Loading...

Knowledge Center


Endpoint Security 10.x Known Issues
Technical Articles ID:   KB82450
Last Modified:  8/8/2017
Rated:


Environment

McAfee Endpoint Security (ENS) Firewall 10.5.x, 10.2.x, 10.1.x
McAfee ENS Threat Prevention 10.5.x, 10.2.x, 10.1.x
McAfee ENS Web Control 10.5.x, 10.2.x, 10.1.x

For product supported environments, see KB82761.

For ENS Adaptive Threat Protection (ATP) known issues, see KB88788.

Summary

{GENRN.EN_US}
 
ENS Version Release to Support (RTS) Release to World (RTW) Release Notes
Endpoint Security Threat Intelligence 10.2.3 August 1, 2017 August 8, 2017 PD27157
10.5.2 July 19, 2017

ENS 10.5.2 is currently not generally available, but is Released to Support.
To obtain the RTS build, contact Technical Support and quote this article number.
For contact details, see the Related Information section.
See KB51560 for detailed information on release cycles.
N/A Located in the Attachment section of this article
10.5.1 Hotfix 2 (HF2) - Repost N/A June 23, 2017 PD27121
10.5.1 Hotfix 1 (HF1) N/A May 16, 2017 PD27071
10.5.1  N/A March 30, 2017 PD26909 
10.5.0 N/A December 19, 2016 PD26802
10.2.1 N/A March 30, 2017 PD26908
10.2.0 Hotfix 1164434 (HF1164434) N/A November 7, 2016 PD26758
10.2.0 N/A August 11, 2016 PD26588
10.1.2 N/A September 7, 2016 PD26632
10.1.1 Hotfix 1132493 (HF1132493) N/A July 13, 2016 PD26589
10.1.1 N/A May 16, 2016 PD26448
10.1.0 Hotfix 1111757, 1112734
(HF1111757, HF1112734)
N/A January 15, 2016 PD26325
10.1.0 N/A December 16, 2015 PD26220
 
{GENRLS.EN_US}
 
Recent updates to this article
{GENSUB.EN_US}
 
Date Update
August 8, 2017 Added issue 1204316. Endpoint Security Threat Intelligence 10.2.3 is Released to World (RTW).
August 2, 2017 Added issue 1201666.
August 1, 2017 Added issues for the Endpoint Security 10.5.2 Profiler Tool. Endpoint Security Threat Intelligence 10.2.3 is Released to Support (RTS).
July 19, 2017 ENS 10.5.2 is Released to Support (RTS).
June 29, 2017 Added an issue that the ENS Threat Prevention Help topic "Deploy an Extra.DAT file to client systems from McAfee ePO Cloud" incorrectly appears in ePO Cloud. ePO Cloud does not support the deployment of Extra.DAT files.

 
Known Issues
 
CRITICAL:
 
Reference Number Related Article Found in ENS Version Resolved in ENS Version Issue Description
  KB89029 10.5.1 10.5.1 Hotfix 1 Issue: If Device Guard or Credential Guard is enabled on a Windows 10 Creators Update 64-bit system, you must ensure that Microsoft KB4016251 is installed on the system before you install McAfee products. For more information, see KB89029.

Due to an issue in Windows 10 Creators Update, if Microsoft KB4016251 is not installed and you install McAfee products, the system will show a blue screen error and will no longer be bootable. At this time there is no known workaround for this issue.

Resolution: The issue will not occur if you install ENS 10.5.1 with Hotfix 1 on the Windows 10 Creators Update system.
1186563   10.5.0 10.5.1 Issue: After updating the ENS Exploit Prevention content, some systems may not display new or updated content signatures in the Endpoint Security Threat Prevention - Exploit Prevention policy, or when using the standalone client.

Resolution: This issue is resolved in ENS 10.5.1.
1182777 KB88815 10.5.0 Microsoft fix available Issue: After installing ENS Threat Prevention, Windows Server 2012 or Windows Server 2012 R2 servers with Cluster Shared Volumes randomly show a blue screen error.

Workaround: The issue does not occur with Windows Server 2016.

Resolution: There is a Microsoft release that resolves this issue, which is described in the March 2017 rollup: https://support.microsoft.com/en-us/help/4012219/march-2017-preview-of-monthly-quality-rollup-for-windows-8-1-and-windows-server-2012-r2. See the related article for more information.
1176129   10.5.0 10.5.1 Issue: The firewall is unable to communicate with the Global Threat Intelligence (GTI) server through a proxy.

Resolution: This issue is resolved in ENS 10.5.1.
1172948
1173107
  10.5.0 10.5.1 Issue: The firewall blocks all traffic if the Global Threat Intelligence (GTI) server is unavailable.

Resolution: This issue is resolved in ENS 10.5.1. Traffic will no longer be blocked if ENS is unable to access the GTI server.
1154397   10.2.0 10.2.1 Issue: The ENS 10.2.0 Firewall rule policy McAfee Default rule named Allow SMB over TCP has both the local and remote port set to 445.

Workaround: Edit the Firewall rules to: Allow incoming Local port=445, remote port=Any and Allow outgoing Remote port=445, local port=Any.

Resolution: This issue is resolved in ENS 10.2.1.
1153407 KB87658 10.2.0,
10.1.2,
10.1.1
Host IPS 8.0 Patch 8 Hotfix 1153407 or Host IPS 8.0 Patch 8 Issue: When you install any McAfee product that includes Syscore 15.5 (such as Endpoint Security 10.2.0, 10.1.2, or 10.1.1), it breaks the trust in Host Intrusion Prevention (Host IPS) 8.0 Patches 5 - 7.

Workaround: To avoid the issue, upgrade to Host IPS 8.0 Patch 8 before installing ENS 10.2.0, 10.1.2, or 10.1.1. See the related article for more information.
1148753   10.2.0 As Designed Issue: The ENS 10.2 services stop after a McAfee Agent upgrade in the presence of Threat Intelligence Exchange (TIE) client 10.1.

Resolution: This is as designed. To avoid the issue:
  • Upgrade to ENS 10.2 first without upgrading McAfee Agent and then upgrade McAfee Agent and any other point products.
  • Uninstall TIE client 10.1, install McAfee Agent and any other point products, and then re-install TIE client 10.1.
1148210   10.2.0 As Designed Issue: An upgrade from ENS 10.1 to ENS 10.2 hangs at 24% in the presence of TIE client 10.1.

Resolution: This is as designed. To avoid the issue:
  • Upgrade to ENS 10.2 first without upgrading McAfee Agent and then upgrade McAfee Agent and any other point products.
  • Uninstall TIE client 10.1, install McAfee Agent and any other point products, and then re-install TIE client 10.1.
1137951 KB87411 10.1.1 10.1.2 Issue: Using Microsoft App-V applications causes a blue screen error with BugCheck 24 on clients with ENS Threat Prevention installed.

Resolution: This issue is resolved in ENS 10.1.2. See the related article for more information.
1129582 KB88161 10.1.1 10.5.0 Issue: A system with ENS Threat Prevention installed experiences a system crash (blue screen) reporting BugCheck 8e in mfencbdc!FreeOpenFileAllocations. This issue has occurred infrequently on systems with Windows Server 2008 R2.

Resolution: This issue is resolved in ENS 10.5.0. See the related article for more information.
1163246   10.1.0   Issue: The ENS 10.x events are not uploaded by McAfee Agent 5.0.2.132.

Workaround: Use McAfee Agent 5.0.2.333 or later.
1141083
1132493
KB87281 10.1.0 10.1.2 / 10.2.0 Issue: Systems with McAfee products that use Syscore (such as ENS 10.1.x and VirusScan Enterprise 8.8 Patch 7) hang at startup.

Workaround: Disable Prefetch startup options. See the related article for more information.

Resolution: This issue is resolved in ENS 10.1.2 and ENS 10.2.0.
    10.1.0 McAfee Agent 5.0.3 Hotfix 1131329 Issue: System startup is slow and performance is poor after a restart.

Resolution: This issue is resolved in McAfee Agent 5.0.3 Hotfix 1131329.
1120808 KB86857 10.1.0 10.1.1 Issue: A random blue screen error occurs with either Bugcheck 7E or Bugcheck 3B in the crash dump.

