Knowledge Center

Unable to log on to Windows systems with Endpoint Security 10.2 (or earlier) after you apply Exploit Prevention content version 9418
Technical Articles ID:   KB91653
Last Modified:  7/12/2019


McAfee Endpoint Security (ENS) 10.2.x or earlier


Users are unable to log on to Windows if ENS 10.2 (or earlier) is installed and the following are true:
  • Exploit Prevention is enabled.
  • Exploit Prevention content version 9418 is used.

NOTE: ENS 10.2 and earlier are End of Life (EOL). ENS 10.2 became EOL on December 15, 2018.


Exploit Prevention content version 9419, which was posted July 10, 2019, corrects this issue.

To recover a system that is not allowing users to log on:
If you have already encountered this problem, perform the following steps to recover:
  1. Boot the system in Safe Mode. See the following information if you have disk encryption software.
    • If you have McAfee Drive Encryption, see KB73714 for information about how to boot the system in Safe Mode.
    • If you have third-party disk encryption software, you might need to obtain instructions to boot the system in Safe Mode. Contact the vendor for the disk encryption product for instructions.
  2. Delete the following files (one or both might be present):
    • C:\Program Files\McAfee\Endpoint Security\Threat Prevention\IPS\HipHandlers64.dat
    • C:\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\IPS\HipHandlers.dat
  3. Boot the system in Normal Mode.
  4. Update the Exploit Prevention content to version 9419.


The Solution in this Knowledge Base article has been updated. If you made the registry modifications that were previously listed in this article, perform the following steps to revert the changes. Then, perform the steps in Solution 1.

CAUTION: This article contains information about opening or modifying the registry.
  • The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
  • Before proceeding, Technical Support strongly recommends that you back up your registry and understand the restore process. For more information, see: http://support.microsoft.com/kb/256986.
  • Do not run a REG file that is not confirmed to be a genuine registry import file.
  1. Boot the system in Safe Mode.
  2. Go to the registry and search for the following key:

  3. Set the Enable value back to 2.
  4. Follow the steps in Solution 1.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.