cancel
Showing results for 
Search instead for 
Did you mean: 

Stop McAfee Services from client side

Hello All, 

If there is a windows machine which runs with McAfee ENS and user wanted to stop the services / disable McAfee altogether from their end, how to do that? 

Also when they don't want any communication to happen from client side to ePO, how should they stop that? 

Wanted a way to do from Client end and also looking for options or configurations what exactly need to be done on ePO side which will give the user capability to stop the services / disable AV / stop the Communication to ePO. 

wanted the same info for linux machines as well. 

Thanks in Advance, 

Sabari Kumar KB
3 Replies
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Stop McAfee Services from client side

Hi @User87791215(Sabari Kumar KB) 

Woah! Thats's a lot of questions on one post. I am not sure if I can answer all of them. But I have tried to answer a few.

Any action you want to perform on the endpoint end, you would require to allow user to make changes to the product first. That would involve disabling "Self protection" features from both Agent (general) and endpoint Security Common (options) polices. Now, if a user wants to disable ENS locally, we would only recommend doing it via GUI. Support would not recommend any other means.

Also, not all ENS Services are visible on the Services.msc console. In order to prevent external control, we use our own Services management tool called mfemms.exe.

Quoting from the linked article on mmsinfo.exe:

"The goal of MMS is to reduce the security risks of Microsoft SCM-managed services being shut down or disabled by malware. Core McAfee security services are managed by MMS rather than SCM, and are protected by self-protection features, making them less susceptible to malware attacks and security vulnerabilities."

Under Endpoint Security Common policy > Options > select the required policy and select edit and under Client Interface Mode select Full access. This is to ensure any user can open ENS console with full privileges. Now any user can open the clientUI, access it's settings and disable the protection features one by one as they would like to.

Regarding McAfee Agent, one more interesting feature is involved in protection of it's services. It is Exploit prevention Signature ID 1023. You might want to disable that.

Additionally, we also have Safe-mode which can help any user to disable, remove or disarm drivers, however we would not want to talk about that here.

Additionally, We can always disable all protection features from respective policies on the ePO as well.

Also, stopping the agent services (McAfee Agent Service, McAfee Agent Backwards Compatibility Service and McAfee Agent Common Service) will stop agent form communicating with the Server.

Also an endpoint firewall like Windows Defender firewall can be used to block inbound and outbound traffic via certain ports or the ePO Server address based on this KBA.

Having discussed the above possibilities, I would like to stress upon the fact that we would not recommend any of these activities under ideal circumstances as this is lowing the protection offered by the endpoint by miles and the wrong implementation or usage of these might result in incompetency of the endpoint to function against malwares.

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Stop McAfee Services from client side

Hi @User87791215 (Sabari Kumar KB),

Also, regarding Linux related questions, I guess you might have better luck at posting them in this forum.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee parul1234
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Stop McAfee Services from client side

Hi,

You can follow below steps to Stop, start and check ENSLTP services.

  • To stop the ENSLTP service, run the following commands:
     
    # /opt/isec/ens/threatprevention/bin/isectpdControl.sh stop
    # /opt/isec/ens/esp/bin/isecespdControl.sh stop
     
  • To start the ENSLTP service, run the following commands:
     
    # /opt/isec/ens/esp/bin/isecespdControl.sh start
    # /opt/isec/ens/threatprevention/bin/isectpdControl.sh start
     
  • To check the status of the ENSLTP service, run the following commands:
     
    # /opt/isec/ens/threatprevention/bin/isectpdControl.sh status
    # /opt/isec/ens/esp/bin/isecespdControl.sh status

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community