cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 91 of 332

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

The fix will not require a clean install 🙂  A POC (Proof of concept) build on the other hand needs to be installed in a specific way hence the instructions provided by support when you are given the POC.

 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

A bunch of updates just showed up as available in Software Manager on ePO. I'm going to clean install on one laptop and update on another and see how it goes

Michael
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 93 of 332

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@chealeycan we confirm if the new releases address the issue discussed on this topic?

Endpoint Security Platform10.6.1.1724.1

Endpoint Security Threat Prevention10.6.1.1777.1

Went through the release notes and I don't think there is a mention on it.

 

 

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@chealey, please advise... "if the new releases address the issue discussed on this topic?"

I/we can't wait another release cycle during which our users are confusingly notified that anti-virus isn't working or is turned off...

Annotation 2019-10-08 111854.pngAnnotation 2019-10-08 114000.png

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

Neither install scenario (clean or update) resolves the issue with the new versions pushed to the software manager. The reporting error remains. I kind of assumed this would be the case since I wasn't advised to run these updates by the fellow assigned to my ticket.

Michael
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@chealey, @meanoldmanning has indicted the issue still isn't fixed.  I believe you told us it would be fixed in the next release, "This issue will be addressed in the next release of the product which is targeted for October."  Also, my support case indicates,


Resolution: The issue is fixed now and will be targeted in the next release of ENS version


And that was prior to THIS release............... So................. umm.................... ::biting tongue trying to stay civil::

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

OK, after sitting for a couple hours now the laptop that had a clean install is still reporting that McAfee is OFF and Windows Defender is ON. However, the laptop that had McAfee 'updated' to the new versions now has switched to McAfee reporting it is ON and Windows Defender is OFF. Weird.

EDIT - and now 40 minutes or so later the laptop on which I did a clean install suddenly is reporting properly. Both the laptops had run an update around the same time so I'm not sure there was a content update that triggered either one to turn on.

EDIT 2 - Rebooting causing the reporting issue to return, at least short term. I'm not sure how quickly is clears up, but maybe 10 minutes after rebooting it still reports McAfee is OFF

Michael
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@meanoldmanning  Thanks for the investigative work.  Just curious, did you implement the "debug logging" workaround?  I did, and it seems to work most of the time, but when ENS updates (a daily task), I think AMCore, it returns to McAfee is off...

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

No, not on the test machines, I wanted to see if the updates corrected the issue on their own. However, I did implement it on the computer I use daily. It was weird in that after implementing it WSC would report correctly until I restarted windows, which I think you experienced too? But if I waited for several minutes (hour?) it would switch back to reporting correctly. 

By the way, after sitting for more than an hour now after being rebooted the two test machines have NOT switched back to reporting correctly

Michael
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@meanoldmanning, what does the output of


get-wmiobject -namespace "root\securitycenter2" -class "antivirusproduct"

show?  I guess, more specifically, the "productState"

On mine, it's currently:


__GENUS : 2
__CLASS : AntiVirusProduct
__SUPERCLASS :
__DYNASTY : AntiVirusProduct
__RELPATH : AntiVirusProduct.instanceGuid="{1006DC03-1FB1-9E52-7C81-F2FAB48962E3}"
__PROPERTY_COUNT : 6
__DERIVATION : {}
__SERVER : DEL7810-0219
__NAMESPACE : ROOT\securitycenter2
__PATH : \\DEL7810-0219\ROOT\securitycenter2:AntiVirusProduct.instanceGuid="{1006DC03-1FB1-9E52-7C81-
F2FAB48962E3}"
displayName : McAfee Endpoint Security
instanceGuid : {1006DC03-1FB1-9E52-7C81-F2FAB48962E3}
pathToSignedProductExe : C:\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\AMCFG.EXE
pathToSignedReportingExe : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
productState : 393232
timestamp : Tue, 08 Oct 2019 12:33:32 GMT
PSComputerName : DEL7810-0219

__GENUS : 2
__CLASS : AntiVirusProduct
__SUPERCLASS :
__DYNASTY : AntiVirusProduct
__RELPATH : AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
__PROPERTY_COUNT : 6
__DERIVATION : {}
__SERVER : DEL7810-0219
__NAMESPACE : ROOT\securitycenter2
__PATH : \\DEL7810-0219\ROOT\securitycenter2:AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-
DA132C1ACF46}"
displayName : Windows Defender
instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe : windowsdefender://
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState : 393472
timestamp : Tue, 01 Oct 2019 11:56:37 GMT
PSComputerName : DEL7810-0219

And I think we determined previously that the issue was related to how WSC is interpreting the productState.  If yours is still showing 393232 (and one assumes Microsoft didn't change how Windows interprets productState [...more...] for this McAfee issue) then it would appear, in addition to everything you mentioned, that the new ENS build does not correct the issue...

When the "debug logging" workaround was working, the productState on my machine was (now seemingly randomly) set to 397312, which caused WSC and WDA to behave properly...

@chealeyanything?  Hello?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community