Application Control 7.x.x Known Issues
Technical Articles ID:
KB87447
Last Modified: 8/30/2019
Last Modified: 8/30/2019
Environment
McAfee Application Control (MAC) 7.x.x
Summary
Recent updates to this article
{GENSUB.EN_US}
Contents
Click to expand the section you want to view:
Non-critical:
Solidcore Extension:
.
Windows (all versions):
Windows 8:
Non-critical:
Solidcore Extension:
Back to top
Windows (all versions):
Windows 8:
Non-critical:
Solidcore Extension:
Back to top
Windows (all versions):
Back to top
Windows 8:
Windows 2008 (64-bit):
Windows 2008/Vista (32-bit and 64-bit), Windows XP/Windows 7/Windows 2008 R2 (64-bit):
Windows Vista:
Windows 10:
Back to top
| Date | Update |
| August 30, 2019 | Updated associated articles and known issues. |
| March 13, 2019 | Added MACC 7.0.2 release information and known issues. |
| April 6, 2018 | Added recent updates table, Product release information section, and collapsible sections. Consolidated all 7.x.x known issues. |
Contents
Click to expand the section you want to view:
CRITICAL: There are no known critical issues.
Non-critical:
Solidcore Extension:
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 915885 | KB81304 | All Versions | Issue: Application Control endpoint inventory parsing might cause the SCOR_DATA_CHANNEL table to grow quickly in the ePolicy Orchestrator database | |
| KB88255 | All Versions | Issue: Self Approval Client pop-up text field limitations within Application Control Solution: The Self Approval Client pop-up text field has a maximum character limitation of 296 characters. The text field for Self Approval within ePO has a maximum character limitation of 300 characters. Because of the fixed nature of the text field, scrolling of text within the pop-up field on the client is not allowed. |
||
| 1173493 | KB88261 | 7.x, 8.x | 8.1.1.103 | Issue: You are not authorized for this operation (when clicking on the helpdesk notification link of the Request Approval URL in Application and Change Control) |
| 1186364 | KB89430 | All Versions | Issue: Application Control events are reported back to the ePO server from a client that only has Change Control enabled | |
| 1203024 | KB89687 | All Versions | 8.1.1 | Issue: Skiplist exclusion filters with asterisk in the path cannot be save |
| 1241551 | KB90779 | All Versions | 8.2.0 | Issue: Application Control Policy Discovery events missing when extension 8.1.0.129 or 8.1.1.103 are installed |
| 1249255 | KB90787 | All Versions | Will Not Fix | Issue: Duplicate users appear in client policy when Trusted Users group is synchronized with Active Directory |
| 1249451 | KB90818 | All Versions | Issue: High event flow in the SCOR_FD_Data_Channel temporary table results in a deadlock and events stacking up | |
| 1270782 1270891 1247470 |
KB91532 | All Versions | Will Not Fix | Issue: Server task "Solidcore: Send Policy and Inventory Feedback to McAfee GTI Server" runs indefinitely |
Windows (all versions):
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| KB89012 | All Versions | MA issue | Issue: McAfee Agent high CPU consumption | |
| KB88986 | 7.x, 8.x | Issue: Application and Change Control is blocking the Windows Defender Update process | ||
| KB88915 | All Versions | Issue: Exclusions for ENS/VSE with Application and Change Control to improve post-install performance | ||
| 1179655 1164544 1164554 |
KB88756 | All Version | Issue: deny_reason="File-cksum-mismatch" (generated when executables are configured as updaters in Application Control) | |
| KB88747 | All Versions | Issue: Web MER.exe blocked on client while Application Control is in enabled mode Solution: Update to latest extensions |
||
| KB86758 | All Versions | Will Not Fix | Issue: Application Control denies zip files when run in the context of Java.exe or Javaw.exe | |
| 1272591 | KB86638 | All Versions | Issue: Performance issues on Application Control endpoints when Global Threat Intelligence and Threat Intelligence Exchange communication fails | |
| KB77610 | All Versions | Issue: Application Control and Change Control might not switch the protection mode with Windows FBWF installed | ||
| 1267203 |
7.0.2 | Issue: February Microsoft Updates fail on MACC 7.0.2. | ||
| 1267181 |
7.0.2 | Issue: Execution Denied (checksum-mismatch) when a file is modified through a hardlink. |
||
| 1261196 |
|
7.0.2 | Issue: Microsoft patch installation fails and rolls back. | |
| 1259045 | 7.0.2 | Issue: Updated dlls are not updated in local whitelist. | ||
| KB89866 | 7.x, 6.x | Issue: Installation of Application and Change Control fails when running a batch file containing the /qb+ switch on Windows Vista clients | ||
| KB90849 | All Versions | Issue: File Write Denied events recorded when modification of the edb.log file is attempted | ||
| KB91257 | All Versions | Issue: Application Control and Change Control driver issues (Windows Update) | ||
| 1273074 1274763 |
KB91569 | 7.x, 8.x | Issue: Updater rights and permissions unexpectedly granted to svchost.exe |
There are currently no new known issues.
