Knowledge Center

ePolicy Orchestrator 5.3.x Known Issues
Technical Articles ID:   KB82675
Last Modified:  1/29/2019


McAfee ePolicy Orchestrator (ePO) 5.3.x


Recent updates to this article
Date Update
January 29, 2019 Added reference 1219524, resolved by ePO 5.3.3 Hotfix 1257674 (Repost).
December 14, 2018 Added reference 1262303 to the Critical Known Issues table
August 14, 2018 Added reference 1258224 which resolves the security advisory outlining vulnerabilities that affect Java SE version 1.8.0_172 or earlier
August 10, 2018 Added reference 1094844 to the critical known issues section.
July 12, 2018 Added issue 1240977 to the Non-critical known issues section.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

ePO Version Release Date Release Notes
ePO 5.3.3 Hotfix 1257674 (Repost) December 12, 2018 PD28129
ePO 5.3.3 Hotfix 1257674 
November 27, 2018
ePO 5.3.3 and 5.9.1 Hotfix 1248224
August 14, 2018 PD27910
ePO 5.3.x and 5.9.x Hotfix 1241557
August 9, 2018 PD27906
ePO 5.3.3 September 6, 2017
 ePO ​5.3.2 Hotfix 1144868  July 7, 2018 PD26596
ePO 5.3.2 June 16, 2016 PD26542
ePO 5.3.1 September 28, 2015 PD26103
ePO 5.3.0 May 19, 2015 PD25505
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.

Click to expand the section you want to view:

Reference Number Related Article Found
Resolved Version Issue Description
1219524 - 5.3.3
Issue: Performance issue seen in the ePO console related to a Host Data Loss Prevention (HDLP) extension.
1262303 KB91138 5.3.3
Issue: The following error is displayed at the ePO Logon page after you install HF1257674 and restart the ePO services: Mar-workspace - Plug-in mar-workspace is missing dependency: CloudLink
1248224 KB90770 5.3.3
Issue: On July 17, 2018, Oracle issued a security advisory that outlined multiple vulnerabilities that affect Java SE version 1.8.0_172 or earlier. From the list, the following two are related to ePO: CVE-2018-2942 and CVE-2018-2952.

Resolution: This hotfix updates ePO JRE to v1.8.0_181.
1094844  KB85924 5.3.0 5.3.x
Issue: When you delete a policy assignment, the request can be inadvertently submitted twice, which results in deletion of the next policy assignment in the inheritance tree. 

Resolution: To prevent this issue, apply Hotfix 1241557.

Workaround: For how to address the issue if it has already occurred, see the related article for details.
KB89858 5.3.3 - Issue: DataChannel connectivity between the McAfee ePO server service (Apache) and the Application Server service (Tomcat) stops working, and results in functionality that requires the DataChannel to be negatively impacted.

Workaround: See the related article.
1165874 KB88003 5.3.1 5.3.3
Issue: Large data channel requests are loaded into Apache's memory space and result in an out-of-memory condition in Apache.

Workaround: See the related article.
1144868 KB87371 5.3.2 5.3.2
Issue: You are unable to save a process or file path in the On-Access Scan policy for Endpoint Security, MOVE AntiVirus Agentless, or VirusScan Enterprise using ePO 5.3.2.
1097351 KB85912 5.3.1 5.9.0 Issue: During upgrade to ePO 5.3.1, all permissions related to Host Intrusion Prevention (Host IPS) for the existing permission sets are lost. Host IPS settings are reset to No Permission for the existing permission sets, but other permissions are saved with existing settings.

Workaround: Use one of the following options:
  • Back up the Host IPS permission sets before the upgrade to ePO 5.3.1 and then restore the permission sets after the upgrade.
  • Manually update each permission set for the Host IPS settings after upgrade to ePO 5.3.1.
1073038 KB85055 5.3.0 5.3.1 Issue: When you change a multi-slot policy assignment on a single system, the following error displays in the ePO console. The change of the multi-slot policy assignment is prevented.
An unexpected error occurred

Resolution: This issue is resolved in ePO 5.3.1. See the Knowledge Center article for details.
 978603  KB82557 ePO
Issue: You observe high CPU utilization for the McAfee Agent (MA) process on non-Windows clients after you upgrade to ePO 5.3 when you use All packages in a McAfee Agent update task.

Resolution: Upgrade McAfee Agent (MA) Extension to version, which resolves this issue with newly created tasks.
1184003 KB89508 5.3.x 5.3.3
Issue: The TempDB for the SQL Instance that hosts the ePO database grows excessively in size after you upgrade to ePO 5.3.0, 5.3.1, or 5.3.2. This growth can cause various symptoms including, but not limited to:
  • EPODataChannelData table grows large.
  • Some server tasks might be stuck in progress indefinitely.
  • Unable to log on to the ePO console.
Solution: See the related article.

Reference Number Related Article Found ePO Version Resolved ePO Version Issue Description
1184021 KB88818 5.3.2 5.10 Issue: A new active node on the cluster is unable to authenticate to the ePO database if you fail over a clustered install of ePO 5.3.1, 5.3.2, or 5.9.0. If you access the core/configuration page and re-enter the database password, it allows the cluster to authenticate.

Solution: See the related article.

Resolution: ePO 5.10 General Availability is planned for August 14.

1153584 KB87862 5.3.2 5.9.0 Issue: If a Policy Assignment Rule (PAR) is configured with more than 62 separate System Tree groups as the assignment criteria, an attempt to add additional groups displays the following error in the console:
Unexpected Error
Workaround: Configure the PAR to select fewer groups. The most common option is to select higher-level containers in the System Tree to obtain the same result with fewer selections. 
1084327 - 5.3.1 5.9.0 Issue: After you upgrade to ePO 5.3.1, the Apache service on Agent Handlers still shows the version as McAfee ePolicy Orchestrator 5.3.0 Server.
913379 - 5.1.0 5.9.0
Issue: When you configure NT Domain Synchronization in the System Tree, if you perform a Synchronize Now action, the Save button is disabled.

Workaround: Retype the domain name; it enables the Save button.
991383 - 5.3. 5.9.0 Issue: When you import an exported sitelist file (SiteMgr.xml), it does not keep the chosen exclusions of the distributed repository.

Workaround: After import, set the exclusions wanted for that distributed repository.
KB90715 5.3.3 5.3.3
Build 279
Issue: After you restore ePO 5.3.3 from a Disaster Recovery snapshot, you observe the following after logging on to the ePO console:

Dashboards page:
  • Parts of the console, such as dashboard monitors, might be missing.
  • Dashboard monitors are in an error state.
Extensions page:
  • Many extensions might show as not running.
  • Some extensions might be in an error state.
Workaround: Allow the extensions to load completely. See the related article.

Solution: This issue is resolved in the reposted version of ePO 5.3.3, which is ePO 5.3.3 Build 279. If you ever need to restore ePO from a Disaster Recovery snapshot, use the reposted build to avoid the issue.
1177554 KB89317 5.3.x 5.3.3
Issue: ePolicy Orchestrator cannot communicate with an SQL Server if TLS 1.0 is disabled

Solution: See the related article.
1171403 KB88887 5.3.x 5.3.3 Issue: Active Directory Sync populates systems to unexpected locations in the ePO System Tree.
1148615 KB88539 5.3.2 5.3.3 Issue: Reports created with a Query Chart only display part of the chart on the page when configured to show 'Chart Image Only.'
1157329 KB88043 5.3.2 5.9.0
Issue: System Tree test sorting only shows systems with sorting enabled.
1165842 KB88010 5.3.0 5.3.3 Issue: Permission sets imported to ePO could incorrectly grant full access to the System Tree.
1125741 KB87100 5.1.0 5.3.3 Issue: Imported permission sets that contain specific product permissions do not allow access to product policies and product client tasks, even if the permission set imported included them.

Workaround: To return the user access, change any configured permission for the McAfee managed product. See the related article for details.
1158117 KB87852 5.3.2 5.3.3
Issue: Application crashes on tomcat7.exe with hs_err log reporting the following frame at fault:
# Problematic frame:
# C  [zip.dll+0x81ef]

Resolution: Upgrade to a version of ePO that consumes a version of Java greater than 1.8.0_102, such as ePO 5.3.3 and ePO 5.9.1.
For a full list of versions, see KB61057.
1026564 - 5.3.0 5.3.1 Issue: The Non-Windows agent version setting for the AD Sync task does not persist.
1012731 - 5.3.0 5.3.1 Issue: After you remove Endpoint Security from the Master Repository, it still shows up as checked in under Software Manager.
- 5.3.0 - Issue: The Data Exchange Layer client package checked in to your Master Repository might not have the Checked In Version available for review when viewed in Software Manager.   

Workaround: You can determine the version of the Data Exchange Layer client package checked in to your Master Repository by viewing it directly in the Master Repository.
971289 - 5.1.1 - Issue: Deployment tags are not read only, if you import the tag list.
804833 - 5.0.0 - Issue: When you remove a policy from ePO by unsharing a shared policy, the removal of that policy is not found in the Audit Log
849016 - 5.1.0 - Issue: The Select All check box on the Detected Systems page, and any page that contains a table and a search filter, does not respect the search filter.
817898 - 5.1.0   Issue: User-based Policy Assignment Rules are not enforced for users in child domains.
1012270 KB79561 5.3.0 n/a
Issue: An upgrade to a McAfee ePO server with 180 million or more events fails, and the server is unusable afterward (tempdb grows so large it exceeds the available 35-GB drive space).

Resolution: See the related article for details.
KB84628  5.3.x n/a Issue: If you use an encrypted SQL connection for ePO, and you apply a hotfix or update which increments Java, the new Java installation does not have the correct certificates in the Java trusted certificates store.

Solution: Implement KB84628 Solution 4 to import the certificates in the new Java trusted certificate store.
1088571 - 5.3.1 n/a Issue: After you upgrade from ePO 5.1.x to ePO 5.3.1, the Help Extensions for older McAfee Agent versions (such as McAfee Agent 4.8 and 5.0) are still displayed.

Workaround: After the ePO upgrade, go to the Extensions page and remove the Help content of the older McAfee Agent versions.
1087902 - 5.3.1 n/a Issue: When you try to export an XML file using the Microsoft Edge browser with the option Open with Internet Explorer, the following error message displays after you provide logon credentials:
An Unexpected error occurred
  • Open the XML file by clicking the link, then copy the content to a file.
  • Open the page using the option Open in Internet Explorer
KB90800 5.1.1 n/a IssueWhen you check in bundles with extension dependencies, the dependent extensions can be listed as "updating" indefinitely. The extension installation is successful; but, because the extension is labeled as "updating", this label causes an error when you try to uninstall the extension with the Software Manager.

Resolution: Remove the Updating status; see the related article for instructions.
974028 KB77920 5.1.1 n/a Issue: ePO pages are blank after an upgrade from ePO 5.0 to ePO 5.3.

Workaround: This issue is a browser caching problem. See the related article for details.
968675 - 5.1.1 n/a Issue: The client task object structure changed in ePO 5.1.1, so that the EPOTaskObject table in the ePO database now has a different set of columns from all previous versions. This change supports newly added parameters for the new architecture. As a result, McAfee cannot support client task sharing from ePO 5.1.1 (or later) to any earlier version of ePO (for example, 5.1.x, 5.0.x, 4.x). Client task sharing does work between ePO 5.1.1 servers and later.

Resolution: Disable client task sharing until all McAfee ePO server have been migrated to ePO 5.1.1 (or later), and then re-enable sharing.
966124 - 5.1.1 n/a Issue: Agent URL creation does not allow you to save mcafeesmartinstaller.exe with Microsoft Internet Explorer (IE) 9.

Resolution: Turn off IE Enhanced Security configuration.
917335 - 5.1.1 n/a
Issue: For ePO 5.1.1 and 5.3, the Upgrade Compatibility Utility supports upgrades from 4.5.7, 4.6.4, 4.6.6, and 4.6.7. But, you cannot use the utility to migrate an ePO 5.0 server.

If you run the utility on a version of ePO that is not supported for upgrade, the error message does not list the correct versions supported for upgrade by the utility.
913365 - 5.1.0 n/a
Issue: It is not explicitly stated in the Custom URL Viewer monitor dialog that only input that contains the full URL is acceptable.

Resolution: Type the full URL into the Custom URL Viewer monitor dialog.
- 5.3.0 n/a Issue: After you enable the agent-server communication Secure Port (from non-secure to secure), agents still communicate over non-secure communication.   

Resolution: After you change the agent-server communication Secure Port value, restart the Apache services for all Agent Handlers.
1016670 - 5.3.0 n/a Issue: If you use Software Manager to download a product component and it is either currently downloading or has an error on download, the following error displays on the next download attempt:
Workaround: Restart the ePO services.
1009559 - 5.3.0 n/a
Issue: If a pull task is running and you try an extension installation, the extension installation fails with the following error:

Unable to install extension. com.mcafee.orion.core.cmd.CommandException:Site in use
Resolution: Wait until the pull task has finished and then retry the extension installation.
1009153 - 5.3.0 n/a Issue: Software Manager check-in does not allow branch selection when the Master Repository has a licensed product checked in and you try to check in an updated evaluation version of the same product.

Workaround: Only use Software Manager to check in items with the same license type for upgrade.
1009087 - 5.3.0 n/a Issue: Software Manager lists a product as Up to Date if just one part of a set of components for a product are checked in to ePO.   

Resolution: Ensure that you check in all wanted components for products with the Software Manager when you initially add the new or updated software to ePO.
996130 - 5.3.0 n/a Issue: When you edit the Rollup Data (Local ePO Server) server task, removal of the first available action, which is a duplicate, does not allow you to add further actions in its place.

Resolution: Refresh the UI.
- - 5.1.0 n/a Issue: Rogue System Detection (RSD) 4.7.0 is not compatible with ePO 5.3.

Workaround: To upgrade from a supported version of ePO, you must have RSD 4.7.1 running before you upgrade to ePO 5.3.
957203 - 5.1.0 n/a Issue: When you use the Quick Find functionality to find a specific system, it disables the use of Actions on that system.   

Resolution: Refresh the system page manually to enable Actions.
919451 - 5.1.0 n/a Issue: Agent deployment URLs appear to be invalid after you move the agent deployment package to another branch in the Master Repository.

Explanation: After you change the agent deployment package location in the Master Repository, it takes 5 ‑ 30 seconds for agent deployment URLs to be updated to the correct location. This timing might increase with the number of deployment URLs that you have.
918639 KB81971 5.1.0 n/a
Issue: After you upgrade ePO from version 4.6.6 or earlier, the LDAP Sync server task might fail. The message Failed to sync all registered LDAP servers: [[No LDAP Servers registered.]] is displayed in the failed task’s details.

Workaround: To make the LDAP Sync server task complete successfully, reregister the LDAP servers in ePO. See the related article for details.
917943 KB77920 5.1.0 n/a Issue: You see page buttons in the ePO 5.x System Tree after you upgrade from ePO 4.6.4 or later.

Workaround: Clear the browser cache. See the related article for details.
916136 - 5.1.0 n/a
Limitation: Agent installation through the deployment URL is broken.

The cause of this issue is because Microsoft Internet Explorer (IE) 8 file downloads over SSL do not work with cache control headers, as documented in Microsoft article KB323308 (http://support.microsoft.com/kb/323308).

Because Cache-Control: no-store was added to the header of the file download, it does not allow IE 8 to download the file.

Workarounds: The following are possible workarounds for this issue:
  • See Microsoft article KB323308 above for suggestions.
  • Use a different (supported) browser, as identified in the ePolicy Orchestrator 5.3.0 Installation Guide, PD25506.
915790 - 5.1.0 n/a
Issue: Automatic Product Configuration does not download content based on Locale.

Resolution: Manually download the needed Locale-specific files from the Software Manager.
848248 - 5.1.0 n/a
Issue: VSE Access Protection blocks the functionality of the Upgrade Compatibility Utility

Resolution: If you have VSE on your source or target systems, disable the Access Protection feature during the installation.
842459 - 5.1.0 n/a
Issue: You see query migration errors similar to the following in the Orion.log when you upgrade to or install ePO 5.3:
2013-02-21 09:32:01,838 ERROR [pool-2-thread-1] query.DefaultOrionQueryService - Could not migrate the query ( id = 7, name = Duplicate Systems Names) due to an unexpected error
com.mcafee.orion.core.query.sexp.UnknownSexpTypeException: parser encountered unknown S-expression type: duplicatedComputerName

Resolution: The errors indicate a timing issue with Extensions as they load during the upgrade or installation. There is no actual effect when all extensions are properly loaded because the installation completes successfully.
823342 - 5.1.0 n/a Issue: The Software Manager check in all feature and the new Automatic Product Download feature, do not support managed product extension packages that contain multiple ZIP components (for example, Host IPS and MRA). This fact might lead you to believe all your extensions are up to date when they are not.

Resolution: Download the extensions for Host IPS and MRA and check them in manually.
816475 - 5.1.0 n/a
Issue: The McAfee ePO server Snapshot status does not change to orange Snapshot is Out of Date when you remove an Agent Handler from a remote system.

Resolution: The issue resolves itself within five minutes.
813461 - 5.1.0 n/a
Issue: When you cancel the migration utility partway through migration, the Program Files (x86)\ePolicy Orchestrator folder and some registry keys are left behind on the target system

Resolution: Delete the ePO installation folder and the registry keys from the target system.
780095 - 5.1.0 n/a
Issue: When you use a web browser to access the Web API directly, the browser caches credentials, which potentially leads to a privilege escalation. If a privilege escalation occurred, users might be granted access to data or commands for which they are not authorized.

Resolution: The purpose of the Web API is for the programmatic automation of tasks. If you choose to use a web browser to access the Web API directly (for example, https://servername:port/remote/core.help), close your browser window after you have finished. Closing the browser window clears your cached credentials.
763783 - 5.1.0 n/a
Issue: When you check in a different product major version when an existing product and hotfix are checked in to ePO 5.3, it deletes the hotfix.

Workaround: Move the hotfix to a different branch before you check in a new package. Or, you could check the hotfix back into the repository afterward.
720228 - 5.1.0 n/a
Issue: ePO's default document mode causes dragged items in the Edit Priority page to disappear when you use IE 8.0 with ePO 5.3.

Workaround: The following are possible workarounds for this issue:
  • Upgrade to a later (supported) version of IE.
  • Use another supported browser. See the Supported Internet browsers section in the ePolicy Orchestrator 5.3.0 Installation Guide (PD25506) for information about supported browsers.
  • Use the Move to top functionality.
660635 - 5.1.0 n/a
Issue: If you have replication permission (but not pull permission), you see the following error after replication:
You are not authorized for this operation.
637829 - 5.1.0 n/a
Issue: On IE 8, if you use the Shift + Click feature to select more than 1,500 rows in a table simultaneously, it might have negative results. It can cause a spike in CPU utilization, trigger an error message describing a Script error, or both.

  • Upgrade to a later (supported) version of IE.
  • Limit the number of table rows you select using Shift + Click.
- KB82814 5.1.1 Expected
Issue: The Product Deployment task option Run at every policy enforcement is not available in scheduler settings.

Workaround: As of ePO 5.1.1 and the McAfee Agent 5.0.0 Extension, the option is no longer available in the Product Deployment task. See the related article for details.
961436 - 4.6 Expected
Issue: Deleting a node from Active Directory does not delete the System Tree entry that was created by NT Domain Synchronization.

Workaround: Manually delete systems that have been added with NT Domain Synchronization.

Back to Top

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.