Unlocking the MCAfee virusscan user interface (console), disable the Host Intrusion Prevention(IDS), Recover the Super Administrator password in MQM

Unlocking the MCAfee virusscan user interface (console) 


1) Boot to Safe Mode (continually press F8 on startup)
2) run regedit – locate DesktopProtection (location depends on your version) f.e. HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection
3) change UIPMode to 0 (zero)
-if you end just with this and reboot now – unlocked McAfee will be again locked after 15 minutes because of working EPolicy Orchestrator. If you want it to be unlocked forever, follow next steps.
4) locate HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\ePolicy Orchestrator\Application Plugins\VIRUSCAN8800
5) right click on it – press export to backup it, save .reg file somewhere on your disc
6) again right click VIRUSCAN8600 and click delete
7) repeate steps 4,5,6 for location HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8800
8) restart normally
9) open virusscan console – disable OnAccess scanner and also edit properties of the OnAccess scanner and choose: general->cancel checked checkbox “Enable OnAccess scanning at startup”
10)done


alternatevily:

1) Boot to Safe Mode (continually press F8 on startup)
2) run regedit – locate DesktopProtection (location depends on your version) f.e. HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection
3) change UIPMode to 0 (zero) and UIP="" (no value)
-if you end just with this and reboot now – unlocked McAfee will be again locked after 15 minutes because of working EPolicy Orchestrator.

4) Open the console, unlock it (no password is needed at this point) and change the password (no old password will be asked)
5)restart normally
6) Done

 

Source:http://weyland.be/wrdprss/index.php/2006/12/13/unlocking-the-mcafee-virusscan-user-interface/

Recover the Super Administrator password in MQM (McAfee Quarantine Manager 7.x, 6.0)

Specify the MQM Administrator email address in the Windows registry, then use the Forgot Password option to retrieve the MQM Super Admin user password.
  1. Set the MQM Administrator email address:

    1. Click Start, Run, type regedit and click OK.
    2. Navigate to and select the following registry key:

      [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Quarantine Manager\Emergency Resource]

       
    3. In the right pane, double-click AdminEmail.
    4. Specify the email address for the MQM Administrator. This must be a valid mailbox in Active Directory (AD).
    5. Specify the IP address of the SMTP server. 
    6. Close the registry editor.

       
  2. Use the Forget Password option: 

    1. Launch the Quarantine Manager Administrator User Interface and click Forgot Password.
    2. Type the email address specified above.
Source: https://kc.mcafee.com/corporate/index?page=content&id=KB60287


How to disable the Host Intrusion Prevention(IDS) Mcafee disable self-protect mode


Due to agent self protection, the Host Intrusion Prevention client cannot be uninstalled using Add or Remove programs or by manually stopping the McAfee Host Intrusion Prevention service while IPS protection is enabled. 
Solution 1
If the Host Intrusion Prevention clientUI default unlock password has not yet been changed, disable the Host Intrusion Prevention client manually by unlocking the Host Intrusion Prevention client UI tray: 
  1. Click Start, Run, type explorer and click OK.
  2. Navigate to: C:\Program Files\McAfee\Host Intrusion Prevention\
  3. Double-click McAfeeFire.exe.
  4. Click Task, Unlock User Interface.
  5. Type the unlock code, and select Administrator Password.
    NOTE: By default, the unlock code is abcde12345
  6. After the user interface is unlocked, click the IPS Policy tab. 
  7. Deselect Enable Host IPS and Enable Network IPS. (The Firewall Policy can be disabled on its own tab.)
  8. Select Task, Exit.
Solution 2

If the default unlock password has been changed, start the client in Windows Safe Mode and disable the Host Intrusion Prevention agent service. 
  1. Start the client in Safe Mode. For details about Safe Mode, refer to Microsoft Support at: http://support.microsoft.com
  2. Click Start, Run, type services.msc and click OK.
  3. Double-click the McAfee Host Intrusion Prevention Service to open the service properties.
  4. Select Disabled under Startup type.
  5. Restart the client in Normal Mode.
  6. Click Start, Run, type regedit and click OK.
  7. Navigate to and expand the following key:
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall]
  8. Locate the GUID for the installed version of Host Intrusion Prevention.
  9. Run the uninstall string value to remove the client

Source: http://kmit4u.blogspot.co.uk/2011/04/how-to-disable-host-intrusion.html


See also https://community.mcafee.com/thread/23642 if something goes wrong with this