So, curiously I have two instances of McAfee Endpoint Security listed when I run that script. In order, I see ENS, Defender and then ENS again. The first ENS instance reports Product State 397312, then Windows Defender reports 397568 and then the second instance of ENS shows 393232. This is on both machines, either updated or clean installed. In talking to the fellow assigned to my ticket the first ENS reference is an artifact left behind in the registry. I'll copy the results in later if you like, I was trying to save space.
I also had multiple ENS providers listed in WMI. At first, I thought that was the issue, or that WSC was reading the productState of the wrong ENS instance.
Completely at a loss, I used the Endpoint Product Removal tool to uninstall everything McAfee, then happened upon Delete AntiVirusProduct WMI - Clear the anti-virus WMI class from 2014 which has a VB script to clean up the errant entries in WMI.
It mentions, "After a reboot of the client machine, WMI will rebuild this class." which it indeed did on my system. Like I mentioned, ENS was not installed at the time, but WSC/WDA DID re-register itself as an AV provider in WMI (one hopes ENS would do the same).
YMMV, and disclaimer disclaimer disclaimer, this has the potential to completely hose your system, don't use in a production environment, yadda yadda yadda.
At that point for me however, I was ready to format...
I then reinstalled ENS. The WSC/WDA conflicts are still occurring, but I have no more errant WMI AV provider entries.
Good morning all.
We tested an Early Access version of 10.6.1 October Update with customers who had their cases escalated to engineering and we received positive feedback from all of those customers. If the issue persists then this is unexpected and we would need to re-visit the issue along with fresh data from the systems.
I would advise to ensure that once installing the October Update a reboot is performed and to ensure that Windows Defender is disabled via GPO to avoid any conflict. Further please do ensure that the AMCORE is also up to date.
Please follow up in your respective SRs if the issue is not fixed.
We purposely don't disable Defender via GPO, so if Mcafee was ever missing from the devices for any reason or genuinely broken we still have defender as a fallback.
I'll test out the new update and see how it goes for my systems.
@chealey, can you indicate the reference number for the fix in the 10.6.1 October release notes (https://docs.mcafee.com/bundle/endpoint-security-v10-6-1-release-notes/raw/resource/enus/endpoint-se... )? Based on the resolved issue descriptions, I can't find where co-existence with WCS/WDA is resolved.
Thank you.
@billmoller It would appear the release notes don't mention this issue. I will try to follow up with the team who create the Release Notes, and see why this was missed.
Please do share your feedback from the October Build. As mentioned all customers who received the Early Access Build, reported the issue was no longer seen, so based on this feedback, we consider the issue resolved and further investigation would be needed if this is not the case on your system.
Disabling via GPO wont be an option for us. (as we use Microsoft ATP, so requires Defender to be in the correct state)
Just to comment on the Windows Defender part.
Appreciate there may be reasons you leave it on, however by leaving it on you will risk seeing huge performance issues and many other issues > It is not advised to run two AVs on the same system. It will cause conflicts.
In our environment (until this issue) Defender was not active, it was in Passive mode (required by Microsoft so we can also use Microsoft Defender ATP, which has always functioned alongside ENS). Obviously having 2 AV "active" is not a supported state, hence my support call. support seems very slow to respond / openly identify this issue!
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA