We got burned by this one with a TON of BSODs..
McAfee has identified a compatibility issue in the VirusScan driver code of several McAfee productswhen interacting with McAfee Host DLP 9.1+.
This issue is critical, but the risk of encounter is low.
Specifically, when any of these products — VirusScan Enterprise (VSE) 8.8 Patch 1, VSE 8.7 Patch 5, *OR* Host Intrusion Protection (HIPs) 8.0 Patch 1 — are operating on the same system as Host Data Loss Prevention (HDLP) 9.1+, random BSODs (Blue Screens of Death) may occur.PLEASE NOTE that HDLP does not need to be configured, only active on endpoints for this random issue to occur.
VSE 8.8 Patch 1 is functional and operational, and resolves numerous VSE issues. McAfee will resolve the incompatibility with a VSE and/or HIPS patch.
1. If you DO have HDLP 9.1+ installed on a system running VSE and HIPS, do NOT upgrade to any of the following versions:
- VSE 8.7 Patch 5
- VSE 8.8 Patch 1
- Host IPS 8.0 Patch 1
Wait to install VSE 8.8 or HIPS 8.0 with the hot fixes as soon as they are available.
2. If you DO have HDLP 9.1+ *AND* the affected VSE/HIPS versions installed on the same system, de-install HDLP. This can be accomplished via ePO. Wait to install VSE 8.8 or HIPS 8.0 with the hot fixes as soon as they are available.
3. If you do NOT have HDLP 9.x installed on any system in your production environment, proceed with the VSE 8.8 Patch 1, 8.7 Patch 5, or HIPS 8.0 Patch 1 installations. Again, VSE 8.8 Patch 1 is functional and operational, and resolves numerous VSE issues.
For further information, please reference the McAfee KnowledgeBase. Log in to mysupport.mcafee.com and search for KB73722.
McAfee Support Notification Service (SNS) provides valuable information to help you maximize the functionality and protection capabilities of your McAfee products.
To securely manage your SNS email preferences, go to https://sns.secureforms.mcafee.com/content/SNS_Subscription_Center
For Support issues, contact your Support Account Manager (SAM), or go to https://mysupport.mcafee.com
For McAfee online communities, go to https://community.mcafee.com
McAfee, Inc. | 2821 Mission College Blvd. | Santa Clara, CA | 95054 | 888.847.8766 | www.mcafee.com
2011 © McAfee, Inc. All rights reserved.
I would assume that DLP 9.2 is also affected by this, which, if true, is bad news, since this will definitely delay my testing of the P1 versions of HIPS 8.0 and VSE 8.8.
I would assume so as well. We just started rolling out HIPS 8.0 P1, and we have DLP 9.1 with VirusScan 8.8 P1. I don't know what's happened to McAfee's QA over the years, but I don't like what I've seen lately. It took almost 8 months to identify and fix a major DLP 9.0 bug we encountered.
It looks like it affects DLP 9.x -> KB73722
This isn't cool. My problem with this is that I have already upgraded VSE on all my systems to VSE 8.8 p1 and I was planning on using DLP to replace an old product called DeviceLock. I've already paid for this and began the testing when I got this notification on December 23rd. I've been waiting for a fix but now that I see this it looks like I may have to ditch DLP.
I haven't seen the results described on the few machines I have installed DLP 9.2.
Is there any time frame on this issue?