[THIN] Re: Last attempt at help before sending McAfeepacking...

  • From: "Pardee, Michael P." <MPardee@xxxxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Thu, 18 Mar 2004 17:34:19 -0500

Thanks.  I am going to dig in to a user's hive to see if we find it there. 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of J H
Sent: Thursday, March 18, 2004 2:48 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Last attempt at help before sending McAfeepacking...

It is started from the Run key but I deleted it and users were still running
it. I know this sounds crazy but I deleted it from the Run key and for a
couple days afterwards a few users would run it (my sessions time out after
3 hours). Within 3-4 days it was gone, so I never followed up.

What is updaterui?  (this is hilarious and direct from NAI)

"UpdaterUI.EXE is a special memory holder. A major problem with updating is
that other applications take up memory and don't release it. The only way to
ensure that this doesn't occur is to request the memory as soon as the user
logs in."

It holds memory IN CASE MCAFEE NEEDS IT TO UPDATE DATS! The standard McAfee
install puts it in the Run key which may be OK on a desktop (it's only 300k
or so) but as Michael figured out it quickly adds up.

My only thought is that it ends up in HKCU somehow/someway or in the
.Default user's profile but I have no evidence of this.  
--

--------- Original Message ---------

DATE: Thu, 18 Mar 2004 09:45:42
From: "Shonk, Joe - Perot" <JShonk@xxxxxxx>
To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
Cc: 

>Hello,
>
>It should be under the 
>HKLM\Software\Microsoft\Windows\CurrentVersion\Run
>key.
>
>Joe
>
>FWIW: The ePO is crap.
>
>-----Original Message-----
>From: Pardee, Michael P. [mailto:MPardee@xxxxxxxx]
>Sent: Thursday, March 18, 2004 9:03 AM
>To: thin@xxxxxxxxxxxxx
>Subject: [THIN] Last attempt at help before sending McAfee packing...
>
>
>We have been fighting an issue with McAfee 7.1 on our Citrix servers 
>for a while.  We feel we have the stability issues worked out, but 
>there is a part of the framework service, updaterui.exe that has 
>attached itself to hundreds of users and we can't get rid of it.  A 
>user with this thing attached to them will run 10 or more instances of 
>updaterui.exe, and cause performance issues on that servers.  No 
>multiply that by 60 more users on that server and you have a real 
>problem.  You can't just kill the process either.  Not in task manager, not
with kill, not with kill from the resource kit, etc.
>Process explorer wouldn't kill it either.  A reboot has been the only 
>thing to get them to die right now.
>
>We have taken apart the local registry and the user's registry hive 
>looking for where this thing is getting called from.  We can't find it.  
>McAfee's support on the issue has been weak as well.  They have no idea 
>where it is coming from, and yes, it is their own product.  I just 
>asked one of my engineers to reopen our case so that I can talk to them
about this.
>
>Has anyone ever dealt with this before?
>
>Ps - as much as I love the power of this list, many of you are going to 
>write back with things like; "we have run McAfee on our Citrix servers 
>for decades and don't have any issues.  You must be doing something wrong,
etc."
>Well, up until recently, I was one of the smiling, happy customers as 
>well that never had an issue.  But now I do, and it's a big one.  So 
>any help is GREATLY appreciated.
>
>
>> Michael Pardee
>> 
>> 
>Email Confidentiality Notice: The information contained in this 
>transmission is confidential, proprietary or privileged and may be 
>subject to protection under the law, including the Health Insurance 
>Portability and Accountability Act (HIPAA).  The message is intended 
>for the sole use of the individual or entity to whom it is addressed.  
>If you are not the intended recipient, you are notified that any use, 
>distribution or copying of the message is strictly prohibited and may 
>subject you to criminal or civil penalties.  If you received this 
>transmission in error, please contact the sender immediately by 
>replying to this email and delete the material from any computer.
>********************************************************
>This weeks sponsor Emergent Online.
>Emergent OnLine is the leading server-based computing consulting 
>integration firm in the nation. Emergent OnLine delivers expert 
>consulting services you can depend on.
>http://www.go-eol.com
>**********************************************************
>Useful Thin Client Computing Links are available at:
>http://thin.net/links.cfm
>***********************************************************
>For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode 
>use the below link:
>http://thin.net/citrixlist.cfm
>
>********************************************************
>This weeks sponsor Emergent Online.
>Emergent OnLine is the leading server-based computing consulting 
>integration firm in the nation. Emergent OnLine delivers expert consulting
services you can depend on.
>http://www.go-eol.com
>**********************************************************
>Useful Thin Client Computing Links are available at:
>http://thin.net/links.cfm
>***********************************************************
>For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode 
>use the below link:
>http://thin.net/citrixlist.cfm
>



____________________________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp
?SRC=lycos10
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert consulting services you
can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm
Email Confidentiality Notice: The information contained in this transmission
is confidential, proprietary or privileged and may be subject to protection
under the law, including the Health Insurance Portability and Accountability
Act (HIPAA).  The message is intended for the sole use of the individual or
entity to whom it is addressed.  If you are not the intended recipient, you
are notified that any use, distribution or copying of the message is
strictly prohibited and may subject you to criminal or civil penalties.  If
you received this transmission in error, please contact the sender
immediately by replying to this email and delete the material from any
computer.
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration 
firm in the nation. Emergent OnLine delivers expert 
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: