Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
Critical
There are currently no critical known issues.
Issue: Microsoft Windows Rights Management Services (RMS)/Seclore fails to connect with HTTPS (test connection) in ePO 5.10.
Resolution: Import the RMS/Seclore certificate to the ePO keystore file.
For more information, see the article mentioned in the Related Article column.
DLPO-3333
-
11.4
-
Issue: The file size for the incidents reported by MVISION Cloud are displayed in the decimal point under DLP Incident Manager, Incident List.
DLPO-3242
-
11.4
-
Issue: When the Email Protection Rule is created and an email is sent to more than two recipients, all email recipients are not displayed for MVISION Cloud. The email recipients are displayed when you hover over it.
DLPO-3350
-
11.4
-
Issue: If the email does not have a "Subject" added to it, the "Email Subject" under Additional Information displays "No Subject" with the angle brackets for MVISION Cloud.
DLPO-3353
-
11.4
-
Issue: The incident reported by MVISION Cloud does not display the unique match count under "Evidence."
DLPO-3354
-
11.4
-
Issue: "SharePoint/OneDrive" incidents have 0.0.0.0 as the computer IP in the incidents reported by MVISION Cloud.
DLPO-3404
-
11.4
-
Issue: If the shared location is Unavailable, evidences are not imported from MVISION Cloud to ePO. When the shared location is restored, evidences are recovered after 10 minutes by default.
DLPO-3029
-
11.3.000
-
Issue: Redacted data is visible when the DLP incidents are displayed in a report.
Workaround: For the redacted users, deny permissions to Queries and report.
DLPO-3012
-
11.3
-
Issue: DLP Web post aggregation fails in mail.google.com (Gmail). There is no aggregation and multiple incidents are generated instead of a single incident.
DLPW-4540
-
11.3
-
Issue: When the Chrome Injection is disabled and the rule is triggered, the Incident Manager on ePO displays the failure reason as “Non-Supported Chrome Version.”
-
11.3
-
Issue: In the Chrome Incognito mode, the Chrome extensions are not available, so the URLs are not detected. So, the allow list URLs and URL exceptions are not being applicable in the Incognito mode.
1271560
-
11.2
11.3
Issue: When DLP Endpoint is upgraded from 11.1.200 to 11.2, the upgrade fails.
Workaround: Uninstall DLP Endpoint 11.1.200 and restart the system before you upgrade to DLP Endpoint 11.2.
Resolution: This issue is resolved in DLP Endpoint 11.3.
1264676
1265030
-
11.1.100
11.2.000
Issue: Test connection fails for Evidence Storage if the password contains special characters. (It appears in DLP Settings or on the Evidence Copy Service page of the Client Configuration.)
1264486
-
11.1.100
11.2.000
Issue: Files are allowed to be uploaded from all URLs even when the Application File Access Protection blocking rule is configured with specific URL exception list.
1261969
-
11.1.100
11.2.000
Issue: Links in the emails that DLP Case Management automatically generates do not work.
1264467
-
11.1.100
11.2.000
Issue: Classification caption is not added in the sent emails.
1262607
-
11.1.100
11.2.000
Issue: If the sensitive file name contains non-English characters, the web protection rule does not work when you use Chrome browser version 67 and later.
1222510
-
11.0.200
11.2.000
Issue: When the PDF image files are opened in the Internet Explorer, it displays the "There is a problem with Adobe Acrobat/Reader" error message.
Issue: The Windows 10 Microsoft Print to PDF built-in printer is considered a local printer by DLP Endpoint.
Issue: In the Removable Storage File Access Device rule, there is an Or condition between the file extension and the True File type. For example, if you define a rule to block the file extension exe and True File: HTML, both file types are blocked.
Issue: You can't upgrade DLP Endpoint while the Sysinternals Process Explorer tool is open. If you experience an issue when you upgrade DLP Endpoint, make sure that this tool is closed.
Issue: The DXL client must be in the connected state for the Application file access protection rule including TIE reputation condition to work. While DXL is in a disconnected state, the Application File access protection rule works based on the reputation cache, if it exists.
Issue: You must restart the DLP Client for the Email Protection rule to work on Lotus Notes.
1095437
9.4.0
9.5.0
Issue: OS X El Capitan 10.11 Support - False events with root user type are generated.
1095474
9.4.0
9.4.100
Issue: OS X El Capitan 10.11 Support - RSDR with VID/PID device definition does not work.
875868
875981
Issue: If Microsoft Outlook is not the default mail client, Email Discovery does not run and the console displays wrong values. NOTE: Outlook has always been a prerequisite and must be the default mail client.
982508
9.3.207
Issue: Clipboard Protection Rule triggers every time a user right-clicks on an Internet Explorer browser window with restricted data already copied to the clipboard. (No paste operation is performed.) Workaround: Add explorer.exe to the Clipboard whitelisted processes in client configuration.
1012744
Issue: When EERM initializes blocked devices, they are not treated as Content Encrypted by McAfee devices until the devices are removed and plugged in again. Workaround: Remove the device and plug it in again.
898377
9.3.100
Issue: Clipboard blocks copying from Microsoft Word to Microsoft Outlook. You see the error: Word has encountered a problem.
872984
9.3.0
Issue: A Web Post rule blocks metro user interface applications, even with the Internet Explorer handler.
914808
9.3.0
Issue: Some built-in USB SD card readers are physically connected to the USB bus and not to the SD bus. As a result, they are recognized as a USB bus type and not as an SD bus type. Workaround: Open the Mac System Information to determine if the SD card reader is connected to the USB bus or to the SD bus. If the SD card is connected to the USB bus type, configure your Removable Storage Device Rule to protect USB bus type.
907629
9.3.0
Issue: DLP Agent can't recognize a FAT32 file system on a GUID Partition Table formatted drive. Workaround: To block a FAT file system, select both FAT16 and FAT32 as File System Type in the Removable Storage Device Rule.
881268
9.3.0
Issue: Removable Storage Device Rule on OS X can't block writing to CD/DVD and can't set the CD/DVD to read-only rule.
879986
9.4.0
Issue: UAG configuration using LDAP Object Identification - Identify LDAP objects by their name is not supported for Mac clients. Workaround: Use LDAP Object Identification - Identify LDAP objects by SID (Security ID) configuration.
Issue: Network Communication protection rule and Screen Capture protection rule do not support Manual Classification.
Issue: To reduce memory consumption, the total number of dictionary items that can be used in a policy is limited to 50,000.
Issue: To reduce memory and CPU use, the total number of signatures contained in the registered documents package is limited to 1,000,000 signatures. This number is that maximum that can be placed in a registered document repository. This number is equivalent to about 250 MB of original document content.
Issue: Debug logging is only for use with troubleshooting issues because it might affect the performance of the endpoint systems.
1061255
9.4.0
Issue: Endpoint Discovery scheduler with Time Zone Coordinated Universal Time (UTC) on and running McAfee Agent (MA) 5.0.1 runs as Local time on managed systems. Workaround: Use Local time zone on managed systems instead of Coordinated Universal Time (UTC) when using MA 5.0.1.
1057480
Issue: Fixed hard disk rule does not work for drives mounted in an NTFS folder.
1034514
11.0.130
Issue: When Run DLP client in Safe Mode configuration is disabled, log on in safe mode and return to normal mode. McAfee Agent sends an error report to ePO that Drivers initialization failed. Workaround: To return the reporting to normal mode, restart client.
979613
Issue: A blue screen error occurs after you create a Plug and Play device rule to block CD/DVD drives on a Windows 8.1 system with Roxio burning software.
813264
Issue: The error message Recycle bin corrupted is displayed when a fixed hard drive rule blocks volumes. Workaround: Enable Access Protection in the policy configuration.
