cancel
Showing results for 
Search instead for 
Did you mean: 

10.6.1.1777 blocking secured desktop

Jump to solution

We have an application that brings up a privacy shield in front of the user desktop.  The process works by switching the user experience to an alternate secured desktop.  The intention is that the user authenticates to the privacy shield using a proximity badge and that switches the desktop view from the secure desktop to the default interactive desktop. 

After updating to 10.6.1.1777, the privacy shield/secured desktop  will not stay visible for longer than 1 minute.  After a random time < 60 seconds, the desktop in focus is switched back to the default interactive Windows desktop.  The processes that are running  on the secure desktop are still running , but the focus of the desktop is switched back to the default Windows desktop. 

Removing 10.6.1.1777 and reinstalling 10.6.1.1666 corrects the issue.  I have attempted, with 10.6.1.1777 installed to disable all the on access scanning items, but it doesn't correct the problem.  No events are logged on the client - it simply switches the focus from the intended secure desktop to the regular default desktop = there are no ENS events logged on the client.

 

I think, but am not certain that they are using the multiple-desktop APIs that are built in to Windows since NT4.  

https://blogs.msdn.microsoft.com/abhinaba/2006/07/05/multiple-desktop-support-in-windows/

This bug introduced in 10.6.1.1777 affects only our Windows 7 clients.  The Win 10 (a mix of 1709 and 1809) do not seem to be affected.

1 Solution

Accepted Solutions

Re: 10.6.1.1777 blocking secured desktop

Jump to solution

After an excruciatingly unproductive support engagement with McAfee, we have just decided to roll the affected clients back to 10.6.1.1666

This corrects the problem.

 

Interestingly, in the intervening time that this problem has occurred, ENS 10.7 has been released.  In our limited testing ,we have found that 10.7 does not exhibit the problem.

I am not sure how the code is managed at McAfee.  If 10.6.1 and 10.7 are developed in parallel, it is unclear if the changes made to v1777 patch for 10.6.1 have not been incorporated into 10.7 yet or if a bug has been discovered and removed.

Anyway, there does not seem to be a clear path to get the information to developers at McAfee.  My support at McAfee did not move past tier 1....  McAfee is not logging anything so we can't help you...

I did verify with the third party software vendor that they are using the APIs I linked to in the original post.  The problem is that something in McAfee 10.6.1.1777 is performing a desktop switch unexpectedly.  The "something" does not appear to be present in the initial release of 10.7, but I am hopeful that the "stuff" in the 1777 patch for 10.6.1 doesn't make it into the next/first patch of 10.7.

3 Replies
McAfee Employee mbuehler
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: 10.6.1.1777 blocking secured desktop

Jump to solution

This type of issue might be better served with a service request, but I do think that a good starting point to troubleshooting is going to be isolating the component within ENS that is actually causing the problem. You'll want to start by enabling Debug Logging for all ENS Threat Prevention components, then disabling all Threat Prevention components (On-Access Scan, ScriptScan, Access Protection, Exploit Prevention) and enabling them one at a time until the issue is reproduced. Ensure that for each component you enable, you've disabled the prior tested one first so we have true component isolation.

Once you've reproduced the issue and isolated the component causing the problem, collect a MER and create a service request with the data and description of the issue along with the component that is causing the problem.

Depending on the component that is involved, and what is shown in the debug logs, we can then determine what additional data is needed to investigate the issue.

 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: 10.6.1.1777 blocking secured desktop

Jump to solution

Yes, I will open a support case.

As I noted in my original post, I have already disabled all the McAfee ENS components and the problem persists.  The only fix is to uninstall ENS.  When 10.6.1.1777 is installed the problem is reproducible 100% of the time and disabling all the ENS components does not correct the issue. 

I will also attempt to enable more debugging, though there are no events being logged.

Re: 10.6.1.1777 blocking secured desktop

Jump to solution

After an excruciatingly unproductive support engagement with McAfee, we have just decided to roll the affected clients back to 10.6.1.1666

This corrects the problem.

 

Interestingly, in the intervening time that this problem has occurred, ENS 10.7 has been released.  In our limited testing ,we have found that 10.7 does not exhibit the problem.

I am not sure how the code is managed at McAfee.  If 10.6.1 and 10.7 are developed in parallel, it is unclear if the changes made to v1777 patch for 10.6.1 have not been incorporated into 10.7 yet or if a bug has been discovered and removed.

Anyway, there does not seem to be a clear path to get the information to developers at McAfee.  My support at McAfee did not move past tier 1....  McAfee is not logging anything so we can't help you...

I did verify with the third party software vendor that they are using the APIs I linked to in the original post.  The problem is that something in McAfee 10.6.1.1777 is performing a desktop switch unexpectedly.  The "something" does not appear to be present in the initial release of 10.7, but I am hopeful that the "stuff" in the 1777 patch for 10.6.1 doesn't make it into the next/first patch of 10.7.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community