Windows 10:
There are currently no new known issues.
Back to topCRITICAL: There are no known critical issues.
Non-critical:
Solidcore Extension:
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 608347 | Issue: The Solidcore Policy Assignments By System report displays all policies derived from the root, regardless of the SKUs enabled on the platform. | |||
| 609304 | Issue: You cannot export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data. |
|||
| 607554 | Issue: Solidcore policies cannot be duplicated by using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies. |
|||
| 608374 | Issue: When trying to enable an already enabled Solidcore Agent, the error displayed is not translated. | |||
| 609911 | Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server. Workaround: Use Internet Explorer from a different computer to export rule groups. |
|||
| 609220 | Issue: Saving an Application Control policy that is a copy of the McAfee Default policy is slow. Workaround: Because Application Control policies are multi-slot policies, Technical Support recommends that you create a new blank policy and add new rules to it instead of copying and changing the McAfee Default policy. |
|||
| 719796 |
Issue: Global catalog search for Active Directory (AD) groups is not supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group:
|
|||
| 890978 | Issue: The GTI cloud server entry is not removed from ePO after the Solidcore Extension is uninstalled. | |||
| 950063 | Issue: A few Strings are not properly localized in languages other than English. | |||
| 939528 |
|
Issue: Systems with a large inventory fail to send inventory data to the ePO server and a corresponding entry is logged in the Server Task Log after six hours. | ||
| 987715 |
|
Issue: For the Application Control Options (Windows) policy, an import of a policy from Extensions earlier than 6.2.0 causes the Inventory AEF tab to populate with its default value. Default values are not saved in the policy until you make some change and save the policy. | ||
| 1050955 |
|
Issue: With ePO 5.x, GTI communication using Kerberos authentication fails when using a proxy server. | ||
| 1109570 | Issue: You can edit the MAC, MCC, and IM dashboards after you migrate from ePO 4.6.9 to ePO 5.1.3. | |||
| 1147342 | Issue: In 7.0.1, the SMS 2003 Client rule group is renamed to SCCM/SMS Client, and SMS 2003 Server rule group is renamed to SCCM/SMS Server. After you upgrade, if you save an existing policy that uses one of these rule groups, the renamed rule group is disassociated from the policy. Workaround: Search for the SCCM/SMS Client and SCCM/SMS Server rule groups and add the groups to your policy. |
|||
| 1224811 | KB90254 | 7.0.0 | 7.0.2 | Issue: GTI communication error occurs between server and client, with Application and Change Control installed |
Back to top
Windows (all versions):
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| KB79201 | Issue: For JAR files, the Java interpreter can run a JAR file from any extension. Renaming a valid JAR file to a file with a different extension still allows it to be executed. Workaround: See the Knowledge Base article for details. |
|||
| 794445 |
Issue: Solidified batch files, when copied using another batch file, fail. | |||
| 808857 |
Issue: A Self Approval pop-up window displays if a file is opened with the execute flag even if the file is not executed. |
|||
| 916640 |
|
Issue: Deny Execution is not skipped for a drive after removing the skiplist -v flag without a reboot. Workaround: A reboot is required to make it work. |
||
| 1112186 | Issue: MAC 7.0.0 supports the proxy without authentication for the GTI feature on endpoints. If the proxy is set without authentication, you can use commands in the netsh winhttp context to configure proxy and tracing settings for Windows HTTP. You can run the netsh commands for winhttp manually at the netsh prompt or in scripts and batch files. | |||
| 1132183 | Issue: System lockup occurs when you uninstall the Endpoint Security Threat Prevention module Workaround: Add c:\windows to skiplist rule -i Ignore path passthrough attribute before you uninstall the Endpoint Security Threat Prevention module. Then after uninstallation, remove this rule. Or, disable MAC to uninstall the Endpoint Security Threat Prevention module and enable after you uninstall Endpoint Security Threat Prevention. |
