Here is my year-old experience with McAfee & Clean Access (4.0.4 & 4.0.5 at that time).
There are 3 different valid definition date formats in the registry for McAfee. Clean Access did not recognize all the valid formats. I verified this with McAfee ^ Cisco TAC at that time. Our problem then was with McAfee Enterprise 8.0 Our workaround at that time was to install 8.5. We have since changed to Microsoft Forefront as our supported AV / AS solution. In our case, McAfee reported the correct version & date, though. Bruce Osborne Liberty University -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of ResNet-Info Sent: Monday, March 10, 2008 9:41 AM To: [email protected] Subject: [CLEANACCESS] Strange WinXP & CCA 4.1.2 issue (VirusScan defs) I have a weird one here and need some ideas. A student has Windows XP Pro SP2, and passes all the Windows Critical Update checks. She also has VirusScan Enterprise 8.5 installed with the latest SuperDATs (5245 when I worked on the PC). The VirusScan DAT files are the same files for the 4245 DATs as on another computer, so they appear to be ok. When you install Clean Access 4.1.2.1 (or 4.1.2.2 - both have the same behavior), the computer passes all the checks fine (Windows Critical Updates, Windows Update set to Automatically download & install, VirusScan is installed, VirusScan is up to date). After the computer restarts, Clean Access fails, saying the definitions are 5229 from 2/13/2008. The VirusScan definition files are the same as another PC running the 5245 DATs, the registry says it has the 5245 DATs, and I can't find 5229 DATs or the 2/13 date anywhere on the computer. If I do a reinstall (which does a Repair Install) of the Agent, the computer passes again. I also ran Process Monitor to see what the Agent is checking and requesting, and when it does a registry read for the SuperDAT info, it does indeed pickup the 5229 DAT info, but if I go to that same location in the registry using regedit, it shows 5245. After doing a reinstall/repair of the Agent (not doing a thing to VirusScan) without a restart, Process Monitor shows the registry read as 5245 again. The computer has almost no startup items (I disabled all of them and no change, so I turned a few back on), and we ran SpyBot 1.5 with updated definitions and didn't find anything. Smitfraud and VundoFix didn't find spyware either. There are no obvious signs of spyware on the computer (no weird installed programs, popups, etc.) I tried rolling back the SuperDATs to 4244 which didn't help. I tried running the SuperDAT for 4245 in case they were corrupt, no help. I even did a manual uninstall of VirusScan and the CCA Agent, but the problem persists. We're not moving to 4.1.3 anytime soon, so that's out as an attempt. Any ideas? Doug Chudzik ResNet Manager Wellesley College
