In short, go to http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx and download the DAT file. The install switches are as follows:
Which seems much easier than following McAfee’s instructions here:
How to manually update the DAT files for VirusScan Enterprise 8.x
A user reported the following issue on Windows 7: 
As it turns out, the user had deleted the McAfee Anti-virus program directory. No mean feat in itself. Which in turn led to the error message above when the user logged on.
So I knew McAfee was probably the cause.
When McAfee AV installs, it replaces the registry entry for vbscript.dll with scriptsn.dll. When the user deleted the Mcfee directory, it deleted scriptsn.dll, which is why it couldn’t find the script engine.
The solution in this case, was to re-install Windows. Deleting the McAfee directory will cause other problems. Less desperate solutions can be found in these articles:
The sort of checks you might want to put into a “PC Health Check” script, for anti-virus program healthiness is as follows
CA eTrust
McAfee AV client / EPO
Microsoft Security Essentials
What’s this about recent?
In a corporate environment, I would define recent as anywhere from 4 –> 8 days. This is because most users turn “their” PCs off on Friday night, and turn the PC back on 3 days later (Monday). And people do go on holidays for at least a weeks duration …
CA eTrust has a utility called “SigCheck.exe”. It’s purpose is to display the current version of the eTrust anti-virus definition which is on the local PC.
From a command line, you run it like this:
Sigcheck.exe Vet
Sigcheck will then return the command signature version
Sigcheck Vet version: 37.0.9825(this was an eTrust AV version from 3 March 2012)
If you were to include the running of Sigcheck.exe into a “PC Health Check” type script, you’d have a quick way of determining whether anti-virus updates were reaching your fleet of PCs.
| asutil.exe | Imports subnet information into the ITM Server database. |
| compver.exe | Displays the version of all installed components. |
| eavdisc.exe | Causes a “free election” discovery to occur on the local subnet. |
| eAVreprt.exe | Runs silently to cause reports to be generated. |
| EnableLogs.exe | Turns logs on for CA Customer Support, for debugging purposes. |
| EnableWinICF.exe | Opens all required Windows firewall ports needs for CA eTrust to function. |
| ITMRT_SupportDiagnostics.exe | Diagnostic tool for eTrust Pest Patrol. |
| phonhome.exe | Causes the eTrust client to try and “phone home” to the eTrust policy server. Often this will resolve policy and update issues to be resolved. |
| polutil.exe | Imports and exports policies. |
Source: CA eTrust Implementation Guide – Utilities and Troubleshooting
Updated the
Well, if you didn’t receive emails with viruii attached, or surf to “dubious” websites, you wouldn’t get infected. For the rest of us, we would be looking at either Microsoft Security Essentials, or something which costs money.
Or you’re a corporate customer, who has “business” needs, you’ll be needing to spend money.
If for no other reason that most anti-virus prohibit the use of their “free” products in a commercial setting.
The following are the questions I ask myself when I’m looking at an anti-virus product.
Personal use.
For home use, I’d recommend Microsoft Security Essentials.
It was an Ed Bott article which got me to thinking, “just how many anti-virus false positives have I dealt with over the years?”. Six. A false positive is when your anti-virus product flags a non-virus file as being virus-infected.
| Number of false positive virus updates which impacted my customers? | 6 |
| Number of virus outbreaks which occurred, which the AV products missed? | 3 |
| Number of virus outbreaks actually prevented by an AV product? | 0 |
I’ve often thought that enterprise customers should pilot AV updates before inflecting them on their wider user community. I mean, what’s the point of having an AV product which effectively does more damage than an actual outbreak?
Here is the list of anti-virus updates I’ve seen which have caused some havoc for customers. It was longer than I thought it would be.
| AV product | Date | Product it killed | Customer impact |
| McAfee AV | April 2010 | Windows | Minor. We stopped it in time. |
| CA eTrust | September 2008 | Spybot S&D | Couldn’t use SpyBot as eTrust deleted the .exe |
| CA Pest Patrol | March 2005 | IBM SameTime | 20,000+ computers unable to use instant messaging product. |
| CA eTrust | January 2004 | Windows | Stopped Windows booting in two countries. |
| CA eTrust | December 2003 | WiseScript created utilities | Broke a number of software installations, and caused a logon error on 1,000+ computers. |
| Symantec Norton AV | November 2001 | InstallShield created software installs. | When trying to install a particular VPN product, Symantec said the install was “NIMBA”. Stopped a country-wide deployment for a week. |
The anti-virus product I use at home? Microsoft Security Essentials.
We had a problem with one of our SMS servers today, it was not processing DDR records.
All 19,000+ of them.
After some investigation, a co-worker found it was a corrupted DDR record which caused SMS to get stuck.
After we fixed it, SMS started processing them records at 1 DDR per seconds.
Let’s do the math, 19,000 records at 1 per second, is 60 DDR per minute; and 3600 per hour. It would take at 5 hours to process all those.
PLUS SMS was adding more DDR records, all the time.
Oh Bother it
Remembering that SMS Primary Sites run SQL Server, I wondered … … did we exclude the SQL Process from our AV program???
In short, no. Excluding SQLSERVR.EXE made a tiny difference. Adding SMSEXEC.EXE & CCMEXEC.EXE to the exclusion list made a HUGH difference.
We went from 1 record per second, to 5 records per second being processed.
We’re deploying the change to the rest of the SMS Server fleet, Tuesday.
Computer Associates used to recommend excluding particular processes and directories from eTrust anti-virus scanning. This, I found, was very important with Microsoft SQL Server, as it would cause a significant performance hit.
You would do this via setting the following registry keys, under HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\Realtime
szExcludeProcessNames
| Reason for exclusion | List of processes to be excluded, separated by "|" |
| Microsoft SQL Server | sqlserver.exe sqlservr.exe |
| Microsoft Exchange | store.exe |
| Microsoft SMS 2003 | SMSEXEC.EXE CCMEXEC.EXE |
| and some others … |