General |
Reference
Number |
Related Article |
Found in
Version |
Fixed in
Version |
Issue Description |
MNE-5946 |
- |
5.2.0 |
5.2.1 |
Issue: [Uninstall] The product removal tool doesn’t decrypt the disk during an uninstall, and doesn’t warn the user about the status of Bitlocker. You’re unable to block the removal of MNE when the 'Applied Protector' feature is either 'Network Unlock', or 'Preboot'. |
MNE-5943 |
- |
5.1.0 |
5.2.1 |
Issue: [Install] MNE default deployment task can't be removed, when the policy and task retention feature is disabled. |
MNE-5544 |
KB93462 |
5.1.0 |
5.2.0 |
Issue: When a system is deleted from the ePolicy Orchestrator (ePO), it doesn’t uninstall MNE macOS (MNE for Mac).
Workaround: See the Related Article for details. |
MNE-5285 |
- |
- |
5.2.0 |
Issue: After successful installation, MNE doesn’t appear in the product assignment list in ePO. |
MNE-5569 |
- |
- |
5.2.0 |
Issue: The Data Exchange Layer (DXL) enters into a sleeping state when the MNE extension is installed. |
MNE-5168 |
- |
- |
5.2.0 |
Issue: New user is unable to log on during preboot. The user name is switching between NETBIOS and FQDN versions of the domain name. |
MNE-5702 |
- |
- |
5.2.0 |
Issue: When setting a filter in ePO to display the 'Not Reported' encryption status, no results are returned. |
MNE-5740 |
- |
- |
5.2.0 |
Issue: MNE doesn’t show the correct product code on the detecting Prod ID (deprecated) column. |
MNE-5543 |
- |
- |
5.2.0 |
Issue: FIPS compliance report which previously correctly reported systems successfully, now fails for the OS Disk check.
Resolution: FIPS compliance report now successfully obtains protector types, enable TPM + Enhanced PIN, TPM + Shared PIN. |
MNE -5904 |
- |
- |
5.2.0 |
Issue: A macOS system fitted with the M1 chip fails to escrow the key to ePO with MNE installed on client system. |
MNE-5159 |
- |
5.0.0 |
5.1.0 |
Issue: MNE doesn’t correctly rotate the recovery keys on secondary drives. |
MNE-4451 |
- |
5.0.0 |
5.0.2 |
Issue: Key escrow messaging fails to reflect the accurate status of recovery key backup. |
1270203 |
- |
5.0.0 |
5.0.1 |
Issue: MNE reports systems as noncompliant when external USB devices are connected. |
MNE-4917 |
KB91878 |
5.0.0 |
- |
Issue: Incorrect information in the "MNE recovery key through scripting" section of the MNE Product Guide recovery key section. It states the following:
"it is possible to use the keyword recoveryKeyId with the command mc.mne.recoverMachine, when retrieving a BitLocker recovery key using a Key ID"
But, using this keyword results in the following error:
Error 0 : Error setting parameters for command: mne.recoverMachine
Resolution: The keyword serialNumber must be used instead of recoveryKeyId. |
MNE-3593 |
KB91271 |
5.0.0 |
- |
Issue: Management of Native Encryption 5.0 prevents you from uninstalling after you switch protection from Network Unlock to McAfee Preboot.
Resolution: Change protection back to Network Unlock. See the related article for details. |
MNE-3617 |
KB91272 |
5.0.0 |
- |
Issue: New users can't log on with McAfee Preboot after you transfer systems between ePO servers.
Resolution: After the system has been transferred to the new ePO server, the ePO administrator must first disable McAfee Preboot and then re-enable it. See the related article for details. |
1122494 |
- |
4.1 |
- |
Issue: If an MNE extension upgrade fails, the latest queries and reports aren’t downgraded and removed from the default MNE dashboard. |
1099086 |
- |
4.0 |
- |
Issue: [ePO] The Network unlock of volumes for system under the MNE Server setting page is hard to navigate with the screen reader. |
1102848 |
KB85963 |
4.0 |
- |
Issue: If you switch from Network Unlock to another authentication type with Hardware Test enabled, it leaves fixed volumes locked. |
1054974 |
- |
3.0 |
- |
Issue: When two users from two separate domains have the same name, and have logged on to the same system, the system properties show only one of those users. Specifically, it shows the last domain that the user logged on to. |
MNE-3004 |
KB91316 |
5.0.0 |
Expected
Behavior |
Issue: MNE 5.0 McAfee Preboot can't provision a user whose password must change at the next logon. |
MNE-3078 |
KB91315 |
5.0.0 |
Expected
Behavior |
Issue: New users are unable to recover their password using the Self-Service Portal. This problem also affects users who McAfee Preboot doesn’t provision for other reasons. |
MNE-3064 |
KB91243 |
5.0.0 |
Expected
Behavior |
Issue: Users are prompted to confirm their enhanced PIN after an upgrade to MNE 5.0.
Resolution: The MNE 4.x distinguishing issue between TPM and PIN is resolved in MNE 5.0.0. But, users must resupply their enhanced PIN during policy enforcement so that it can configure the correct authentication type. See the related article for more details. |
1110423 |
KB86213 |
4.0 |
Expected
Behavior |
Issue: Servers that use Network Unlock that have no network connection when the system is turned on need to do one of the following:
- Restart the MNE service.
- Restart the system after it’s reconnected to the network for Network Unlock to operate.
|
1048977 |
- |
- |
Expected
Behavior |
Issue: Compliance Report gives conflicting information regarding encryption state when a volume transitions between an encrypted and decrypted state, or conversely after a policy enforcement. |
1049955 |
- |
- |
Expected
Behavior |
Issue: When you upgrade MNE from an earlier version to MNE 4.x, recovery keys aren’t expired. Seen when exposed through recovery pages or DPSSP, before the client upgrade process has completed. |
Windows BitLocker |
Reference
Number |
Related
Article |
Found in
Version |
Fixed in
Version |
Issue Description |
MNE-3582 |
KB91314 |
|
Microsoft Windows
v1803 |
Issue: An MNE 5.0 user enters into an endless recovery loop on a Surface Pro 4 Tablet.
Resolution and Workaround: See the related article. |
- |
- |
5.0 |
- |
Issue: MNE 5.0 removes BitLocker authentication from Windows 7 after upgrade from 4.1.x. |
1122952 |
- |
4.1 |
- |
Issue: The postponement timer doesn’t persist across system reboots. |
1127648 |
- |
4.1 |
- |
Issue: If the change credential Control Panel applet isn’t closed after use, it will prevent subsequent activation attempts from completing successfully. |
1055149 |
- |
4.0 |
- |
Issue: Hardware test failure after reboot doesn’t send an audit to the ePO server. |
1109898 |
|
|
- |
Issue: Overloading Network Unlock might cause network unlock key requests to perpetually time out.
NOTE: With this release, the Network Unlock feature is intended only for use with servers. |
1049957 |
- |
3.0 |
- |
Issue: Hardware test failure after a system restart fails to send an audit. |
964274 |
- |
- |
Expected
Behavior |
Issue: [BitLocker] Error seen after you enable BitLocker with password authentication on other drives and encrypt the client, and click Collect and send properties.
The MNEService.log records the following error:
Could not find keys for Volume {}
Resolution: This behavior is expected because there’s a requirement that MNE reports information about all historical volumes on the system. This information includes volumes that have been removed. Part of the information gathering process tries to query the keys for the volume that has been removed. These volumes aren’t stored for security reasons. Thus, the keys aren’t available. The entry shows that when gathering volume information, an attempt was made to get the keys for the volume. But none is available. This entry is only a DEBUG level entry and isn’t an error message. It’s intentionally present for removed volumes. |
Mac OS X, macOS[FileVault] |
Reference
Number |
Related
Article |
Found in
Version |
Fixed in
Version |
Issue Description |
1253616
MNE–4437 |
KB90916 |
4.1.5 |
5.0.2 |
Issue: Key rotation fails on macOS 10.14 (Mojave). |
- |
- |
5.0 |
Expected
Behavior |
Issue: As of macOS Mojave 10.14 or later, the user can select between light and dark mode themes. Dark mode theme isn’t supported with MNE. If dark mode is selected when MNE is installed, it doesn’t update the look of any MNE components. In dark mode, some MNE user Interface components don’t render appropriately, and might make reading text on the components harder.
