• Oracle Unlock User
• Mcafee Unlock User Interface Password

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

McAfee 8.5.0i, patch 5, managed by ePo 4.0. About 300 seats. The ePo policy for User Interface Options shows that all items in the console are supposed to be password protected, and when I'm logged into a workstation as an admin, they are. That is, I can start the console, click Tools/Unlock User.

• ' href='https://www.remkoweijnen.nl/blog/'>Home

Author: Remko Weijnen9Dec

I needed to change a few settings on a McAfee VirusScan Enterprise 8.7.Oi client. However there was a password protection in place that locks the user interface and nobody around that could tell me the password. So what to do?

Right, we check out where this password is stored and how we can get rid of it!

Dadi ma ke gharelu nuskhe in hindi. Allopathic medicine treatment books in hindi pdf free download online. Gharelu upay in hindi,piles ke gharelu upay,piles ke gharelu nuskhe in hindi,piles kaise. Jan 6, 2018 - Ayurvedic Nuskhe is app in Hindi Language दादी माँ के घरेलू नुस्खे. Ayurvedic medicine (also called Ayurveda) is one of the world's.

I openend vsplugin.dll in Ida Pro and searched for related strings such as password, lock etc.

I found out that vsplugin.dll calls some interesting exports in shutil.dll called UIPNovel merantau ke deli. , UiLockInfoLoad1 and UiLockInfoValidate1.

I searched further in shutil.dll and concluded that the password is stored in the UIP value under HKLMSoftwareMcAfeeDesktopProtection registry key.

The value is an MD5 Hash of the password so we cannot decrypt it. So I tried one of the many MD5 hash databases on the net but I couldn’t find the original string for the password.

This happens because the MD5 hash tables are all based on ASCII and McAfee uses a Unicode string type. Eg the word password would be stored like this in hex:

We can of course build our own Unicode hash/rainbow table but an easier solution is to write a known MD5 hash to this registry value. For instance the MD5 hash for the Unicode string password is: b081dbe85e1ec3ffc3d4e7d0227400cd.

Another bypass would be to delete the UIP value and set the UIPMode to 0 which disables the user interface password completely. Note that when an EPO server is in place it will always periodically overwrite the settings with those defined in it’s policies.

I’ve also seen that shutil.dll exports a function called UiLockInfoValidate1. This functions checks if the given MD5 hash exists in the Global Atom Table in the from UIP-<hash>.

The Atom seems to be used as a Single Sign on for the user interface unlock. Once you’ve entered the password in one module, it will also unlock the other modules. Possibly we could abuse this system by writing our own hash to the Global Atom Table but I didn’t investigate this further.

Share this:

Like this:

LikeLoading..

Related

Please consider donating something (even a small amount is ok) to support this site and my work:
Filed under: GeneralRSS feed for comments on this postTrackBack URI

Helge KleinDecember 9th, 2011 at 16:491

Very cool 😉 Keep on blogging!

yogeshSeptember 28th, 2012 at 16:152

“McAfee Anti User Password key Jurusan ilmu tanah.

shashikantOctober 16th, 2012 at 13:163

Can you please tell me how to unlock McAfee 11.6 user interface.

no oneAugust 2nd, 2015 at 22:404

This is valid for McAfee before version 8.8
…
After 8.8 the value is additionally encoded in UIPEx key
Reportedly hashed like this:
Base64(SHA1(unicode(“x01x0fx0dx33″ + password))).
Good luck!

Leave a reply

• Entries (RSS)
• Comments (RSS)

Profile

Top Posts

• RNS 315: Enable the hidden bluetooth carkit
• Query Active Directory from Excel
• Default username password HP Storageworks P2000
• Enable Developer mode on VW Discover Pro with VCDS
• Update AMD Display Driver under BootCamp
• How rdp passwords are encrypted
• Debugging Tools for Windows Direct Download
• The case of the Slow Xerox Universal Print Driver
• Trick to Export Private Key from Certificate Request
• Patch Windows 2008 Terminal Server to allow more than 2 concurrent sessions

Recent Comments

Laurent Daudelin on Update AMD Display Driver under BootCampSorin Srbu on Determining if Battery Backed Write Cache is installed