Resolution: This issue is resolved in ENS 10.1.1. See the related article for more information.
 
Non-critical:
 
Reference Number Related Article Found
in ENS Version
Resolved in ENS Version Issue Description
Issues found in ENS 10.5.2
    10.5.2   Issue: When you install the Endpoint Security 10.5.2 Profiler Tool (currently Released to Support), you need to create an exclusion for mcprofiler.exe in the Endpoint Security Common policy, Show Advanced, Self Protection, Exclude these processes.
    10.5.2   Issue: After installing the Endpoint Security 10.5.2 Profiler Tool (currently Released to Support), you need to restart the system to get data.
Issues found in ENS 10.5.1
  KB89510 10.5.1 Hotfix 2 As Designed Issue: After you install an ENS patch or hotfix that upgrades AMCore, the AMCore scanner fails to initialize. On-Access Scanning and On-Demand Scanning do not work if the AMCore scanner does not initialize.

Resolution: This is as designed. Any time an ENS patch or hotfix upgrades AMCore, it is mandatory to update to current AMContent for the AMCore scanner to initialize. See the related article for more information.
  KB89509 10.5.1 Hotfix 2   Issue: After installation of ENS 10.5.1 Hotfix 2, the following issues can occur:
  • The AMCore content version is reported as .5. After the hotfix installation, a content update will run and download new content.
  • If the ENS 10.5.1 package and the ENS 10.5.1 Hotfix 2 package are in the same branch of the Master Repository, the ENS 10.5.1 package is downloaded to the end node at each McAfee Agent agent-to-server communication interval (ASCI).
Resolution: The new version of AMCore with ENS 10.5.1 Hotfix 2 requires AMContent 3004 or higher (released June 7, 2017). Also, ENS 10.5.1 and ENS 10.5.1 Hotfix 2 cannot be in the same branch of the ePolicy Orchestrator Master Repository. See the related article for more information.
  KB89534 10.5.1 Hotfix 2   Issue: An AMCore content update fails if you check in ENS hotfix packages to a different branch than Current in the ePolicy Orchestrator Master Repository.

Resolution: The next scheduled content update task from ePolicy Orchestrator will resolve the issue. To avoid this issue, ensure there is a copy of AMCore content in both of the branches.
  KB89469 10.5.1 Hotfix 1   Issue: An upgrade from ENS 10.5.0 to ENS 10.5.1 fails if ENS 10.5.1 Hotfix 1/Hotfix 2 is in the same branch of the ePolicy Orchestrator Master Repository.

Resolution: ENS 10.5.1 and ENS 10.5.1 Hotfix 1/Hotfix 2 cannot be in the same branch of the ePolicy Orchestrator Master Repository. See the related article for more information.
1201666   10.5.1   Issue: A Potentially Unwanted Program exclusion by detection name is not applied to detections through the scan email attachments feature.

Resolution: Disable the scan email attachments feature if you see too many detections. McAfee is investigating having exclusions by detection apply to scanning email attachments.
    10.5.1   Issue: The ENS Threat Prevention Help topic "Deploy an Extra.DAT file to client systems from McAfee ePO Cloud" incorrectly appears in ePO Cloud. ePO Cloud does not support the deployment of Extra.DAT files.

Resolution: This Help topic will be removed in the next major release of Endpoint Security.
    10.5.1   Issue: ENS 10.5.1 does not include Help for the Exploit Prevention Events page under Reporting.

Workaround: This feature is described in the Endpoint Security 10.5.1 Release Notes.

Resolution: This Help will be available in the next major release of Endpoint Security.
1185352   10.5.1   Issue: If McAfee Client Proxy is uninstalled and re-installed on a system with ENS 10.5.1, and "Disable if McAfee Client Proxy is detected" is enabled in the Web Control Options policy, "Disable if McAfee Client Proxy is detected" is not honored unless it is disabled and re-enabled.

Workaround: Disable "Disable if McAfee Client Proxy is detected" in the Web Control Options policy, and check the new policies. Then, re-enable "Disable if McAfee Client Proxy is detected" in the Web Control Options policy, and again check the new policies.
1184551   10.5.1   Issue: AMCore content is not retained on client systems after upgrading to ENS 10.5.1.
1184531   10.5.1   Issue: The Threat Prevention status is shown as unknown on Windows 10 Creators Update systems. This is due to a change in the Windows API behavior that causes the AMCore driver installer to misinterpret one of the installer components as untrusted. This is a random failure and will not be encountered on all the Windows 10 Creators Update systems. As a result, the Threat Prevention module may not be fully functional because a restart is needed for the driver upgrade to complete.

Workaround: Perform one of the following:
  • Restart the system to allow the new drivers to load successfully.
  • Install ENS 10.2.0 Hotfix 1164434 before upgrading to ENS 10.5.x.
  • Upgrade to ENS 10.2.1 before upgrading to ENS 10.5.x.
1183560   10.5.1   Issue: The RESTORE operation for registry-related Access Protection subrules is not working as expected when it is the only operation enabled on the Access Protection subrule.

Workaround: Enable REPLACE, DELETE, and WRITE operations along with the RESTORE operation when defining a Registry Key or Registry Value Access Protection subrules.
1182718   10.5.1 10.5.1 Hotfix 2 Issue: On-Demand Scan "files scanned" may not increment in the On-Demand Scan activity log, nor does "items scanned" increment in the On-Demand Scan pop-up dialog box, for files that are not detected as malware.

Resolution: This issue is resolved in ENS 10.5.1 Hotfix 2.
1182362   10.5.1   Issue: Email annotations do not appear in messages opened with Outlook 2016. Email annotations appear only in the preview pane.
1180401   10.5.1   Issue: ENS installation fails when any injector software containing an unsigned DLL tries to hook or inject into any McAfee process.

Workaround: Perform one of the following:
  • Get the unsigned DLL certified or signed from the software vendor.
  • Remove the software and then install ENS.
1180078   10.5.1   Issue: If the end-user selects more than 1000 files and performs a right-click On-Demand Scan on the selection, only 1000 of the files will be scanned.

Workaround: When performing a right-click On-Demand Scan of more than 1000 items, select the parent folder instead of the files within it.
1179148   10.5.1   Issue: The Access Protection rule "Changing any file extension registrations" is not effective at preventing changing file extension registrations.
1179065   10.5.1   Issue: A blue screen error occurs after restarting a system when ENS is installed with various McAfee products (such as VirusScan Enterprise, Host Intrusion Prevention, Data Loss Prevention, and Drive Encryption) along with File and Removable Media Protection (FRP).

Cause: The kernel is running out of stack space during a file operation due to having more than the usual amount of filters on the file stack. This causes a CPU double fault and the blue screen error. FRP currently uses the minimum kernel stack required for a call, which is 4K.

Workaround: Increase this stack size as suggested below:
  1. Start the system in Windows Safe Mode.
  2. Navigate to the registry location HKLM/System/CurrentControlSet/Services/mfeeeff.
  3. Create a new DWORD value here with the name MinKernelStack and set it to 16384.
1175803   10.5.1   Issue: The "AMCore Content Compliance Days" property stays empty in all situations, for both Compliant and Non-Compliant content.

Resolution: The "AMCore Content Date" property was added to Queries, making the "AMCore Content Compliance Days" property obsolete.
1173540   10.5.1   Issue: The following migration issues occur when the ENS Firewall extension is not installed:
  • Manual migration does not allow you to migrate VirusScan Enterprise Access Protection and Buffer Overflow Protection policies, and Host Intrusion Prevention IPS polices, to ENS Threat Prevention policies.
  • Auto migration does not migrate trusted applications for IPS to the Access Protection policy as global exclusions.
  • The policy naming convention is different. The policy is named "Migrated VSE Policy-n" rather than "Merged Policy -n".
Workaround: Install the ENS Firewall extension even though you do not use the Host Intrusion Prevention firewall features.
Issues found in ENS 10.5.0
1185275 KB88867 10.5.0 10.2.1 / 10.5.1 Issue: On a system with ENS installed, ePolicy Orchestrator shows the ENS modules as not being installed.