There are no known functional issues when you operate MNE with macOS in dark mode. |
- |
- |
5.0.2
macOS
Catalina 10.15 |
macOS issue |
Issue: After an upgrade from macOS Mojave 10.14 to macOS Catalina 10.15, the option to enter recovery key might be missing. After the upgrade, it’s possible that the option to enter the recovery key during user logon (the “?” symbol in the password dialog box) is missing. This issue was observed in the beta 8 build of Catalina (build 19A558D), and isn’t an issue with MNE 5.0.2. The issue has been reported to Apple via the beta feedback portal.
Resolution: Customers must contact Apple to investigate. |
- |
- |
5.0.2
macOS
Catalina 10.15 |
macOS
Issue |
Issue: Mac users are prompted for consent when MNE enables FileVault. FileVault can't be enabled until such consent is provided.
Resolution: Users are advised to provide consent for MNE to make sure that FileVault is enabled. |
- |
- |
4.1.5 |
- |
Issue: MNE (FileVault) standalone installer comes packaged with the highest currently supported version of McAfee Agent (MA). If that MA version or later is already installed on the system before installation, the installer fails with a generic warning message.
Workaround: Use the packaged version of MNE 4.1.5. Which can be deployed from ePO, or the regular non-standalone installer of MNE, which doesn’t contain MA. |
1212078 |
KB89819 |
4.1.2 |
- |
Issue: FileVault recovery isn’t possible when automatic password expiration is enabled on macOS High Sierra or later systems.
Workaround:
Don’t set the password expiration policy in ePO for systems that run macOS 10.13 or later. See the related article for details. |
1109657 |
- |
4.0 |
- |
Issue: [FileVault for MAC AIR] The first two characters aren’t displayed at the left side for the Custom message. |
1110836 |
- |
5.0 |
- |
Issue: MNE 5.0 product details aren’t displayed in the menulet on installation. Seen on systems with either Endpoint Security for Mac (ESM) or Endpoint Protection for Mac (EPM). |
1055134 |
- |
4.0 |
- |
Issue: After you disable FileVault, ePO continues to report MNE users in the MNE User Property tab. |
1212353 |
KB89825 |
4.1.2 |
Expected
Behavior |
Issue: MNE can't accept the FileVault password when it tries to manage and take over FileVault. Seen when the Mac User Logon password isn’t the same as the FileVault password.
Resolution: Sync the passwords before you try to manage FileVault. See the related article for details. |
1212900 |
KB89834 |
4.0.0 |
Expected
Behavior |
Issue: MNE Mac Remote Provisioning tool requires a reboot before communication with ePO.
Resolution: Restart the computer. |
- |
- |
- |
Expected
Behavior |
Issue: MNE 4.0 co-exists only with EPM 2.3 or later. If an earlier version of EPM is installed, the MNE OS X client doesn’t install on that system. |
- |
- |
- |
Expected
Behavior |
Issue: MNE successfully disables FileVault, only if both a Recovery Key is available in ePO, and the Policy mode is changed:
From: Manage FileVault/Turn on (Enable) FileVault
To: Manage FileVault/Turn off (Disable) FileVault. |
- |
- |
- |
Expected
Behavior |
Issue: If the FileVault status on a client system is FileVault is Off, but needs to be restarted to finish, the MNE policy enforcement can't enable FileVault. The status doesn’t change until the system is restarted. But, password settings and logon banner settings are applied. |
- |
- |
- |
Expected
Behavior |
Issue: The MNEUninstall task fails if the Manage FileVault/Turn on (Enable) FileVault policy is applied to the client system. |
910502 |
- |
- |
Expected
Behavior |
Issue: If you turn off FileVault from ePO, it disables all other policy settings. The other settings include password settings, Logon banner settings, and destroy FileVault key settings, and any that the user sets on the client system. |
910511 |
- |
- |
Expected
Behavior |
Issue: A user can’t log on to the client system. Seen after the ePO administrator has enforced the password settings policy on the client system with the Require change after the following number of days [X] (1–180) option selected. In addition, the screen saver is enabled on the client system because of the way the macOS is designed. |
Data Protection Self Service Portal (DPSSP) |
Reference
Number |
Related
Article |
Found in
Version |
Fixed in
Version |
Issue Description |
977621 |
- |
2.0 |
Expected
Behavior |
Issue: There’s no DPSSP permission available to restrict certain users from running DPSSP queries. |