Changes in the Windows April 2019 update or later Microsoft monthly updates for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with Host IPS.
Researching the effects of applying the Windows April 2019 updates in your environment
McAfee has confirmed performance issues in some scenarios after the Windows April 2019 updates are applied where user-defined signatures that protect services are present.
To identify user-defined signatures in Host IPS in ePO
NOTE: If more than one policy is used, you must repeat these steps for each policy.
- Log on to the ePO console.
- Open the menu and choose Policy Comparison under the Policy section.
- In the Policy Comparison page, Compare Policies section:
- Select Host Intrusion Prevention 8.0: IPS from the Product drop-down list.
- Select IPS Rules (Windows, Linux Solaris) from the Category drop-down list.
- In the Policy 1 drop-down list next to the Compare policies parameter, select McAfee Default Policy.
- In the Policy 2 drop-down list next to the Compare policies parameter, select the policy used in your environment.
- Select Policy Differences from the Show drop-down list.
- Check if the ePO administrator has user-defined (custom) signatures. In the user-defined signatures, check if Subrule 1 Parameter 1 Type is set to Services, and Subrule 1 Parameter 1 Inclusion Status is set to Include under Policy 2. This setting might contribute to the behavior described in this article.