I would log a support call, but got confused on Statement that application is not part of Support tools (to me seems as a joke, as it should be available as an option to each Agent for Admins to troubleshoot issues with systems)
“What versions of ENS Threat Prevention does Profiler support?
Profiler works with ENS Threat Prevention, but note the following:
Profiler 2.0/2.0.1 support ENS Threat Prevention 10.5.4 and later.”
McAfee Profiler 2.0.1 does not work with Windows ENS 10.7 (tested on several machines)
Notification window appear after a test run is completed:
Title: "McAfee Profiler"
Message: "No data captured as files and processes were not scanned during data capture."
I`m planning on some important work to upgrade old McAfee`s to ENS, and without this tool supporting 10.7 I`m concerned to run into serious issues.
is there Any way to inform developers?
Thank you for your post here. I have not really tested this out, however, Just to be sure, Were any Read write operations being performed on the endpoint when Profiler was running on the machine? McAfee Profiler does not work for On Demand Scan and works only for On Access Scan.
Having said that, let me quickly run profiler on my lab machine with ENS 10.7 and get back to you with results.
I`m considering this as a great tool!
wondering if Linux & MAC has anything similar?
Agent 5.6.0/5.6.1/5.6.3 + ENS 10.6.1 - is working
4 different Servers with 5.6.3 + ENS 10.7.0 - Profiler is not working = returns no results.
prior to this, tested on a server with ENS 10.6.1 (worked fine), then upgraded to ENS 10.7.0 - to confirm same issue persists.
Thank you for your kind feedback and response.
Firstly, I am afraid we do not have this tool for Linux and MAC, however this would be a really great idea for our Product Enhancement/Ideas forum. More info here:
Having said that, Regarding the reported issue, I can confirm that the tool works fine with the latest version of 10.7 February update in place! Ens 10.7 - Feb update and McAfee profiler - 2.0.1.
Hence I would like to request you to kindly please confirm the working of profiler by doing any read/write operations like copy paste of files on the machine. I suspect this could be an environment specific issue as the tool seems to have worked fine in my test machine.
Please note that it monitors mcshield on access scan activity. So it is very important that the mcshield process is running and atleast 1 I/O operation is performed on the machine by any process so that data is captured and displayed!
if a 3rd confirmation is required - Confirm, there is an issue with app.
1. doing any read/write operations like copy paste of files on the machine - Yes
2. mcshield.exe runs - Yes
Apologies to have requested multiple confirmations. I was confused as it was successful in my Lab environment.
Although Profiler not part of the ENS suite, Kindly please bear with me while I see other opportunities to assist you with the tool.
Thank you for your kind time and patience with us. I am still looking for an internal team to escalate this concern. While I would also like to be able to investigate and replicate the scenario. Have you tried running process monitor to find any locks or access denied?
Can you help me with the self protection log file from the endpoint's logs folder here so that I can have an initial look into it for you?
Can you kindly try disabling Self protection and access protection to see if that helps in running McAfee Profiler for you?
Are there any specific differences you have noticed with respect to product configuration (policies) or the applications installed that may hamper profiler form running?
Can you also please try running the tool as an administrator?
Thank you for your time and patience. I am currently reaching out to the Team that worked towards upgrading this tool and I have a suggestion and a request from them.
I would like to seek your kind help in gathering the available log file at C:\ProgramData\McAfee\McAfee Profiler.
Log File Name: McProfiler.log
Can you kindly please confirm that after you upgraded to ENS 10.7, the client is updated with the latest definitions? Please ensure AmCore version is not 0.5 (default) as McAfee Profiler will not function when AmCore is not updated on ENS.
Looking forward to your kind response.
W2012R2, ENS 10.7.0 updated and managed by ePO
AMCore content dateAMCore content versionAMCore engine version
logs with several tests contains same data, app. was run `as Administrator`
04/03/2020 15:58:52 InformationLog 5 Initializing ...
04/03/2020 15:58:53 InformationLog 5 Enabling process counting, and restarting McShield ...
04/03/2020 15:58:53 InformationLog 5 Polling Interval : 200
04/03/2020 15:59:03 InformationLog 5 Trying to enable process counting internal
04/03/2020 15:59:03 InformationLog 5 setting access protection registry key started
04/03/2020 15:59:03 InformationLog 5 rootkey exist
04/03/2020 15:59:03 InformationLog 5 setvalue for registry
04/03/2020 15:59:08 InformationLog 5 McShield process counting enabled.
04/03/2020 15:59:08 InformationLog 5 Collecting Data ...
04/03/2020 16:04:18 InformationLog 5 Trying to disable process counting internal
04/03/2020 16:04:18 InformationLog 5 setting access protection registry key started
04/03/2020 16:04:18 InformationLog 5 rootkey exist
04/03/2020 16:04:18 InformationLog 5 setvalue for registry
04/03/2020 16:04:23 InformationLog 5 Analyzing ...
04/03/2020 16:04:23 InformationLog 5 Trying to Analyze Top Processes
04/03/2020 16:04:23 InformationLog 5 Analyzed Top Processes
04/03/2020 16:04:23 InformationLog 5 Trying to Analyze Top Files
04/03/2020 16:04:23 InformationLog 5 Analyzed Top files
04/03/2020 16:04:23 InformationLog 5 Trying to Analyze Top FileExtensions
04/03/2020 16:04:23 InformationLog 5 Analyzed Top FileExtensions
04/03/2020 16:04:23 InformationLog 5 Trying to Analyze TopProcess ReadWrite
04/03/2020 16:04:23 InformationLog 5 Analyzed TopProcess ReadWrite
04/03/2020 16:04:23 InformationLog 5 Trying to Analyze TopFiles ToProcesses
04/03/2020 16:04:23 InformationLog 5 Analyzed TopFiles ToProcesses
04/03/2020 16:04:24 InformationLog 5 Completed
tried also to update 10.7.0 to 10.7.0 February and noticed BIG TIME components update failures across all estate and particularly on tested Server.
10.7.0 February - McAfee profiler - No results, blank
Also check this out (might worth logging a ticket at later time?):
1. ATP is disabled by Policy, ENS window correctly reports DISABLED
2. when installed ENS 10.7.0 ATP since then, for 2 weeks consumes 50% CPU non-stop.
3. update to ENS 10.7.0 February - ATP + FW install FAILURE (though seems services bounced several times, but CPU got on same % usage)
4. Installed forcefully ENS 10.7.0 February ATP - services seemingly restarted, but again came back to HIGH CPU %