Hello
In the known issues document for Agent 5.0.1 this is written
Issue: McAfee Agent executables are not whitelisted by VirusScan Enterprise (VSE) 8.8.0 Patch 4 and earlier. Access Protection hits are generated for McAfee Agent executables such as masvc.exe, macompatsvc.exe, macmnsvc.exe, and maconfig.exe if VSE 8.8.0 Patch 4 and earlier versions are installed.
Resolution: This issue is resolved in VSE 8.8.0 Patch 4 JTI Hotfix and VSE 8.8.0 Patch 5.
As the JTI patch seems not published yet and the VSE 8.8 patch 5 can't be used in our domain (because of another knwon issue not corrected yet), i would like to know what to do exactly with all 4 files that are listed if i want to test this new version.
Is it enough to add them as whitelisted into all McAfee autoprotect rules ? or do i have to add them in other rules too ?
Solved! Go to Solution.
This is the KB article you need to read:
VirusScan Enterprise 8.8 could block McAfee processes after installing or updating McAfee products
https://kc.mcafee.com/corporate/index?page=content&id=KB84087&locale=en_GB&viewlocale=en_GB
Cheers,
Phil
Hi,
does this result in an endpoint which is stuck at the logon?
What is the JTI Hotfix?
Cheers
JFI : Don't know yet as it is not yet published but one McAfee contact told me that it was a VSE 8.8 P4 update for TIE communication.
for your first question, can't answer as my question is there for helping me beginning the alpha test procedure for this new version.
Ahhh,
perhaps you mean HF929019. This HF is included in the TIE product. I´m not absolutely sure if it is that hotfix. But, this HF enables TIE/DXL enforcement on your endpoint.
I found another helpful KB article: https://kc.mcafee.com/corporate/index?page=content&id=KB81930&actp=null&viewlocale=en_US&showDraft=f...
At the moment we have a problem at a customer. The System stucks at logon after upgrading to Agent 5.0.1. Will see if Access protection Triggers this problem.
Cheers
Perhaps it is that one but i really don't know
McAfee wrote "VSE 8.8.0 Patch 4 JTI Hotfix" so nobody could know exactly what it really means
This is the KB article you need to read:
VirusScan Enterprise 8.8 could block McAfee processes after installing or updating McAfee products
https://kc.mcafee.com/corporate/index?page=content&id=KB84087&locale=en_GB&viewlocale=en_GB
Cheers,
Phil
Thanks, that's more clear like that.
just missing the maconfig.exe file that is mentionned into the known issues but i'll add it if necessary
Perhaps one fine thing next time would be for intel security to let the community write release notes and known issues. Would be more clear.
😉
Perhaps one fine thing next time would be for intel security to let the community write release notes and known issues. Would be more clear.
Part of me loves this idea, another part is stuck in logic loops trying to solve how it could possibly happen .
I got a little lost in trying to follow what you were saying about maconfig.exe. Are you saying it needs to be added to KB84087? (if you can post for me an Access Protection log example showing it was being blocked, it would help)
Regarding the "VSE 8.8.0 Patch 4 JTI Hotfix", that is HF929019 as mentioned. It could be written more verbosely as "VSE 8.8.0 Patch 4 JTI Hotfix 929019".
maconfig.exe is missing from the KB mentionned by PhilR.
But this file is listed as a fourth file into the known issue. So i will add it to the exclude list if necessary. not the case actually
For the "VSE 8.8.0 Patch 4 JTI Hotfix 929019", this is the perfect exemple of a "community rewrite" 😉
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA