Hi! According to what I can find McAfee has not changed the default permissions. Users can still not write to HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection. Is there anyone trusting the GUI password to be the only thing to keep the VirusScan settings in an enterprise environment? All the enterprise VirusScan environments I have seen have been controlled by ePolicy Orchestrator (ePO) where all the settings have been defined in ePO policies for the ePO managed McAfee products. These ePO policies are then enforced on the all systems via the ePO agent in configurable intervals (by default every 5 minutes). So even if someone would be able to write to HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection the settings would be reset (including password) within the choosen interval. Sure, you can do a lot of bad stuff in 5 minutes but if you had the access to change the registry would you rather not stop/disable the services? To avoid getting the policies refreshed you would need to stop the McAfee Framework Service or remove the policy files in C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework and block the ePO agent from reaching the ePO server to get the policies again. In VirusScan 8.5i you can set policies to block the ability to stop/disable the McAfee service. This also means that local administrators are not allowed to stop the services and could lead to support problems. /Anders
