@chealey, can you indicate the reference number for the fix in the 10.6.1 October release notes (https://docs.mcafee.com/bundle/endpoint-security-v10-6-1-release-notes/raw/resource/enus/endpoint-se... )? Based on the resolved issue descriptions, I can't find where co-existence with WCS/WDA is resolved.
@billmoller It would appear the release notes don't mention this issue. I will try to follow up with the team who create the Release Notes, and see why this was missed.
Please do share your feedback from the October Build. As mentioned all customers who received the Early Access Build, reported the issue was no longer seen, so based on this feedback, we consider the issue resolved and further investigation would be needed if this is not the case on your system.
Just to comment on the Windows Defender part.
Appreciate there may be reasons you leave it on, however by leaving it on you will risk seeing huge performance issues and many other issues > It is not advised to run two AVs on the same system. It will cause conflicts.
In our environment (until this issue) Defender was not active, it was in Passive mode (required by Microsoft so we can also use Microsoft Defender ATP, which has always functioned alongside ENS). Obviously having 2 AV "active" is not a supported state, hence my support call. support seems very slow to respond / openly identify this issue!
Angry customers all over due the way this was handeld. Check forum here.
We were almost FORCED to do a POC (Proof of concept) yesterday 08.10.2019 ONE day (A few Hours) before the offical Release of ENS 10.6.1 OCTOBER release to ALL customers this night. Explain why ONE day before a enterprise customer has to do a POC when next day the official release is out?
The same day (After the release in EPO) someone send me a file via FTP and tells me that this is a special version for us?
Does the person amange (one) epo somwhere?
Does the person get SNS alerts and ready them?
@chealey, "by leaving [WDA] on you will risk seeing huge performance issues and many other issues > It is not advised to run two AVs on the same system." is exactly the issue we're trying to fix. WSC/WDA is supposed to coexist with other AV providers. When ENS is working properly, WDA is NOT RUNNING.
Now for the good news (at least for me), the October update, deployed from ePO seems to have immediately fixed the issue. Also, after a reboot the fix has remained. ENS seems to have registered itself an additional time in WMI as an AV provider, so I am seeing duplicate ENS entries now, however, the important part seems to be that the correct productState is 397312 now (vs. 393232), which was the state it was working in with debug on (though, I now have debug off).
For us Defender is not "on", its in Passive mode, which is fully supported by McAfee and Microsoft. (passive is not enabled!) Until this issue / release our Defender status was fine. Defender should stand down into passive mode as soon as ENS is detected. It shouldn't need to be disabled via GPO. (and for us, that wont be an option)
We know that both can't run. That's where the API from MS Comes into Play. The bug is either on MS side or on MCAFEE.
Steve is asbolut right. There was ONCE when an ISSUE in 2017/2018 where CLIENT OS had Probleme because we had set the Windows Defender Service with Deployment "SC" to disabled. Suddenly from that point we HAD to leave the SERVICE enabled (OFF) not disabled (passive) and APROVE WSUS Windows Updates problems to solve a Problem which was highly discussed in SOCIAL MSDN Forums.
That no matter of MCAFEE ENS was on the Systems or not.
We could only solve a Problem with re-activation of Windows Defender Updates through WSUS (Even all customer have ENS).
The story is not as easy as it seams and we fully trusted Mcafee until know that they have full control over the issue.