The reasons for such symptoms can be manifold, per se its not required to remove the agent though. Without traces/logs its comparatively difficult to say what is broken. The quickest way to remediate is likely to be running some removal procedure (EPR, can be obtained from Support) or if you are interested in researching, opening of a ticket with tech support. Usually we see those kind of symptoms with the injection of third party code into our process memory space, the processes become "untrusted" and are thus not allowed to interact/operate with other McAfee components present on the box (or the install has gone wonky, install logs provided, one can make a call on such a hypothesis).
I appreciate your response, but, that's really not the point.
My beef is simply this: The endpoint's AV is broken, and we've no way to know it's broken. The system could be compromised, and we're ignorant of it. I guess my naive understanding was that all this EPO, agent, platform, and Threat Prevention might have included some method to inform me when stuff is not working!! Just seems like a big failure of this entire EPO infrastructure.
I've a ticket open with support on the issue. My ticket got bounced to EPO, then back to regular support after it was determined that "There is no health check in the product."
If I were a malicious hacker, the first thing my code would be doing is killing / disabling all IDS/IPS/antiviirus on a node I'm attempting to compromise. From this, I gather that such activities would basically not be reported to me.
Am I missing something here?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center