Resolution: This issue is resolved in ENS 10.2.1 and ENS 10.5.1. See the related article for more information.
1183713   10.5.0 10.5.1 Hotfix 2 Issue: There is high CPU usage by mfetp.exe during policy enforcement when ENS writes On-Access Scan exclusions into the registry.

Workaround: Limit the number of On-Access Scan exclusions in the policy.

Resolution: This issue is resolved in ENS 10.5.1 Hotfix 2.
1182181 KB88866 10.5.0 10.5.1 Issue: In ePolicy Orchestrator when the total number of characters in the path for the On-Access Scan exclusions plus the internal separators exceeds 5000, the policy will not enforce on the end node.

Resolution: This issue is resolved in ENS 10.5.1. See the related article for more information.
  KB88797 10.5.0 10.5.1 Issue: ENS Web Control does not work in Firefox 51.

Resolution: This issue is resolved in ENS 10.5.1. See the related article for more information.
1180296 KB87096 10.5.0 As Designed Issue: Installation of ENS fails. The installation logs contain error code 0x80096005 and/or -2146869243.

Cause: The required trusted root certificates were not added during installation.

Resolution: This is as designed. Address the issue preventing the automatic update of root certificates, or import the required root certificates. See the related article for more information.
1173731 KB88791 10.5.0 10.5.1 Issue: In ePolicy Orchestrator modifying one ENS Threat Prevention Exploit Prevention policy results in the same changes being made in other Exploit Prevention policies. The issue occurs only after upgrading the ENS Threat Prevention extension from ENS 10.1.x/10.2.x to ENS 10.5.0 and for the Exploit Prevention policies that were created in ENS 10.1.x/10.2.x.

Workaround: Follow the steps below after the upgrade to ENS 10.5.0 and before modifying any Exploit Prevention policy.
  1. Make a copy of each Exploit Prevention policy by duplicating the policies in ePolicy Orchestrator.
  2. Make any changes to the new duplicated policies. These changes will not modify other policies.
Resolution: This issue is resolved in ENS 10.5.1. See the related article for more information.
1173342   10.5.0 10.5.1 Issue: In the Exploit Prevention policy, after editing a McAfee Defined App Prot Rule with a name that has more than one word, the name is cut off leaving only the first word in the name.

Resolution: This issue is resolved in ENS 10.5.1.
1172855   10.5.0 10.5.1 Issue: Automatic Migration fails for edited VirusScan Enterprise My Default Policies for On-Demand Scan when the Both Workstation and Server settings migration option is selected. After the Automatic Migration "MyDefault 2" policies are created twice, one each for workstation and server specific policies. This subsequently causes the policy migration to Threat Prevention to fail.

Workaround: In the policy preview page, manually rename the Threat Prevention On-Demand Scan policy that has the duplicate name to a unique name.

Resolution: This issue is resolved in ENS 10.5.1.
1172735   10.5.0   Issue: An upgrade from ENS 10.2 to ENS 10.5 through ePolicy Orchestrator using the "Run Task Now" option times out, leaving some components of ENS in their 10.2 state. This issue is most likely to occur if you install multiple products one after the other and do not restart between installations.

Workaround: Restart the system before installing ENS 10.5.
1171976   10.5.0 10.5.1 Issue: When you upgrade an endpoint with ENS 10.5 installed from Windows 7 x64 to Windows 10 x64, Exploit Prevention fails to initialize and remains disabled.

Cause: The issue is caused by a race condition between mfetp and the VSCore driver, ESP, or MA Service during the installation flow. This race condition leaves the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\
mfeepmpk\Enum set to 1 by mistake, indicating a failure during initialization. The end result is that Exploit Prevention remains disabled and cannot be initialized.

Workaround: Perform the following steps to avoid the issue:
  1. Before starting the Windows 10 upgrade process, disable ENS Self Protection.
  2. Press Windows+R, type regedit, and click OK.
  3. Navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
    \mfeepmpk\Enum
  4. Set INITSTARTFAILED to 0.
  5. Enable ENS Self Protection.
  6. Start the Windows 10 upgrade process.

Resolution: This issue is resolved in ENS 10.5.1.
1170938   10.5.0 10.5.1 Issue: When Web Control interlock Disable if a web gateway appliance is detected is enabled with more than one detect gateway option (organization default gateway, web gateway enforcement, or internal landmark) selected, Web Control fails to stand down when any one of the selected detect gateway conditions fails to match.

Workaround: Do not select multiple detect gateway options, select one of the options that best suits the environment.

Resolution: This issue is resolved in ENS 10.5.1.
1184610   10.5.0   Issue: Services protection does not block some services from starting. This issue has been reported with the Security Center Service and Bluetooth Support Service.
1167969   10.5.0   Issue: Services protection has the following limitations (that also exist in Host Intrusion Prevention):
  • User and executable parameters are not distinguished, so these are not valid parameters, although they are available in the UI.
  • Services protection is valid up to Windows 8.0; later releases are not supported.
  • The enable/disable hardware profile operation is not supported.
1165590   10.5.0   Issue: When a client receives an ENS 10.1 policy, Exploit Prevention shows a message saying that it is not enabled due to Host Intrusion Prevention being installed, even though Host Intrusion Prevention is not enabled. Exploit Prevention works fine irrespective of the message.

Workaround: Modify the ENS 10.1 policy for the ENS 10.5 extension to properly save it using the ENS 10.5 policy format.
1165257   10.5.0 As Designed Issue: A user can continue to change settings after a time-based password has expired if the console to the settings is still open before the password expires. The next policy enforcement will override the changed settings.

Resolution: This is as designed.
1164824   10.5.0   Issue: If you edit the block or report settings for an Exploit Prevention signature, the client UI may display that signature at the bottom of the list of signatures, even though the list is sorted numerically otherwise.

Workaround: In the client UI, scroll to the bottom of the list of Exploit Prevention signatures to find signatures whose block or report settings have been modified from their default value.
1163884   10.5.0 As Designed Issue: After disabling the firewall timed groups, time ticking should be paused when the firewall is disabled and start from the point in time when the firewall is re-enabled. Even though timed groups are enabled, they should not be functional because the firewall is disabled.

Resolution: This is as designed. When the firewall is re-enabled, re-enable the timed group and change its running time in the policy. To stop the timed group, use the Disable Firewall Timed Group option in the McTray Quick Settings.
1164347   10.5.0 10.5.1 Issue: In the Host Intrusion Prevention catalog network, if you add an IP address with a fully qualified domain name without a dot (for example, google), after migration to the ENS Catalog, an unexpected error displays if you try to open the migrated catalog in ENS.

Workaround: Before migration delete all networks in the Host Intrusion Prevention catalog without a dot.

Resolution: This issue is resolved in ENS 10.5.1.
1164345   10.5.0 10.5.1 Issue: An exception error displays when you open an ENS firewall rule for editing in the Rules policy migrated from Host Intrusion Prevention and the same rule from the same Host Intrusion Prevention Rule policy is open in another tab.

Workaround: To compare the migrated Host Intrusion Prevention rule and the original Host Intrusion Prevention rule, use the rule summary or open rules in different browsers.

Resolution: This issue is resolved in ENS 10.5.1.
1163245   10.5.0   Issue: When ENS is installed it creates the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\RealProtect" for the Real Protect component. Uninstallation of ENS does not delete this registry key. This registry key is a subkey of "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee" so it does not interfere with any other products.

Workaround: Manually delete the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\RealProtect".
1162890   10.5.0   Issue: Boot times for some systems may be longer after installing ENS 10.5.0.

Resolution: The issue will be investigated and addressed in a future patch or hotfix with high importance.
1162830   10.5.0 As Designed Issue: When Web Control is installed on an operating system that has Internet Explorer (IE) 11 with the Enhanced Protected Mode setting enabled, it fails to block malicious sites and file downloads. Web Control is not compatible with IE Enhanced Protected Mode.

Resolution: This is as designed. Disable Enable Enhanced Protected Mode in IE at Tools, Internet options, Advanced, Security. Alternatively, you can disable it at the zone level at Tools, Internet options, Security, Security level for this zone.
1158502   10.5.0   Issue: If you create a scan task containing the scan location of Registry using the ENS 10.5 extension, and assign it to an ENS 10.2 client, the Registry item appears in scan tasks even though it is not supported. There is no adverse behavior if the scan task runs on an ENS 10.2 client. The task runs, but does not scan anything for that scan location.
1157387   10.5.0 As Designed Issue: After you install ENS, enable Disable if McAfee Client Proxy is detected in the Options policy of Web Control, enforce the policy, and then install McAfee Client Proxy, Web Control is not disabled immediately after the installation of McAfee Client Proxy.

Resolution: This is as designed. Use either of the following workarounds:
  • Wait for about 5 minutes, and Web Control will get disabled.
  • Change any Web Control policy and enforce the new policy, and Web Control will get disabled.
1154452   10.5.0   Issue: When you select a sub System Tree ENS migration, select some groups, click Actions, choose columns, and save, the selection of groups is reset.
1151514   10.5.0   Issue: Block and Report settings of the Exploit Prevention policy are not set when the Host Intrusion Prevention Rules Policy is not edited, but the IPS Protection policy is changed. When the Host Intrusion Prevention Rules Policy is not edited, but the IPS Protection policy is changed with the Reaction as either Log or Ignore, the Migration Assistant does not migrate Host Intrusion Prevention Rules. The ENS settings are set to the default behavior.

Workaround: This is a very unlikely scenario where the Host Intrusion Prevention Rules policy is not edited and the dependent IPS Protection policy is modified to a lower Reaction for high severity signatures. Even though this configuration would have been made by mistake, ENS defaults to correct the behavior with setting the Block setting.
    10.5.0   Issue: Code compiling programs like Cygwin can take longer to build projects with out-of-box configurations of ENS 10.5.0.

Resolution: The issue will be investigated and addressed in a future patch or hotfix with high importance.
Issues found in ENS 10.2.1
1204316   10.2.1   Issue: An AMCore content update succeeded, but the AMCore content version is not shown in the ENS Console or ePolicy Orchestrator. The correct AMCore content version is shown in the registry key [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVSolution\DS\DS]. The ThreatPrevention_Debug.log shows the following error:
 
07/13/2017 11:22:36.916 AM    mfetp(4472.4508) <SYSTEM> AvContentMgr.AVCMGR.Error: Failed to load container: Failed to load xml document, 0x00000001
1186400 KB89023 10.2.1   Issue: If ENS Threat Prevention Exploit Prevention is enabled, the dllhost.exe process will generate a crash dump after performing a Cortana search on a Windows 10 Creators Update system. The issue occurs when Exploit Prevention fails to inject into the dllhost.exe process, causing the process to not load and generate a crash dump.

Workaround: Add a global Exploit Prevention exclusion for the dllhost.exe process. The exclusion stops injection from being performed on the dllhost.exe process, and crash dumps will not be generated. See the related article for more information.
1077660   10.2.1   Issue: If a McAfee Agent update task is configured to show the update progress window, and the end-user is allowed to postpone the task, the "Update in Progress" window may appear for a short time even though the update is not actually occurring. If the end-user postpones the task, an "Update finished" window may appear, even though the update did not occur.
Issues found in ENS 10.2.0
1181041 KB88793 10.2.0 10.5.1 Hotfix 1 Issue: A Location Aware Group (LAG) with a local network and with connection isolation enabled is blocking traffic by isolation. The issue occurs when the address specified in the local network of the LAG does not match an active network adapter on the machine.

Workaround: Reconfigure the LAG without using a local network as a location criteria; use other location criteria that will be suitable in the environment.

Resolution: This issue is resolved in ENS 10.5.1 Hotfix 1. See the related article for more information.
1179636 KB88568 10.2.0   Issue: A scan exclusion configured for multiple mount points does not work.

Workaround: Configure the scan exclusion using the full path for the mount point. See the related article for more information.
1177881
1175503
  10.2.0 10.2.2 / 10.5.1 Issue: Clients are not sending metadata (such as file names) to the Threat Intelligence Exchange server when the option Allow the Threat Intelligence Exchange sever to collect anonymous diagnostic and usage data is disabled.

Resolution: This issue is resolved in Endpoint Security Threat Intelligence 10.2.2 and ENS 10.5.1. The option Allow the Threat Intelligence Exchange sever to collect anonymous diagnostic and usage data now applies only to optional statistics collection by clients. Metadata will be sent to the Threat Intelligence Exchange server.
1172168 KB88198 10.2.0 10.2.1 / 10.5.1 Issue: When ENS Web Control enforces an action in the browser, an enforcement message is displayed in the browser. The enforcement message that appears is blank even though the policy for the enforcement message has text. See the related article for more information.

Workaround: Remove any carriage returns from the enforcement message. Use HTML code for paragraph or break to make line spaces in the enforcement message.

Resolution: This issue is resolved in ENS 10.2.1 and ENS 10.5.1. See the related article for more information.
1169191 KB88312 10.2.0.179 10.2.1 Issue: The migration task fails when attempting to migrate policies from VirusScan Enterprise to ENS if using Endpoint Migration Assistant 10.2.0.179. The orion log of the ePolicy Orchestrator server contains the following error:
 
ERROR [scheduler-TaskQueueEngine-thread-2] service.ScheduledTaskManagerImpl  - execution of task Endpoint Security Migration failed
com.mcafee.orion.core.cmd.CommandException: String index out of range: -10
 
Resolution: This issue is resolved in Endpoint Migration Assistant 10.2.1. See the related article for more information.
1162713   10.2.0 10.5.0 / 10.2.1 Issue: After upgrading to or installing ENS 10.2.0 on a system, the AMCore content definitions do not always update.

Resolution: This issue is resolved in ENS 10.5.0 and ENS 10.2.1.
1155117   10.2.0   Issue: You cannot create a Threat Prevention Access Protection custom rule to include/exclude files that have no extension. ENS does not allow the administrator to distinguish between a file or folder when creating Threat Prevention Access Protection custom rules. This prevents the creation of custom rules that include/exclude files that have no extension.
1149046   10.2.0 As Designed Issue: ENS does not disable Windows Defender on Windows Server 2016. Microsoft has deprecated the Windows API to enable/disable Windows Defender in Windows Server 2016. This could lead to performance issues, but this has not been confirmed. The best practice is to run a single real-time anti-virus solution.

Resolution: This is as designed. Manually disable Windows Defender using PowerShell:
 
Set-MpPreference -DisableRealtimeMonitoring $true
 
For more information about PowerShell cmdlets, see https://technet.microsoft.com/en-us/library/dn433280.aspx?f=255&MSPPError=-2147217396.
1148888   10.2.0 10.5.1 Issue: Packages created using ENS Package Designer do not honor the license type, causing the ePolicy Orchestrator server to always display the package as Licensed. This does not impact the licensed Released To World (RTW) packages being customized. It impacts only the ENS evaluation builds when used to create custom packages. There is no functional impact on the client. The client About dialog box will still display it as Trial only. Only the ePolicy Orchestrator Master Repository displays as Licensed for trial packages.

Resolution: This issue is resolved in ENS 10.5.1.
1148403   10.2.0   Issue: If you upgrade the Threat Prevention extension version, the ENS client UI might fail to display Exploit Prevention exclusions, indicate erroneous validation errors, and generate errors in EndpointSecurityPlatform_Errors.log such as the following:
 
Failed to retrieve GPEP setting for Exploit Prevention.

Failed to enforce Exploit Prevention policies.
 
Workaround: To resolve this issue, edit and save the assigned Exploit Prevention policy, and send an agent wake-up call to the affected systems.
1147465   10.2.0   Issue: There is no option to set a warn action, to display a warning page to the end user to either continue or cancel the navigation of a website, for a website rated with a specific Web Category present in the Content Actions policy. Only allow or block actions are available to configure for any website rated with a specific Web Category.
1147423   10.2.0 10.5.0 Issue: When using the EPSetup standalone installer for ENS upgrades with the command line switch ADDLOCAL="tp,fw,wc", the AMCore content is not immediately updated after the upgrade. The AMCore content is updated only when the next scheduled update happens for unmanaged systems.

Cause: When Threat Prevention gets upgraded first, the Threat Prevention installer triggers a content update; however, the subsequent Firewall upgrade blocks it.

NOTE: The issue is not applicable in the following scenarios:
  • Managed systems do not have this issue because the content update mechanism does not rely on the installer triggering a content update.
  • The issue will not occur if you perform the upgrade using the EPSetup standalone GUI because Firewall always gets upgraded before Threat Prevention.
Workaround: If you already encountered this issue, manually run a content update using the ENS client UI to get the latest content.

Resolution: This issue is resolved in ENS 10.5.0, which uses the switch ADDLOCAL="fw,tp,wc" to install Firewall before Threat Prevention.
1145529   10.2.0 10.5.0 Issue: An executable is blocked although it has been marked as safe by Advanced Threat Defense (ATD) on some endpoints. TIE content does not honor the reputation set by ATD while computing local reputations, and therefore fails to identify the file as safe.

Workaround: Manually mark these files as trusted manually on the ePolicy Orchestrator server using the same reputation provided by ATD so that TIE content on the client can consider this override and allow execution.

Resolution: This issue is resolved in ENS 10.5.0.
1145375 KB87493 10.2.0 10.5.0 Issue: UNC paths for network location are not supported when you use ePolicy Orchestrator to manage ENS Access Protection policies.

Workaround: To exclude or protect executables on a UNC network share, enter the path name in the form **\ instead of \\. See the related article for more information.

Resolution: This issue is resolved in ENS 10.5.0.
1144915   10.2.0   Issue: After uninstalling all of the ENS modules, the Common module (Endpoint Security Platform) uninstallation is automatically started. Sometimes the user interface for this uninstallation is minimized, which can make it more difficult for a user to tell when this uninstallation is occurring.

Cause: The Endpoint Security Platform is a support module that is required for the ENS protection modules to function. When all other modules are uninstalled, the Endpoint Security Platform module is automatically removed. However, Windows will sometimes start this process in a minimized mode or show the window behind the other windows on the screen. If the user does not know that this uninstallation is happening, they could inadvertently restart the system in the middle of that uninstallation.

Workaround: Before uninstalling ENS products, ensure that any work being done is saved, and close running desktop programs. The user will likely be able to see that the Endpoint Security Platform uninstallation is occurring.
1139050 KB87511 10.2.0 10.5.1 Issue: After upgrading ENS, permission set data is not retained accurately for the Firewall extension if it had two categories (Endpoint Security Firewall Catalog and Client and Endpoint Security Firewall) of permissions sets before the upgrade.

Workaround: Run the SQL script attached in the related article on the ePolicy Orchestrator server after upgrading ENS to restore the Firewall extension permission set data.

Resolution: This issue is resolved in ENS 10.5.1. See the related article for more information.
1137347   10.2.0   Issue: Upgrading the TIE for VirusScan Enterprise extension to TIE for Endpoint Security did not update the event descriptions. The upgraded extension is still able to manage clients with Threat Intelligence Exchange for VirusScan Enterprise.
1137118   10.2.0   Issue: During upgrade from a previous version of ENS, when Save my settings if upgrading is deselected, the user provided Access Protection exclusions remain on the system.

Workaround: Remove unwanted Access Protection exclusions using the ENS Console prior to upgrading to the latest version of ENS.
1137117   10.2.0   Issue: During upgrade from a previous version of ENS, when Save my settings if upgrading is deselected, the user provided Exploit Prevention exclusions partially remain on the system.

Workaround: Remove unwanted Exploit Prevention exclusions using the ENS Console prior to upgrading to the latest version of ENS.
1136609   10.2.0 10.5.0 Issue: The TIE client activity logs of ENS modules are partially localized.

Resolution: This issue is resolved in ENS 10.5.0.
1136521   10.2.0 10.5.0 Issue: The Publisher for the following ENS add-ons displays as Not Verified in Internet Explorer:
  • McAfee Endpoint Security Web Control(Toolbar)
  • McAfee Endpoint Security ScripScan
  • McAfee Endpoint Security Web Control(BHO)
Cause: Microsoft has released an SHA-1 code sign deprecation change in Internet Explorer. Any browser extension signed with an SHA-1 certificate displays as Not Verified.

Workaround: You can safely ignore this because ENS will still function in Internet Explorer.

Resolution: This issue is resolved in ENS 10.5.0, which is signed by an SHA-2 certificate.
1135682   10.2.0 10.5.0 Issue: ENS does not support 64-bit Firefox.

Resolution: This issue is resolved in ENS 10.5.0.
1134953   10.2.0 As Designed Issue: If using Firefox, when Web Control blocks the download of a malicious file, a zero byte file is left in the folder in which the file was getting downloaded.

Resolution: This is as designed. Use a different browser such as Internet Explorer or Chrome.
1132923   10.2.0 As Designed Issue: When you select the IPS Rules policy for migration, the IPS Protection policy category lists all policies from the policy catalog including McAfee defined and unmodified My Default policies.

Resolution: This is as designed.
1132889   10.2.0 10.5.1 Issue: IP addresses in CIDR format are not supported in private IP address exclusions in the Options policy.

Workaround: Use a supported format in private IP address exclusions: IP address range (at each octet level), IPv4, and IPv6 formats in comma separated values.

Resolution: This issue is resolved in ENS 10.5.1.
1132406   10.2.0   Issue: SiteAdvisor Enterprise policies named Typical Corporate Environment do not get migrated in a manual migration or one-to-one auto migration. Typical Corporate Environment is a default policy name for a few products that do not get migrated. The Migration Assistant does not migrate policies with this name for any products.

Workaround: Rename the SiteAdvisor Enterprise policy from Typical Corporate Environment to any other name and then perform the migration.
1132404   10.2.0   Issue: Manual migration is allowed to proceed when only the IPS protection policy is selected.
1132321   10.2.0 10.5.0 Issue: When a trusted signed file reputation is overridden to a lower trust level that is set to block, the file is still allowed to run. The reason for this is that certificate trust takes precedence over file reputation, and therefore the file reputation change does not have an impact for a trusted certificate.

Resolution: This issue is resolved in ENS 10.5.0.
1132212   10.2.0   Issue: Auto-migrated Threat Prevention Access Protection and XP policies do not include the IPS Protection policy in their notes section.
1131595   10.2.0   Issue: Executable notes from Host Intrusion Prevention Exceptions do not migrate to the Exploit Prevention executable notes section.
1129727   10.2.0   Issue: If a Host Intrusion Prevention file/reg/program rule exception contains multiple parameter types (for example, user name and executable), the exception applies when all parameters are true. After migration to an ENS Access Protection rule, the exception applies when any of the parameters are true.

Workaround: In ENS create one rule per parameter type.
1129484   10.2.0 10.5.1 Issue: When using the Web Gateway Interlock feature in Web Control, if you use the option Specify internal landmark to use from the Web Control ePolicy Orchestrator extension, you cannot specify IPv6 addresses and DNS names that resolve only to IPv6 addresses in the corresponding input fields.

Workaround: Use IPv4 addresses and DNS names that resolve to IPv4 addresses.

Resolution: This issue is resolved in ENS 10.5.1.
1112780   10.2.0 10.5.0 Issue: After migrating from VirusScan Enterprise to ENS, the following errors display in the McAfee_TP_Migration_Plugin.log even though the settings were migrated successfully:
 
15/12/2015 19:07:45.04 [preserve] Failed to set properties for business object OAS, BLError = 2b
15/12/2015 19:07:45.19 [preserve] Code = c031002b, Description: OAS SetProperties failed
15/12/2015 19:07:45.19 [preserve] EnforceSettings: Failed to Apply XML Settings. XML File name C:\ProgramData\McAfee\Endpoint Security\McAfeeSettingsBackup\McAfee VirusScan Enterprise\VSE_OASSettings.xml
 
Resolution: These errors are erroneous and you can safely ignore them. These errors are removed in ENS 10.5.0.
1127750   10.2.0 10.5.0 Issue: When the TIE client submits a sample file to ATD server for analysis, the file name appears as the MD5 hash instead of the file name on the ATD server portal. The ePolicy Orchestrator server displays the file name properly. To correlate the file name from the ePolicy Orchestrator server to the ATD server, use the MD5 hash if the file name consists of CJK (Chinese, Japanese, and Korean) multi-byte characters.

