Loading...

Knowledge Center


Endpoint Security 10.5.2 Access Protection and Self Protection are in a "not responding" state
Technical Articles ID:   KB89810
Last Modified:  11/8/2017
Rated:


Environment

McAfee Endpoint Security (ENS) Threat Prevention 10.5.2

Problem

The following error is reported on an affected client:
 
Access protection module is not running

Log entries similar to the following exist in the EndpointSecurityPlatform_Errors.log:
 
09/17/2017 02:11:05.124 PM mfeesp(7952.8052) blframework.blstub.Error (blapiserverstub.cpp:141): InitBO failed for [AP], Err: 32
09/17/2017 02:11:28.307 PM mfeesp(7952.8052) blframework.blstub.Error (blapiserverstub.cpp:141): InitBO failed for [SP], Err: 32

20396 09/17/2017 02:36:59.083 PM McTray(6204.18128) McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:150): CheckTechnologyState failed to get technology status from BO: SP, error: 80010020L
20397 09/17/2017 02:36:59.086 PM McTray(6204.18128) McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:213): Self Protection is not responding.
20398 09/17/2017 02:37:59.201 PM McTray(6204.18128) McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:150): CheckTechnologyState failed to get technology status from BO: AP, error: 80010020L
20399 09/17/2017 02:37:59.211 PM McTray(6204.18128) McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:213): Access Protection is not responding.
20400 09/17/2017 02:37:59.328 PM McTray(6204.18128) McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:150): CheckTechnologyState failed to get technology status from BO: SP, error: 80010020L
20401 09/17/2017 02:37:59.331 PM McTray(6204.18128) McTray.McTrayUPC.Error (TechnologyTopicHandler.cpp:213): Self Protection is not responding.

Cause

The Access Protection (AP.xml) and Self Protection (SP.xml) policy XMLs are corrupt.

Solution

This issue is resolved in Endpoint Security 10.5.2 Hotfix 2; contact Technical Support to obtain the hotfix.

Solution

This issue is resolved in Endpoint Security 10.5.3, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Workaround

If you are able to disable ENS Self Protection:
  1. Disable ENS Self Protection. From the local console, navigate to Settings, Common and disable Self-protection.
  2. Delete the file C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\AP.xml.
  3. Restart the system, which re-creates the file.
If you are not able to disable ENS Self Protection because of a corrupted file:
  1. Boot the system in Safe Mode. For instructions to boot in Safe Mode, see http://windows.microsoft.com/en-us/windows-10/start-your-pc-in-safe-mode.
  2. Delete C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\AP.xml and C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\SP.xml.
  3. Restart the system in Normal Mode.

Workaround

Use the following steps to automate the remediation of the affected systems via ePolicy Orchestrator (ePO).

This procedure removes the corrupt XML file only on the systems that report as being noncompliant. The file will be re-created on a restart. At that point, the system is no longer noncompliant and ePO automation removes the tag, both restoring the previous ENS policy and removing the custom On-Demand Scan task.

Query for and delete the resulting Potentially Unwanted Program malware detections if you do not want them skewing the running statistics in ePO.
  1. Create an "AP Non-compliant" tag:
    1. Log on to the ePO console.
    2. Click Menu, Systems, Tag Catalog.
    3. Click New Tag.
    4. Name the tag AP Non-compliant.
    5. Click Next on the Description page.
    6. Click Next on the Criteria page.
    7. Click Next on the Evaluation page.
    8. Click Save on the Preview page.

  2. Create queries:
    1. Create an "All Systems" Query:
      1. Click Menu, Reporting, Queries & Reports.
      2. Click New Query.
      3. Select Managed Systems (Feature Group: System Management) on the Result Type page.
      4. Click Next on the Result Type page.
      5. Select Table as the Chart type on the Chart page.
      6. Click Next on the Chart page.
      7. Click Next on the Columns page.
      8. Click Save on the Filter page.
      9. Specify the name All Systems.
      10. Select a shared query group in which to save the query or create a new one.
      11. Click Save to save the query.
    2. Create an "AP Non-compliant Tag" query:
      1. Click Menu, Reporting, Queries & Reports.
      2. Click New Query.
      3. Select Managed Systems (Feature Group: System Management) on the Result Type page.
      4. Click Next on the Result Type page.
      5. Select Table as the Chart type on the Chart page.
      6. Click Next on the Chart page.
      7. Click Next on the Columns page.
      8. Click the > button for Access Protection Compliance Status listed under Endpoint Security Threat Prevention Systems.
      9. Ensure that the Comparison field is set to Equals and the Value field is set to Non-compliant.
      10. Click Save on the Filter page.
      11. Specify the name AP Non-compliant Tag.
      12. Select a shared query group in which to save the query or create a new one.
      13. Click Save to save the query.
         
