Product compatibility issues with McAfee Agent 5.6.1 Hotfix 2

技術的な記事 ID: KB91655
最終更新: 10/15/2021

環境

McAfee Agent (MA) 5.6.1 Hotfix 2 (build 5.6.1.298)
McAfee Application and Change Control (MACC) 8.x, 7.x, 6.x
McAfee Data Loss Prevention (DLP) Endpoint 11.2.x, 11.1.x, 10.0.0
McAfee Endpoint Security Firewall (ENSFW) 10.6.x, 10.5.x, 10.2.x

概要

MA 5.6.1 Hotfix 2 has been removed from the Product Download sites. If you have already downloaded the release, but have not yet deployed it. McAfee strongly recommends that you do not deploy it, and use MA 5.6.1 Hotfix 3.

問題

MA to ENSFW compatibility issue

Agent-to-server communication is broken under the following conditions:

When you deploy MA 5.6.1 Hotfix 2 to endpoints that have ENS installed
When ENS uses a non-default firewall policy

The log masvc_.log records the errors:

Masvc(3096.3488) network.Notice: URL(https://192.168.1.1:443/spipe/pkg?AgentGuid={}&Source=Agent_3.0.0) request failed with curl error <56>, response code <0>, http connect code 502

ENS FirewallEventMonitor.log records:

Time: 07/10/2019 01:13:38 PM
Event: Traffic
IP address: ###.###.###.###
Description: MCAFEE AGENT SERVICE
Path: C:\PROGRAM FILES\MCAFEE\AGENT\MASVC.EXE
Message: Blocked Outgoing TCP - Source ###.###.###.### : (62681) Destination ###.###.###.### : https (443)
Matched Rule: Block all traffic

Time: 07/10/2019 01:13:38 PM
Event: Traffic
IP address: 192.168.1.1
Description: MCAFEE AGENT SERVICE
Path: C:\PROGRAM FILES\MCAFEE\AGENT\MASVC.EXE
Message: Blocked Incoming TCP - Source ###.###.###.### : https (443) Destination ###.###.###.### : (62681)
Matched Rule: Block all traffic

問題

MA to DLP compatibility issue

After you deploy MA 5.6.1 Hotfix 2 to endpoints that have DLP Endpoint 11.2.0 or earlier installed, MA can no longer make policy changes for DLP if access protection is enabled.

問題

MA to MACC compatibility issue

The Technical Support code-signing certificate for MA has been updated recently, and the change affected product functionality.

If you experience any issues with communication between MA and the Application Control plug-in, make sure that you are running the latest version of MA (MA 5.6.1 Hotfix 3).

原因

The executables for MA 5.6.1 Hotfix 2 are signed with a new certificate.

ENSFW has a built-in rule that allows traffic from the masvc.exe process, even if a firewall rule is present to block it. But, the process must be signed with a specific certificate so that ENSFW can't block agent-to-server communications.

The built-in rule does not account for the certificate change. So, it is possible for ENS to block agent-to-server communication when you use a non-default firewall rule set.

Similarly, DLP has a self-protect feature called access protection which relies on the certificate to trust the process trying to communicate with DLP. Because DLP does not trust the certificate that the MA services are signed with, MA can't hand off the policy update to DLP to enforce.

解決策

If you have deployed MA 5.6.1 Hotfix 2 and have no impact, install MA 5.6.2.

To view other MA 5.6.x issues, see KB90993 - McAfee Agent 6.5.x Known Issues.

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.

McAfee Enterprise product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download Enterprise product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

回避策

Implement the following workaround if you have already deployed MA 5.6.1 HF2 and are experiencing either of the impacts described in this article. This workaround addresses the issue regardless of the impacted product.

Install any supported version of the McAfee Agent other than MA 5.6.1 HF2:

Because this issue affects only MA 5.6.1 HF2, you can deploy any older version of MA to address the issue or contact Technical Support for assistance.
You can't upgrade MA using a client task from ePO if the ENS firewall is blocking the agent-to-server-communication. In that scenario, deploy the agent using the push agent install method in ePO. Or, use another method to deploy the MA that is documented in the McAfee Agent 5.6 Product Guide.
If the ENSFW issue does not affect you, you can upgrade the agent using a standard MA deployment task from ePO or any other agent deployment method. (For example, if your impact is the DLP policy change issue.)

影響を受ける製品

Endpoint Security Firewall 10.6.x
Known Issue/Product Defect
McAfee Agent 5.6.x

言語:

この記事は、次の言語で表示可能です:

English United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro
Chinese Simplified

技術用語集

用語集にある用語をハイライトする

当社の技術用語集を参照してください。

Knowledge Center

Product compatibility issues with McAfee Agent 5.6.1 Hotfix 2

環境

概要

問題

問題

問題

原因

解決策

回避策

関連情報

影響を受ける製品

言語:

技術用語集

Title

Title

Knowledge Center

Product compatibility issues with McAfee Agent 5.6.1 Hotfix 2

環境

概要

問題

問題

問題

原因

解決策

回避策

関連情報

影響を受ける製品

言語:

技術用語集

地域を選択してください

Title

Title