Issue: Print Screen blocking rules remain in effect as long as the process that they are tracking is running. Window focus does not affect Print Screen blocking rules. This behavior is expected because a sensitive file that is not in focus can still be visible on the screen.
Issue: The network communication protection blocking rule does not block or monitor SMB connections. The reason is because these connections are covered by file system rules.
Issue: Multiple application-access events can be listed in the DLP Endpoint monitor. For some applications, such as Microsoft Word, more than one message is generated for a single application access. The reason is because of the application background procedures.
Issue: When you disable device blocking, the change only takes effect after you restart the agent computer. Disabling the device blocking probe from the DLP Endpoint Agent configuration does not unblock devices on the agent computer. Devices that were in a blocked state before disabling the device blocking probe remain in the blocked state until unplugged and plugged in again. IMPORTANT:Perform removal of device blocking in emergency cases only. A restart re-enables the devices that were blocked.
To achieve the effect of unblocking a specific device class, McAfee recommends that you change the device class to unmanaged.
Issue: Screenshots and clipboard rules ignore the Trusted strategy and block Trusted applications as well as Editors. This behavior is expected because trusted processes are not part of the screen capture/clipboard logic.
Issue: DLP Endpoint does not interact with IPv6. The Data Loss Prevention IP features do not support it or interfere with it.
Issue: Incorrect configuration of the device blocking feature might cause the client computer to malfunction. For example, even though critical devices are normally in the unmanaged devices list, they can be moved to the managed list. McAfee strongly recommends that you test device blocking rules on a subset of computers before mass deployment.
Issue: Marking an application as an Internet Explorer application means that the DLP Endpoint Agent disregards any content manipulation by the application. Copy and paste, print screen, and content-based tagging rules do not apply. Use the Explorer strategy only for “Explorer-like" applications, such as shell applications.
Issue: To avoid performance issues, McAfee recommends the following configuration changes:
Add all virus protection, indexing services, Windows update, and other trusted applications to the DLP Endpoint Policy Manager as an application group with the Trusted strategy.
Remove unnecessary applications and application groups from the DLP Endpoint Policy Manager.
461535
Issue: Email protection rules are bypassed when the network connection is disabled and Lotus Notes is set to Offline mode.
451892
Issue: A Lotus calendar event with tagged text is only blocked the first time it is sent. If the event is sent a second time, the protection rule is bypassed.
406568
Issue: In Microsoft Outlook, the DLP Endpoint Outlook plug-in can be disabled in COM Add-ins. This setting allows email rules to be bypassed until Outlook is restarted. The Operational EventUser has tried to disable outlook plug-in is created.
1060775
Issue: When you open Microsoft Excel files from the shortcut menu on a client with Application File Access Protection, with the Microsoft Office Applications condition applied, and the Titus plug-in installed for Microsoft Office, you see an error. Workaround: Open the Excel application by going to File and then Open, or disable DDE for Excel application (on the registry).
348500
Issue: When you plug a Kingston U3 drive into a computer with a mass storage device, the tagging rule causes high CPU usage for several minutes. The reason is because of large *.u3pfiles being opened on the drive. Workaround: Add Launchpad.exeto an application group and set the strategy to Trusted.
Issue: Software that contains an application-level restriction mechanism, such as virus protection, antispyware, or personal firewall software, must be configured to permit all DLP Endpoint service requests. For example, for the DLP Endpoint Agent to start when Tenebril SpyCatcher is installed, you must add the agent as a trusted application in SpyCatcher.
10.0.300
11.0.130
Issue: After you upgrade Windows to Windows 10 RS 1 (Anniversary Update), MFE***.sys is not registered in the Registry under Safe Boot key. So, access protection and network communication protection rules do not work in Safe Mode (minimal and network). Workaround: Upgrade DLP or reinstall.
945247
Issue: Printing protection rules do not block Word-to-PDF conversions, when the printing application is defined as Microsoft Word. This issue occurs because the application that performs the conversion is not Word, it is Adobe Distiller. Resolution: Define the application as Adobe Distiller in the Application field.
