
  8. Create a DWORD value named DeleteFlag with a value of 1.
  9. Create a DWORD value named VSEFlag with a value of 1.

Uninstall VirusScan Drivers.

  1. Select StartRun, type cmd and press Enter.
  2. Navigate to the VirusScan installation folder.
  3. Type: mfehidin.exe -u mfeavfk.sys mfeapfk.sys mfebopk.sys mfehidk.sys mfetdik.sys

Unregister DLLs

  1. Select StartRun, type cmd and press Enter.

Navigate to the VirusScan installation folder.

NOTE: By default, the VirusScan install folder is: C:Program FilesMcAfeeVirusScan Enterprise.

  1. Type each of the following commands and press Enter after each:
    • regsvr32.exe /u SCRIPTCL.dll
    • regsvr32.exe /u x64SCRIPTCL.dll (for 64-bit systems only)
    • regsvr32.exe /u VSUPDATE.dll

 Delete Registry Keys – Part 3.

  1. Click StartRun, type regedit and click OK.
  2. Navigate to each of the following registry keys, right-click each key, and select Delete:
    • [HKEY_CLASSES_ROOTCLSID{cda2863e-2497-4c49-9b89-06840e070a87}]
    • [HKEY_CLASSES_ROOTDirectoryshellexContextMenuHandlersVirusScan]
    • [HKEY_CLASSES_ROOTFoldershellexContextMenuHandlersVirusScan]
    • [HKEY_CURRENT_USERSoftwareMcAfeeDesktopProtection]
    • [HKEY_LOCAL_MACHINESOFTWAREMcAfeeAVEngine]
    • [HKEY_LOCAL_MACHINESOFTWAREMcAfeeDesktopProtection]
    • [HKEY_LOCAL_MACHINESOFTWAREMcAfeeVSCore]
    • [HKEY_LOCAL_MACHINESOFTWAREMcAfeeePolicy OrchestratorApplication PluginsVIRUSCAN8600]
    • [HKEY_LOCAL_MACHINESOFTWARENetwork AssociatesePolicy OrchestratorApplication PluginsVIRUSCAN8600]
    • [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{35C03C04-3F1F-42C2-A989-A757EE691F65}]
    • [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun], ShStatEXE
    • [HKEY_LOCAL_MACHINESOFTWAREControlSet001ServicesEventlogApplicationMcLogEvent]
    • [HKEY_CLASSES_ROOT*shellexContextMenuHandlersVirusScan]

Restart the system to take effect.

Also follow this article to stop the virus form windows trey.

  1. Install VMware Tools or Nutanix guest Tool before installing Antivirus on the Windows guest operating system.
  2. Antivirus will not allow VMware Tools/Nutanix Guest Tool upgrade if run in strict Protection mode.
  3. Disable All Protection from the Antivirus Virus Scan software when either installing or upgrading Nutanix Guest tool or VMware Tools.
    1. Open Antivirus software.
    2. Right-click the tray to open antivirus Protection setting in the Tasks window and select stop from setting.

What to do next

  • Install VMware Tools or Nutanix Guest Tool and run the setup
  • Re-reconfigure all Protection when your VMware Tools/Nutanix Guest Tool upgrade or installation is complete.

Reference

https://www.sonicwall.com/support/knowledge-base/how-to-manually-remove-virusscan-enterprise-8-5i/170503895199499/

Leave a Reply