Oracle Unlock User

Belkin Support on silly issue with DHCP reservation on Netgear WNDR3700 routerMatty Ice on ClickOnce Applications in Enterprise EnvironmentsGiovanni on Google Earth fix for XenApp, RDSH & Horizon

Featured Downloads

ExeToPosh0.2.zip (7747 downloads)

AMD Radeon Crimson ReLive (2151 downloads)

Google Earth Compatibility Fix for Horizon, RDSH and XenApp (2825 downloads)

test-file (2516 downloads)

mstsc.exe build 6.1.7600.16385 (42699 downloads)

mage (3578 downloads)

DecryptPITFile.zip (3413 downloads)

rc4.zip (3396 downloads)

CtxPassCom.zip (3493 downloads)

SetMixedCode.zip (2794 downloads)

Donate

Blogroll

Andrew Morgan

Arnout’s blog

Assa’s Blog

Barry Schiffer

Delphi Praxis

Ingmar Verheij

Jedi Api Blog

Jedi API Library

Jeroen Tielen

Kees Baggerman

Categories

Archives

• March 2018 (1)
• January 2018 (4)
• December 2017 (3)
• April 2017 (1)
• March 2017 (5)
• February 2017 (4)
• May 2016 (3)
• March 2016 (1)
• October 2015 (2)
• September 2015 (1)
• January 2015 (1)
• August 2014 (1)
• July 2014 (8)
• May 2014 (1)
• November 2013 (1)
• October 2013 (2)
• September 2013 (3)
• August 2013 (4)
• June 2013 (2)
• May 2013 (3)
• April 2013 (5)
• March 2013 (5)
• February 2013 (1)
• January 2013 (5)
• December 2012 (9)
• November 2012 (3)
• October 2012 (3)
• August 2012 (4)
• July 2012 (2)
• June 2012 (1)
• May 2012 (6)
• March 2012 (13)
• February 2012 (12)
• January 2012 (9)
• December 2011 (9)
• November 2011 (4)
• October 2011 (5)
• September 2011 (10)
• August 2011 (10)
• July 2011 (2)
• June 2011 (8)
• May 2011 (12)
• April 2011 (4)
• March 2011 (14)
• February 2011 (8)
• January 2011 (32)
• December 2010 (23)
• November 2010 (19)
• October 2010 (10)
• September 2010 (6)
• August 2010 (1)
• July 2010 (1)
• June 2010 (6)
• March 2010 (7)
• February 2010 (3)
• December 2009 (3)
• November 2009 (11)
• September 2009 (2)
• July 2009 (1)
• June 2009 (5)
• May 2009 (1)
• April 2009 (2)
• March 2009 (3)
• February 2009 (6)
• January 2009 (3)
• December 2008 (8)
• November 2008 (5)
• October 2008 (3)
• September 2008 (3)
• August 2008 (3)
• June 2008 (6)
• May 2008 (2)
• April 2008 (3)
• March 2008 (5)
• January 2008 (3)
• December 2007 (3)
• November 2007 (13)
• October 2007 (10)

Site Admin powered by WordPress Theme

I had an issue today where I could not wait for Mcafee Epolicy Orchestrator to push out a policy to remove Mcafee Host Intrusion Prevention from a particular Virtual Machine. This Virtual Machine was core to a system that was being worked on and the Mcafee Host Intrusion Prevention was effecting its performance, so action needed taking quickly.

The quick work around was to manually remove Host Intrusion Prevention client from the virtual machine, when I attempted to do this I was greeted with the following error.

When self protect mode is enabled you cannot remove the Host Intrusion Prevention until you disable this mode. To disable the self protect mode do the following.

Browse to C:Program FilesMcAfeeHost Intrusion Prevention

Then run Mcafeefire.exe

You will see the screen below, once there select Task > Unlock User Interface – you will then be prompted for a password, during the installation you will of either entered on or used the defaults. The default password is abcde12345

Once the password is entered correctly you now need to remove the tick from the following options. Enable Host IPS and Enable Network IPS.

Then click apply and these settings will take effect.

IPS is now disabled so if required you can leave this now and if you need to remove the IPS you will now have permission to do so. Remember you will have to break inheritance for this server in Mcafee Epolicy or the policy will reapply at the next policy push interval.

Tags: host intrusion, IPS, mcafee

Allen White

Mcafee Unlock User Interface Password