Tuesday, January 21, 2014

McAfee SAAS and Server 2012 R2

I have a bunch of freshly minted Microsoft Server 2012 R2 virtual machines up and raring to go. During my initial setup, I install antivirus. We are currently using McAfee SAAS AV for our environment. So far, it's been working out pretty well.
The issue began with these new Server 2012 R2 boxes.
Got on the phone with McAfee - and about an hour later here's what to do. You can thank me for your time saved by letting me know if this was useful to you.

Error: Unable to create event sink object. Agent may not be installed properly.

1. If you've already tried, make sure to run McAfee's uninstall agent.
2. Reboot.
3. Download the silent version of your installer.
4. Store on root of C:\ (ie: dont run from downloads folder or network share).
5. Install McAfee with silent version of installer.
6. Try to update it (right click on shield, update)
7. If the error persists:
7a. Open command prompt as admin - type following: net stop myagtsvc (enter), net start myagtsvc (enter), net stop mcshield (enter), net start mcshield (enter).
7b. Reset Internet Explorer to default settings.
7c. Try updating defs again.

Hope that saves someone somewhere some trouble.


  1. Hi Lolarue,

    Just wanted to say that this worked AWESOME!!

    Thanks for publishing this info.


  2. thanks for letting me know! i makes me want to publish more fixes :)

  3. Uninstall Instructions: https://kc.mcafee.com/corporate/index?page=content&id=KB55238

  4. Sometimes you don't have downtime to reboot.

  5. Yeah, that's the issue I've got at the moment.

    Get into a company, 2 servers that can not be rebooted unless they crash or the scheduled allowed maintenance and reboot comes up in about 2 months.

    Meanwhile, McAfee isn't working because of a failed update which I apparantly can't fix without rebooting the system.

    Haven't been a fan of Symantec or McAfee for a decade now and they aren't really helping by still having the same shitty software issue's with them as I've always had.

    Their runtimes fail for the weirdest reasons, many of them being auto update related and once they fail, it's hell to get them to work again.