Resolution: This issue is resolved in ENS 10.5.0.
1127732   10.2.0 As Designed Issue: The TIE client sends only TIER 1 requests for known trusted files signed by a certificate.

Resolution: This is as designed.
1127002   10.2.0 10.5.0 Issue: The Enable WC/Disable WC menu options are always grayed out in Firefox.

Resolution: These options are removed starting in ENS 10.5.0. Enable/disable Web Control in the client UI instead of Firefox.
1120973   10.2.0 As Designed Issue: When you perform a Secure Search from the search bar, it does not automatically use the configured Secure Search engine.

Resolution: This is as designed. Manually set McAfee Secure Search as the default search provider.
1114141   10.2.0 ePO 5.9.0 Issue: After creating an On-Demand Scan task and clicking View Selected Task, the buttons Add, Save, and Cancel erroneously display.

Resolution: This issue is resolved in ePolicy Orchestrator 5.9.0.
1097395   10.2.0   Issue: The Action Taken properties from "Contains pattern" values in the Threat Event Log show IDS strings.
1093254   10.2.0 10.5.0 Issue: When clicking the View in Event Log option for a file quarantined by TIE, the event entry in the Event Log does not display.

Workaround: To view a specific TIE event, use the filters and search criteria on the Events Log window.

Resolution: This issue is resolved in ENS 10.5.0.
Issues found in ENS 10.1.2
1172690   10.1.2 10.2.2 Issue: A file with a Threat Intelligence Exchange reputation of "Known Malicious" is not blocked on subsequent attempts to execute the file due to duplicate RuleId GUIDs for Arbitrary Access Control. This issue can occur any time the action is to block or clean.

Resolution: This issue is resolved in Endpoint Security Threat Intelligence 10.2.2.
1160532 KB88039 10.1.2 10.5.0 Issue: The Web Control module fails to install when other ENS modules successfully install. The registration of the COM components of Web Control fails with an access denied error.

Resolution: This issue is resolved in ENS 10.5.0. See the related article for more information.
Issues found in ENS 10.1.1
1163212 KB88061 10.1.1 Entrust hotfix available Issue: There are compatibility issues with ENS and Entrust 9.3, including the following:
  • Performance issues
  • After installation of ENS on a system with Entrust 9.3, the system will not start after a restart.
Resolution: Contact Entrust to obtain a hotfix and quote Entrust reference number ref:_00D301H7DR._5001412ZkNK:ref. The hotfix is available only through Entrust support. See the related article for more information.
1156735
1140210
KB87755 10.1.1 10.2.0 Hotfix 1164434 / 10.2.1 / 10.5.0 Issue: Performance is slow when accessing a file on a network share.

Resolution: This issue is resolved in ENS Platform 10.2.0 Hotfix 1164434, ENS 10.2.1, and ENS 10.5.0. See the related article for more information.
1156051 KB87863 10.1.1 10.2.0 Hotfix 1164434 / 10.2.1 / 10.5.0 Issue: ENS Web Control add-ons can take longer than .2 seconds to load, causing Internet Explorer to prompt the user to disable the add-ons.

Workaround: To keep the prompt from appearing to the user, increase the value for the amount of time to load add-ons or disable the performance notification.

Resolution: This issue is resolved in ENS Platform 10.2.0 Hotfix 1164434, ENS 10.2.1, and ENS 10.5.0. See the related article for more information.
1153577 KB87640 10.1.1   Issue: ENS Web Control search annotation ratings might not be displayed in the search engine results when search engines make changes to their search results pages. For example, www.yahoo.tw does not currently display search annotations with Web Control. See the related article for more information.
1152507   10.1.1 10.2.1 Issue: A file with a Threat Intelligence Exchange reputation of "Known Malicious" is not blocked on subsequent attempts to execute the file due to a timeout when submitting the file to Advanced Threat Defense.

Resolution: This issue is resolved in Endpoint Security Threat Intelligence 10.2.1.
    10.1.1   Issue: You cannot log out of a Google account in Chrome.

Workaround: Use Firefox or Internet Explorer to sign out of a Google account.
1149816 KB87532 10.1.1 10.5.0 Issue: Restoring to a Windows system restore point fails with an access denied message.

Workaround: Uninstall all ENS modules and the McAfee Agent, restart, and run the system restore.

Resolution: This issue is resolved in ENS 10.5.0. See the related article for more information.
1146720 KB87434 10.1.1 10.5.1 Issue: Custom enforcement messages in the ENS Web Control Enforcement Messaging policy are truncated in the Firefox browser.

Workaround: Create an enforcement message that does not contain HTML tags.

Resolution: This issue is resolved in ENS 10.5.1. See the related article for more information.
1144868
1150035
KB87371 10.1.1 ePO 5.3.2 Hotfix 1144868 Issue: In ePolicy Orchestrator 5.3.2, the Save button in some ENS On-Access Scan policy pages is not active.

Resolution: This issue is resolved in ePolicy Orchestrator 5.3.2 Hotfix 1144868. See the related article for more information.
1142553 KB87534 10.1.1 Unable to reproduce Issue: On Windows 7 user roaming profiles are not saved to a network share on user log off.

Workaround: Create an exclusion in ENS Threat Prevention to not scan the roaming profile folders on the server. See the related article for more information. At this time a root cause cannot be found on Windows 7. If you experience the issue with Windows 8 or Windows 10, please collect the information described in the related article and provide the results to Technical Support.
1141141 KB87353 10.1.1 Websense DLP 8.2 Issue: After installing ENS on a Windows 7 system with Websense Data Loss Prevention (DLP) 7.8 installed, a blue screen error occurs.

Workaround: Either remove the Websense software or upgrade to Windows 10.

Resolution: McAfee has determined that the issue is caused by Websense software that uses the QIP.sys driver on Windows 7 systems. Any solution must come from Websense. If you experience this issue, McAfee recommends that you contact Websense Technical Support for assistance. This issue has not been reported to occur with newer versions of Websense DLP 8.2. See the related article for more information.
1135722   10.1.1 10.1.1 Hotfix 1132493 Issue: USB network interfaces could fail to connect with ENS Firewall enabled.

Resolution: This issue is resolved in ENS 10.1.1 Hotfix 1132493, which is available by request from Technical Support.
1132108   10.1.1 10.1.1  Hotfix 1132493 Issue: ENS could prevent Windows from starting when Cryptographic and Power services are not running.

Resolution: This issue is resolved in ENS 10.1.1 Hotfix 1132493, which is available by request from Technical Support.
Issues found in ENS 10.1.0
  KB87568 10.1.0   Issue: The Web Control browser extensions must be enabled in the browser before Web Control is operational in the browser. See the related article for more information.
1154040 KB86845 10.1.0 10.5.0 Issue: The Detection path for a threat is blank in an ePolicy Orchestrator Malware Detection Auto Response email. See the related article for more information.

Resolution: This issue is resolved in ENS 10.5.0. See the related article for more information.
1142318 KB87303 10.1.0 10.5.0 Issue: Deselecting Enable Web Control in the ENS Console or the Web Control extension in ePolicy Orchestrator does not disable Web Control in the browser.

Resolution: This issue is resolved in ENS 10.5.0. See the related article for more information.
1137622 KB86631 10.1.0 10.5.0 Issue: The Endpoint Security Product Guide incorrectly states that the Web Control plug-in is enabled by default in Firefox.

Resolution: This documentation error is resolved in the Endpoint Security 10.5.0 Product Guide. In Firefox, a prompt displays asking the end user to enable the ENS Web Control extension upon opening Firefox after the ENS Web Control installation. The ENS Web Control service will enable the ENS Web Control browser extension automatically in Firefox five minutes after installation if the end user has not already opened Firefox. Every 30 minutes, the ENS Web Control service checks the status of the ENS Web Control extension in Firefox and enables the extension if it has been disabled by the end user. See the related article for more information.
1136800 KB87184 10.1.0 10.1.2 Issue: ENS Web Control crashes or states it is not enabled in the ENS Console. The ENS Web Control properties do not show in the ePolicy Orchestrator console.

