Microsoft has updated AV exclusions for Configuration Manager 2012: http://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspx
During a side-by-side migration to Configuration Manager 2012 SP1 we noticed no default boot images we available in the Admin console. Adding the boot images manually we encountered the following error “You can not import this boot image. Only finalized boot image are supported”
During the initial setup the process of creating boot images failed as can be seen in the CM setup log.
After some research I found the following interesting thread Access Denied Error:5 Adding Package to .WIM with DISM. Herein was clear that McAfee causes the problem. Disabling Access Protection and On Access Scanner solves this issue. My colleague Tom Klaver pointed me to a McAfee article which provides some more background of the root cause of this issue.
The problem will occurs with boot image- (import, updating, customizing) and offline servicing actions.
There are a few workarounds available to prevent this problem:
- Temporarily disable Access Protection
- Temporarily exclude folders from AV scanning (C:\Windows\TEMP\BootImages & <X:>\ConfigMgr_OfflineImageServicing)
Make sure before you start a Configuration Manager 2012 SP1 installation or upgrade, or perform boot image actions that McAfee is properly configured.