I am having issues with ENS not allowing some of my servers to update. I believe that the culprit is the On-Access scanner. I am unable to pinpoint which exact module it is as some servers update just fine with ENS fully running while others will only update if ENS is turned off. I would like to avoid adding exclusions to maintain a strong security posture. Any assistance would be appreciated.
You can confirm if the on-access scan is preventing the server update, by checking the ENS logs located here: C:\ProgramData\McAfee\Endpoint Security\Logs\
This will show you which component of ENS prevents the installation.
Is there a specific Windows Security update KB that gets blocked?
It would be very important to understand which module is causing the issue, otherwise we could be making recommendations for OAS when in fact it's AP. Can you narrow this down?
Further, is this a major Windows Update or just a regular Update? If it's updating the OS major build it might be failing due to compatibility.
Unfortunately I am not able to pin this down. I tried to check the logs but that isn't helping. It occurs on random Windows updates so I'm not sure what could be the issue. I am trying to recreate the issue again in a test environment.