McAfee Security Manager Unecessarily Relegated to Internet Zone

[Guest]

I would like to set MSIE 6 sp2 on Windows XP sp2 system to treat "mcp://"
statements as either a trusted "Local Intranet" or "Trusted site" security
zone web site, so that it will not be treated as an "Internet" zone web site.
This setting will let me tighten default browsing settings without impacting
access and/or causing nag prompts when opening McAfee VirusScan Professional
8.0's Security Manager. Unfortunately, this does not seem possible. The
history view shows the "McAfee Security Center" under its "My Computer" links
and associates the following URI:
mcp://C:\PROGRA~1\mcafee.com\agent\scui.dll::McDash.htm
Entering this in the list of Intranet or Trusted web sites has no impact and
yet the value gets stored in the registry, but will not display in the "Web
sites:" list for the security zone where it has been added.

I assume this is a bug or must additional steps be done. Wild card
characters incorporating URI patterns are rejected, like "mcp://*" etc.
McAfee support personnel contacted by e-mail responded in a manner that would
just loosen the Internet security zone settings so that Scripting is enabled.
I am contacting this list in hope that a generic solution might be provided.
Further, I thought it might be worthwhile to document the flaky behavior of
accepting the above URI and adding it to the registry, but then not using or
displaying it in the "Web site:" list of the security zone.

Appreciate any assistance to allow full use leveraging MSIE 6.0 to restrict
Internet zone classified web sites, while still being able to bring up
Security Manager for McAfee VirusScan 8.0 Professional.

 

[Ricky]

I would like to set MSIE 6 sp2 on Windows XP sp2 system to treat
"mcp://"
statements as either a trusted "Local Intranet" or "Trusted site"
security
zone web site, so that it will not be treated as an "Internet" zone
web site.
This setting will let me tighten default browsing settings without
impacting
access and/or causing nag prompts when opening McAfee VirusScan
Professional
8.0's Security Manager. Unfortunately, this does not seem possible.
The
history view shows the "McAfee Security Center" under its "My
Computer" links
and associates the following URI:
mcp://C:\PROGRA~1\mcafee.com\agent\scui.dll::McDash.htm
Entering this in the list of Intranet or Trusted web sites has no
impact and
yet the value gets stored in the registry, but will not display in
the "Web
sites:" list for the security zone where it has been added.

I assume this is a bug or must additional steps be done. Wild card
characters incorporating URI patterns are rejected, like "mcp://*"
etc.
McAfee support personnel contacted by e-mail responded in a manner
that would
just loosen the Internet security zone settings so that Scripting is
enabled.
I am contacting this list in hope that a generic solution might be
provided.
Further, I thought it might be worthwhile to document the flaky
behavior of
accepting the above URI and adding it to the registry, but then not
using or
displaying it in the "Web site:" list of the security zone.

Appreciate any assistance to allow full use leveraging MSIE 6.0 to
restrict
Internet zone classified web sites, while still being able to bring
up
Security Manager for McAfee VirusScan 8.0 Professional.

Try here..
http://www.winxptutor.com/LMZUnlock.htm

 

[Guest]

Ricky,

Thanks for advice, but it is a no go. I have already been there and tried
that, but I still get prompts. In fact, if I disable scripting in the
Internet zone, then the McAfee Security Center will not display correctly at
all. I guess this Advanced tab setting just affects ActiveX controls and not
scripting?

Still, looking for an answer.

 

[Guest]

Oops, just to make sure that you don't think I overlooked the tip to include
a reference to thr McAfee web site and place it in the McDash.htm resource.
<!-- saved from url=(0022)http://www.mcafee.com/ -->
This does not work because this file is inaccessible, because it is likely
held within the DLL as a resource accessible only to itself. Thus, neither
solution provides an answer. Hope this clarifies better for you and others.

Thanks again for trying.

 

[Robert Aldwinckle]

I would like to set MSIE 6 sp2 on Windows XP sp2 system to treat "mcp://"
statements as either a trusted "Local Intranet" or "Trusted site" security
zone web site, so that it will not be treated as an "Internet" zone web site.

I don't have that protocol but I do have ms-help:// and ms-its:
(TechNet or MSDN and XP Help and Support Center documents)
all of which open in the My Computer zone.

What I would do is use RegMon to trace registry access for either
of those protocols (e.g. as a simpler way of searching the registry)
then do the same trace for your mcp:// protocol and see if there
are any apparently different values which could be causing the zone
difference. RegMon is freeware from SysInternals.


HTH

Robert Aldwinckle
---

 

[Guest]

Robert,

Your a winner, as using Regmon identified what the precise "mcp://" patterns
that I needed to enter. Also, I tried to look up info concerning ms-its, hcp,
and ms-help, but there is a dearth of information available concerning the
registry settings associated with these undocumented protocols. But, all of
the protocols do check the ZoneMap registry key at:
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
So I searched for th keyword "ZoneMap" and found these interesting queries
that let me know what to put in as the pattern in "Tools" -> "Internet
Options ..." -> "Security" tab -> "Local Internet" zone icon -> "Sites"
button -> "Advanced" button -> "Add this Web site to the zone:" field, namely:

mcp://C:\PROGRA~1\mcafee.com\agent\scui.dll

Can get from the following Regmon entries:
----
16.76807080 mghtml.exe:3800 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\\Domains\//C:\PROGRA~1\mcafee.com\agent\scui.dll NOTFOUND
16.76809371 mghtml.exe:3800 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\//C:\PROGRA~1\mcafee.com\agent\scui.dll NOTFOUND
----
Which once this pattern entered then get:
----
30.21390344 mghtml.exe:2380 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\\Domains\//c:\PROGRA~1\mcafee.com\agent\scui.dll SUCCESS Key: 0xE3359450
30.21391685 mghtml.exe:2380 QueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\\Domains\//c:\PROGRA~1\mcafee.com\agent\scui.dll\mcp SUCCESS 0x1
30.21393557 mghtml.exe:2380 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\\Domains\//c:\PROGRA~1\mcafee.com\agent\scui.dll SUCCESS Key: 0xE3359450
----

Then I still received a prompt so did the Regmon capture analysis again and
found the following entry not being found:
----
30.85434126 mghtml.exe:2380 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\\Domains\//C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com\Agent\News\valert.ui NOTFOUND
----
So entered into "Local Intranet" zone the pattern:

mcp://C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com\Agent\News\valert.ui

This new entry then allowed me to open any call using this dll, as an "Local
Intranet" zone web site. Then, I had to go through the McAfee Security
Center manager finding all of the other patterns to enter and the following
list was compiled by me as being necessary (other mcp:// items were accessed
but did not execute script):

mcp://C:\PROGRA~1\mcafee.com\agent\scui.dll
mcp://C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com\Agent\News\valert.ui
mcp://C:\PROGRA~1\McAfee.com\VSO\vsagntui.dll
mcp://c:\PROGRA~1\mcafee.com\vso\vsoui.dll

Once the above were entered then I unchecked the Advanced Options tab
setting in MSIE's Security settings called:
Allow active content to run in files on My Computer

So, issue resolved as far as I can tell with my testing.

Some other entries that were interesting and were "NOTFOUND" were:
----
10.00603093 mghtml.exe:3184 QueryValue HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck NOTFOUND
----
I could not find anything on "DisableImprovedZoneCheck", can someone help as
to what the ramifications of using this keyvalue is and what it does?
Also:
----
16.14117241 mghtml.exe:3800 OpenKey HKCU\mcp NOTFOUND
16.14121990 mghtml.exe:3800 OpenKey HKCR\mcp NOTFOUND
----

In summary, there is still definitely a bug in that the patterns are stored
in the registry, but do display in the "Local Intranet" list of entered
patterns, but their double entry is at least not allowed. Microsoft needs to
update their browser or McAfee needs to get the possibly undocumented way to
do this right from Microsoft. Hopefully, McAfee will add this fix to their
FAQ, when I forward it to them at their support web site. Now I can disable
scripting for the Internet Zone, etc. and yet still be able to run McAfee's
Security Manager and so perform updates and management. If you are going to
run as Administrator because of desire to use debugger environments of
developer applications, etc. one can now still protect one's self from
cross-scripting and MSIE unpatched security holes, when reading info and help
accessed from google found URLs accessed to work around a programming
problem.

Thanks Again!