cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

The mcscript log used to contain all info on tasks run, such as updates and deployments.  The newer agent has split up that logging.  So deployments (from a deployment task) will be now logged in the mcscript deploy log, where updates (like your patch 12 from an update task) will be logged in the regular mcscript log.

The mfemactl log is basically logging the AAC interactions - self protection, logs any issues with dll injection where our processes are blocked, or where we block other processes from injecting into ours.  That can be a helpful log for when things just don't make sense why they aren't working - possibly we are being blocked by injected processes.  We basically block ourselves if we get injected with an untrusted or unsigned dll as a protection measure.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 12 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

Ahh, I see that's good to know.

When you say newer agent, do you mean the 5.6.x version? I haven't checked that one in yet, that will need to go to Change Management and the CAB! 

Most of the endpoints are running 5.5.1.388 on this customer, although there are a few stragglers running older Agents like 5.0.6.220 and even 4.8.0.1938.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

I don't remember what agent version that new deploy log was introduced in, but if you have it on your system, it is in that version for sure.  I would have to go back through all the release notes. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 14 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

No that's fine, no worries no need to go through the Release Notes I'm sure you've got better things to be doing with your time!

Talking of Release Notes I see there's a new Patch for VSE out!

This particular customer by the way, is a bit stuck in their ways and although I've brought up the question of would they like to migrate to ENS they seem to want to stick with good ol' VSE and HIPS!

Would you happen to know, is there a cut-off point for when support for VSE & HIPS will end? If so, I might be able to twist their arm and convince them to migrate to Endpoint Security. There's only a few more weeks left on their Purchase Order, although they may buy more days from us I guess.

Thanks again and speak soon.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 15 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

You can keep track of end of life for our products here:

https://www.mcafee.com/enterprise/en-us/support/product-eol.html

Currently there is no EOL listed yet for VSE or HIPS.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 16 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

Hi,

We grabbed those logs from that MAN49 laptop earlier and the main one - McAfeeHip8_Patch12_x64 - is huge at 51MB! I've found a chunk of text from it near the bottom of the log (see below) which is self-explanatory - in that the error code 1636 translates into package could not be opened - but I'm wondering what the easiest way to resolve this would be?

Extract from McAfeeHip8_Patch12_x64.logExtract from McAfeeHip8_Patch12_x64.log

 

The McAfeeHip8_PatchLaunch log basically contains hundreds of lines similar to this one:

  • VS2010 x64 redistribution installation completed (ExitCode: 0)

Although there was just one occurrence of this:

  • VS2010 x86 redistribution installation completed (ExitCode: -529697949)

The McAfeeHip8_Stillinjected.err log contains lines like this:

  • OpenProcess() failed: pid = 0, errno = 0x57 (Unknown error)
  • OpenProcess() failed: pid = 4, errno = 0x5 (Input/output error)
  • EnumProcessModules() failed: pid = 364, errno = 0x12b (Unknown error)
  • EnumProcessModules() failed: pid = 600, errno = 0x12b (Unknown error)
  • EnumProcessModules() failed: pid = 676, errno = 0x12b (Unknown error)

The McAfeeHip8_Stillinjected.log was empty.

I guess we could uninstall the product using the EPR Tool if the traditional method of an assigned client task fails? After all, this is presumably not an issue on McAfee's part but the Windows Installer?

Would you like to see the entire log file at all, the main one called McAfeeHip8_Patch12_x64? Compresses down to about 2.7MB.

Nick_B
Level 11
Report Inappropriate Content
Message 17 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

Hi Caryn,

We grabbed those logs from that MAN49 laptop earlier and the main one - McAfeeHip8_Patch12_x64 - is huge at 51MB! I've found a chunk of text from it near the bottom of the log (I did attach a screenshot earlier but it ended up the Rejected Items area for some strange reason) which is self-explanatory - in that the error code 1636 translates into package could not be opened - but I'm wondering what the easiest way to resolve this would be?

 The McAfeeHip8_PatchLaunch log basically contains hundreds of lines similar to this one:

  • VS2010 x64 redistribution installation completed (ExitCode: 0)

Although there was just one occurrence of this:

  • VS2010 x86 redistribution installation completed (ExitCode: -529697949)

The McAfeeHip8_Stillinjected.err log contains lines like this:

  • OpenProcess() failed: pid = 0, errno = 0x57 (Unknown error)
  • OpenProcess() failed: pid = 4, errno = 0x5 (Input/output error)
  • EnumProcessModules() failed: pid = 364, errno = 0x12b (Unknown error)
  • EnumProcessModules() failed: pid = 600, errno = 0x12b (Unknown error)
  • EnumProcessModules() failed: pid = 676, errno = 0x12b (Unknown error)

The McAfeeHip8_Stillinjected.log was empty.

It's kind of cheating but perhaps we could uninstall the product using the EPR Tool if the traditional method of an assigned client task fails? After all, this is presumably not an issue on McAfee's part but the Windows Installer?

Would you like to see the entire log file at all, the main one called McAfeeHip8_Patch12_x64? Compresses down to about 2.7MB.

Nick_B
Level 11
Report Inappropriate Content
Message 18 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

Here is the screenshot which is a snippet from the McAfeeHip8_Patch12_x64 log (not sure if this is what the forum moderator tool didn't like)

Extract from McAfeeHip8_Patch12_x64 logExtract from McAfeeHip8_Patch12_x64 log

 

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 19 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

You can send me the log if you want, but honestly, I support epo and the agent (I used to support vse/ens/hips and others also, but no longer).  You might be better served to post the hips failure in the endpoint security, hips forum. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Nick_B
Level 11
Report Inappropriate Content
Message 20 of 22

Re: Troubleshooting the Updating of Security Products on Managed Endpoints

OK, thanks Caryn.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community