I am using Windows XP Professional SP3
- McAfee SecurityCenter V9.15 Build 9.15.135 AffId 108
- VirusScan V13.15 Build 13.15.102 AffId 108
- Engine Version: 5301.4018
- DAT Version: 5797.0000
- Personal Firewall V10.15 Build 10.15.103 AffId 108
I have a problem with the following McAfee Security Center Feature:
(Quarantained Files) -> Restore\Files
Check box to select a file
Selection: I want to
...
...
Send to McAfee
I always receive the error message: "This item could not be sent to McAfee due to a network problem"
I monitored the involved processes via "Process Explorer" by SysInternals and found out the following
McAfee MISP Shell (V9.15.0126.0000) located at c:\Program Files\McAfee\MSC\mcshell.exe
tries to establish a TCP/IP Connection
From:MACHINENAME:4962
To: dalexwsavin1.avertlabs.com:smtp
I can ping "dalexwsavin1.avertlabs.com" (IP 205.227.136.235)
"smtp" is not a port, but I assume that this is only a display thing and that it means "port 25"
Windows FireWall
"mcshell.exe" Full Access
I even opened Port 4962 separately
Disabled Windows Firewall entirely, just for testing
Still the same error
McAfee Firewall
McAfee Firewall\Security Level = Standard
McAfee Firewall\System Services
HTTP (80), SSL (443), SMTP (25) are open
McAfee Firewall\Program Permissions
Except for the McAfee Uninstall do all McAfee Programs have full Access, including the "McAfee MISP Shell"
I disabled McAfee Firewall entirely, just for testing
Still the same error
DSL Router Firewall
I am connected to the Internet via AT&T U-Verse.
The DSL Routers Firewall Settings are set to "Maximum Security", however, I set it the DSL Router Firewall to "Allow all applications (DMZplus mode)" (open all ports) for the computer where I wanted to send files to McAfee from and tried to send a file again, but got the same error message again.
I basically had all firewalls off and exposed the computer openly to the Internet and McAfee Security Center was still unable to send a file to McAfee.
McAfee Virtual Technician
Found 2 Issues; 2 Registry Values:
Expected Registry Value not Present
Expected : 1
Existing : 0
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner\MCShield\Configuration ScanCookies
Expected Registry Value not Present
Expected : 1
Existing : 0
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner\MCShield\Configuration\Default dwMacroHeuristicsLevel
But those were not issues, because I disabled the check for Cookies (I work in Inet Advertising and don't like that you delete Non PII tracking cookies) and the Heuristic Scan (too much false positives, different issue for a different thread )
It did not find anything else wrong. I also searched the FAQ and could not find anything useful there either.
Any ideas what could be the problem? What services does the feature need? Are there any known special settings that could prevent it from working?
I appreciate any suggestions and ideas. Thank you very much.
This is a known issue and has been reported. If it has been quarantined you can send it in outside of SecurityCenter by following the procedures I posted in a link in my reply to your other thread.
I'm experiencing the same problem. When McAfee catches a virus, and I try to send it, I get the error message "This item could not be sent due to a network problem".
I was wondering if it is because one or more Windows services might need to be set to Manual or Automatic? There are several Windows services that affect Network Connections and Remote Access. Do you think this might be the problem?
Although we have reported it numerous times we never got a reason as to why it happens, unfortunately.
Meanwhile you can read how to send it in manually here: http://community.mcafee.com/message/92411#92411
I believe this is happening because some ISP's block outgoing email to servers other than thier own.
They do this to help stop spam.
To do it manually, you can use our website to submit your sample.
I hoped that sending stuff from within MY installation would help me to solve some of the false-positive issues.
For example. Imploder.DLL, a plug-in for the exe-UNpacker PEiD, which can be downloaded here http://www.peid.info/BobSoft/Plugins.html
VirusScan quarantined it because of an alleged infection with "Artemis!1C8C2A30DEFF0"
I sent it to WebImmune.net
Analysis ID: 5640213 https://www.webimmune.net/ViewAnalysis.asp?AnalysisID=5640213
Name Findings Detection Type Extra
imploder.dll inconclusive no
inconclusive [ imploder.dll ]
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an Avert Labs Researcher for further analysis. You will be contacted by AVERT through e-mail with the results of that analysis.
Aha, there it is inconclusive, but for my desktop version it is not. I hoped that by sending it from within SecurityCenter I could flag false-positives that VirusScan currently insists on to be NOT FALSE..
That was the second thread that I started here ( http://community.mcafee.com/thread/18821?tstart=0 (link fixed) ) at the same time, because the issues are related for me.
...
p.s. Why the heck is it using port 25 to begin with? Why not simply using HTTP... SSL secured if necessary?
Message was edited by: Carsten Cumbrowski on 11/15/09 10:09 PM
Message was edited by: Carsten Cumbrowski on 11/19/09 6:14 AMIt's March 2010 and this problem seems to persist. I tried sending the virus to McAfee, it came back with the 'network error'.
If the problem is so insurmountable how about removing the button since it doesn't work?
Is this message going to be read by the young lady in the photo - at the top of the page? I like to copliment her looks ... I'm dazzled.
That lady is an unknown model, so who knows?
This apparently is caused by ISP's restricting such traffic, or at least that was one reason given if I recall.
If McAfee has caught it it is known anyway. There are ways of submitting files outside of SecurityCenter.
Thanks for the prompt response and clarifying about the lady in the photo.
The McAfee virus scan results indicated one of my Windows files was modified but it's not clear if the modified file was restored into it's original state. Is there a way to find which file was modified and does McAfee indicate the file-name in a report or a log file somewhere?
I doubt that there is an easy way. In these cases it's better to contact Technical Support Chat and ask them to read the logs (they will explain how to upload them) - see the link under Useful Links at the top of this page.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: