cancel
Showing results for 
Search instead for 
Did you mean: 
jround
Level 9
Report Inappropriate Content
Message 1 of 12

Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

We have upgraded to DLP 11, and the client has gone out to most machines according to ePO.

Sadly on about 10% of machines (around 300) the update does not seem to be going out as they are still picking up the DLP 9.3 policies.  When I remote connected to one they are still indeed running the DLP 9.3 client.

The strange thing is, it is not under Add/Remove programs any more.  Therefore I just tried to run the DLP 11 MSI manually and it gets so far before the following error :-

"Service McAfee DLP Endpoint Service (McAfeeDLPAgentService) could not be stopped.  Verify that you have sufficient privileges to stop system services."

This is logged on as a full administrator, and running as administrator.  I have also tried to process kill the service but the problem is it reboots it back up several seconds later.

Any ideas?  I can run the McAfee removal tool but this is quite a long process to do on 300 PCs especially when they are in use, ideally I need a command I can run from ePO or via a batch script to sort.  I don't mind if it totally uninstalls DLP then I have to push out DLP11 again to them, I just need to get them off 9.3!

1 Solution

Accepted Solutions
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

If it is impacting more machines, then please log a service request with McAfee Technical Support for further assistance.

 

MA version will not cause fcag not to run. If possible, just remove all the other McAfee products from the client machine, reboot and attempt installing DLP using a Standalone installer. Make sure to enable debugging as per KB:- https://kc.mcafee.com/corporate/index?page=content&id=KB67024&pmv=print

 

Install the DLP agent locally on the client computer

  1. Copy both DLPAgentInstall.exe and DLPAgentInstall.msi files to a temporary folder on the client (for example, C:\ ).
  2. Click Start, Run, type cmd, and click OK.
  3. Type the following command and press ENTER:

    c:\DLPAgentInstall.exe /L*v "%TEMP%\DLPAgentInstall.log" 

    NOTE: You can find the log file in the %TEMP% folder, even if the installation fails.

Please share this installation log for review.

Also attempt the same on any other machine.Thanks.

 

11 Replies
kblowe
Level 8
Report Inappropriate Content
Message 2 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

Hello, Did you ever get a resolution to this problem? I am seeing the same issue when I upgraded from DLP 10 to DLP 11 recently. Any help with this issue would be great. Thanks!

McAfee Employee JaganA
McAfee Employee
Report Inappropriate Content
Message 3 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

@kblowe before pushing DLPe 11.x, disable "Access Protection" and "Agent Service WatchDog." options within "Agent configuration" policy and enforce.
Confirm the policy has been enforced successfully then push DLPe 11.x agent.

If it is still a problem then this required detailed analysis by looking into the log, please open a ticket with technical support.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
kblowe
Level 8
Report Inappropriate Content
Message 4 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

VSE access protection and HIPS is disabled during the upgrade from DLP ENdpoint 10 to 11. Where is this Agent Service WatchDog service/option? I don't see it in any of the policies.

I also have Policy Auditor and Application Control installed as well. Do you think one of those products is hindering the DLP installation. Basically DLP attempts to install, but it doesn't complete the installation. I will try to point out any other errors I may encounter if that would help.

McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 5 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

Application control can block the installation. You can put it in disable mode Or observe mode and test.

The recommended suggestion would be remove these products one by one and deploy DLP. 

Regarding Watchdog service option, it is available under Windows Client configuration policy--> Advanced Configuration--> Access Protection Settings--> Run DLP client watch dog (*):
Run DLP client service watch dog (*).

 

 

kblowe
Level 8
Report Inappropriate Content
Message 6 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

Ok thanks. I will try Observe mode now. thanks!

kblowe
Level 8
Report Inappropriate Content
Message 7 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

Even with Application Control is put in Observe Mode. DLP is still having issues installing. It appears to partially install. Hangs the system to the point you have to manually shutdown/reboot. After the force reboot, DLP is showing as it has installed, but after an Agent wake-up call DLP rolls back and is removed from the system.

First off, Is McAfee Agent 5.5.1.388 compatible with DLP. 11.0.600.72?

I am wondering if I need to go back to 5.0.6.220 or maybe 5.5.0.447? I read someone said the Agent version could be the issue.

I also saw an article referencing the older versions of Microsoft Visual C++ Redistributable package. 

https://kc.mcafee.com/corporate/index?page=content&id=KB85555&actp=null&viewlocale=en_US

 

Highlighted
kblowe
Level 8
Report Inappropriate Content
Message 8 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

I tried to install DLP endpoint again and it again appears to be installed in McTray. Then system is hosed to the point I have to manually reboot the system. When I log back in I see the DLP endpoint service ( fcags.exe.) in a stopped mode, (you can not start it). DLP is not showing in the control panel or in the McTray anymore. I don't see naything for the watch dog service (fcagswd.exe). Please help! thanks.

McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

If it is impacting more machines, then please log a service request with McAfee Technical Support for further assistance.

 

MA version will not cause fcag not to run. If possible, just remove all the other McAfee products from the client machine, reboot and attempt installing DLP using a Standalone installer. Make sure to enable debugging as per KB:- https://kc.mcafee.com/corporate/index?page=content&id=KB67024&pmv=print

 

Install the DLP agent locally on the client computer

  1. Copy both DLPAgentInstall.exe and DLPAgentInstall.msi files to a temporary folder on the client (for example, C:\ ).
  2. Click Start, Run, type cmd, and click OK.
  3. Type the following command and press ENTER:

    c:\DLPAgentInstall.exe /L*v "%TEMP%\DLPAgentInstall.log" 

    NOTE: You can find the log file in the %TEMP% folder, even if the installation fails.

Please share this installation log for review.

Also attempt the same on any other machine.Thanks.

 

kblowe
Level 8
Report Inappropriate Content
Message 10 of 12

Re: Cannot uninstall/update DLP on certain PCs due to a blocked service error

Jump to solution

The same outcome occurs when I try to use the DLP standalone installer. This time I completely removed DLP & restarted. Other products are still installed but disabled (Agent 5.5.1.388, VSE 8 P11, HIPS 8 P11, PA6.3 , Solidcore 8.0.0.855 (Observe mode). DLP is completely removed. The error I keep seeing in event viewer mentions "the hdlpflt service failed to start due to following error. access denied"

I can't open a support ticket because the environment is sensitive. This is the only article I see related to this issue....

https://kc.mcafee.com/corporate/index?page=content&id=KB85555&actp=null&viewlocale=en_US

Next step is to Remove all versions of the Microsoft Visual C++ Redistributable Packages. If that doesn't I can remoove all McAfee products except for the Agent. But even if that is done, that is not realistic to upgrading DLP 10 to 11 on 60 systems. HELP!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community