cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee DLP Endpoint Service crash / fcags.exe

Hi together,

since McAfee's support hotline responses unfortunately take a long time (sometimes months, sometimes never), maybe someone of you may help.

I have the following situation: The McAfee DLP Endpoint Service crashes right after it starts (~10 sec. delay).

What I see is this:

What I did:

- Deinstallation und reinstallation

- Disabling of security software on the client (virusscan/firewall etc.)

- Client restarts

- Different DLP version (before I tried the older 10.x and 9.4)

Do you guys have any suggestions, what to prove/what may be the issue?

Regards

Daniel

7 Replies
Highlighted
McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: McAfee DLP Endpoint Service crash / fcags.exe

I have seen this happen with compatibility issues with other products - not that we can necessarily rule that out without seeing what else is installed on these systems.  Typically they are other security products which you have already disabled.  I have also seen this happen with corrupt policies.  Has this ever functioned normally?  Is this specific to a single system, multiple systems, or all systems in your environment?  To rule out a corrupt policy duplicate the McAfee default policies (DLP policy as well as Client configuration policy) and assign to one of these systems.  If you continue to see the issue it could be a portion of your global config is corrupt in which case you may need to import a new config.  We can circle back to that assuming the policy changes do not resolve your issue. 

Re: McAfee DLP Endpoint Service crash / fcags.exe

Sorry for the late feedback - I was on vacations.

DLP 9.3/9.4 worked before on this and other clients.

The allready installed security products have been in use before.

I can not exactly tell, since when, the problem started.

I will try to create new policies and apply them. Afterwards I will post the results.

Re: McAfee DLP Endpoint Service crash / fcags.exe

Status update:

It works ... a little bit.

The hint regarding a corrupted policy was good.

It was a part of a policy-definition. I had a userdefined policy-definition which was exactly the same as the "All Apple devices [built-in]" policy-definition.

I deleted it and used the predefined one and the HDLP status is fine now.

But sadly: My "source error" came back again - blocking of iDevices is still not possible with DLP 10.x.

Incident-Manager says: It was blocked, but I still can access the photos folder on the iPhone.

Any hints regarding this?

Did anyone of you blocked iDevices successfuly with DLP 10.x

Regards

Daniel

McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: McAfee DLP Endpoint Service crash / fcags.exe

Is this device specific?  i.e. does it work correctly with an iPhone 5 vs an iPhone 6?  What version of DLP 10 are you running?  There is DLP 10 and DLP 10 patch 1 (10.0.100.372).  I just tested the following scenario and it blocked access to the storage correctly:

Win7

DLPe 10.0.100.372

Default Apple devices definition

iPhone 6s

Re: McAfee DLP Endpoint Service crash / fcags.exe

Hi,

thanks you for your response.

Regarding your questions:

- Device specific: No (iPhone 6+7)

- DLP extension Version: 10.0.100.7 (newest one since today)

- DLP client-side version: 10.0.100.372

- OS: Win10 Enterprise

- Definition: Same as you use (default apple device definition)

So because most people can't "voodoo", I attach some screenshots.

Maybe you'll see something I'm missing.

Thanks in advance!

Cheers

Daniel

McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: McAfee DLP Endpoint Service crash / fcags.exe

I don't necessarily see a problem with your configuration.  If the rule is set to block and it is not blocking the storage volume from being mounted that sounds more like something that would need to be investigated by support (i.e. driver conflicts with other products on your image, driver installation issues, etc.).  I would recommend opening a case if you are still having an issue with blocking these devices.

Re: McAfee DLP Endpoint Service crash / fcags.exe

Thanks you for your response.

Opening a case is "mission impossible". The case is still opened since april 2016...

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator