We have been doing some tests here and might be getting close to an answer, at least for us. We have found that if you disable Common Standard Protection > Prevent termination of McAfee processes for both block and reporting, the MFeB leak stops. By a process of elimination, we think that the problem is due to a clash between our host's Intel ILO drivers, and the VSE P6. This is because for us, we have only seen the leak happen on our Intel servers, it has not happened on our Dell hosts. However, on our last test overnight, with what we thought were all the ILO processes excluded, MFeB still got bigger on our test host with "prevent termination" on. We will continue to test and I will update.
FYI, from what we have seen of memory dumps provided to us for analysis of this issue, we believe the issue is solved by code changes that are releasing with Patch 7.
We do not know that of a surety at this time, but have extended a test package to a couple of customers in hopes they can solidify our belief.
If you want to assist us in proving the theory, reach out to Support. We'll first want to confirm you're seeing the MFeB pool tag increase issue, and in what timeframe the leak becomes noticeable so that when the test package is installed we'll have confidence in the results.
As you may know The MFeB tag comes within the installation of syscore 15.2.x , So it will be there if agent 5.02 is installed therefore you will have the memory leak even if you have vse 8.8 p4 and access protection blocking, so p7 will be good with agent 4.8. if you provide me with your contact i will send you a tool to show this issue if there is AP blcoking for agent 5.02 or vse p6 so you do not have to wait for customers feedback and speed up the fix.
if you provide me with your contact i will send you a tool to show this issue if there is AP blcoking for agent 5.02 or vse p6 so you do not have to wait for customers feedback and speed up the fix.
Sure. Upload it to me here:
ftp://custftp2.nai.com/incoming/tier3/wwarren, just let me know the filename.
Anonymous will let you connect and place the file.
The site won't allow download, only upload.
The filename must be unique and we don't allow listing folder content
This page can’t be displayed
Yeah, it's not a website, it's an FTP location.
e.g. At a CMD prompt, type
FTP -A custftp2.nai.com (the A is case sensitive)
Then at the ftp prompt, type
PUT C:\path\to\yourfile.exe incoming\tier3\wwarren\yourfile.exe
That would be your own firewall/network policies refusing that connection. I can't help you with that sorry.
If you want to make the tool available some other way I'll be happy to grab it.
Is there an ETA on Patch 7 or a hotfix to resolve this? Sorry to say, I've already submitted an MER and was basically told there was nothing there, so forgive me for not wanting to bother with that again to get the limited release patch.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center