Can I find an official line that you do not support the use of correlation running on the combo VM itself written/confirmed somewhere, i.e. in the product documentation or knowledgebase?
This was mentioned in during a remote session with a McAfee engineer to fix an issue, though I didn't think to ask for anything in an email before the ticket was closed.
Adding and running correlation engine on the receiver isn't the issue, it's when there's a fault it causes serious problems (it tries to keep correlating and can't cope leading to massive backlogs etc.).
We have effectively been told we shouldn't be running correlation on a combo VM.