McAfee McShield and some other unrelated issues...
Hi, this is my first post here. Looks to be promising and hopefully this forum can provide some insight that can help us with some potential issues we've been experiencing.
Background: I'm not even going to pretend to know everything about all the in's and out's of computer security. Among our users, one of the programs that they utilize is IBM Lotus Forms Viewer (specifically version 3.5.1) for specific documents which happens to use Java runtime. The Java edition is 6 (I can get more specific on what build, etc. later). The antivirus is server-to-client McAfee. The OS in question is 32 bit Microsoft Vista Enterprise SP2. These computer systems are not shutdown but are restarted periodically with pushed down updates. There are significant layers of implemented security - e.g. multiple firewalls, VPNs, etc. Both our internal teams and IBM is tracking the issue and seeing if there a solution available or than simply having our IT departments re-image the affected systems. I'm just asking this forum for a bit of collaboration, new angles, and potentially fresh perspectives.
Issues: Among a key group of our users, they seem to be particularly prone to receiving issues with Lotus Forms. The program itself will exhibit a Denial of Service-like behavior briefly with a sizable amount of error popups when the user is attempting to open a document, only to lead to a final error stating that a particular file cannot be found and Chinese fonts are displayed on the lower half of the pop-up box. The error box itself is organic to the program, so it's not malware-indicative. These series of errors basically prevent our users from using this program for a needed role.
Observations: Interestingly enough, the affected systems seem to be missing a trusted certificate through Java. We've troubleshooted this aspect with replacing the proper certificate, etc, but it had no effect on the nature of the errors (subsequent reboots, re-verified the certificates, etc). Also, whenever Lotus Forms have these specific errors, an empty folder is written to the desktop with either a Cyrillic font letter (single digit) or some other random, variant symbol letter. One of our users had the errors suddenly arise on the morning of the 30th - which allowed us to check the Windows System Event Logs and Application logs. The only inbound traffic she received were two MS Excel 2007 documents via MS Outlook 2007. Among the observations from Computer Management on the local system we made were that McAfee McShield was unexpectedly terminated multiple times at the late evening hours of each of the two days prior. The application log states that there were detections but the paagent.log on the effected systems do not reflect any serious issues.
Personally, I suspect that the Java runtime might be suspect on these systems. Any insight on this would be highly appreciated. Thanks in advance.