What to do about password-protected files (related to McAfee?)


I'm sorry if I've missed this in a recent post, but my search didn't find anything recent specifically related to this.


My installation of Antivirus Plus is reporting password-protected files not being scanned.  An example from a recent system scan log:


Item path                                                                                                         Reason:                          Action taken 

C:\Windows\MFGSTAT.zip=>OS/Windows/Logs/DPX/setuperr.log    Password-protected    Not scanned(file was password-protected)


Most, if not all, of these files involve MFGSTAT.zip and I've read in other forums that this is related to McAfee Security products. My new laptop did come with a trial of McAfee, but I uninstalled it (via Windows) before installing BD AV Plus. I followed some advice to run a McAfee software removal utility, but these password-protected files persist.


Any ideas what's going on and if there's a solution?


Thanks,


MarkR

Comments


  • Hello /index.php?/profile/217436-mark-ritter/&do=hovercard" data-mentionid="217436" href="<___base_url___>/index.php?/profile/217436-mark-ritter/" rel="">@Mark Ritter,


    The password-protected items are not infected files. They are archives which require a password so that they can be opened and scanned for malware. If Bitdefender or any other security solution finds such archives while scanning, you will be prompted to enter their password, otherwise the scanning is not possible.

    Most commonly, password-protected items are:


    - Files that belong to another security solution.


    - Files that belong to the operating system.


    Should the files be extracted from the password-protected archives, the On-access scanning from Bitdefender would automatically scan them.


    Regarding your question, it is possible that even if you uninstalled McAfee solution, there are still some remains on your device. You can use the uninstall tool from the link below to remove McAfee from your device:


    http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp


    Thank you!



  • 7 minutes ago, Anisoara S. said:



    Regarding your question, it is possible that even if you uninstalled McAfee solution, there are still some remains on your device. You can use the uninstall tool from the link below to remove McAfee from your device:


    http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp



    Thanks for the feedback, Annie.  I've tried that MCPR tool several times already, but the files persist.


    Do you know if I should I be able to delete the MFGSTAT archive and if it would be safe to do so?  Alternatively, I suppose I could add it to the scan exception list.  But, I'd rather they not be there at all if they aren't needed.


  • Hello,


    You can try and remove the mentioned archive.


    Otherwise, you can try the tool attached to this response , in order to remove the remains of McAfee from your device:


    1. Download, unzip and run as administrator the attached file ( wsc.exe)

    2. You will see there in the window that will appear multiple entries, leave the entry {D68DDC3A...}  which represents Windows Defender and the entry {0E17DBD7D} for Bitdefender the rest of the entries you can verify by double-clicking on them to see the name of the app in Path and DisplayName

    3. Delete the other name of the antivirus program from the list ( do not delete Windows Defender - {D68DDC3A...} and Bitdefender - {0E17DBD7D}).


    Thank you and have a nice day!


    /applications/core/interface/file/attachment.php?id=19487" data-fileExt='rar' data-fileid='19487'>wsc.rar


  • My apologies for not closing this out earlier...



    On 9/17/2019 at 8:15 AM, Anisoara S. said:



    ...you can try the tool attached to this response , in order to remove the remains of McAfee from your device:


    1. Download, unzip and run as administrator the attached file ( wsc.exe)...



    I ran this tool, but it didn't show anything related to McAfee.  I've since deleted the MFGSTAT archive and have had no apparent issues.


    Thanks again for the help!


    MarkR


     

  • I have a new laptop and I have the MFGSTAT.ZIP file that's also password protected. When I ran my initial scan using Bitdefender I was surprised that this type of file exists.

    If you look at the contents of the file you will see from the file names that it contains the manufacturer's "unique" software used to setup a Windows PC e.g. my PC uses an AMD graphics driver and also came preinstalled with McAfee S/W. The file is password protected and is used during the initial setup of Windows. One interesting fact is that the manufacturer uses a "random" (unique) code to generate the password so there is no single password for opening the file - it also means that it can't be opened again.

    I've since switched to the Bitdefender products and have no need for McAfee S/W on my PC. FWIW, The file is not required for the operation of Windows but does contain the software used for installing it. I have two methods for restoring my laptop - using a hidden partition and restoring from a USB key that contains all the Windows setup files as recommended by the manufacturer.

    There is an option in Bitdefender to not open archive files or to not open them if they are above a particular size. This might seem like a security risk until you realise that on opening the file, it will be scanned for viruses. There are Pros and Cons to any action performed on a Windows PC and users have been deleting this file without any issues. It might be a good idea to copy it to another media before manually deleting it. Another option would be to put it in the "trash" and later delete it, when you are sure it's not needed.

