I am posting this here in case someone else in the community may have been lucky enough to have gotten this resolved already.
I currently have a case opened with McAfee Platinum support to address this though it is taking a while to be able to get results due to obtaining data from users. This issue seems to hit some users and not others. Also, it affects those users somewhat randomly as they do not have the issue all of the time.
When sending e-mails regardless of information, attachments or size (for example a plain e-mail with no signature and the subject and body only being "test") the user will get the popup "Please wait while McAfee DLP analyzes your email". The email window will hang and sometimes outlook will go into a not responding status. Then the e-mail will send though it may take anywhere from 10sec to 3min for even a basic e-mail to send. We are also seeing long delays when working with meetings.
Disabling the add-in or applying a test policy to disable e-mail inspection will of course resolve this.
For some users we have upgraded them to 64-bit Office 365 ProPlus CTR and they have reported no further issues. For a few others they have reported that the issue is less frequent and/or the delay in sending the e-mails have been greatly reduced.
The issue does not happen in safe mode etc. either.
This issue started after the 10/18 office patches. I cannot confirm that this is related but suspect that something changed in how DLP interacts with Office since this time as our office products started seeing great performance hits across the board between 10/18-01/19 with varying degrees of impact after each update. To improve performance, I have been digging through logs, procmons, dumps etc. and have been excluding everything I can such as the windows and office update processes etc. Performance has improved as far as the widespread performance impacts, we were seeing. I am just stuck with this main issue at this time with Outlook not playing nice.
Any non-basic troubleshooting suggestions would be appreciated.
Is anyone else seeing this issue?
No we are still trying to resolve the issue. We have a case that is now with McAfee DEV but they still do not know what is going on and are refusing to troubleshoot further until we can re-capture all the logs and dumps with Avecto removed from the device. Our case with Microsoft hit a dead end when they refused to troubleshoot any further saying it is McAfees problem and their DEV needs to open a ticket with Microsofts DEV. Beyond that we have pretty much been on our own trying to figure this out.
I have removed Avecto from one of the users devices where it was the most reproducible and am now waiting for them to confirm reproduction of the issue so that I can go in and recapture all the requested data again. We have been able to reproduce it in the past with Avecto and DLP removed from the device however, after all these months and the countless logs and dumps we have provided to McAfee, Microsoft and Avecto and the extended delay hearing back from McAfee DEV we are now in the situation where we have to start all over with the data collection to provide to McAfee DEV to continue.
This is easily one of the more frustrating issues I've worked.
We have had about 5 reports just today of this. We disabled the Outlook analyze option in the policy, but if we turn it back on we get a few a day. We are unable to replicate the issue and even on my machine I saw it twice today prior to disabling this option. McAfee support was not helpful as they say they cannot really do anything, another support rep said that it was normal, in which we argued it has not happened before prior to 11.2.
I wish we could say the same as far as it not happening before 11.2 but we can confirm 11.2 certainly didn't fix the issue.
What other products are you running in your environment if you don't mind me asking? We have Crowdstrike as well as McAfee ENS 10.6, DLP 11.2, Avecto 5.3, MDE 7.2.8 and MNE 5.0. We are also running current versions of Office O365 Pro CTR on Windows 10 1709,1803,1809 with current patching.
On the test system I am using that did have this issue, it is ENS 10.6.1, DLP 11.2, and MCP 2.4. Running only McAfee Products on Windows 10 version 1903 with Office Pro 2016.
Maybe we should get our platinum support contacts on a call with each other. Because we are of course the only company that has this problem. 🙂 Your company not having the Avecto product in the environment If this is the same issue certainly would eliminate that as well.
How many endpoints are you all supporting? It might be a good idea to have the account SAMS compare notes.
@gmarq Any luck in finding a solution on your side? We are still trying to capture a device that we can get to reproduce the issue at the same time we are collecting the requested data for DEV so not much luck on this side still.