Issue: When you upload registered documents, if you try to upload a file with a file name longer than 50 characters, it fails with an error message. The problem occurs because Windows file path has a 256-character limit. DLP Endpoint concatenates the internal path to the file name, which can result in paths longer than the allowed limit. Resolution: Shorten the file name to fewer than 50 characters.
Issue: The Block and charge feature is supported only for iPhone 4 and later. There is no workaround. Earlier iPhones can only be blocked.
Issue: DLP Endpoint 11.x.x does not support Web Protection, Clipboard Protection, and Printing protection for Microsoft Edge v42. Also, DLP Endpoint versions older than 11.0.200 do not support Web Protection for Microsoft Edge v40 and v41.
1240128
11.0.400
11.0.500
Issue: Microsoft Office applications, such as Word, Excel, and PowerPoint, do not respond when an Application File Access rule is set to block or monitor a classified file. Resolution: Add Microsoft Office applications to the Content Tracking Whitelisted Processes in client configuration.
And add the folder …\Program Files…\Microsoft Office\Office…\PROOF\ for all files.
1245376
11.0.500
11.1.0
Issue: False positive incidents occur when a Plug and Play device rule or a Removable Storage Device Rule:
Has an end-user condition with an OR operator between multiple condition lines.
AND
An exception is added with an end-user condition.
1253012
11.0.200
11.0.700
Issue: An error appears in the Windows 10 Event Viewer shows one or more of the following:
Faulting module name:fcagpph32.dll
Faulting module name: fcagpph64.dll
Faulting module name:fcagcbh32.dll
Faulting module name: fcagcbh64.dll
Workaround: Add the process name that appears in the event viewer error, to clipboard whitelisted processes in Windows Client configuration.
Issue: Redacted data is visible when the DLP incidents are displayed in a report.
Workaround: For the redacted users, deny permissions to Queries and report.
1268509
-
11.1.100
11.2.000
Issue: DLP Server is unable to synchronize "RegDocs" packages from the evidence share and shows access denied for local system account user. Workaround: Grant permissions (at least Read rights) to the DLP Server’s local system account user to access the evidence share.
1136118
-
Issue: DLP Discover is not reported as reporting product in Incident Manager.
1090520
-
Issue: You see the Restore from file button, but, when you click it nothing happens. Workaround: Click Browse, browse to the backup file, click Restore from file, and then click Save.
1127581
-
Issue: The messageFailure reason: General erroris incorrectly displayed when user permission is insufficient to access a site.
1121738
-
Issue: Apply RMS fails when user profile is not loaded correctly.
1143438
-
Issue: DOCREADME BOX, redirect URI in box app needs to be the same as the ePO web address.
1264942
-
11.1.100
Issue: The DLP Discover OCR module's rate of accuracy when it extracts some Asian languages is inconsistent. Solution: This issue will be addressed in a future update to DLP Discover. Further information is unavailable.
Critical
There are currently no critical known issues.
Non-critical
Reference Number
Related Article
Found in Version
Resolved in Version
Issue Description
DLPO-5104
-
11.5.0 (RTS)
-
Issue: The document registration scan fails when the DLP Server is upgraded from an earlier version to 11.5, or with a fresh installation of 11.5.
IMPORTANT: Configuration changes might be needed for automatic document registration to work with the DLP Server 11.5.0.32.
Workaround:
The DLP Server's host account needs read access to the CIFS share on which the evidence files are stored. To provide the host account with read access to the CIFS share:
In the Choose people on your network to share with dialog box, add the host name of the system on which the DLP Server is running with a $ sign at the end.
For example, if dlpserver.your.domain is the FQDN of the host on which the DLP Server is running, add the host name as dlpserver$.
TSDP-4439
-
11.4.0
11.5.0
Issue: LDAP synchronization file is missing on the DLP Prevent running 11.4.0.
