Q&A Mcafee has taken over my pc and locked me out.

agilliam

New Member
Thread author
Jan 8, 2021
3
So after the update in December mcafee has taken complete control over my pc. I have had to reset my ox keeping my files 6 times now. Every time I reset I get everything the way I like and then install mcafee. As soon as mcafee is installed I can’t run cmd, power shell, regedit, not even manage users. After I uninstall it works fine. But when it’s installed I constantly get “mcafee has stopped a dangerous program” or mcafee stopped a application trying to hijack...... that only appears when I try to run cmd or regedit or anything like that. As soon as it’s uninstalled it works fine.
I’m running windows 10 build 2004 and the latest mcafee off their site. Not enterprise just consumer. I’m at a loss. Thanks to mcafee I have lost a lot of information. They advised me to do a reset so they could remote in. They were unable to remote in while mcafee was installed and/or running. When it’s out the computer works perfect.
Any ideas wth is wrong?
 
F

ForgottenSeer 89360

So after the update in December mcafee has taken complete control over my pc. I have had to reset my ox keeping my files 6 times now. Every time I reset I get everything the way I like and then install mcafee. As soon as mcafee is installed I can’t run cmd, power shell, regedit, not even manage users. After I uninstall it works fine. But when it’s installed I constantly get “mcafee has stopped a dangerous program” or mcafee stopped a application trying to hijack...... that only appears when I try to run cmd or regedit or anything like that. As soon as it’s uninstalled it works fine.
I’m running windows 10 build 2004 and the latest mcafee off their site. Not enterprise just consumer. I’m at a loss. Thanks to mcafee I have lost a lot of information. They advised me to do a reset so they could remote in. They were unable to remote in while mcafee was installed and/or running. When it’s out the computer works perfect.
Any ideas wth is wrong?
Hi, is that the alert in question?

1610094006042.png
 
F

ForgottenSeer 89360

I advise you to perform the following steps:

First and most important, back up your data, specially documents and media files. You can use specialised software or you can simply copy on flash drive, external HDD, or upload to a secure cloud location, such as OneDrive.

Then think about what exactly you are "getting the way you like". Does that include downloading illegitimate pirated software? It's possible that you are executing something that really performs process hollowing/code injection and this might cause McAfee to raise alerts.
I would advise you to install McAfee prior to "getting everything the way you like" and monitor whether the alert will appear. Ideally, install McAfee right after your system reset.

If the issue still persists before any software installation and/or you are installing only apps from legitimate sources, you can request to speak with a level 2 technician over the phone. A level one technician which you can contact via chat support can schedule the call and they will take it from there.

In the meantime, before you do anything, you can run the McAfee GetSusp tool, which detects more threats than regular scans.
It's available here: GetSusp | McAfee Free Tools
 

Andy Ful

Level 79
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
6,804
So after the update in December mcafee has taken complete control over my pc. I have had to reset my ox keeping my files 6 times now. Every time I reset I get everything the way I like and then install mcafee. As soon as mcafee is installed I can’t run cmd, power shell, regedit, not even manage users. After I uninstall it works fine. But when it’s installed I constantly get “mcafee has stopped a dangerous program” or mcafee stopped a application trying to hijack...... that only appears when I try to run cmd or regedit or anything like that. As soon as it’s uninstalled it works fine.
I’m running windows 10 build 2004 and the latest mcafee off their site. Not enterprise just consumer. I’m at a loss. Thanks to mcafee I have lost a lot of information. They advised me to do a reset so they could remote in. They were unable to remote in while mcafee was installed and/or running. When it’s out the computer works perfect.
Any ideas wth is wrong?
What McAfee solution did you install? Did you install another real-time security tool?
 
Last edited:
F

ForgottenSeer 89360

What McAfee solution did you install?
The alert in question only appears on McAfee Total Protection and McAfee LiveSafe.
It is normally displayed when something attempts to manipulate legitimate processes. This can be a script registered in scheduled task/run sections or it may be some cross process injection.
Something similar to the fileless Tesla will cause such alert.

Unfortunately, McAfee doesn't save anything in the security history (home products) and it's very difficult to investigate. It is not an intrusion detection (something like Heap Spraying, etc.), as these have a different alert and are then saved in the logs.

Of course it can also be a software conflict, specially if another AV with behavioural blocking user-mode hook is installed.
 
Last edited by a moderator:
F

ForgottenSeer 89360

@agilliam wrote that this alert was visible when running CMD or Regedit. It is possible that another application tries to monitor these events and McAfee blocks them.
if the monitoring is performed by attaching a hook to the process, then yes. McAfee might "dislike" the hook if it is not signed with class-3 signature.

The only way to tell is to reset the system, install McAfee and try to run regedit after every software installation. That way the conflicting or malicious application can be spotted. In addition, level 2 technician will be aware of conflicting software.
 
F

ForgottenSeer 89360

i think this is a little too overrated
Overrated by whom? It normally doesn’t get high ratings anywhere, on any test or review. It is enough for a normal user, but protection-wise you can do better, though it has improved.

Furthermore, this thread is now going wrong direction. I have already provided the best troubleshooting steps in a post above. I believe further confusion should not be caused by the addition of unrelated comments and personal statements.