|||
| 1194481, 1194580 | Issue: Blue screen error when MAC checks to see if a file is managed and the file header does not contain IMAGE_NT_HEADERS. | |||
| 1261321 | 7.0.1 | Issue: Windows logon process is stopped due to swin.sys. | ||
| 1267968 | 7.0.1 | Issue: Memory Protection (MP) cannot be enabled in Windows 10 with secure boot. | ||
| KB89359 | 7.0.1 | 8.0.0 | Issue: Google Chrome displays an "Aw Snap!" error when attempting to browse websites while Application Control 7.0.1 Memory Protection is enabled | |
| 1171705 | KB89425 | 7.0 | MA Issue | Issue: Policy is unexpectedly enforced after a reboot when set to not enforce |
| KB89459 | 7.0.1.402 | 7.0.1.413 | Issue: Windows Update DLL files will not load properly until Application Control (Standalone) is placed in an enabled state. | |
| 1197702 | KB89466 | 7.0.1.413 | 7.0.1 HF5 | Issue: Script As Updater injection into all application and system processes results in degraded performance and system crashes |
| KB89565 | 7.0.1 HF4 | Will Not Fix | Issue: Systems may fail to boot or load the Application Control driver after installing Application Control 7.0.1 Hotfix 4 Solution: Install Microsoft Security Advisory 3033929 |
|
| 1203341 | KB89678 | 7.0.1.413 | Issue: Application and Change Control prevents installation of Endpoint Security Workaround: Disable Memory Protection |
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 959413 | Issue: You are unable to install an MSI-based package on x86 in Update or Enable mode. |
Windows 10:
Back to top
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 1188255 | KB91257 | 7.0.0 | 8.2.1 Update 3 8.0.2 Update 1 |
Issue: MACC prevents the Windows Defender Update process from running successfully. Solution: Apply the correct update for your version of Application Control:
|
Back to top
CRITICAL: There are no known critical issues.
Non-critical:
Solidcore Extension:
| Reference | Article | Found in Version | Resolved in Version | Description |
| 608618 | Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Microsoft Internet Explorer (Internet Explorer), the file upload times out if the network upload speed is slow. Workaround: If an error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Next, access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays. |
|||
| 607517 | Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported. | |||
| 608347 | Issue: The Solidcore Policy Assignments By System report displays all policies derived from the root, regardless of the SKUs enabled on the platform. | |||
| 609304 | Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data. |
|||
| 636769 | Issue: If you upgrade from ePO 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table. | |||
| 636352 | Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display garbage data. | |||
| 607554 | Issue: Solidcore policies cannot be duplicated by using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies. |
|||
| 608374 | Issue: When trying to enable an already enabled Solidcore Agent, the error displayed is not translated. | |||
| 607908 | Issue: It is not possible to export more than 50,000 records from any table or report. | |||
| 608025 | Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added. | |||
| 609911 | Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server. Workaround: Use Internet Explorer from a different computer to export rule groups. |
|||
| 608753 | Issue: Sometimes, using the user name field of reported events in ePO as a trusted user might not work if the client system is part of an AD domain, because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN of the AD client as the domain name. Or, review the properties of the My Computer icon to identify the complete user name to specify as the trusted user. |
|||
| 609220 | Issue: Saving an Application Control policy that is a copy of the McAfee Default policy is slow. Workaround: Because Application Control policies are multi-slot policies, Technical Support recommends that you create a new blank policy and add new rules to it instead of copying and changing the McAfee Default policy. |
|||
| 607950 | Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted. | |||
| 719796 |
Issue: Global catalog search for Active Directory (AD) groups is not supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group:
