Thursday, August 15, 2013

Today we have applied all the new patches from Microsoft.  We ran into some problems because of our security stack on the host end points.  We are running Windows 7 and Server 2008 R2 systems as well as other Operating Systems.  

The problem came into existence when MS13-063 (2859537) was deployed to windows systems running mcafee application control.  It exists because there is a problem with McAfee Solidcore 6.1 and 6.0.1 and the patched Windows kernel.  When memory protection is turned on all our applications and services that aren't part of the core operating system fail upon reboot.

We have a temporary fix to work around the problem while McAfee works on a permanent fix.  

Step 1:
Go into ePO console and turn off 3 solidcore features.

Select Policy Catalog > Application Control > Windows Options > Features

Uncheck memory protection and the 2 sub check boxes

save the policy

Step 2: This fixes the broken systems

Log into the system being affected
Click start > programs > McAfee > Solidifier > McAfee solidifier command line
change directory to c:\program files\mcafee\solidcore
run passwd command and enter the solidcore password to unlock solidcore
run sadmin recover
run sadmin features disable mp
run sadmin features disable mp-nx
run sadmin features disable pkg-ctrl

reboot the system

all applications and services should come back online