Loading...

Knowledge Center


Application and Change Control prevents installation of Endpoint Security
Technical Articles ID:   KB89678
Last Modified:  8/29/2017
Rated:


Environment

McAfee Application and Change Control (MACC) 8.0 through 8.0.0.817
McAfee Application and Change Control (MACC) 7.0.1.413 and earlier
McAfee Endpoint Security (ENS) Firewall 10.5.x

Summary

A compatibility issue exists between MACC and ENS that may result in ENS 10.5.x failing to install or upgrade. This article describes the steps to take when attempting to install ENS 10.5.x on an endpoint.

Problem

MACC blocks ENS 10.5.x from installing or upgrading on an endpoint.

Cause

The SYSCore MPT driver performs a stack validation which conflicts with the way that MACC injects into process memory.

Solution

Technical Support is investigating this issue. As a temporary measure, implement the following workaround.

Workaround

To ensure that MACC and ENS are able to coexist on an endpoint, MACC memory protection and script as updater features must be disabled. To do this, change policy (via ePO) or manually on the endpoint (via CLI). The steps below detail how to use both methods to disable these features and provide direction on how to install or upgrade the ENS and MACC software.

To disable memory protection in the policy:
  1. Log on to the ePolicy Orchestrator (ePO) console.
  2. Go to Policy Catalog.
  3. Select Application Control.
  4. Edit the currently assigned policy in Application Control options.
  5. Click Features.
  6. Disable Memory Protection.
  7. Save the policy.
  8. Apply the policy to the machine.
NOTE: Disabling memory protection requires a reboot. Configure the policy, and wake up the endpoint. Run the site as updater disable client task. This will reboot the endpoint all in one step.

To disable site as updater with a client task:
  1. Log on to the ePO console.
  2. Navigate to Client Task, New Client Task, Solidcore, SC: Run Client Task Now.
  3. Type the following commands in the client task to disable site as updater: 
     
    Features disable sau
    ssreboot -t 300 -m "Rebooting machine to disable MP and SAU"

     
  4. Reboot the endpoint.
NOTE: ssreboot will generate a pop-up message and reboot the endpoint after 300 seconds have passed. Set the policy to disable MP before running the site as updater disable task to avoid having to reboot the endpoint twice.

Manual steps to follow with MACC after ENS installation in order for ENS to run:
  1. Run the Solidifier Command Line Interface (CLI) on the endpoint as administrator.
  2. At the prompt type sadmin recover to recover the CLI.
  3. At the prompt type sadmin features disable MP to disable MP.
  4. At the prompt type sadmin features disable SAU to disable site as updater.
  5. Reboot the endpoint.
IMPORTANT: When performing a clean (new) installation of these products, the proper order of installation is ENS first, then MACC. When upgrading ENS to 10.5.2, ensure that either MACC is placed in Update mode or add "SetupEP.exe" as an updater.

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.