• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2621
  • Last Modified:

Need to disable mcsheild.exe so I can run ComboFix

How can I disable mcsheild.exe from starting up. I have tried the services and msconfig and I get an error when trying to stop it. I know it is a protection setting in there software so no other malware turns it off, but I need to run ComboFix to make sure the system is clean. Should I just run it anyways with Mcsheild.exe active?  I have disabled all other services in Mcafee.
0
calitech
Asked:
calitech
  • 3
  • 3
  • 2
  • +6
1 Solution
 
djhayuCommented:
Try this:

http://www.bleepingcomputer.com/forums/topic114351.html

There are instructions for a lot of different AV's
0
 
torimarCommented:
Hit CTRL+ALT+DEL, click the 'Processes' tab, select 'mcshield.exe' in the process list, and select 'End process'.

0
 
torimarCommented:
ps:

After terminating the McShield process in the task manager, you are of course free to disable the McShield service:
Start > Run > services.msc

But that will only affect Windows after a restart, whereas the service's currently running instance (interfering with Combofix when you would run it now) has already been aborted by the task manager.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
calitechAuthor Commented:
Access denied if i try and end task.
0
 
austchipmunkCommented:
if like that, u have to get admin right first before kill the mcafee..

are you administrator of the pc's?
0
 
Mohammed HamadaSenior IT ConsultantCommented:
You can't end end the mentioned task becoz it has some integrated Dlls along with it and you have to terminate all these processes to successfully end it.

"mcshield.exe" is the McAfee On-Access Antivirus Scanner from Network Associates, Inc. It monitors your computer's processes, files and registry to attempt to detect and prevent virus infection.

So I would say in this case that Mcshield is a process and service in the same time which as a service has other dependencies which you will have to stop as well.

0
 
Mohammed HamadaSenior IT ConsultantCommented:
Try using autoruns to stop it if nothing worked, Or as a last resort you could uninstall Mcafee run combofix then reinstall it.

http://www.filehippo.com/download_autoruns/
0
 
torimarCommented:
Start > Programs > McAfee > VirusScan Console.
Right-click 'Access Protection' and select 'Properties'.
Deselect 'Prevent McAfee services from being stopped'.
Click 'Apply'.
Close the VirusScan Console.

Then disable the service or end the task.
0
 
optomaCommented:
What version of mcafee?
0
 
AimToPleaseCommented:
First, stop the McAfee Framework Service. This is especially important if your system is managed by ePolicy Orchestrator or Protection Pilot, since the McAfee Agent will reset Access Protection settings and restart the McShield Service every time it enforces policies (every 5 minutes by default).

Then, you need to disable the McShield.exe service from the VirusScan Enterprise console. Open the console, double-click Access Protection Settings, deselect Prevent McAfee Services from being stopped and click OK.

Now you have services stopped. Are you going to scan the system with a third party tool? You have some other options as well:

Enable Artemis technology in the On-Access Scanner Properties (available only in VSE 8.7)
You can also use the VirusScan Enterprise Command-Line scanner along with the latest SuperDAT, depending on the McAfee Suite you are using.

Uhm, well, the best of luck.
0
 
Rant32Commented:
torimar is probably right with post #33489998 (disable Access Protection)

However, I have encountered situations where McAfee VSE blocked configuration attempts despite of being completely disabled.

For example, configuring a 2003 Server with Security Configuration Wizard. Applying the policy fails when VSE is installed in the default configuration. I have to completely remove VSE to be able to apply the SCW policy.
0
 
rpggamergirlCommented:
Try this to disable McAfee shield: (credit to b0lsc0tt)

Open McAfee Security Center, go to the Advanced menu, click on 'Configure'
and then run through "computer and files", "internet", and "email and IM" categories;
in each on there is a manual option to turn off the protection (click the off bubble).
0
 
calitechAuthor Commented:
Sorry, nothing worked and I just used Mcafee's removal tool to remove it.
0
 
Rant32Commented:
Post #33508942 suggests removing VirusScan completely, because it can block configuration attempts despite being disabled. Do not agree with the points distribution.
0
 
calitechAuthor Commented:
Close enough
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 3
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now