cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

Here is a curious thing I have noticed and wonder if others have seen it too.

On systems that haven't received the October Update the fly out warning from WSC still flies out and notifies my users that McAfee and Defender aren't turned on. However, on my test systems that DO have the October Update and are not reporting properly the WSC fly out warning doesn't fly out anymore. So it's as if the October Update 'fixed' that but nothing else (in my org at least). 

It makes my wonder if some of the orgs that are reporting the update worked is because the fly out warning isn't flying out anymore.

Michael
LBX
Level 9
Report Inappropriate Content
Message 192 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@meanoldmanning  I would agree with that. The October 2019 update fixed the "Restart Now" toast notification/fly out but deep down it still isn't 100% working and Windows Defender is the one that Windows is reporting is the "running" or active solution.

LBX
Level 9
Report Inappropriate Content
Message 193 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

By the way, mine has gone back to showing Windows Defender as ON and McAfee as OFF, running AMCORE 3870

 

Annotation 2019-10-24 164823.png

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

Here's a twist in my testing. I took one of my laptops and completely reset it to factory clean image, set it up as all the other laptops in my org and then clean installed the October Update with the current agent. After numerous reboots over a few hours the system is still reporting CORRECTLY that McAfee Endpoint Security is the turned on as the threat protection. Debug logging is NOT enabled.

Obviously this is a single instance and I haven't attempted to duplicate it yet. It also isn't a viable solution because I am not about to go around and reimage all of the laptops in my organization.

Michael
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 195 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution
Thank you for keeping us up to date. We are currently working with Microsoft to get to the bottom of this integration issue. Just in case your support engineer has not reached out to you - we currently need WSC debug logs: https://support.microsoft.com/en-us/help/3155606/how-to-enable-diagnostic-logging-for-windows-securi...
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
LBX
Level 9
Report Inappropriate Content
Message 196 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

We use Windows Deployment Services to basically install a copy of the install.wim from the Windows 10 ISO to machines so it the equivalent of installing direct from the DVD with the exception of we've obviously set a "join the domain" setting using the unattend XML configuration (Windows SIM). In addition to automating the domain join, it installs the McAfee Agent as part of the first run.

What I am trying to get at is that is a very clean install from the original install.wim (rather than image capture and sysprep).

Once the Agent is installed, an automatic reboot is triggered so when the machine next checks in to ePO, it installs ENS which currently is the October 2019 version.

On machines we've build in this way - straight to ENS October 2019 - we still see under Security Providers that ENS is often turned off and Defender is turned on, even though ENS is running and checking in and up to date.

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

and after about three hours and numerous reboots, updates and program installs it has now reverted back to not reporting properly. Oh well

EDIT spoke too soon. I logged in as another users on that system and now it reports properly again???

Michael
Highlighted
LBX
Level 9
Report Inappropriate Content
Message 198 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

Its not going to be fixed now until 10.7 is released apparently (https://kc.mcafee.com/agent/index?page=content&id=KB91830)

Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 199 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

Good to know. We don't have any kind of estimated time for that release do we?

LBX
Level 9
Report Inappropriate Content
Message 200 of 320

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

No we do not as yet.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community