  3. Create a policy:
    1. Click Menu, Policy, Policy Catalog.
    2. Select Endpoint Security Threat Prevention from the Product drop-down list.
    3. Select Options from the Category drop-down list.
    4. Click New Policy.
    5. On the Create a new policy dialog box:
      1. Ensure that Options is selected from the Category drop-down list.
      2. Select a policy from the Create a policy based on this existing policy drop-down list.
      3. Specify Ap.xml PUP for the Policy Name.
      4. Click OK.
    6. Click the newly created Ap.xml PUP policy.
    7. Click Add for Potentially Unwanted Program Detections.
    8. On the User-Defined Unwanted Program dialog box:
      1. Specify ap.xml for File name.
      2. Leave the Description blank.
      3. Click Save.
         
  4. Create a Policy Assignment Rule:
    1. Click Menu, Policy, Policy Assignment Rules.
    2. Click New Assignment Rule.
    3. On the Details page, specify the name Apply Ap.xml PUP policy to affected systems.
    4. Leave the Rule Type set to System Based.
    5. Click Next.
    6. On the Assigned Policies page, click Add Policy.
    7. Select Endpoint Security Threat Prevention from the Product drop-down list, select Options from the Category drop-down list, and select AP.xml PUP from the Policy drop-down list.
    8. Click Next.
    9. On the Criteria page, click the > button for Tag under Available Properties.
    10. For Tag, ensure that the Comparison field is set to Has tag and the Value field is set to AP Non-compliant.
    11. Click Next.
    12. On the Summary page, click Save.
       
  5. Assign a scan task:
    1. Click Menu, Systems, System Tree.
    2. Navigate to and select My Organization.
    3. Click the Assigned Client Tasks tab.
    4. Click Actions and select New Client Task Assignment.
    5. On the Select Task page, select Endpoint Security Threat Prevention for the Product.
    6. Select Custom On-demand Scan for the Task Type.
    7. Click the Create New Task link under Task Name.
    8. Create the task:
      1. Specify Scan ap.xml for the Task Name.
      2. For Scan Locations, deselect Scan subfolders.
      3. For Specify Locations, select File or folder and type: %ProgramFiles(x86)%\McAfee\Endpoint Security\Endpoint Security Platform\ap.xml
      4. Click the + button.
      5. Select File or folder for the second drop-down list and type: %ProgramFiles%\McAfee\Endpoint Security\Endpoint Security Platform\ap.xml
      6. Click Save.
    9. Ensure Scan ap.xml is selected for Task Name.
    10. For Tags, select Send this task to only computers which have the following criteria.
    11. Click the Edit link for Has any of these tags:.
    12. Select the AP Non-compliant tag and click OK.
    13. Click Next.
    14. On the Schedule page, select Run immediately from the Schedule type drop-down list.
    15. Click Save.
       
  6. Create a Server Task to apply the tag:
    1. Click Menu, Automation, Server Tasks.
    2. Click New Task.
    3. On the Description page, specify Tag AP Non-Compliant systems for the name.
    4. Click Next.
    5. On the Actions page, select Run Query from the Actions drop-down list.
    6. Select All Systems for the Query.
    7. Select Clear Tag for Sub-Actions.
    8. Select AP Non-compliant for Tag.
    9. Click the + button to the right of the 1. Actions bar.
    10. Select Run Query from the Actions drop-down list.
    11. Select AP Non-compliant Tag for the Query.
    12. Select Apply Tag for Sub-Actions.
    13. Select AP Non-compliant for Tag.
    14. Click Next.
    15. On the Schedule page, select Hourly from the Schedule type drop-down list.
    16. Click Next.
    17. On the Summary page, click Save.

Rate this document

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.