McAfee Firewall Fix

Ok, I’m not a huge fan of McAfee, never have been, never will be, but to send out an update that takes users PCs off-line by blocking their internet access… really not a good move. A friend of mine was afflicted by this bug (caused if memory serves by updates contained in DAT 6807). The only option he had was to uninstall and then re-install… according to McAfee at least. I’ve just fixed his PC without removing the software. Read on for information on how to do this.

Firstly, let me make this clear, we tried the official McAfee approach as provided by their website. This advised us to use MVT to fix the problem… nice if you have MVT installed in the first place, if you don’t, well then it’s reboot in safe-mode with networking and hope the firewall isn’t loaded, which it is and so you are faced with the task of removing the software and re-installing from scratch, possibly having to resort to the use of MCPR (thats McAfee Program Remover for those of us who have the good sense not to use McAfee).

Here’s how to do it without uninstalling it. The only pre-requisite is that you have a user with administrative privileges and you can boot in safe mode with networking (Press F8 when the machine is starting up before the windows loader screen appears and select the ‘Safe mode with networking option). The admin privileges pre-requisite may not be needed if all you need to do is rename the driver file as outlined below, you can try using a user without but your mileage may vary.

  1. Start in safe mode with networking
  2. Log in as a user (preferably with administrative privileges)
  3. Using explorer, navigate to C:\Windows\System32\Drivers
  4. Rename MFEFIRE.SYS to _MFEFIRE.SYS
  5. Reboot
  6. Try surfing… if you can surf, right click the McAfee icon in the system tray and get it to check for updates
  7. When it’s completed doing it’s updates, check that the DAT version is no longer 6807 (this information can be found in the ‘About’ option I believe
  8. Assuming all is good and the DAT is no longer 6807 then you can rename _MFEFIRE.SYS back to MFEFIRE.SYS and reboot

That should be that… once rebooted, it should work fine. To just double check that everything is as it should be, go to the Start menu and click Run, put CMD in the box and press ENTER (I think Windows 7 users can just put CMD in the search box and press ENTER). You should be presented with a command prompt (a black box with white writing). Type SERVICES.MSC and press ENTER.

The service manager should be displayed, scroll down the list and make sure that the McAfee firewall services are running (there should be a number of different McAfee services running if all is well). You can also use this little trick to make sure the firewall isn’t running once you’ve renamed MFEFIRE.SYS out of the way.

I’ve literally just recovered a friends PC using this method (or something close to it – I also renamed the files related to the firewall services out of the way and I resorted to checking the system with MVT, but it couldn’t fix the ‘problems’ I’d made by renaming files). I should have made some detailed notes as I did it, but it wasn’t until I was walking home discussing the problem with my dad that I even thought about publishing the information on-line in case anyone else was still struggling with this issue. Apologies for that, but the essence of this is to get to a situation where the firewall can’t run or load, best as I can tell renaming the driver file is a sure fire way of stopping it working, so I think this should work.

Hope this helps someone, if you have questions/comments/useful feedback for others, feel free to leave a comment.

Leave a Reply

 

Bad Behavior has blocked 120 access attempts in the last 7 days.