I am experiencing an issue on one of my ePO servers. From the server, I am able to install a MA on a remote client. The ePO server task log reports a successful completion, and I can log in to the remote client and observe the MA installed. Further, I can open the MA status monitor and observe it opening a session with ePO, collecting and sending props, and closing the session. Additionally, from the ePO console, I am able to send a wake-up to the MA which reports as completed successfully.
However, in the system tree, the client still shows up as "unmanaged." As such, I am unable to manipulate the agent in any ways -- I cannot install VSE or apply any policies. The only oddity I've seen in any logs was in one of the logs on the client (paraphrasing): "Process MFEVTPS ... was blocked from accessing create ... via the rule Sanitize MFEVTP Service Process"
NOTE: Because of the sensitivity of the system in question, I am unable to post any logs (hence the paraphrasing).
You may need to run down the reason behind "Process MFEVTPS ... was blocked from accessing create ... via the rule Sanitize MFEVTP Service Process"
mfevtps.exe: Provides trust validation for all McAfee processes.
Process description and load order for VirusScan Enterprise and McAfee Agent Technical Articles ID: KB65784 Last Modified: 11/3/2016
At first blush, it looks like there is an access protection policy causing that error. I don't want to red herring that error, though.
If I go in to services.msc, I see the service, it's set to manual, and it is not running. I haven't done anything to see if I could trigger the service, but I am unable to stop or disable the service. I'm genuinely flummoxed on this one -- I thought I had figured out a lot of the ePO quirks, but then they throw this one at me :/