McAfee and Managed Cards

If you have a McAfee security product on your computer, and you try to use CardSpace to get to a managed card, you might run into trouble.

Actually the problem isn’t really the managed card, it is that McAfee hasn’t got any special rules figured out for CardSpace as a program yet, and I’m reasonably sure that any transaction that uses the fancier authentication model where CardSpace calls out to an endpoint to discover & retrieve policy looks suspicious to McAfee’s default rules. As a result, McAfee silently blocks the transaction, without even sending a verification prompt to the user. The blockage also doesn’t show up in McAfee’s “Recent Events” screen either. I saw this behaviour with managed cards, but it seems likely to me that the same problem would crop up with a Relying Party STS too, and in that case I think it would happen for any kind of card. I don’t know of any RP STS’s out there, so it’s hard to test that hypothesis.

I hope McAfee will get their act together and put a little research time into CardSpace – but until then, there will be people out there who won’t be able to perform some card transactions and will probably have a heck of a time figuring it out.

So – if you are trying to use a card at a site, and you get this message:

Your data could not be retrieved from the managed card provider. Check your network connection and verify that you have supplied the correct authentication credentials.

And you have McAfee, you need to follow these instructions:

  • Open up Security Center
  • Click on the “Reports & Logs” menu item on the left side
  • Click on the “View Log” button
  • In the new window that pops up, select “Internet & Network” on the left hand side.
  • Select “Outbound Events” under “Internet & Network”.
  • You will then (finally) see a log file that will show you that Windows CardSpace was blocked.
  • Click the “Grant Access” or “Grant Outbound only access” button to solve the problem.

There is a “Learn More” button on that screen. The “Learn More” button just informs you that McAfee has no clue what Windows CardSpace is. Doesn’t that seem a little embarrassing for a Security company not to have heard of or prepared for something like CardSpace? McAfee does provide an application feedback form for end-users to describe programs to them – perhaps if we were all to fill out that form and describe the issue, they would add CardSpace sooner rather than later. The form is here.

MacAfee Blocking CardSpace