Resolution: Uninstall Firefox or correct the corrupt Firefox file. ENS 10.1.2 keeps ENS from crashing if it tries to use a corrupt Firefox file. See the related article for more information.
    10.1.0   Issue: The evaluation package for ENS 10.1.0 cannot be updated to ENS 10.1.1 via a patch update package.

Workaround: If you are using the ENS 10.1.0 evaluation package and want to update to 10.1.1, you must uninstall 10.1.0 and install the ENS 10.1.1 evaluation package instead.

Resolution: McAfee is investigating a solution to this for a future release.
1134872 KB87095 10.1.0 Entrust Entelligence 9.3 Issue: Installation of ENS fails when Entrust Entelligence 9.2 is installed.

Resolution: Upgrade to Entrust Entelligence 9.3. Installations of ENS are successful with the latest Entrust Entelligence version. See the related article for more information.
1133572 KB87396 10.1.0 10.1.2 / 10.2.0 Issue: After you edit or add a sub-rule to an Access Protection policy, the browser interface may not enable the Save button. This prevents you from saving the changes. This issue occurs even when all required fields for the policy contain valid text.

Resolution: This issue is resolved in ENS 10.1.2 and ENS 10.2.0. See the related article for more information.
1132138   10.1.0 10.2.0 Issue: When running an ENS time-line query in ePolicy Orchestrator, and choosing a multi-line chart, the query returns no data and can cause the error: An unexpected error occurred.

Resolution: This issue is resolved in ENS 10.2.0. However, because the [EPExtendedEvents] table does not create indexes on date fields, ENS time-line queries may be slow to run. To optimize query performance, the best practice is to use reports that leverage the [ePOEvents] table instead.
1129539 KB84226 10.1.0 10.1.2 Issue: When ENS Firewall is active on the system, Windows Security Center displays Windows Firewall as disabled; however, no Security Center message displays to indicate that the ENS Firewall is managing the firewall. See the related article for more information.

Resolution: This issue is resolved in ENS 10.1.2. See the related article for more information.
1125016 KB87216 10.1.0 10.2.0 Issue: ENS Web Control fails to disable itself through the web gateway interlock policy if the client is behind a proxy.

Resolution: This issue is resolved in ENS 10.2.0. See the related article for more information.
    10.1.0   Issue: For ENS 10.1, McAfee Agent 5.0.2.132.2 is the minimum supported version. ENS 10.1 can coexist with Host Intrusion Prevention 8.0. ePolicy Orchestrator users with Host Intrusion Prevention 8.0 should first upgrade to McAfee Agent 5.0.2.132.2 (or later) before deploying ENS 10.1.

Resolution: If you use Host Intrusion Prevention 8.0 Patch 4 or earlier, you need to implement the workarounds documented in KB82869 before upgrading McAfee Agent.
1119923 KB86988 10.1.0 10.1.1 Issue: After you right-click a file and select Scan for threats, a progress pop-up window displays with an Elapsed Time counter and the status Scanning. The pop-up continues to display and the Elapsed Time counter continues to increment even though the scan is complete.

Resolution: This issue is resolved in ENS 10.1.1. See the related article for more information.
1116768 KB86473 10.1.0 10.2.0 Issue: When you select the ENS module hotfix while creating an ePolicy Orchestrator report, the completed report does not contain the ENS module name for the hotfix field. See the related article for more information.

Resolution: This issue is resolved in ENS 10.2.0. See the related article for more information.
1116397 KB86524 10.1.0 10.1.1 Issue: The installation of ENS starts successfully, but fails and rolls back in the presence of certain third-party applications.

Workaround: See the related article for workaround information.

Resolution: This issue is resolved in ENS 10.1.1.
1115688 KB86425 10.1.0 10.1.1 Issue: A computer with ENS installed has sluggish performance at boot and also when launching various applications post-logon.

Workaround: See the related article for workaround information.

Resolution: This issue is resolved in ENS 10.1.1.
1114709 KB86804 10.1.0 10.5.1 Issue: Installation of ENS hangs on unpatched builds of Windows 7.

Workaround: See Microsoft Knowledge Base article https://support.microsoft.com/en-us/kb/2328240 for a fixlet to repair the issue prior to installing ENS.

Resolution: This issue is resolved in ENS 10.5.1. See the related article for more information.
1114312   10.1.0 10.1.1 Issue: The Advanced Threat Defense File size filter is comparing MB to KB, and never allows any files to be sent.

Resolution: This issue is resolved in ENS 10.1.1.
1110634   10.1.0   Issue: When a deployment task for ENS fails due to an insufficient version of McAfee Agent, the McAfee Agent Monitor displays a message that says the task is successful.

Cause: Ending the deployment process during the prerequisite software check is not considered a failure state by McAfee Agent. The deployment will not proceed to the download phase. As far as McAfee Agent is concerned, the task itself was successful in running, even though it ended prematurely. This is different behavior than when the deployment fails while running the installation program after it has been downloaded to the endpoint.
1109716   10.1.0 MAR 1.1.0 Issue: When ENS is deployed with McAfee Active Response (MAR) present, the installation hangs because of a known race condition.

Workaround: To resolve this issue, perform one of the following:
  • Stop MAR, install ENS, and then restart MAR.
  • Uninstall MAR, install ENS, and then reinstall MAR.
Resolution: This issue is resolved in MAR 1.1.0.
1106520 KB86094 10.1.0 10.1.1 Issue: ENS fails to reinstall after upgrading to Windows 10 without a restart.

Workaround: Uninstall ENS, restart the system, and then reinstall ENS.

Resolution: This issue is resolved in ENS 10.1.1. See the related article for more information.
1104141 KB86475 10.1.0 10.2.0 Issue: ENS installation fails because of a failure in removing the TIE Module for VirusScan Enterprise.

Resolution: This issue is resolved in ENS 10.2.0. See the related article for more information.
1100562 KB86141 10.1.0 MACC 7.0 RTW build 646
MACC 6.2.0 Hotfix 505
MACC 6.1.3 Hotfix 441
MACC 6.1.2 Hotfix 449
MACC 6.1.1 Hotfix 404
MACC 6.1.0 Hotfix 706
Issue: ENS and Application and Change Control (MACC) 6.x are not compatible.

Resolution: This issue is resolved in MACC 7.0 RTW build 646, MACC 6.2.0 Hotfix 505, MACC 6.1.3 Hotfix 441, MACC 6.1.2 Hotfix 449, MACC 6.1.1 Hotfix 404, and MACC 6.1.0 Hotfix 706. See the related article for more information.
1099253   10.1.0   Issue: ENS fails to preserve custom settings for features that are not installed in VirusScan Enterprise 8.8 when upgrading to ENS 10.1.
1096354   10.1.0 10.2.0 Issue: Quarantine Manager fails to quarantine a threat from a network shared location when the threat is deleted or cleaned.

Resolution: This issue is resolved in ENS 10.2.0.
1094383   10.1.0 As Designed Issue: The VirusScan Enterprise Buffer Overflow Protection (BOP) exclusion API value is not migrated if either the module or API name contains a period (for example, dll.socket or fakeAPI.abc).

Resolution: This is as designed. Ensure that the module or API name does not contain a period.
1089748   10.1.0   Issue: Sometimes there is a delay in displaying the email annotation in Outlook.
1086074 KB86948 10.1.0 As Designed Issue: On Windows Server operating systems, the Internet Explorer browser setting Enable third-party browser extensions is disabled by default. ENS Web Control requires this option to be enabled. After ENS Web Control is installed, the end user cannot enable the setting Enable third-party browser extensions.

Resolution: This is as designed. Enable the setting Enable third-party browser extensions in Internet Explorer. See the related article for more information.
1084911   10.1.0 10.2.0 Issue: Email annotations are not displayed in Outlook when the first login occurs using Remote Desktop Protocol (RDP).

Resolution: This issue is resolved in ENS 10.2.0.
1083135   10.1.0 As Designed Issue: The list of assigned tasks in one group is not moved to another group when a major upgrade is deployed from ePolicy Orchestrator (for example, ENS 10.0 to 10.1).

