So far - I get the reboot mcafee request every time I reboot the machine (HIPS would be the culprit like it was in previous patches)
I did an update from Patch 6.
I appear to now have lost my mcafee tray icon on the second or third reboot, normal methods of having it return do not appear to work.
Services are running and exe files are listed from what I can see.
Reboot brought it back again
Going to remove HIPS and reinstall from main package and see if issue occurs regarding rebooting.
Removed VSE and HIPS as not able to run the install task for HIPS Patch 7 properly.
Restarted and tray icon gone on reboot....yet services running and I can wake the agent up.
Running agent 220.127.116.11
Two machines tested and both machines constant reboot request after resetting laptops - if I say later, it doesnt come back til a reset,
Both had 18.104.22.168 agents and Patch 6 for VSE and HIPS.
This happens with HIPS previously too, but rarely....this is 2 out of 2 so far.
Dont really want to keep testing machines
I do see the following issues after update though in the threat event logs in EPO;
McAfee Host Intrusion Prevention successfully read policy from registry
|Detecting Product Name:||VirusScan Enterprise|
|Threat Source Process Name:||C:\PROGRAM FILES (X86)\MCAFEE\HOST INTRUSION PREVENTION\HELPER32.EXE|
|Threat Target File Path:||HKLM\SOFTWARE\WOW6432NODE\MCAFEE\MCTRAY\PLUGINS\HIPSPLUGIN\|
|Threat Name:||Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings|
|Event Description:||Access Protection rule violation detected and blocked|
This is in the logs itself;
policybag.Warning: returning default policy for section=AGENT\CONFIGURATION , key=AgentVersion , value=5.0.0
2016-02-26 19:34:17.261 masvc(1020.1228) event.Info: Publishing event filter, as clients don't have latest event filter version.
If you remove VSE and HIPS and use the Full Package to redeploy to the clients, do you experience the same issues.
We don't use HIPS yet and are planning some testing for VSE 8.8P7 for next week.
Certified McAfee Product Specialist - ePO
McAfee Volunteer Moderator
Nearly 98% of our installs, will be updates if we roll out Patch 7, most machines (workstations) are on Patch 6 currently - therefore I'm not looking at removal and reinstalls due to the size of the business, etc.
VSE seems to install fine so far, from what I can tell - HIPS seems to cause me the issues currently.
Removing HIPS and letting it reinstall from Patch 6 to automatically update to Patch 7 let it install properly without the restart box showing up on every reboot.
However still unable to push manual tasks it seems.
Also, seems that Windows 8.1 thinks VSE isnt turned on...yet the Security Status says everything is ok from the mcafee tray icon.
Anyone else experiencing weird stuff with these new updates?
I am hearing of (and seen for myself) an issue associated with the Access Protection rule: Prevent Windows Process spoofing.
The team is erecting KB86694 for this.
This rule is not enabled by default, but it seems quite a few folks have enabled it and started seeing this after upgrading.
And you could see it after upgrading to HIPS P7, or MA 22.214.171.1243 also, if VSE is installed and that AP rule is enabled.