We have a complex deployment of McAfee products. HDLP+EEPC+AppControl. We faced with a problems like:
Did anyone face some king of problems, I've just described?
I will appreciate any type of your help.
In fact we solve this problems, but face another one - We have got a case when McAfee Application Control blocks McAfee agent. We can fix this by switching off memory protection feature. But when we are talking aboutdeploying appControl at 2000 machines, we are facing the difficulties – First we deloy McAfee agent, when we deploy AppControl, But then AppControl blocksMcAfee agent BEFORE McAfee agent is able to get the policies from ePO with the command to disable memory protection. So we are facing the situation when McAfee agent is blocked by appcontrol and mp could not be disabled remotely,because of that. Do you know how could we fix this situation and disable mp before activating AppControl?
Solidcore had issue with policy are randomly remove prior to 5.1.2. This might be the case if you deploying 5.1.1.
McAfee Default policy is applied and it has all updaters and attr list for McAfee Agent. I suspect the default policy was partially apply when SC Enable task took over sadmin cli. I suggest you defer initial scan for SC enable task. This will push license to Solidcore Agent and boot system with Solidcore in update mode. Check updaters and attr list after reboot before pushing initial scan client task to Solidcore Agent. I recommend upgrade or deploy Solidcore 5.1.2.
Thanks for you reply. It is very helpful. We already use 5.1.2. So now we have another confusing moment. We defer initial scan from SC enable. But when we sent only SC enable task to the machine with force reboot, after reboot machine is in update mode (just as you told us), but thus mp is enabled in update mode also, McAfee agent stops working.... So we are in the situation when we need to sent SC enable task without reboot, then sent "sadmin features disable mp" comand and only then reboot the machine. But it is a hard task for the machines that are offline right now, because we can't order the sequence of the tasks... Because if "sadmin features disable mp" comand task will come to the machine before "SC enable" task, the we will still lost a machine (due to McAfee agent will be stopped by AppControl). So we face a problem that we could not control the order ot the tasks deployment. What do you think about it?
Can you provide solidcore.log, s3diag.log, checklist.txt, andMcScript.log? I want to see what Solidcore is doing with client task.
We solve the problem with the use task scheduling. But we face another issue with WinXP machines - at some machines after Appcontrol activation, initil scan and following reboot the machine went to the blue screen like this and then machine went to the loop reboot. Have you ever faced something like this?
There are some tests we can perform to narrow the issue. It is advisable to also test with the latest 5.1.2 release.
1. Reboot system with Solidcore in update mode. Do the system boot normal?
2. Disable Solidcore and disable memory protection (sadmin features disable mp). Enable Solidcore and reboot.
The two test will determine if Solidcore is preventing Windows necessary services from running. This is a complex issue you should raise an issue with McAfee Support. Please configure system for full memory dump and provide dump file along with gatherinfo to McAfee Support.