Loading...

Knowledge Center


McAfee Endpoint Security Products: McAfee Management Service and dependencies
Technical Articles ID:   KB85374
Last Modified:  8/6/2018
Rated:


Environment

McAfee Endpoint Security (ENS) Firewall 10.x
McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee Agent (MA) 5.x for Windows 
McAfee Host Intrusion Prevention (Host IPS) 8.0 for Windows Update 6 and later
McAfee VirusScan Enterprise (VSE) 8.8 for Windows Update 6 and later

Summary

New McAfee Management Service (MMS)
 
McAfee SystemCore 15.4 or later, installed on newer versions of McAfee Endpoint Security products, adds a new Windows service, McAfee Management Service

MMS replaces the Windows Service Control Manager (SCM) as the service control manager for many of the 15.4 core-related McAfee security services. The MMS service is listed on the SCM snap-in as McAfee Service Controller.
 
Windows Service Dependencies
  • MMS depends on the Microsoft Cryptographic Service. CryptSvc provides key-management service and trusted certificate validation services. McAfee SystemCore drivers depend on these functions to validate secure authentication. CryptSvc should be set to Automatic Start, which is the default Windows setting, and should not be disabled or set to Delayed Start.

  • MMS depends on the Microsoft User Mode Power Service. Power-related properties and events might not be managed by McAfee SystemCore drivers as intended when the Microsoft Power Service is disabled or set to Delayed Start. MMS registers with the Power Service for callback event information relating to changes in power-dependent properties. The Power Service should be set to Automatic Start, which is the default Windows setting, and should not be disabled or set to Delayed Start. A system power management event is a change in the system power status, the operational mode of a device or the system, or the value of a power setting. Because these events can affect the operation of applications and installable drivers, the system notifies all applications and installable drivers by broadcasting a notification for each event.
For more information about Windows Power Management, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa373223%28v=vs.85%29.aspx
 
IMPORTANT: If you change the default Windows service settings, key services might not run correctly. It is especially important to use caution if you change the Startup type or Logon as settings of services that are configured to start automatically.
 
For more information about changes to Windows services, see the "Threats and Countermeasures Guide: System Services" at
https://technet.microsoft.com/en-us/library/hh125927%28v=ws.10%29.aspx
 
MMS as a service

The goal of MMS is to reduce the security risks of Microsoft SCM-managed services being shut down or disabled by malware. Core McAfee security services are managed by MMS rather than SCM, and are protected by self-protection features, making them less susceptible to malware attacks and security vulnerabilities.

MMS is a Windows SCM-managed service, and as such, is listed in the Windows SCM as McAfee Service Controller (service name: mfemms).

The service itself is protected by the McAfee LockDown API, which protects it from being shut down or disabled. McAfee services that are managed by MMS are not dependent on MMS. So, if MMS stops responding or somehow terminates, managed services will continue to operate without interruption. MMS also includes a self-protection watchdog and will automatically restart in the unlikely event it terminates unexpectedly.
 
Checking the status of a McAfee Endpoint Security-related service
 
MMS was designed to be as similar to Windows SCM as possible, so the same concepts for managing services apply: starting, stopping, dependencies, and command-line arguments apply to all services managed by MMS.
 
Perform the following steps to query McAfee services running under MMS:
 
You can use the mmsinfo utility with the following command line switches to gather information about MMS-managed services:

          mmsinfo.exe -start [short name of service]
          mmsinfo.exe -query [short name of service]
          mmsinfo.exe -qc [short name of service]
          mmsinfo.exe -enum (enumerates all managed endpoint services)
          mmsinfo.exe -enumdepend [short name of service]
  1. Use the mmsinfo tool located in the McAfee SystemCore common files directory.
  2. Open an admin command prompt.
  3. Run the following command to enumerate and list all managed endpoint services:

    c:\Program Files\Common Files\McAfee\SystemCore>mmsinfo -enum
NOTE: If an MMS-managed service fails to start or stop, check to see why the start or stop action failed. Usually, the failure will be related to either a configuration error or the failure of a service dependency. MMS logs events to the Windows System Event log. You can filter by McAfee Service Controller to see when specific MMS-managed services were successfully started or stopped and when they failed to start or stop.

Listing McAfee Firewall Core service in the SCM table

The Firewall (FW) Core service listed in the SCM snap-in is displayed as a manual startup type. This entry is not related to the FW Core service that is managed by MMS. This entry still exists in SCM to support older legacy McAfee managed products that might still require this service under the old SCM-managed model. Usually, if you are only running Host IPS 8.0 Update 6 or later, the service status will be blank (not started).

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.