TSDP-3727, TSDP-3912, TSDP-24
-
11.4.0
-
Issue: In the ePO, the Appliance Management page shows "Unable to contact" alert for one or more DLP Prevent or DLP Monitor appliances.
Cause: The appliance is unable to contact ePO due to communication breakdown between MCA and MA on the appliance. The deadlock within MCA causes the breakdown.
Workaround: Restart the MCA process every hour so that any deadlock is automatically cleared without the need of manual intervention or reboot. For workaround installation details, contact support.
DLPO-3029
-
11.3.000
-
Issue: Redacted data is visible when the DLP incidents are displayed in a report.
Workaround: For the redacted users, deny permissions to Queries and report.
1264968
-
11.0.700
11.2.000
Issue: The Linux "glibc", which is the standard GNU C library package, needs to be upgraded to the latest version.
1266348
-
11.0.700
11.2.000
Issue: The Secure Shell (SSH) Host keys are not preserved after upgrade.
1198676
11.0.0
11.0.200
Issue: Sender information in Incident Manager displays a MIME header encoded line as is.
1192249
10.0.200
11.0.200
Issue: Unable to view file name on Incident Manager when attachment file name has double bytes characters.
1195163
10.0.202
11.0.200
Issue: 400 bad request sent from DLP Prevent 10 when Preview Header is located in TCP Stream.
1193589
11.0.0
11.0.200
Issue: Can't change password from "space here".
1205545
10.0.204
11.0.200
Issue: ICAP Preview fails for body greater than Preview size.
1202417
10.0.200
11.0.200
Issue: Users able to send restricted emails in certain AD Groups.
Issue: The document registration scan fails when the DLP Server is upgraded from a previous version to 11.5 or with a fresh installation of 11.5.
IMPORTANT: Configuration changes might be needed for automatic document registration to work with the DLP Server 11.5.0.32.
Workaround:
The DLP Server's host account needs read access to the CIFS share on which the evidence files are stored. To provide the host account with the read access to the CIFS share:
In the Choose people on your network to share with dialog box, add the host name of the system on which the DLP Server is running with a $ sign at the end.
For example, if dlpserver.your.domain is the FQDN of the host on which the DLP Server is running, add the host name as dlpserver$.
TSDP-3727, TSDP-3912, TSDP-24
-
11.4
-
Issue: In the ePO, the Appliance Management page shows "Unable to contact" alert for one or more DLP Prevent or DLP Monitor appliances.
Cause: The appliance is unable to contact ePO due to communication breakdown between MCA and MA on the appliance. The deadlock within MCA causes the breakdown.
Workaround: Restart the MCA process every hour so that any deadlock is automatically cleared without the need of manual intervention or reboot. For workaround installation details, contact support.
DLPO-3029
-
11.3.000
-
Issue: Redacted data is visible when the DLP incidents are displayed in a report.
Workaround: For the redacted users, deny permissions to Queries and report.
1264968
-
11.0.700
11.2.000
Issue: The Linux "glibc", which is the standard GNU C library package, needs to be upgraded to the latest version.
1266348
-
11.0.700
11.2.000
Issue: The Secure Shell (SSH) Host keys are not preserved after upgrade.
1198676
11.0.0
11.0.200
Issue: Sender information in Incident Manager displays a MIME header encoded line as is.
1192249
10.0.200
11.0.200
Issue: Unable to view file name on Incident Manager when the attachment file name has double bytes characters.
1195163
10.0.202
11.0.200
Issue: 400 bad request sent from DLP Prevent 10 when the Preview Header is located in TCP Stream.
1193589
11.0.0
11.0.200
Issue: Can't change the password from "space here".
1205545
10.0.204
11.0.200
Issue: ICAP Preview fails for body greater than Preview size.
1202417
10.0.200
11.0.200
Issue: Users able to send restricted emails in certain AD Groups.
1202481
11.0.0
11.0.200
Issue: Rules matching on email address regular expressions are case sensitive.
Issue: The incidents are not being imported from MVISION Cloud to DLP Incident Manager.
