Solved

Need to disable mcsheild.exe so I can run ComboFix

Posted on 2010-08-20
16
2,496 Views
Last Modified: 2013-12-09
How can I disable mcsheild.exe from starting up. I have tried the services and msconfig and I get an error when trying to stop it. I know it is a protection setting in there software so no other malware turns it off, but I need to run ComboFix to make sure the system is clean. Should I just run it anyways with Mcsheild.exe active?  I have disabled all other services in Mcafee.
0
Comment
Question by:calitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +6
16 Comments
 

Expert Comment

by:djhayu
ID: 33489661
Try this:

http://www.bleepingcomputer.com/forums/topic114351.html

There are instructions for a lot of different AV's
0
 
LVL 35

Expert Comment

by:torimar
ID: 33489662
Hit CTRL+ALT+DEL, click the 'Processes' tab, select 'mcshield.exe' in the process list, and select 'End process'.

0
 
LVL 35

Expert Comment

by:torimar
ID: 33489719
ps:

After terminating the McShield process in the task manager, you are of course free to disable the McShield service:
Start > Run > services.msc

But that will only affect Windows after a restart, whereas the service's currently running instance (interfering with Combofix when you would run it now) has already been aborted by the task manager.
0
Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

 

Author Comment

by:calitech
ID: 33489728
Access denied if i try and end task.
0
 
LVL 1

Expert Comment

by:austchipmunk
ID: 33489958
if like that, u have to get admin right first before kill the mcafee..

are you administrator of the pc's?
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 33489988
You can't end end the mentioned task becoz it has some integrated Dlls along with it and you have to terminate all these processes to successfully end it.

"mcshield.exe" is the McAfee On-Access Antivirus Scanner from Network Associates, Inc. It monitors your computer's processes, files and registry to attempt to detect and prevent virus infection.

So I would say in this case that Mcshield is a process and service in the same time which as a service has other dependencies which you will have to stop as well.

0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 33489997
Try using autoruns to stop it if nothing worked, Or as a last resort you could uninstall Mcafee run combofix then reinstall it.

http://www.filehippo.com/download_autoruns/
0
 
LVL 35

Expert Comment

by:torimar
ID: 33489998
Start > Programs > McAfee > VirusScan Console.
Right-click 'Access Protection' and select 'Properties'.
Deselect 'Prevent McAfee services from being stopped'.
Click 'Apply'.
Close the VirusScan Console.

Then disable the service or end the task.
0
 
LVL 22

Expert Comment

by:optoma
ID: 33490762
What version of mcafee?
0
 
LVL 4

Expert Comment

by:AimToPlease
ID: 33490946
First, stop the McAfee Framework Service. This is especially important if your system is managed by ePolicy Orchestrator or Protection Pilot, since the McAfee Agent will reset Access Protection settings and restart the McShield Service every time it enforces policies (every 5 minutes by default).

Then, you need to disable the McShield.exe service from the VirusScan Enterprise console. Open the console, double-click Access Protection Settings, deselect Prevent McAfee Services from being stopped and click OK.

Now you have services stopped. Are you going to scan the system with a third party tool? You have some other options as well:

Enable Artemis technology in the On-Access Scanner Properties (available only in VSE 8.7)
You can also use the VirusScan Enterprise Command-Line scanner along with the latest SuperDAT, depending on the McAfee Suite you are using.

Uhm, well, the best of luck.
0
 
LVL 12

Accepted Solution

by:
Rant32 earned 250 total points
ID: 33508942
torimar is probably right with post #33489998 (disable Access Protection)

However, I have encountered situations where McAfee VSE blocked configuration attempts despite of being completely disabled.

For example, configuring a 2003 Server with Security Configuration Wizard. Applying the policy fails when VSE is installed in the default configuration. I have to completely remove VSE to be able to apply the SCW policy.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 33518502
Try this to disable McAfee shield: (credit to b0lsc0tt)

Open McAfee Security Center, go to the Advanced menu, click on 'Configure'
and then run through "computer and files", "internet", and "email and IM" categories;
in each on there is a manual option to turn off the protection (click the off bubble).
0
 

Author Comment

by:calitech
ID: 33583077
Sorry, nothing worked and I just used Mcafee's removal tool to remove it.
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33584377
Post #33508942 suggests removing VirusScan completely, because it can block configuration attempts despite being disabled. Do not agree with the points distribution.
0
 

Author Closing Comment

by:calitech
ID: 33588294
Close enough
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question