« Unified Messaging for Digital Phone Sytems | Main | Del.icio.us bookmarks / Delicious promotion for your site »
McAfee 8.7i, Error = 0x7d1 : The specified driver is invalid
By Jesse | January 5, 2009
In McAfee 8.7i, there is an issue where the McAfee Shield disabled itself and refused to start.
In event viewer I get two errors, the first:
Log Name: Application
Source: McLogEvent
Date: xxxxxxxxxxx
Event ID: 5004
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: xxxxxxxx
Description:
Could not contact Filter Driver.
Error = 0x7d1 : The specified driver is invalid.
the second event shows McAfee started successfully:
Event ID: 5000
McShield service started.
Engine version : 5300.2777
DAT version : 5399.0000Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None
This issue is caused by a bad value in the registry. This error also prevents repairing the application and will generate an Error 1920: Service McAfee McShield (McShield) failed to start.
The fix to this issue is to modify several registry keys:
- run REGEDIT
- Navigate to HKLM\System\CurrentControlSet\Services\[mfebopk, mfeapfk, mfeavfk]
- Modify the ImagePath to be the full path to the driver– for example change:
“system32\drivers\mfebopk.sys” to “C:\Windows\System32\Drivers\mfebopk.sys” - The service should now start. Alternately you can goto add remove programs and run a repair which should also fix this issue.
Feel free to add comments for others encountering this issue.
![[del.icio.us]](/wp-content/plugins/bookmarkify/delicious.ico)
![[Digg]](/wp-content/plugins/bookmarkify/digg.ico)
![[StumbleUpon]](/wp-content/plugins/bookmarkify/stumbleupon.ico)
Topics: Uncategorized | 25 Comments »
February 3rd, 2009 at 1:43 pm
[...] McAfee 8.7i, Error = 0×7d1 : The specified driver is invalid [...]
February 17th, 2009 at 11:15 am
Thanks for this!
I recently ran into a Windows 2000 server that wouldn’t take the upgrade to 8.7i that had me flummoxed and after many hours spent testing and searching this sorted it out.
Again, many thanks.
March 4th, 2009 at 8:39 am
Thanks for tip !!! Saved a lot of time …
March 9th, 2009 at 4:48 pm
The second “Error” isn’t an error – it is McShield starting successfully.
March 20th, 2009 at 10:28 am
In fact for more precision, this problems comes generaly if the system disk are set to dynamic.
if you have this problems during the installation, you must modify the registry when the error occur and after click on retry button.
March 20th, 2009 at 12:36 pm
I haven’t found what ayoub found to be the case.. He may be correct for some problem instances, but I have found multiple machines have the problem and it is not disk or install specific…
March 31st, 2009 at 10:22 am
This reg hack worked for me and I had dynamic disks!
April 30th, 2009 at 4:54 pm
Man, you are great!
This worked for me!
Really thanks!
Marco
May 7th, 2009 at 9:15 am
I have several XP machines that exhibited the same problem and the reg hacks listed above has fixed it for all of them. Thanks!
Now, I don’t want to throw cold water on your solution here, but I have three test boxes without the fully qualified paths in place and the McShield service starts without a problem. My production machine (the one I am typing on now), has “ImageName=system32\drivers\mfeapfk.sys” (not fully qualified) and is working fine.
Some installs (some MS Updates and WISE Package Studio are two I have discovered) break the service. Does anyone have any idea why some machines require the fully qualified path while others do not? … and what is the installer doing that breaks it???
May 21st, 2009 at 10:40 am
Its not cold water.. My answer came directly from McAfee Tech support.. it’s a known issue fixed in their next release. I’m not exactly sure why it works on some machines and others dont..
But the solution is easy.. since the Fully qualified location works, push it down to all your clients via a registry patch (using a login script) or via group policy.. and taa daa!! no more problem in the entire network.. at least .. that’s what worked for me..
May 21st, 2009 at 5:22 pm
Jim, Do you know what order causes the breakage? IE, if you have McAfee installed and then you install WISE / MS updates does it then break, or is it that after installing a certain update, you cannot then sucessfully install McAfee in a functional state?
June 1st, 2009 at 8:30 am
This worked for me
June 3rd, 2009 at 6:21 am
thanx guyz the tip helped me a lot.
June 23rd, 2009 at 2:58 am
Wow! Thanks for this fix! Well done – worked perfectly for me – but don’t know why it started!??!
June 30th, 2009 at 7:14 am
Superb man. Thanks. Thank you very much.
Very usefull fix
July 17th, 2009 at 1:44 pm
Thanks for this post. I’ve seen this error on ALL of our Servers that have been upgraded to 8.7 from 8.5 via ePO.
July 26th, 2009 at 1:28 pm
Thanks men your cool
July 26th, 2009 at 8:50 pm
Thanks. This tip was very useful. It helped me get my McAfee started.
July 31st, 2009 at 10:55 am
Another thing to try is to browse to Local Security policy under start –> control panel –> administrative tools –> Local Security Policy…
August 2nd, 2009 at 8:38 am
Thanks for the explanantion. Saved me hours of R&D. Solved the issue straight away
August 4th, 2009 at 1:58 pm
Thanks a lot for this workaround!
I lost hours by trying to solve this problem.
When I tried to upgrade a Win2000 Server from VirusScan 8.5 to 8.7, I first uninstalled 8.5, because it caused errors to upgrade directly from 8.5 to 8.7. After uninstalling 8.5, I coudn’t install 8.7, he coudn’t start McShield service. Setup told about missing rights to start services. After changing the registry entries, setup could finish!
But now I’m really hacked off about McAfee. This is not the first bug they produced, not to mention the bad performance and the permanently disk access…
September 18th, 2009 at 3:17 am
TOO Good Solution IT worked for me
October 15th, 2009 at 9:29 am
thanks for your help . its working
March 15th, 2010 at 10:57 am
Not helped here, sadly.
Fairly sure mine is related to a user rights assignement prv being removed or restricted via GPO. When I remove the GPO link the engine service fires up without an issue.
Trying to work out the deltas in this policy but most just look identical with additions so it’s not going easily…
May 8th, 2010 at 10:09 pm
Awesome dude, this solve my problem. After a couple of install/reinstall processes, I decided to check over the internet and found this complete instruction guide about the issue.
Tanx.-