Disabling VirusScan Enterprise during troubleshooting

If a system problem occurs that could be related to processes VirusScan Enterprise is running, you can systematically disable VirusScan Enterprise functions until the system problem is eliminated. Or, at least you can eliminate VirusScan Enterprise as the cause of the problem.
CAUTION:
You must reconfigure or restore VirusScan Enterprise to have full malware protection again after troubleshooting.
Systematically disabling the VirusScan Enterprise functionality is separated into the following eight-step process:
  1. Disabling Buffer Overflow protection
  2. Disabling Access Protection
  3. Disabling ScriptScan
  4. Disabling On Access Scanning
  5. Disabling On Access Scanning then reboot
  6. Preventing MFEVTP from loading then reboot
  7. Renaming mfehidk.sys then reboot
  8. Removing the product then reboot

Each of these eight steps is described in the following sections. For option definitions in the VirusScan Console, click Help in the interface.

Disabling buffer overflow protection

Follow these steps to disable Buffer Overflow protection.
  1. From the VirusScan Console Task list, right-click Buffer Overflow Protection and click Properties.
  2. From the Properties dialog box, deselect Enable buffer overflow protection and click OK.
  3. Is the original system problem fixed by disabling Buffer Overflow protection:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to this feature.

Disabling access protection

Follow these steps to disable Access Protection.
  1. From the VirusScan Console Task list, double-click Access Protection to open the Access Protection Properties dialog box.
  2. Click Access Protection tab, deselect Enable access protection and click OK.
  3. Is the original system problem fixed by disabling Access Protection:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to VirusScan Enterprise.

Disabling ScriptScan

Follow these steps to disable ScriptScan.
  1. From the VirusScan Console Task list, right-click On-Access Scanner to open the On-Access Scan Properties dialog box.
  2. Click ScriptScan tab, deselect Enable scanning of scripts and click OK.
  3. Is the original system problem fixed by disabling ScriptScan:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to VirusScan Enterprise.

Disabling on-access scanning

Follow these steps to disable on access scanning.
  1. Disable Access Protection. From the VirusScan Console in the Task list, right-click Access Protection and select Disable.
  2. Change the McShield Services applet Start type to Disabled using the following:
    • Click Start | Control Panel | Administrative Tools | Services to open the Services applet.
    • In Services (Local), scroll down to McAfee McShield and right-click the name to open the McAfee McShield Properties dialog box.
    • Click the General tab, from the Startup type list, click Disabled, and click OK.
  3. From the VirusScan Console Task list, right-click On-Access Scanner and click Disable from the list that appears. The On-Access Scanner icon should change to include a circle with a slash to indicate the function is disabled.
  4. Is the original system problem fixed by disabling On Access scanning:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to this feature.

Disabling on-access scanning then reboot

Follow these steps to disable on access scanning and reboot.
Note: The following process assumes you have not re-enabled on access scanning after disabling it in the previous section.

  1. Perform a complete shut-down and reboot of the system.
  2. Is the original system problem fixed by disabling On Access scanning then rebooting:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to this feature.

Preventing MFEVTP from loading then reboot

Follow these steps to prevent McAfee Validation Trust Protection Service (MFEVTP) from loading and reboot the system:
CAUTION:
This section contains information about opening or modifying the registry.
  • The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
  • Before proceeding, McAfee strongly recommends backing up your registry and understanding the restore process. For more information, see: http://support.microsoft.com/kb/256986 .
  • Do not run a .REG file that is not confirmed to be a genuine registry import file.

  1. From the command line, type regedit to display the Registry Editor user interface.
  2. Navigate to the following Registry: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfevtp]
  3. In the right-hand pane, right-click Start and click Modify to display the Edit DWORD Value dialog box.
  4. Enter 4 in Value data and click OK.
  5. Is the original system problem fixed by preventing MFEVTP from loading then re
    booting:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to this feature.

Renaming mfehidk.sys file then reboot

Follow these steps to rename the mfehidk.sys file and reboot the system.
  1. Navigate to the mfehidk.sys file in the following folder, depending on your operating system:
    • For 32-bit operating systems — %windir%\System32\drivers
    • For 64-bit operating systems — %windir%\System64\drivers
  2. Change the file name from mfehidk.sys to, for example, mfehidk.sys.saved.
  3. Reboot the system to stop and restart VirusScan Enterprise without loading the mfehidk.sys file.
  4. Is the original system problem fixed by renaming the mfehidk.sys file then rebooting:
    • Yes — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution or contact McAfee Technical Support.
    • No — The original system problem was probably not related to VirusScan Enterprise.

Removing the product then reboot

Follow these steps to completely remove VirusScan Enterprise and reboot:.
  1. Remove the VirusScan Enterprise program files. Refer to the McAfee VirusScan Enterprise 8.8, Installation Guide for detailed instructions.
  2. Reboot the system to stop and restart the operating system without VirusScan Enterprise installed.
  3. Is the original system problem fixed by completely removing the VirusScan Enterprise program files and rebooting:
    • Yes — The original system problem was probably related to VirusScan Enterprise.
    • No — Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com and search for a solution, or contact McAfee Technical Support.

Disabling VirusScan Enterprise during troubleshooting