Need to disable mcsheild.exe so I can run ComboFix

How can I disable mcsheild.exe from starting up. I have tried the services and msconfig and I get an error when trying to stop it. I know it is a protection setting in there software so no other malware turns it off, but I need to run ComboFix to make sure the system is clean. Should I just run it anyways with Mcsheild.exe active?  I have disabled all other services in Mcafee.
Who is Participating?
Rant32Connect With a Mentor Commented:
torimar is probably right with post #33489998 (disable Access Protection)

However, I have encountered situations where McAfee VSE blocked configuration attempts despite of being completely disabled.

For example, configuring a 2003 Server with Security Configuration Wizard. Applying the policy fails when VSE is installed in the default configuration. I have to completely remove VSE to be able to apply the SCW policy.
Try this:

There are instructions for a lot of different AV's
Hit CTRL+ALT+DEL, click the 'Processes' tab, select 'mcshield.exe' in the process list, and select 'End process'.

The new generation of project management tools

With’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.


After terminating the McShield process in the task manager, you are of course free to disable the McShield service:
Start > Run > services.msc

But that will only affect Windows after a restart, whereas the service's currently running instance (interfering with Combofix when you would run it now) has already been aborted by the task manager.
calitechAuthor Commented:
Access denied if i try and end task.
if like that, u have to get admin right first before kill the mcafee..

are you administrator of the pc's?
Mohammed HamadaSenior IT ConsultantCommented:
You can't end end the mentioned task becoz it has some integrated Dlls along with it and you have to terminate all these processes to successfully end it.

"mcshield.exe" is the McAfee On-Access Antivirus Scanner from Network Associates, Inc. It monitors your computer's processes, files and registry to attempt to detect and prevent virus infection.

So I would say in this case that Mcshield is a process and service in the same time which as a service has other dependencies which you will have to stop as well.

Mohammed HamadaSenior IT ConsultantCommented:
Try using autoruns to stop it if nothing worked, Or as a last resort you could uninstall Mcafee run combofix then reinstall it.
Start > Programs > McAfee > VirusScan Console.
Right-click 'Access Protection' and select 'Properties'.
Deselect 'Prevent McAfee services from being stopped'.
Click 'Apply'.
Close the VirusScan Console.

Then disable the service or end the task.
What version of mcafee?
First, stop the McAfee Framework Service. This is especially important if your system is managed by ePolicy Orchestrator or Protection Pilot, since the McAfee Agent will reset Access Protection settings and restart the McShield Service every time it enforces policies (every 5 minutes by default).

Then, you need to disable the McShield.exe service from the VirusScan Enterprise console. Open the console, double-click Access Protection Settings, deselect Prevent McAfee Services from being stopped and click OK.

Now you have services stopped. Are you going to scan the system with a third party tool? You have some other options as well:

Enable Artemis technology in the On-Access Scanner Properties (available only in VSE 8.7)
You can also use the VirusScan Enterprise Command-Line scanner along with the latest SuperDAT, depending on the McAfee Suite you are using.

Uhm, well, the best of luck.
Try this to disable McAfee shield: (credit to b0lsc0tt)

Open McAfee Security Center, go to the Advanced menu, click on 'Configure'
and then run through "computer and files", "internet", and "email and IM" categories;
in each on there is a manual option to turn off the protection (click the off bubble).
calitechAuthor Commented:
Sorry, nothing worked and I just used Mcafee's removal tool to remove it.
Post #33508942 suggests removing VirusScan completely, because it can block configuration attempts despite being disabled. Do not agree with the points distribution.
calitechAuthor Commented:
Close enough
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.