cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 11
Report Inappropriate Content
Message 1 of 2

Why are Safeboot files deleted within 2 weeks of Windows 10 1903 upgrade causing fatal error?

Greetings

We've got a ticket opened with McAfee about this issue but so far we've been unable to determine the cause of our issue, and I'm hoping someone in the community might be able to provide us with some insight.

Environment:

- Drive Encryption 7.2.8 (recently upgraded from 7.2.5 in the past quarter)

- Lenovo Thinkpad T series laptops (T480-T440) configured with BIOS (no issue on UEFI systems)

- Recently upgraded from Windows 10 1803 to 1903

- One physical drive, but in some cases the system reserved partition shows up as a visible D drive - during OSD we attempt to remove the drive letter but sometimes it remains.  Therefore, safeboot files can reside on one or both of those drives if both drives are visible.

- ENS 10.5.5 July Update Platform and Threat Prevention

- HIPS 8.0.0.5005

- McAfee Agent  5.0.6.586

Issue:

Within approximately 2 weeks of upgrading to Windows 10 1903, systems can't boot with a DE fatal error.  Root cause of fatal error is one or both of safeboot.fs and Safeboot.rsv is deleted and not present on either C or D drive.  

The issue never occurs on systems converted to UEFI, or on systems at 1803.  

Issue is similar to what's described here, except we don't use Cisco AV:  https://kc.mcafee.com/corporate/index?page=content&id=KB87917&locale=en_US 

Ideas what can be deleting these files during/after the 1903 upgrade and how would we find out?  

Any thoughts would be appreciated as we're all stumped.

1 Reply
Highlighted
Level 11
Report Inappropriate Content
Message 2 of 2

Re: Why are Safeboot files deleted within 2 weeks of Windows 10 1903 upgrade causing fatal error?

A quick update on this, we believe the issue stems from us having a mapped drive to the system reserved partition (usually D:, but sometimes other drive letters), and either

1.  Attempting to remove the drive letter of the system partition prior to the 1903 upgrade, or

2.  Leaving the system reserved partition mapped Upgrading to 1903 (which required an upgrade from DE 7.2.5 to 7.2.8) - in this case, the system reserved partition was E).

To proactively remediate the issue, we had to scan all of our PCs looking for systems that were missing both safeboot files and the associated registry keys from all of the drives, and then running a McAfee provided script which performs a re-activation of DE.   We've also had to incorporate this checking and remediation into our OSD 1903 task sequence.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community