|
|||
| 722045 | Issue: When you add new columns, such as Solidcore Status and Solidification Status, for an endpoint by clicking Actions, Choose columns, Non Compliant Solidcore Agent, it might not display values for all endpoints. This issue happens because the Non Compliant Solidcore Agent section includes only non-compliant agent properties. Workaround: When you add new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent. |
|||
| 812003 | Issue: The Self Approval page displays a link for .MSI based applications, which displays an empty list when drilling down. | |||
| 890978 | Issue: The GTI cloud server entry is not removed from ePO after the Solidcore Extension is uninstalled. | |||
| 926122 | Issue: File Deviation details are missing in an exported file from the Image Deviation page. | |||
| 950063 | Issue: A few Strings are not properly localized in languages other than English. | |||
| 1033281 |
|
Issue: Upgrade to Solidcore Extension 6.2.0 might fail immediately after extension restart while performing an upgrade from a version older than 6.1.2. | ||
| 939528 |
|
Issue: Systems with a large inventory fail to send inventory data to the ePO server and a corresponding entry is logged in the Server Task Log after 6 hours. | ||
| 987715 |
|
Issue: For the Application Control Options (Windows) policy, an import of a policy from Extensions earlier than 6.2.0 causes the Inventory AEF tab to populate with its default value. Default values are not saved in the policy until you make some change and save the policy. | ||
| 1043052 |
|
Issue: You cannot upgrade Solidcore help extension from previous versions to 6.2. Workaround: Uninstall the old help extension and install the new one. |
||
| 1050955 |
|
Issue: With ePO 5.x, GTI communication using Kerberos authentication fails when using a proxy server. | ||
| 1109570 | Issue: The MAC, MCC, and IM dashboards are editable after migration from ePO 4.6.9 to ePO 5.1.3. | |||
| 1104452 | KB86184 | Issue: There are multiple alerts for the automatic response "Bad Binary has been detected in Enterprise" after upgrading to Solidcore Extension 7.0.x. | ||
| 1148388 | Issue: Advanced Filters on the Solidcore Events page are not working. Workaround:
|
|||
| KB84651 | All Versions | 8.0.0.182 | Issue: Upgrading the extension for Application Control 6.2.0 and later takes a long time to complete | |
| 1104452 | KB86184 | 7.0.0 | Issue: Multiple alerts for the automatic response "Bad Binary has been detected in Enterprise" after upgrading to Solidcore Extension 7.0.x | |
| 1130244 | KB87004 | 7.0.0-270 | 7.0.1 | Issue: SOLIDCORE_META - Unable to load native library (when you log on to the ePolicy Orchestrator console) |
| KB87461 | 7.0 | Issue: You see inconsistent results after you add Application Control related columns to the System Tree and/or Threat Event pages | ||
| KB87648 | 7.0 | Issue: The DELETE statement conflicted with the REFERENCE constraint (when Application and Change Control events are purged from ePolicy Orchestrator) | ||
| KB88248 | All Versions | Issue: Stale records appear on the Inventory page when a Purge System Inventory task is run immediately after a client has been removed from ePolicy Orchestrator |
Back to top
Windows (all versions):
| Reference |
Article |
Found in Version | Resolved in Version | Description |
| KB79201 | Issue: For JAR files, the Java interpreter can run a JAR file from any extension. Renaming a valid JAR file to a file with a different extension still allows it to be executed. Workaround: See the Knowledge Base article for details. |
|||
| 801531 | Issue: If Driver Verifier (verifier.exe) is enabled, MAC / MCC might not function as expected. | |||
| 608418 | Issue: The Original Username reported in events is the same as the Username. | |||
| 600805 |
|
Issue: While opening a write-protected network share in File Explorer, a few deny-write errors are observed. |
||
| 603747 |
|
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes. Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes. |
||
| 608036 |
|
Issue: Mapped drive names cannot be used in commands issued by remote users/ePO. |
||
|
595570 |
|
Issue: The following applications are incompatible with the Solidcore Agent for Windows. Contact Technical Support for further assistance.
