Recent Posts

Topics

Archives


« | Main | »

McAfee 8.7i, Error = 0x7d1 : The specified driver is invalid

By Jesse | January 5, 2009

In McAfee 8.7i, there is an issue where the McAfee Shield disabled itself and refused to start.

In event viewer I get two errors, the first:

Log Name: Application
Source: McLogEvent
Date: xxxxxxxxxxx
Event ID: 5004
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: xxxxxxxx
Description:
Could not contact Filter Driver.
Error = 0x7d1 : The specified driver is invalid.

the second event shows McAfee started successfully:

Event ID: 5000

McShield service started.
Engine version : 5300.2777
DAT version : 5399.0000

Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None

This issue is caused by a bad value in the registry.  This error also prevents repairing the application and will generate an Error 1920: Service McAfee McShield (McShield) failed to start.

The fix to this issue is to modify several registry keys:

  1. run REGEDIT
  2. Navigate to HKLM\System\CurrentControlSet\Services\[mfebopk, mfeapfk, mfeavfk]
  3. Modify the ImagePath to be the full path to the driver– for example change:
    “system32\drivers\mfebopk.sys” to “C:\Windows\System32\Drivers\mfebopk.sys”
  4. The service should now start.   Alternately you can goto add remove programs and run a repair which should also fix this issue.

Feel free to add comments for others encountering this issue.

_______________________________________
PLEASE HELP BY BOOKMARKING OUR SITE...
[del.icio.us] [Digg] [StumbleUpon]

Topics: Uncategorized | 26 Comments »

26 Responses to “McAfee 8.7i, Error = 0x7d1 : The specified driver is invalid”

  1. McAfee Virus Scan 8.7i Disabled | The BHC Blog Says:
    February 3rd, 2009 at 1:43 pm

    […] McAfee 8.7i, Error = 0×7d1 : The specified driver is invalid […]

  2. Tim Sutton Says:
    February 17th, 2009 at 11:15 am

    Thanks for this!
    I recently ran into a Windows 2000 server that wouldn’t take the upgrade to 8.7i that had me flummoxed and after many hours spent testing and searching this sorted it out.

    Again, many thanks.

  3. onanymous Says:
    March 4th, 2009 at 8:39 am

    Thanks for tip !!! Saved a lot of time …

  4. Bob Says:
    March 9th, 2009 at 4:48 pm

    The second “Error” isn’t an error – it is McShield starting successfully.

  5. ayoub Says:
    March 20th, 2009 at 10:28 am

    In fact for more precision, this problems comes generaly if the system disk are set to dynamic.
    if you have this problems during the installation, you must modify the registry when the error occur and after click on retry button.

  6. Jesse Says:
    March 20th, 2009 at 12:36 pm

    I haven’t found what ayoub found to be the case.. He may be correct for some problem instances, but I have found multiple machines have the problem and it is not disk or install specific…

  7. phil Says:
    March 31st, 2009 at 10:22 am

    This reg hack worked for me and I had dynamic disks!

  8. Marco Says:
    April 30th, 2009 at 4:54 pm

    Man, you are great!

    This worked for me!

    Really thanks!

    Marco

  9. Jim Says:
    May 7th, 2009 at 9:15 am

    I have several XP machines that exhibited the same problem and the reg hacks listed above has fixed it for all of them. Thanks!

    Now, I don’t want to throw cold water on your solution here, but I have three test boxes without the fully qualified paths in place and the McShield service starts without a problem. My production machine (the one I am typing on now), has “ImageName=system32\drivers\mfeapfk.sys” (not fully qualified) and is working fine.

    Some installs (some MS Updates and WISE Package Studio are two I have discovered) break the service. Does anyone have any idea why some machines require the fully qualified path while others do not? … and what is the installer doing that breaks it???

  10. Jesse Says:
    May 21st, 2009 at 10:40 am

    Its not cold water.. My answer came directly from McAfee Tech support.. it’s a known issue fixed in their next release. I’m not exactly sure why it works on some machines and others dont..

    But the solution is easy.. since the Fully qualified location works, push it down to all your clients via a registry patch (using a login script) or via group policy.. and taa daa!! no more problem in the entire network.. at least .. that’s what worked for me..

  11. Jesse Says:
    May 21st, 2009 at 5:22 pm

    Jim, Do you know what order causes the breakage? IE, if you have McAfee installed and then you install WISE / MS updates does it then break, or is it that after installing a certain update, you cannot then sucessfully install McAfee in a functional state?

  12. Triss Says:
    June 1st, 2009 at 8:30 am

    This worked for me :)

  13. Thenbzito Says:
    June 3rd, 2009 at 6:21 am

    thanx guyz the tip helped me a lot.

  14. Andrew Says:
    June 23rd, 2009 at 2:58 am

    Wow! Thanks for this fix! Well done – worked perfectly for me – but don’t know why it started!??!

  15. Ratheesh SR Says:
    June 30th, 2009 at 7:14 am

    Superb man. Thanks. Thank you very much.

    Very usefull fix

  16. Delboy Says:
    July 17th, 2009 at 1:44 pm

    Thanks for this post. I’ve seen this error on ALL of our Servers that have been upgraded to 8.7 from 8.5 via ePO.

  17. Babak Says:
    July 26th, 2009 at 1:28 pm

    Thanks men your cool

  18. Devendra Says:
    July 26th, 2009 at 8:50 pm

    Thanks. This tip was very useful. It helped me get my McAfee started.

  19. Jesse Says:
    July 31st, 2009 at 10:55 am

    Another thing to try is to browse to Local Security policy under start –> control panel –> administrative tools –> Local Security Policy…

  20. Ravi Kurian Joy Says:
    August 2nd, 2009 at 8:38 am

    Thanks for the explanantion. Saved me hours of R&D. Solved the issue straight away

  21. E-Tom Says:
    August 4th, 2009 at 1:58 pm

    Thanks a lot for this workaround!
    I lost hours by trying to solve this problem.
    When I tried to upgrade a Win2000 Server from VirusScan 8.5 to 8.7, I first uninstalled 8.5, because it caused errors to upgrade directly from 8.5 to 8.7. After uninstalling 8.5, I coudn’t install 8.7, he coudn’t start McShield service. Setup told about missing rights to start services. After changing the registry entries, setup could finish!
    But now I’m really hacked off about McAfee. This is not the first bug they produced, not to mention the bad performance and the permanently disk access…

  22. manish Says:
    September 18th, 2009 at 3:17 am

    TOO Good Solution IT worked for me

  23. joby Says:
    October 15th, 2009 at 9:29 am

    thanks for your help . its working

  24. Paul M Says:
    March 15th, 2010 at 10:57 am

    Not helped here, sadly.

    Fairly sure mine is related to a user rights assignement prv being removed or restricted via GPO. When I remove the GPO link the engine service fires up without an issue.

    Trying to work out the deltas in this policy but most just look identical with additions so it’s not going easily…

  25. danisse Says:
    May 8th, 2010 at 10:09 pm

    Awesome dude, this solve my problem. After a couple of install/reinstall processes, I decided to check over the internet and found this complete instruction guide about the issue.

    Tanx.-

  26. Shawn Says:
    August 21st, 2010 at 9:46 am

    Thank you so much, this fixed my issue. Whew! I spent quite a bit of time trying to get this figured and then decided to look online. I found your article, 2nd hit.

Comments