In my environment, users have been experiencing blue screen of death. One instance was java.exe crashing on fcdrv1.sys, and the other was scan32.exe crashing on fcdrv1.sys. Renaming fcdrv1.sys to something else fixes the issue of the computer blue screening...but I don't know what effect this has on the overall security of the system, or what it does to the DLP agent.
Can someone tell me exactly what fcdrv1.sys is supposed to do?
Have you had any luck with this, I deployed it to about 50 workstations on friday and was hit hard with exactly the same thing. We run CA Etrust 8.1. I need to deploy it to 1500 within the next month.
To get our users back up and running I had to uninistall the Etrust , then remove the DLP and then reinstall the Etrust.
Damit nothing is straight forward.
Cheers for your input, If I had not found your post I would have been lost.
i am also seeing a few machines blue screen due to the fcdrv1.sys. did you eventually find a fix for it? or just settled with renaming that file? does it have any adverse effects on DLP?
Yes, in fact we did. There is a DLP Patch 4 Repost. If you can't get from McAfee directly, I'll post a link (if I can) later this week.
We are using DLP 2.2. I'm assuming there is a reason they are calling this "patch 4 repost" as opposed to just calling it "patch 4" so I would download the "repost" version since that's what I received from McAfee to fix the issue.
Also I wanted to answer a question for everyone else's benefit. If you rename the fcdrv1.sys you will stop the blue screens, but you will also break DLP.
Before installing this patch, uninstall the DLP Agent from the affected workstation. If you use epo, you'll have to do it from there. Otherwise, add/remove programs...
The patch they give you is 300MB, but that's because it contains language files and management files for every language on the globe :-). I stripped out my zip file, and it's 98MB. All you need for the workstation is the folder called "TAG_AGENT_2_2_400_18"
I'd attach, but the maximum upload is 5MB.