    Simon

  • DSperber
    DSperber ✭✭✭

    From another perspective, I have BD Total Security 2020 and scans may run into password protected files associated with anything. In my case there is a password protected file contained (in \ProgramDada) with the set of files that are part of the DVDFab 5 media player.

    The real problem is that anytime a scan encounters one of these password protected files, it prompts for you to enter that password (or (a) reply to bypass the scan of this current file, or (b) reply to bypass this any subsequent password protected files during the current scan) before proceeding. If you have scans scheduled to run automatically (say in the middle of the night, while the PC is unattended) the prompt window remains present on the screen awaiting one of the three possible responses until SOMETHING is actually entered. That prompt can remain on the screen for hours (or days or more!) until somebody responds to the prompt. Just silliness.

    There needs to be an option in "settings" to just automatically skip these password protected files, if that's what you want to do. It's no worse than if you reply "bypass this file" or "bypass this file plus an"other files" to the prompt. And if you actually do want to have the scan look inside these password protected files, then you would not check this option but would also schedule the scan to run during "daylight hours" when you are there in order to provided the password in a timely manner so that the scan can then continue and eventually finish in reasonable time. You wouldn't schedule the scan to run unattended overnight while you're sleeping.

    I have reported this issue in my own separate thread here, and the BD team response was "good idea... passed on to development for consideration". That was a long time ago, and so far nothing has come of it. I feel strongly (as I'm sure you do) that some improvement in the product is really needed to overcome this nonsense. The prompt shouldn't really remain on the screen for 8 hours, holding up the scan for that long... when I am willing to simply ignore looking inside of all of these password protected files, and would like to indicate as such either in (a) a new settings option, or (b) a new checkbox in the prompt itself, letting me "remember my option and bypass all password protected files in the future".

  • DSperber
    DSperber ✭✭✭

    As has happened several times before, the development team seems to have fixed the issue and rolled it out automatically in an engine update (I suppose) or possibly a product update (could be as well).

    After having uninstalled BitDefender Total Security 2020 in early March as part of my pursuit of the problem culprit software responsible for several issues I was having in both of my Win7 HTPC machines, I finally decided that the culprit was in fact MalwareBytes Premium, which I also had uninstalled in early March (reverting simply to Microsoft Security Essentials, and observing problem-free behavior for the past six weeks). I had been running both MBAM and BitDefender (excluding each from the other) which should have worked (certainly seems problem-free on all my Win10 machines), but maybe there is some subtle incompatibility in Win7.

    So tonight I decided to uninstall MSE and reinstall BitDefender, hoping (and expecting) that I would still be problem-free since I was not going to be reinstalling MBAM any longer. And so far I am still problem-free (which is a good thing). Latest product/engine updates 4/18/2020, build 24.0.16.95, engine 7.84338.

    However I just finished running a complete "custom system scan" I created, and was surprised to see that there were 485 password protected files that were encountered. However unlike previous experience the presence of password protected files no longer held up the scan awaiting my input of the password. This was the essence of my ticket from several months ago, suggesting that they perhaps just ignore password protected files rather than waiting indefinitely long for entry of a password that simply may never come for many hours, if at all, or alternatively input of the "ignore all" option again after many many hours of waiting.

    Apparently the scan tonight simply ignored all of them, as I had suggested was a better approach. And there was a message box, with a "learn more about it" link. I clicked on it to learn that they are now ignoring these files, but of course will scan the contents if they are ever extracted.

    Excellent!

    If only they'd sent me an email on the ticket that they had implemented a solution and therefore the ticket should be marked "resolved and closed". Seems like an appropriate action, so that I would know to look for a proper working solution or maybe something still not quite right. Anyway, in this case it now appears to be working acceptably.

  • DSperber
    DSperber ✭✭✭

    Well, I think I rushed to judgement here.

    Turns out this issue is still unresolved after all. Not fixed.

    System Scan still gets hung up on a password protected file waiting for my reply, and can sit there for hours or days with the scan simply suspended until I happen to come to the PC eventually and check the "skip all password protected files" button and OK. Then it proceeds and finishes.

    It should "remember" (or offer me a checkbox to "remember" this for all future scans, and to never ask me again) my choice here. Or, there should be a new setting in "manage scans" to let me force ignoring password protected files when configuring my system scen.

    Even worse, when I configure my system scan I actually have un-checked (i.e. ignored) the folder in which the problem password-protected file resides. But this seems to have had ZERO EFFECT. Obviously this folder must still have been scanned (even though I un-checked it so that it would NOT GET SCANNED) in order for the password-protected file to have triggered the symptom.

    All of this was reported in my ticket. But it looks like nothing at all has been done on my ticket. And the problem persists, unfixed... and super-annoying, to all of us.