Heads Up: McAfee and Application Compatibility Toolkit Don’t Make Good Friends (for now)
Recently I was deploying a Application Compatibility Toolkit’s Data Collection Package to some key workstations to look for application behaviour that may experience issues on their new Windows 7 platform. Our testing went great and we thought everything was good to go for production so the change request was put in and we released the DCP to our target group.
The next day some tickets rolled into the the helpdesk describing issues with McAfee host intrusion protection detecting changes with Office and my gut reaction was “oh sure, blame the change”. But I did know that this could be a possible issue because ACT may appear as malware as it monitors the endpoint environment.
I quickly did some searching on the net and found reference to McAfee’s KB article 59837. Essentially signature 432 needs to be disabled in order to work around the issue and should be re-enabled once DCP data collection is finished. Because the status of this issue may change over time I recommend checking into McAfee’s knowledge base for the latest information but hopefully this blog entry prevents some of you getting a little egg on your face when trying to deploy ACT.