Resolution: This is as designed.
1079091   10.1.0 10.2.0 Issue: The McTray icon is missing from the system Task Manager after an upgrade from VirusScan Enterprise 8.8 Patch 5.

Workaround: This issue is seen only when an On-Demand Scan (ODS) is running during the upgrade process. Restarting the system brings back the McTray tray icon.

Resolution: This issue is resolved in ENS 10.2.0.
1070400   10.1.0 As Designed Issue: The client UI does not launch in Safe Mode.

Resolution: This is as designed.
1069312   10.1.0 10.2.0 Issue: Updates do not occur for non-administrator users when ENS is configured to run At system startup.

Resolution: This issue is resolved in ENS 10.2.0.
1109943   10.1.0   Issue: TIE Module (TIEm) for VirusScan Enterprise (VSE) 1.0 incorrectly displays as installed alongside ENS.

Workaround: Remove the registry key that causes McAfee Agent to report that TIEm for VSE is still installed:
  1. Verify TIEm for VSE 1.0 files are not present on the endpoint.
  2. Remove the registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\JTIC____1000].
1106888   10.1.0   Issue: Exclusions are not added to allow System Information Reporter 1.0 to work properly when the SIR Set Registry policy is changed.
1106510   10.1.0 10.2.0 Issue: After installing the epsetup build in standalone mode, the Web Control module installation fails because the mfewc service fails to start.

Resolution: This issue is resolved in ENS 10.2.0.
1088595   10.1.0 10.1.1 Issue: Firefox 40 (and later) does not allow the ENS Web Control extension to launch in Firefox.

Workaround: Use Internet Explorer or Chrome, which are not affected.

Resolution: This issue is resolved in ENS Web Control 10.1.1.
1075106   10.1.0   Issue: Firewall DNS blocking is not enforced for Internet Explorer running on Windows 7 64-bit, and Windows Server 2008 R2 systems. 

Resolution: This is an intermittent issue that occurs only for a short time after upgrading ENS.
1074673   10.1.0 Microsoft KB2487426 Issue: mfewc.exe generates a crash dump during restart.

Resolution: This issue is resolved in Microsoft KB2487426. For more information, see https://support.microsoft.com/en-us/kb/2487426.
1074557   10.1.0   Issue: The McTray icon is distorted after installing ENS (in a TPS environment).
1070739   10.1.0 As Designed Issue: Natural language descriptions are not properly translated.

Resolution: This is as designed. Restart the system to resolve the issue.
1057970 KB84522 10.1.0 As Designed Issue: The service start process times out while waiting for a dependent service to start. If the service does not respond in 30 seconds, Windows stops the service. 

Resolution: This is as designed. Log on and start the service manually from the Services user interface (Services.MSC). The service will also start automatically from a COM ping when a browser window is left open for a few minutes. See the related article for more information.
1070189   10.1.0 As Designed Issue: Even if you choose another language for the client interface language, the interface language of ENS Web Control is written in the default language.

Resolution: This is as designed. The language of the ENS Web Control interface in the browser does not depend on the client user interface language that is set. The language is localized based on system locale.
996973   10.1.0 As Designed Issue: A manual installation generates an Unidentified Publisher error.

Resolution: This is as designed. Check Event Viewer, Windows Logs, Application log for the latest event from source Certificate Services Client to verify that it has been started successfully. Certificate Services Client is a core part of Windows that manages certificate handling, such as certificate enrollment, including auto-enrollment and credential roaming.
996375   10.1.0 As Designed Issue: A Windows Security Audit failure occurs because of mfeelamk.sys.

Resolution: This is as designed. A driver developed for Windows 8 and signed by "Microsoft Windows Early Launch Anti-malware Publisher" is generating audit errors on Windows 7. Depending on how often your system is designed to run an audit, you will see a number of these errors within the Windows Event Log.
993212   10.1.0 As Designed Issue: ENS client help is not enabled for screen readers, such as JAWS.

Resolution: This is not supported.
991842   10.1.0 As Designed Issue: By default, Use system proxy settings is selected in the Common setting for a self-managed system.

Resolution: This is as designed. Use the local UI to change the setting.
990974   10.1.0 As Designed Issue: Some informational common settings for modules still exist in the Common settings page even though the module is not installed. For example, Threat Prevention events are not removed after the related blades are uninstalled from the system.

Resolution: This is as designed. No problems occur because of the existence of these settings.
990805   10.1.0 As Designed Issue: The local update task does not run at the specified time, but instead runs at a later time.

Resolution: This is as designed. To avoid a network storm, the local update task uses a randomization of 60 minutes when setting up the schedule. So, the update task will run within 60 minutes of the scheduled time. The randomization setting is not available from the local UI and cannot be changed.
982238   10.1.0 As Designed Issue: A sharing violation error is logged in the local log file after scanning the C:\Windows folder. The sharing violation is expected because of the files being open exclusively (no shared read) in Windows processes.

Resolution: This is as designed. The sharing violation error severity is set to Informational, which means by default the error will not be sent to ePolicy Orchestrator. Also, the error will not display in the Windows Event Log by default.
976918   10.1.0 As Designed Issue: Some Access Protection rules protect against remote access, such as the Remotely accessing local files or folders rule. When these rules are enabled and an access is reported or blocked, the target path value in the Event Log may report the pipe connection (for example, \\.\pipe\srvsvc) rather than the file path (for example, \\computer\share\filename) that was requested in the attempted access.

Resolution: This is as designed. This is a reflection of how the Windows file system works.
949580   10.1.0 As Designed Issue: An erroneous summary is displayed in the Threat Summary: Threat free for last 30 days if ENS was installed in the last 30 days.

Resolution: This is as designed. If there have been no threats in the last 30 days, ENS displays this message. If there were threats in the last 30 days, ENS displays the exact number of threat-free days.
926640   10.1.0   Issue: The Web Control plug-in fails to work if both Protected mode and Enhanced Protected mode are enabled in Internet Explorer 10 or 11.
922465   10.1.0 As Designed Issue: The Firewall Rules table does not allow a new rule to be added to a new empty group in one step.

Resolution: This is as designed. To move a newly added firewall rule to an empty group, first drag the rule above the group, and then drag and drop the rule inside the new group.
919855   10.1.0 As Designed Issue: When running some ePolicy Orchestrator ENS event queries, and you drill down on a specific event's details, not all details of the event display.

Resolution: This is as designed. Select the Go to related Event Log link to see the complete event details.
912588   10.1.0 As Designed Issue: There are no Self-Protection events in the Windows Event Viewer, the ENS Client Event Viewer, or ePolicy Orchestrator Threat Events.

Resolution: This is as designed. Self-Protection events are set to Informational by default and they are tied to the Event Filtering of Access-Protection. All event filtering is set to Major and Critical by default in ePolicy Orchestrator and in the client UI. To see Self-Protection events in the Windows Event Viewer, the ENS Client Event Viewer, or ePolicy Orchestrator Threat Events, you must change the Event Filtering for Access-Protection to All. Because All includes informational events, Self-Protection events will display in the three areas mentioned.

NOTE: Regardless of the Event Filtering settings, Self-Protection events are logged to the SelfProtection_Activity.log file located in %PROGRAMDAT%\McAfee\Endpoint or %allusersprofile%\application data\McAfee\Endpoint. You can view this information at any point if needed.
898131   10.1.0 As Designed Issue: Clicking Update Now reports a successful update when the system is already up-to-date.

Resolution: This is as designed. When you click Update Now, the updater is initiated and the repository is checked for new updates. This will occur regardless of whether the system is already up-to-date. Even in the case where no update is applied, the updater reports that the update was successful.

NOTE: Our validation tests have indicated compatibility issues with ENS 10.1 and some versions of Application Control. ENS 10.1 intentionally does not install on Windows 7, Windows Vista, or Windows Server 2008 running Application Control 6.x or Application Control 7.0 to circumvent those compatibility issues. ENS 10.1 installs and works correctly on other supported operating systems running Application Control. 

Attachment

McAfee Endpoint Security 10.5.2 Release Notes.pdf
161K • < 1 minute @ broadband


Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.