cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 111 of 332

MCAFEE communications to Partners extreme bad in this case

Jump to solution

Angry customers all over due the way this was handeld. Check forum here.

 

We were almost FORCED to do a POC (Proof of concept) yesterday 08.10.2019 ONE day (A few Hours) before the offical Release of ENS 10.6.1 OCTOBER release to ALL customers this night. Explain why ONE day before a enterprise customer has to do a POC when next day the official release is out?

The same day (After the release in EPO) someone send me a file via FTP and tells me that this is a special version for us?

 

Does the person amange (one) epo somwhere? 

Does the person get SNS alerts and ready them?

 

2019-10-09 14_41_47-Window.png

 

 

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@chealey, "by leaving [WDA] on you will risk seeing huge performance issues and many other issues > It is not advised to run two AVs on the same system." is exactly the issue we're trying to fix.  WSC/WDA is supposed to coexist with other AV providers.  When ENS is working properly, WDA is NOT RUNNING.

Now for the good news (at least for me), the October update, deployed from ePO seems to have immediately fixed the issue.  Also, after a reboot the fix has remained.  ENS seems to have registered itself an additional time in WMI as an AV provider, so I am seeing duplicate ENS entries now, however, the important part seems to be that the correct productState is 397312 now (vs. 393232), which was the state it was working in with debug on (though, I now have debug off).

Annotation 2019-10-09 085127.pngAnnotation 2019-10-09 085142.png

Annotation 2019-10-09 085757.png

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

For us Defender is not "on", its in Passive mode, which is fully supported by McAfee and Microsoft.  (passive is not enabled!)  Until this issue / release our Defender status was fine.  Defender should stand down into passive mode as soon as ENS is detected.  It shouldn't need to be disabled via GPO.  (and for us, that wont be an option)

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 114 of 332

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@billmoller

We know that both can't run. That's where the API from MS Comes into Play. The bug is either on MS side or on MCAFEE.

Steve is asbolut right. There was ONCE when an ISSUE in 2017/2018 where CLIENT OS had Probleme because we had set the Windows Defender Service with Deployment "SC" to disabled. Suddenly from that point we HAD to leave the SERVICE enabled (OFF) not disabled (passive) and APROVE WSUS Windows Updates problems to solve a Problem which was highly discussed in SOCIAL MSDN Forums.

That no matter of MCAFEE ENS was on the Systems or not.

We could only solve a Problem with re-activation of Windows Defender Updates through WSUS (Even all customer have ENS).

The story is not as easy as it seams and we fully trusted Mcafee until know that they have full control over the issue.

 

 

 

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

Here's my clean install system. It was rebooted after using the removal tool, rebooted after clean installing the October update and rebooted a couple times since. Like I reported yesterday, for a brief period a couple hours after installing the October update package it suddenly showed ENS was running but then changed its state again to WD running after a reboot and hasn't reported properly since. 

cleaninstall1.jpgcleaninstall2.jpg

Michael
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

As others have stated, disabling Windows Defender isn't an option. WD is supposed to recognize ENS is installed and enabled and allow it to be the primary and only running antimalware system

Michael
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

@meanoldmanning, would you mind posting your

get-wmiobject -namespace "root\securitycenter2" -class "antivirusproduct"

?

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

also, @meanoldmanning , a screenshot of your "about" for ENS? (showing version #'s)?

Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

About

About.jpg

Michael
Highlighted

Re: Windows Defender problem reported by MICROSOFT

Jump to solution

This is the clean install machine. All 3 of the test laptop turn out the same result. Note the timestamp on the first ENS instance listed. 

__GENUS                  : 2
__CLASS                  : AntiVirusProduct
__SUPERCLASS             :
__DYNASTY                : AntiVirusProduct
__RELPATH                : AntiVirusProduct.instanceGuid="{1006DC03-1FB1-9E52-7C81-F2FAB48962E3}"
__PROPERTY_COUNT         : 6
__DERIVATION             : {}
__SERVER                 :  PC----P
__NAMESPACE              : ROOT\securitycenter2
__PATH                   : \\PC----P\ROOT\securitycenter2:AntiVirusProduct.instanceGuid="{1006DC03-1FB1-9E52-7C81-F2FAB
                           48962E3}"
displayName              : McAfee Endpoint Security
instanceGuid             : {1006DC03-1FB1-9E52-7C81-F2FAB48962E3}
pathToSignedProductExe   : C:\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\AMCFG.EXE
pathToSignedReportingExe : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
productState             : 397312
timestamp                : Mon, 30 Sep 2019 18:05:26 GMT
PSComputerName           : PC----P
__GENUS                  : 2
__CLASS                  : AntiVirusProduct
__SUPERCLASS             :
__DYNASTY                : AntiVirusProduct
__RELPATH                : AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"
__PROPERTY_COUNT         : 6
__DERIVATION             : {}
__SERVER                 :  PC----P
__NAMESPACE              : ROOT\securitycenter2
__PATH                   : \\PC----P\ROOT\securitycenter2:AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4fae-9E44-DA132
                           C1ACF46}"
displayName              : Windows Defender
instanceGuid             : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe   : windowsdefender://
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState             : 397568
timestamp                : Wed, 09 Oct 2019 13:43:08 GMT
PSComputerName           : PC----P
__GENUS                  : 2
__CLASS                  : AntiVirusProduct
__SUPERCLASS             :
__DYNASTY                : AntiVirusProduct
__RELPATH                : AntiVirusProduct.instanceGuid="{A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}"
__PROPERTY_COUNT         : 6
__DERIVATION             : {}
__SERVER                 :  PC----P
__NAMESPACE              : ROOT\securitycenter2
__PATH                   : \\PC----P\ROOT\securitycenter2:AntiVirusProduct.instanceGuid="{A37DD4B2-BDFF-70DA-DE19-9F992
                           7D6940F}"
displayName              : McAfee Endpoint Security
instanceGuid             : {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
pathToSignedProductExe   : C:\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\AMCFG.EXE
pathToSignedReportingExe : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
productState             : 393232
timestamp                : Wed, 09 Oct 2019 13:43:06 GMT
PSComputerName           :  PC----P
 
Michael
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community