Procurve Manager and Mcafee nightmare!!!

Jonathan Axford
Trusted Contributor

Hi Guys,

This is typical, Just as i get everything running nice and smooth, McAfeee release a .DAT file for their AV software that deletes any suspect .exe files.

We have suffered on a few of our servers, One of them is the PCM2.0+ server. Below is a list of all the files it has deleted before we could stop it and replace the .DAT file.

The server still functions, but the traffic monitor appears to have stopped working, Will i need to re-install the software or is there anything else i can do???

File Name
C:\Program Files\Hewlett-Packard\PNM\Uninstall_HP ProCurve Manager\Uninstall HP ProCurve Manager.exe
C:\Program Files\Hewlett-Packard\PNM\server\sbin\JavaWrapper.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqlwatch.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqlshow.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqlimport.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqldump.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqlbinlog.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqlcheck.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysql.exe
C:\Program Files\Hewlett-Packard\PNM\server\mysql\bin\mysqladmin.exe
C:\Procurve Backup\mysql\bin\mysqlwatch.exe
C:\Procurve Backup\mysql\bin\mysqlimport.exe
C:\Procurve Backup\mysql\bin\mysqlshow.exe
C:\Procurve Backup\mysql\bin\mysqldump.exe
C:\Procurve Backup\mysql\bin\mysqlcheck.exe
C:\Procurve Backup\mysql\bin\mysql.exe
C:\Procurve Backup\mysql\bin\mysqladmin.exe
C:\Procurve Backup\mysql\bin\mysqlbinlog.exe
Matt Hobbs
Honored Contributor

I think there might be a repair option when you run the PCM installer now but I'm not 100% sure.

Doesn't McAfee Quarantine suspect files by default instead of delete?

As a last resort you'll have to restore those files from backup, reinstall PCM, or maybe you could install PCM on another machine and copy them over...
Frank Linger
Occasional Visitor

McAfee W95/CTX Quarantine File Restore Utility

CTXundo is a stand-alone utility that can be used to recover from the false alarm on W95/CTX that was introduced in the 4715 dat files. This tool will only recover files that were detected and then quarantined only with the VirusScan Enterprise products. It will not recover files that may have been deleted by any product or quarantined with VirusScan Online, Managed VirusScan or LinuxShield.
Sergej Gurenko
Trusted Contributor

Also make sure you disable integrated mini firewall (McAfee 8.0i)