I tried to get some progress on the McAfee issue from the other day today, so thought it might be fun to have a live support chat with them. The transcript below is the result, and not the most helpful of discussions I have ever had:
Please wait while we find a technician to assist you…
You are currently at position number 1 in the queue.
You have been connected to Support.
Support: Graham, thank you for contacting McAfee Online Support Center. How can I assist you with your McAfee software today?
Graham Chastney: The person who normally uses the PC is defined as a standard user and the update process insists on them needing to be an administrator to update.
Support:: Graham, I would be happy to clarify this.
Support: Have you previously contacted McAfee Technical support regarding this issue?
Graham Chastney: No
Support: Graham, you must be the Administrator user to update McAfee programs.
Support: This is a security feature. All users can not update McAfee.
Graham Chastney: But that’s ridiculous – especially for DAT files. Why would I want to log-on as the administrator every day.
Graham Chastney: Can’ I configure the update service to run as an administrator
Support: If all users are granted access to update McAfee, they will get access to all McAfee data and it can be a breach of security.
Graham Chastney: But it’s a breach of security for me to log-on as an administrator every day?
I completely fail to see how it can be a security feature to stop users updating their virus software. So Ian looks like you were wrong…perhaps it’s time for a bit of DIY.
Anyway, it shows how many people are running in least privilege – and it’s not many.
Discover more from Graham Chastney
Subscribe to get the latest posts sent to your email.
Graham Chastney 
Well, it’s possible, I suppose. I don’t recall it happening before, but you never know… 🙂
I think the support monkey may have been out of their depth when you said the word service
LikeLike
I’m glad to read that somebody else has faced this issue. I was trying to configure McAfee to do the right thing when non-administrative users log in, but I couldn’t. Now I see their software just doesn’t support non-administrative logins. Very lame.
LikeLike
I was successful in usurping the need to be logged in as the local domain administrator when running the update. Below are the contents of my command file. You need only replace ‘domain’ with the name of your local domain and ‘administrator’ with the name of the local administrator account-assuming you’ve changed the name of the administrator account like I have. Leave everything else AS IS.
runas /profile /env /user:domainadministrator “iexplore http://us.mcafee.com/apps/vso/en-us/vso10/default.asp?targeturl=/apps/vso/en-us/vso10/install.asp&affid=108&installtype=force&systempopup=true”
Oh yeah…I added “C:Program FilesInternet Explorer” to my ‘Path’ System Environment Variable so I could just call iexplore from the command line no matter where I was at the command prompt.
If McAfee changes the URL of the update site (or any of the arguments in the URL) this will fail. However, it should be easy enough to determine the new URL and simply update your command file.
Once again McAfee proves why it’s second best (if it’s even that good). I tried it because it was free w/Comcast. I already had a freebie from work (eTrust) which worked fine and updated FAR more smoothly. I’ll probably dump this turd in February when I buy Norton AV 2006.
LikeLike