The latest release of ENS 10.6.1 (July release) prevents Adobe reader from starting in Protected mode and also prevent Outlook from viewing pdf's in preview mode
A suggest workaround (from McAfee) was Disable Exploit Prevention, or set Adobe to not run in protected mode. Both of these workarounds are removing security.
A better way around is to Exclude **\AcroRd32.exe in the Application Protection Rules section of Exploit Prevention.
Is there going to be a hotfix for this? I have tested with the may update and this issue doesn't happen, so it's definitely being caused by the July update.
Fortunately, I haven't pushed the July version out to many machines, but the Win 10 1903 machines that didn't have McAfee (about 200 of them) are now getting a separate Exploit Prevention policy to allow pdf's to be read.
This appears to be a replica of the problem with VSE 8.7 from about 9 years ago!
Solved! Go to Solution.
Hi all - KB91657 has now been published for this issue.
・Acrobat Reader DC 2019.012.20035
・Threat Prevention 10.6.1.1638
When this problem occurs, an error of "ntdll.dll" is recorded in windows event viewer.
Hi all, We've been able to reproduce this in-house and an investigation is already under way. It would be helpful if you could share further data from your environment via a Service Request to validate this against our data sets and provide more info to our engineering team.
I would encourage you to provide a MER which is collected after reproducing the issue with ENS in debug mode.
Thank you for spotting this as we are performing staged roll out of the 10.5.5 update and 10.6.1 at the moment and wouldn't have been very popular had 4000+ users been unable to access their PDF files!
I excluded the AcroRd32.exe for now and testing on my machine all OK! But obviously I would like to turn it back on as soon as possible!
We also got the same issue with the protected mode. We also had the problem, that every preview of PDFs like the one in Outlook wasn't working and even caused crashes in some software. Currently we had to disable the Exploit Prevention to solve this issue. I hope McAfee fixes this as fast as possible.
I encourage anyone seeing this issue to report it officially to Technical Support via a Service Request. That way we can track the amount of customers encountering this issue and engineering can prioritise fixing this issue accordingly.
I have that on my OWN McAfee Elite Partner Workstation machines. Sorry guys can't sell na McAfee LICENCES until you FIX this 😉
W7 + Latest MS Patches + ENS 10.6.1 JULY
W10 1903 + Latest MS Patches + ENS 10.6.1 JULY
It's still under investigation. If you haven't already done so, I can only encourage you to raise a Service Request with us to expedite the investigation.