Skip to content

McAfee causes Boot Image action problems Configuration Manager 2012 SP1 #sysctr

UPDATE 04/02/2013:

Microsoft has updated AV exclusions for Configuration Manager 2012:

During a side-by-side migration to Configuration Manager 2012 SP1 we noticed no default boot images we available in the Admin console. Adding the boot images manually we encountered the following error “You can not import this boot image. Only finalized boot image are supported”


During the initial setup the process of creating boot images failed as can be seen in the CM setup log.


After some research I found the following interesting thread Access Denied Error:5 Adding Package to .WIM with DISM. Herein was clear that McAfee causes the problem. Disabling Access Protection and On Access Scanner solves this issue. My colleague Tom Klaver pointed me to a McAfee article which provides some more background of the root cause of this issue.

The problem will occurs with boot image- (import, updating, customizing) and offline servicing actions.

There are a few workarounds available to prevent this problem:


Make sure before you start a Configuration Manager 2012 SP1 installation or upgrade, or perform boot image actions that McAfee is properly configured.

5 thoughts on “McAfee causes Boot Image action problems Configuration Manager 2012 SP1 #sysctr Leave a comment

  1. Hi Is this enough to fix the problem ?
    Temporarily exclude folders from AV scanning (C:\Windows\TEMP\BootImages & \ConfigMgr_OfflineImageServicing)

    Or do you also need t disable Access Protection ?

    • Hi Johan, excluding these folders from AV scanning (access protection) is indeed sufficient. I would rather prefer excluding these folders over general disabling on Access Protection feature. Furthermore I prefer SCEP over McAfee due to the tigh integration with SCCM and the ease with which it can be maintained, especially in enterprise environments.

  2. hi Ronny,
    i am having the exact same problem…
    i am upgraded my sccm 2012 site to sccm 2012 SP1 & now i am not able to update my boot images,I know disabling access protection will do the job(as i have tested this).
    but how can we exclude the folder from access protection I searched but did’nt found a way to exclude it….
    if you can please provide a way of excluding these folders from McAfee Access protection.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: