Loading...

Knowledge Center


Applications fail to start after installing Microsoft Patch MS15-038 or MS15-090 or MS15-085 or MS KB3083992 on Windows 7 when any Data Loss Prevention Endpoint earlier than 9.3.425 is installed
Technical Articles ID:   KB84538
Last Modified:  8/30/2018
Rated:


Environment

McAfee Data Loss Prevention Endpoint (DLP Endpoint) software earlier than 9.3.425 (DLP Endpoint 9.3 Update 4 Hotfix 25)

Microsoft Windows 7 64-bit (32-bit is not affected)

Problem

Several applications fail to start after you install Microsoft Patch MS15-038, MS15-090, MS15-085, or MS KB3083992 on systems with DLP Endpoint earlier than 9.3 Update 4 Hotfix 25 (9.3.425.x).

Affected applications include, but are not limited to:
  • CMD.exe
  • Explorer.exe
  • MMC-based applications
  • Microsoft Office applications
  • PowerShell
Example startup errors include:
  • csc.exe- Application Error -- The application was unable to start correctly (0xc0000142)
  • iexplore.exe- Application Error -- The application was unable to start correctly (0xc0000018)
  • mmc.exe- Application Error -- The application was unable to start correctly (0xc0000018)
  • cmd.exe- Application Error -- The application was unable to start correctly (0xc0000018)
 

Cause

The issue is caused by a third-party component in DLP Endpoint.

NOTE: This issue does not affect the Device Control only operation mode. The other two operation modes might have the issue.

Solution

McAfee has released DLP Endpoint 9.3 Update 4 Hotfix 25 and DLP Endpoint 9.3 Update 5 and later to resolve this issue. 

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Workaround

Either remove the Microsoft patch (MS15-038, MS15-090, MS15-085, or MS KB3083992) or disable the affected components in DLP Endpoint.

The affected components in DLP Endpoint include:
  • File Copy Handler
  • Clipboard Service
  • Portable Devices Handler (MTP)
  • Screen Capture Service
  • Internet Explorer Add-on
  • Firefox Handler
  • Cloud Protection Handlers (all)
To disable the affected components:
  1. Open the DLP Management Console.
  2. Open the Agent Configuration menu.
  3. Click Edit Global Agent Configuration.
  4. Select the Miscellaneous tab.
  5. Deselect the components you would like to disable.
  6. Click OK.
  7. On the Agent Configuration menu, click Apply Global Agent Configuration.

NOTE: This action does not update custom Agent Configurations. Those configurations must be updated from the ePolicy Orchestrator Policy Catalog.

To remove Microsoft KB via the command line:

1. Run the command line as admin
2. Run the following commands:

  • “wusa /uninstall /kb:3045685 /quiet /forcerestart”
  • “wusa /uninstall /kb:3045999 /quiet /forcerestart”
  • “wusa /uninstall /kb:3060716 /quiet /forcerestart”
  • “wusa /uninstall /kb:3071756 /quiet /forcerestart”
  • "wusa /uninstall /kb:3083992 /quiet /forcerestart"

Potential impact of disabling handlers:
  • File Copy Handler - This was introduced in DLP Endpoint 9.3.0
    Removable storage protection enhancement adding Windows Explorer
    sandbox In DLP Endpoint version 9.2, the client software
    processed files copied by Windows Explorer to removable storage devices
    before they were actually copied to the destination. The new protection
    rule algorithm hooks the Windows MoveFile and CopyFile APIs when files
    are being copied to removable storage, and suspends the transfer until
    the McAfee DLP Endpoint client software completes the scan and applies
    the policy. The feature can be deactivated on the Agent Configuration |
    Miscellaneous page.
     
  • Portable Device Handler (MTP) (9.3.100) (Update 1)
    Removable storage protection rules enhancement Media Transfer Protocol
    (MTP) support has been added to removable storage protection rules. MTP
    is a protocol for transferring media files and associated metadata
    between portable devices or between portable devices and computers. MTP
    devices are not traditional removable devices because the device
    implements the file system, not the computer the device is connected
    to.
     
    The feature supports all removable storage protection rule actions
    except Encrypt. Protection rules with the Encrypt action fall back to
    Block, and files are placed in the quarantine folder. Only USB
    connections are currently supported.
     
    Note Microsoft Windows Server 2003 does not identify removable devices
    in Windows Explorer. So, removable storage protection rules with
    MTP support cannot be applied on this platform.
     
    The following services affect:
    • Clipboard Service - Copying from Application to application or outside specified applications.
    • Screen Capture Service - Including Snagit and Snipping tool.
    • Internet Explorer Add-on - Web post protection
    • Firefox Handler - Web post protection
    • Cloud Protection Handlers (all) - Protection from Cloud (including Dropbox, Google Drive, Box)

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.