cancel
Showing results for 
Search instead for 
Did you mean: 
SecEng
Level 7
Report Inappropriate Content
Message 11 of 19

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

We are running the following versions and a few days after we deployed ENS 10.6.1 we noticed that all Win7, Server 2008 and Server 2012 R2 systems were showing low memory errors and becoming unresponsive. It seems that somehow ENS was using all the allocated Physical and Virtual memory on the systems over a period of time. We did not see this immediately but slowly within a week they seem to be crashing. I reached out to McAfee but they could not identify the issue and sent me to Micorosoft which were not much help with their elementary troubleshooting.

Endpoint Security Platform 10.6.11068

Endpoint Security Advance Threat Prevention 10.6.1.1064

Endpoint Security Threat Prevention 10.6.1.1128

Agent 5.5.0.447

 

 

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 12 of 19

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

@SecEng When you are looking to resolve the memory leak on systems, please be sure you are using the ENSATP 10.6.1 December Update Full Installer package to apply the update. This should resolve your issues.


Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

McAfee Employee mmoore3
McAfee Employee
Report Inappropriate Content
Message 13 of 19

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

There is an MS issue with ETW tracing on Server 2008 and Server 2012 that will cause a memory leak. MS has fix in Server 2016. Try to disable Real Protect in ATP and reboot to remove the RP instance in ETW. Working to see if/when MS will port fix to other server OSes.

Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 14 of 19

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

I noticed the restarts too on my first wave of 10.6.1 tests @mastercam. Did some digging and found:

A utility, mfeepmpk_utility.exe, is included in this installation package to resolve an issue with a faulty Exploit Prevention driver. The utility automatically detects if the endpoint system has the faulty driver and might prompt you to perform a one-time restart during your installation or upgrade to resolve the issue. For more information, see KB90301.

https://kc.mcafee.com/corporate/index?page=content&id=KB90301

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

It will only cause a reboot if the install detects a faulty exploit prevention driver, otherwise there is no reboot.

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

I noticed the upgrade from 10.5.4 to 10.6.1 takes a long time (20 minutes) and sometimes the scheduler aborts so only the Platform and TP get installed. I have to go back and repush ATP and Web Control individually. Still doing testing, but this very unlike the previous upgrades.

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

I just did my first upgrade from 10.5.4 to 10.6.1 on a Windows 10 client with a client task in the following order:

  • Platform
  • TP
  • FW
  • ATP

First thing I noticed is that the installer flagged ATP as incompatible.  It then uninstalled the other 3 components and prompted for a reboot.  After the reboot and a policy refresh, the installs began.  It did take almost 20 minutes to complete.  ATP did not upgrade and is still sitting at version 10.5.4.4209.

 

Guess we will be waiting until 10.7 to upgrade.  

The reboot in the middle of this upgrade would make this a much tougher upgrade in an enterprise.  I also don't want Endpoints sitting around unprotected until a user comes in the next day and may or may not actually reboot.

Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 18 of 19

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

@matt529I do my upgrades from ePO via combination of TAGs and automatic scheduled task that run constantly depending on the presence or absence of tags.

I have succesfully been able to upgrade to 10.6.1 en-mass, ATP has not given me any issues. The upgrade tasks deploys in the same order you described.

Reliable Contributor denn
Reliable Contributor
Report Inappropriate Content
Message 19 of 19

Re: ENS 10.6.1 for Windows - Strange upgrade

Jump to solution

Try to create a scheduled client task. For me it working fine. Upgraded 18k machines from 10.5.3 to 10.6.1 without issues.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator