McAfee VSE cause Windows Update failure

Leave a comment

Q: McAfee VSE cause Windows Update failure. Or windows update process slower than usual on McAfee VSE or ENS Installed systems. How to fine tune McAfee and fix Windows Update failure?

Cause of Issue

Windows regularly check for updates and Install them if any available. Windows update services does read and write many files to perform update operation. McAfee VSE or ENS OnAccess Scanner (OAS) scans each and every I/O request due to which OS update operation become slow. Often it gets failed with timed out error.

Solution

The term “McAfee VSE cause Windows Update failure” is not correct. Actually McAfee OAS doing it work as expected. Rather I would say McAfee needs fine tuning. Lets see how. Treat Windows Update related files as trusted ones. So add them to OnAccess Scanner (OAS) exclusion. No worries, these files are still scanned by OnDemand Scanner (ODS). Hence security of the system is still preserved.

There are standard files should be considered for exclusion. Have provided such list with details below. In some cases excluding these standard files from OAS alone will not help. Need to analyze the system behavior and might need to exclude more files. Refer Review McAfee OAS behavior section to find those details.

Note: In any situation carefully review the exclusions before adding them. Because exclusions should be derived based on your security need and IT environment. Improper exclusions could potentially weaken your systems security strength.

McAfee OAS Files Exclusion

Windows Update or Automatic Update related files
?:\Windows\SoftwareDistribution\Datastore\Datastore.edb
?:\Windows\SoftwareDistribution\Datastore\Logs\Edb*.jrs
?:\Windows\SoftwareDistribution\Datastore\Logs\Edb.chk
?:\Windows\SoftwareDistribution\Datastore\Logs\Tmp.edb
Windows Security files
?:\Windows\Security\Database\*.edb
?:\Windows\Security\Database\*.sdb
?:\Windows\Security\Database\*.log
?:\Windows\Security\Database\*.chk
?:\Windows\Security\Database\*.jrs
?:\Windows\Security\Database\*.xml
?:\Windows\Security\Database\*.csv
?:\Windows\Security\Database\*.cmtx
Group Policy-related files
?:\ProgramData\NTUser.pol
?:\Windows\System32\GroupPolicy\Machine\Registry.pol
?:\Windows\System32\GroupPolicy\Machine\Registry.tmp
?:\Windows\System32\GroupPolicy\User\Registry.pol
?:\Windows\System32\GroupPolicy\User\Registry.tmp

McAfee OAS Process Exclusion

Setup a low-risk policy with no scanning on both read & write. Then add these two processes to that low-risk policy.

TiWorker.exe     
TrustedInstaller.exe

Review McAfee OAS behavior

Once above exclusions are applied to system, start testing it. Use the McAfee profiler tool to review the McAfee OAS behavior against system I/O request.

Refer this McAfee KB article to get the details and McAfee Profiler Tool – KB69683. Valid McAfee grant number needed to download the Profiler tool.

  • Start the McAfee Profiler Tool with 10mins duration and let it run
  • Start the Windows Updater and let it Install updates
  • Once the Profiler finished, review the output. See if there are any other files with high I/O count. If No, then windows update should be finished as expected.
  • Otherwise, review the high I/O count registered files carefully and add them to exclusion as well.

Reference

https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-runni

Did you come across similar Issue? Was the solution provided helped to fix it? Please write your suggestions and questions in comments sections. Thank You !!

Leave a Reply

Your email address will not be published. Required fields are marked *