With the release of McAfee Endpoint Security (ENS) 10.5.2, a new utility is available to inspect DLLs and running processes (including McAfee processes) that interact with McAfee code, and verify those objects are trusted.
Numerous software applications have legitimate reasons to load DLLs into McAfee processes; improvements in the ENS 10.5.2 release and this new utility, MfeSysPrep.exe, can fix issues with McAfee blocking those DLL load attempts. For example:
- Problem 1 - A third-party process that loads McAfee DLLs is blocked from accessing other McAfee processes, files, or folders. For example, Microsoft Outlook, which loads the ENS exploit prevention user-mode hooking DLLs, is blocked when trying to access other McAfee processes.
- Problem 2 - A McAfee process fails to start properly. For example, you are unable to launch the ENS console despite installation logs indicating success.
MfeSysPrep.exe is available through Technical Support, and can be used as a DLL injector discovery tool. It is recommended for any environment experiencing symptoms caused by the presence of third-party DLLs within McAfee processes. It allows you to automatically identify and solve Trust issues for common third-party software and report events for identified third-party DLLs injecting ENS processes.
To learn more, see KB88085 - Third-party DLL injectors, code detours, and hooking:
https://kc.mcafee.com/corporate/index?page=content&id=KB88085
For more resources, visit the
ServicePortal and search for related content.
SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. 
