Endpoint Protection

 View Only

  • 1.  whitelisting program interferes with liveupdate

    Posted Feb 13, 2014 02:27 PM

    I am running McAfee Solidifier (aka Solidcore) and it is interfering with SEP LiveUpdates. I am looking for a list of files/directories that need to be added to the whitelist to make it operational.

    OS: XP and 7
    Running SEP 12.1.671.4971

    Thanks!!



  • 2.  RE: whitelisting program interferes with liveupdate
    Best Answer

    Posted Feb 13, 2014 02:29 PM

    Is solidifier blocking access to symantec registry?

    You need to create exceptions based on the events found in event viewer, what files are blocked as of now?

     



  • 3.  RE: whitelisting program interferes with liveupdate

    Posted Feb 13, 2014 02:30 PM

    Interfering how? What's being blocked?

    One location is here

    C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Lue



  • 4.  RE: whitelisting program interferes with liveupdate

    Posted Feb 13, 2014 04:00 PM

    Thanks for all your responses. Below are a couple lines of the Solidifier logging. Most of the denied acces seems to be around ccSvcHst.exe. I'll whitelist that one and then test. Thanks again.

    ERROR: evt.c       : 1216: McAfee Solidifier prevented unauthorized execution of 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20140212.033\ECMSVR32.DLL' by process C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Process Id: 1780, User: NT AUTHORITY\SYSTEM).
     
    SYSTEM: cctl_kern.c : 1470: Process '\Device\HarddiskVolume1\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe' tried to launch '\Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20140212.033\ECMSVR32.DLL' which has been DENIED EXECED. Exec perms = 0
     
    ERROR: evt.c       : 1216: McAfee Solidifier prevented unauthorized execution of 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20140213.001\IDSxpx86.dll' by process C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Process Id: 1780, User: NT AUTHORITY\SYSTEM).


  • 5.  RE: whitelisting program interferes with liveupdate

    Posted Feb 13, 2014 04:13 PM

    Please add that and also SEPliveupdate.exe, this is needed if you run Liveupdate manually on the client

    ccsvchst.exe is the enginee which process the liveupdate

     



  • 6.  RE: whitelisting program interferes with liveupdate

    Posted Feb 13, 2014 05:03 PM

    Add SepLiveupdate.exe:

    About SepLiveUpdate.exe

    Article:TECH162235  |  Created: 2011-06-14  |  Updated: 2011-07-25  |  Article URL http://www.symantec.com/docs/TECH162235