Issue: When you restore a policy including the Prevent action Encrypt by FRP, you must reselect the key.
Issue: When you upgrade a DLP Endpoint extension, add conhost.exe and dllhost.exe to the Application file access whitelist process in Client Configuration.
Issue: The DLP Endpoint 10.x ePO extension might fail to install if the 9.3.x help extension is already checked in. Workaround: Only one help extension can be checked in at one time. You must remove the 9.3.x help extension to install the 10.x help extension.
Issue: When you upload registered documents, if you try to upload a file with a file name longer than 50 characters, it fails with an error message. The problem occurs because Windows file path has a 256-character limit. DLP Endpoint concatenates the internal path to the file name, which can result in paths longer than the allowed limit.
Resolution: Shorten the file name to fewer than 50 characters.
Issue: DLP Email Protection is disabled if Titus Email Classification is used and the Titus license expires. Workaround: Deselect the Titus support checkbox in the Advanced Configuration tab in the Agent configuration.
Issue: After you import DLP Endpoint 9.4 MAC Policy to DLP Endpoint 10.0, you must reassign the MAC policies and MAC configuration to its System Tree nodes in the new environment. You must also make these reassignments after you upgrade from DLP Endpoint 9.4 to DLP Endpoint 10.0.
Issue: The write permissions set for the whitelist folder should be enabled only for the DLP administrator.
Issue: The DLP Endpoint 10.x ePO extension might fail to install if the 9.3.x help extension is already checked in.
Workaround: Only one help extension can be checked in at one time. You must remove the 9.3.x help extension to install the 10.x help extension.
1034291
Issue: Reoccurring quarantined placeholder events generate an error when you try to open them through open this occurrence.
Workaround: The option open this series does not display the error. Also, after the events are released from quarantine, the error no longer appears.
1066784
Issue: Queries and Reports: Incident count displays an incorrect value for DLP: No of incidents per rule set if multiple rules hit the same file on a rule set.
1246454
11.0.500
Issue: Incidents contain "Short Match String" even when Report Short Match String is disabled in the policy settings.
1257017
11.1.0
Issue: An attempt to restore a DLP 9.4 backup that includes classification criteria which checks for True File Type equals Password Protected files fails. The failure occurs when the DLP ePO extension uses a DLP Prevent license or a DLP Monitor license. The failure also occurs if the DLP Skyhigh connection is enabled.
Workaround: Restore the DLP backup into a DLP ePO extension that does not contain the licenses mentioned. Also, replace the classification criteria that checks for True File Type equals Password Protected files. Set the criteria to look for a File Encryption type equal to Unsupported Encryption types or password protected files. If the classification criteria has been modified, create a new DLP backup.
Non-critical
Reference Number
Related Article
Found in Version
Resolved in Version
Issue Description
Issue: When you restore a policy that includes the Prevent action Encrypt by FRP, you must reselect the key.
Issue: When you upgrade a DLP Endpoint extension, add conhost.exe and dllhost.exe to the Application file access whitelist process in Client Configuration.
1034291
Issue: Reoccurring quarantined placeholder events generate an error when you try to open them through open this occurrence. Workaround: The option open this series does not display the error. Also, after the events are released from quarantine, the error no longer appears.
Issue: DLP Email Protection is disabled if Titus Email Classification is used and the Titus license expires. Workaround: Deselect the Titus support checkbox in the Advanced Configuration tab in the Agent configuration.
Issue: After you import DLP Endpoint 9.4 MAC Policy to DLP Endpoint 10.0, you must reassign the MAC policies and MAC configuration to its System Tree nodes in the new environment. You must also make these reassignments after you upgrade from DLP Endpoint 9.4 to DLP Endpoint 10.0.
1066784
Issue: Queries and Reports: Incident count displays an incorrect value for DLP: No of incidents per rule set if multiple rules hit the same file on a rule set.
Issue: The write permissions set for the whitelist folder should be enabled only for the DLP administrator.