|
||
|
594579 |
|
Issue: Unsolidified scripts cannot be copied using the MS-DOS command prompt on a solidified system. Any read access to unsolidified scripts by a script interpreter configured for that script is denied, which generates unauthorized execution events. To avoid these problems, perform the file operation using Windows Explorer. |
||
| 608647 |
|
Issue: On 64-bit systems, multiple events might get generated when an unauthorized binary file is executed. The Windows operating system tries to run the binary multiple times by using a reduced set of attributes until final failure. |
||
| 608745 |
|
Issue: Files that are read-protected by the user (using the 'sadmin read-protect' command) cannot be solidified. | ||
|
643688 |
Issue: If you try an ActiveX installation before enabling the ActiveX feature and retry the installation after enabling the ActiveX feature, ActiveX might not get installed properly. Workaround: If the ActiveX installation fails, delete all files in the |
|||
| 602194 | Issue: The package control feature is not able to stop the installation of some applications, such as Gvim and Winrar. | |||
| 616147 | Issue: For standalone Solidcore Agent installation (in other words, installation not done via ePO) on endpoints where Oracle is installed, you must run finetune.bat manually at the endpoints to apply Oracle-specific rules. |
|||
| 599348 | Issue: On viewing the properties of a file on the local drive, deny-write and deny-exec events are generated for the solidified and unsolidified files, respectively. | |||
| 601126 |
|
Issue: When copying solidified files to a rewritable CD, although the files are copied successfully, deny-write errors are logged. |
||
| 601427 |
|
Issue: On 64-bit platforms, Enum or Performance in sub keys is bypassed from Solidcore Agent protection. Thus, when you delete a write-protected registry key with Enum or Performance in sub keys, you might get a partial completion status. |
||
| 616089 |
|
Issue: In the output of the sadmin diag command on the Spanish locale, read 'actualizadores agregar' as 'updaters add'. For example, the following output: * actualizadores agregar -t DIAG: cmd.exe -p explorer.exe ""cmd.exe"" should be read as:* updaters add -t DIAG: cmd.exe -p explorer.exe ""cmd.exe"" |
||
| 600748 |
|
Issue: Multiple deny write events can get generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt. | ||
| 695246 |
|
Issue: Although the Solidcore NX protection is based on system DEP, it is possible that some applications work with system DEP but not with Solidcore NX. In such cases, if processes are added to the Solidcore NX bypass list, the system DEP protection is enabled for the processes. |
||
| 720663 |
|
Issue: Editing the Updater Label for an existing trusted publisher in an Application Control policy fails. Although the label changes in the ePO console, the change is not reflected on the endpoints. |
||
| 713989 |
|
Issue: If Application Control and Spector are installed on an endpoint and MP-CASP is enabled, Internet Explorer crashes. |
||
| 652602 |
|
Issue: If you disable the deny-exec-exes feature on any Windows (64-bit) operating system, change the extension of an exe to .sys, and try to run the .sys file, execution of the .sys file is prevented. Or, if you change the file extension to dll, you are able to run the file even if the deny-exex-dlls feature is enabled. |
||
| 607574 |
|
Issue: On opening a network share (for systems running Windows Vista, Windows 7, and Windows 2008), deny-write and deny-exec events are generated for the binary files present on the network share. These events occur because Windows Explorer tries to fetch the icons for the files stored on the network share. |
||
| 768708 |
Issue: You are unable to set the flag fs-passthru 'p' and the flag vasr forced reloc 'v' together with the extra information flag 'o' in the attr command. |
|||
| 770362 |
Issue: You are unable to set more than one dll to bypass from VASR forced reloc. |
|||
| 794445 |
Issue: Solidified batch files, when copied using another batch file, fail. | |||
| 803731 |
Issue: With network tracking disabled, Self Approval functionality does not work for network shares. |
|||
| 803948 |
Issue: Deny-Exec on a Script file is reported if Network tracking is disabled on a 64-bit architecture. |
|||
| 808857 |
