McAfee 8.7i On Access Scan Disabled after install
Having set up a new PC and installed McAfee VirusScan Enterprise 8.7i (with or without Patch 1) every so often on different setups we find that it fails to start and reports the On Access Scan / Buffer Protection and Access Protection components are disabled. This failure to start is after rebooting the PC once the application has been installed.
If you check the McAfee services all are started except the McAfee McShield service which although is on Automatic fails to start.
Then checking Event Log we see the following error on the Vista PC's:
Log Name: Application
Source: McLogEvent
Event ID: 5004
Could not Contact Filter Drive. Error = 0x7d1 : The specified driver is invalid.
FIX:
To fix the above we found making the below changes to some registry keys did the trick.
1) Open Regedit
2) Navigate to HKLM\SYSTEM\CurrentControlSet\Services\
3) Find the ImagePath key for mfeapfk, mfeavfk and mfebopk
4) Edit the ImagePath to reflect the full path to the .sys file - this is usually just a case of adding c:\windows\ in front of the path.
5) Make this change for the 3 listed McAfee keys (mfeapfk/mfeavfk/mfebopk)
6) Start the McAfee McShield service
July 15th, 2009 - 03:28
You have done what no one else could. I’ve searched McAfee’s forums as well as countless others to no avail. Thank you for this terrific post.
Cheers!
August 7th, 2009 - 14:46
Great !!!! Thanks a lot
August 14th, 2009 - 13:21
Perfect fix! Many thanks.
September 9th, 2009 - 22:25
You are my hero. This works like a charm.
October 7th, 2009 - 18:46
Good stuff man. I work in IT and without help from nice folks like yourself, our jobs are impossible
November 3rd, 2009 - 11:29
Thanks a lot …perfect fix !!!
February 19th, 2010 - 13:19
I guess I’m the only one this doesn’t work for. When I start the McShield service, it immediately goes back to a ‘Paused’ state.
February 25th, 2010 - 17:23
I was struggling with this error for almost a year and now i found the solution. thank you !
April 6th, 2010 - 16:43
Charlie Spencer, if after making this registry fix McShield is still going back to Paused, try downloading and installing the latest SuperDAT from McAfee and see if that fixes it.