Tags

, , , ,

I had this computer that was in for malware removal.  I had clean it mostly up before having a few days off.  When I came back, they were trying to an OS reload on it because it was BSoDing from TDSS and they could not be bothered to fix it.  So I removed TDSS, thus fixing the BSoD during boot, which was 0x0000007B.  I got the rest of the OS clean up and was finishing verification when I noticed Mcafee would not scan and the Mcafee firewall would not start.  

I fixed the not scanning issues by turning the Mcafee services back during boot — I had turned them off during a clean boot.  However, the firewall would still not start, nor was it throwing any helpful errors about the problem.  A quick search of the Mcafee help site did not reveal anything more helpful, than reload the product.  I started poking around the services, on a hunch, when I noticed the Windows Firewall service (MpsSvc) was missing.  I figured, might as well fix this while I think about the Mcafee firewall problem.  I reinstalled the service by importing the registry values from a known good machine.  After an import and reboot, the Mcafee firewall magically started up.  Turns out the Mcafee firewall depends on the Windows firewall service.  

You can query to service for existance by using the command line:

sc query MpsSvc

If you get “The specified service does not exist as an installed service,” then the Windows Firewall service will need to be reinstalled; also, it can be check by looking through the Services tree in Computer managment.  

Here is the text from the .reg file for CurrentControlSet or direct download

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMpsSvc]

"DisplayName"="@%SystemRoot%\system32\FirewallAPI.dll,-23090"

"Group"="NetworkProvider"

"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00, 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73, 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00, 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63, 00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00

"Description"="@%SystemRoot%\system32\FirewallAPI.dll,-23091" "ObjectName"="NT Authority\LocalService" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020

"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00, 65,00,00,00,00,00 "ServiceSidType"=dword:00000003

"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50, 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00, 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75, 00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00, 00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69, 00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00, 53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61, 00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00, 65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50, 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00, 6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50, 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00, 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMpsSvcParameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f, 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00, 6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMpsSvcParametersPortKeywords]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMpsSvcSecurity] "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02, 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00, 00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00, 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00, 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00, 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00, 00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2, 0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00, 00,00,00,05,12,00,00,00

 

Advertisements