Issue: A Self Approval pop-up displays if a file is opened with the execute flag even if the file is not executed. |
|||
| 808964 |
Issue: An Auth rule for a process making file changes does not get added correctly if allowed through Self Approval. |
|||
| 812964 |
Issue: If you remove the Updater flag for a certificate rule, the certificate is still listed as an Updater on the endpoint. |
|||
| 816108 | Issue: A file, authorized by checksum, is denied for execution when run from a network share. | |||
| 810072 | Issue: While running a 16-bit executable with Self Approval enabled, the file type is listing as script. | |||
| 819876 | Issue: A process that does not work as an Updater is configured as an Updater through auth by checksum. Workaround: Configure the process as an Updater by name. |
|||
|
888634 |
|
Issue: An unclean uninstallation of Adobe Flash Player occurs when pkg-ctrl-allow-uninstall is enabled. Workaround: sadmin updaters add "C: \WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe". |
||
|
888632 |
|
Issue: A repair of .NET 3.5 fails. Workaround: Add the below Updater rules:
|
||
|
885091 |
|
Issue: You are unable to install Visual Studio 2010 Ultimate via Updater. Workaround: See the Knowledge Base article for details. |
||
|
887965 |
|
Issue: Uninstallation of applications are not blocked even if the pkg-ctrl-allow-uninstallation feature is disabled. Workaround: Run the sadmin clg command after each installation of an application to block the uninstallation. This command clears out all cached GUIDs from the system. |
||
| 888878 |
Issue: Multiple package control prevention events are seen while uninstalling and repairing Visual Studio 2010. Workaround: Add " |
|||
|
884396 |
|
Issue: You are unable to install Adobe Flash Player 11 when the pkg-ctrl-bypass feature is enabled. Workaround: sadmin updaters add InstallAX_11_6_602_180.exe. |
||
|
883381 |
|
Issue: Self Approval pop-ups for a user session are displayed on a console session instead of a user session. Workaround: Run the following Solidcore commands from the command line: sc config AeLookupSvc type= own |
||
|
915562 |
KB79517 | Issue: McAfee Solidifer upgrade from 6.1.1 to 6.1.2 fails in Observe mode. Workaround: See the Knowledge Base article for details. |
||
|
910080 |
|
Issue: Package Control, if an application has ctor.dll in its uninstall string, another application using ctor.dll, is not installed when pkg-ctrl-allow-uninstall is disabled. Workaround: As a workaround for mode 1 of package control, the user can make the ctor.dll an Updater using the complete path (for example, C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll). For Package Control modes, see PD24669. |
||
|
916640 |
|
Issue: Deny Execution is not skipped for a drive after removing the skiplist -v flag without a reboot. Workaround: A reboot is required to make it work. |
||
|
910485 |
KB79658 | Issue: Package Control uninstallation of an application fails using Add/Remove Programs if an application is installed for a particular user. Workaround: See the Knowledge Base article for details. |
||
|
901147 |
|
Issue: Installer (Auto-IT), first shown as script type, after copying to some other location, is showing as pe32-exe. | ||
|
911678 |
|
Issue: Package Control is unable to repair Visual Studio 2010 Ultimate if installed in Update mode. | ||
|
903914 |
|
Issue: You see File Write Denied events when you run .exe files, marked as an Updater, by double-clicking them. | ||
|
919300 |
|
Issue: A Trusted Path operation fails if the operation is performed on a local share mounted as a network share locally. | ||
|
920568 |
KB79987 | 6.x | 8.0.0.651 | Issue: The upgrade version is not updated on the ePO server and the McTray About box after an endpoint upgrade. Workaround: See the Knowledge Base article for details. |
|
940286 |
|
Issue: A Pkg-modification-prevented event is raised during a MAC upgrade. | ||
|
948349 |
|
Issue: Multiple deny-write events for a Self Approval pop-up for putty.exe are recorded when execution is done after downloading the file from the Internet. | ||
| 940085 | KB73484 | Issue: There is a known incompatibility between McAfee Application Control and SafeNet ProtectFile: File Encryption and Protection software. | ||
| 953257 |
|
Issue: Script files can execute from the unsolidified drive on the system. | ||
| 1020973 |
Issue: Adobe32 stops working with MPCompat.
Workaround: To resolve this issue, use one of the following workarounds:
|
|||
|
1027687 |
|
All Versions | Issue: Upgrade to Application Control or Change Control 6.2 fails for endpoints. Workaround: See the Knowledge Base article for details. |
|
|
988624 |
|
Issue: Application Control inventory generation can take longer than 24 hours to resume after reaching the throttling threshold limit. Workaround: See the Knowledge Base article for details. |
||
|
1026279 |
|
Issue: Another rule is required to run Perl with Application Control. Workaround: See the Knowledge Base article for details. |
||
|
1017933 |
|
Issue: You are unable to apply an Application Control policy with a trusted path that contains an environment variable. Workaround: See the Knowledge Base article for details. |
||
| 1045414 | Issue: In the system Event Viewer logs, a "Microsoft-Windows-Kernel-General" error message is logged while writing to the registry during start. | |||
| 1079808 | Issue: The Solidifier service fails to start with the app-verifier "low resource" option selected. | |||
| 1074569 | Issue: The Solidifier service fails to start in Disable mode when an inventory sync from scinvlog.bak to scinv occurs and you restart the system. | |||
| 1079819 | Issue: File creation fails for long file name execution. | |||
| 1111630 | Issue: MAC is not receiving reputation updates from the TIE server. | |||
| 1088137 | Issue: The wrong parent process information displays for binary addition activity on the Policy Discovery page. | |||
| 1115590 | Issue: Serial numbers are displayed as encoded on the TIE Reputation page. | |||
| 1115107 | Issue: You get an observation for Scanalyzer.exe even if there is an Advance Exclusion Filter (AEF) rule to suppress observations from that path. | |||
| 1112186 | Issue: MAC 7.0.0 supports the proxy without authentication for the GTI feature on endpoints. If the proxy is set without authentication, you can use commands in the netsh winhttp context to configure proxy and tracing settings for Windows HTTP. You can run the netsh commands for winhttp manually at the netsh prompt or in scripts and batch files. | |||
| 1049573 | KB85156 | All Versions | Issue: System slows or stops responding while accessing files over the network | |
| KB85696 | 7.0.0 | Will not Fix | Issue: Binary is signed by a certificate, but an ‘Allow by Certificate’ rule cannot be created | |
| KB86846 | 7.0.0 | Issue: ERROR: fshooks.c : 687: Could not validate filename OR filename is invalid: (DFS replication fails with Application and Change Control installed) | ||
| KB86847 | 7.0.0 | Issue: Installation of plan failed. FatalIOException: Unable to create file (Vsphere fails to load when Application Control is installed) | ||
| KB87257 | 7.0.0 | Will Not Fix | Issue: Installer Detection bypass option is Deprecated for endpoints running version 6.1.1 and later (Package Control in relation to the architecture rules for the attr -i command) | |
| KB87470 | 7.0.0 | 7.0.1 HF4 and 8.0 | Issue: Microsoft Windows Update cannot be installed when Application and Change Control is configured in Enable, Observe, or Update mode | |
| KB88091 | 6.x and 7.x | Issue: Application Control causes a Windows error event to occur when a new USB disk is connected to a solidified client | ||
| KB88092 | 7.0 | Will Not Fix | Issue: The default TIE Server configuration could affect sample submission for some endpoint clients |
Back to top
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 959413 | Issue: You are unable to install an MSI-based package on x86 in Update or Enable mode. | |||
| 946092 | Issue: sadmin commands can become unresponsive on Windows Embedded 8 64-bit platforms with the vsepflt driver. |
Windows 2008 R2 (64-bit):
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 608636 | Issue: During manual installation of Solidcore Agent on the Windows 2008 R2 (64-bit) platform, you see that Windows installer encountered a validation error for the msiexec.exe and kernelbase.dll files. Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation. |
Windows 2008 (64-bit):
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 609780 | Issue: On the Windows 2008 (64-bit) platform, the rundll32.exe file crashes if an application is uninstalled by using Add/Remove Programs and initially the SetupInstallFromInfSection() function was used to install the application. |
Windows 2008/Vista (32-bit and 64-bit), Windows XP/Windows 7/Windows 2008 R2 (64-bit):
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 609757 | Issue: In Enable mode, if you try to access a folder with unsolidified files through File Explorer, deny-exec events are raised for the files in the folder. |
Windows Vista:
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 607541 | Issue: For Windows Vista and later platforms, the Solidcore Agent configuration marks a service called Windows Modules Installer (TrustedInstaller.exe) as an Updater. This action is done to allow Windows Update to work properly. This service can both install and remove Windows components even if the pkg-ctrl feature is enabled. |
Windows 10:
| Reference Number | Related Article | Found in Version | Resolved in Version | Description |
| 1188255 | KB91257 | 7.0.0 | 8.2.1 Update 3 8.0.2 Update 1 |
Issue: MACC prevents the Windows Defender Update process from running successfully. Solution: Apply the correct update for your version of Application Control:
|
Back to top
Affected Products
Languages:
This article is available in the following languages:
English United StatesSpanish Spain
French
Italian
Japanese
Portuguese Brasileiro
