cancel
Showing results for 
Search instead for 
Did you mean: 
eg211
Level 10
Report Inappropriate Content
Message 1 of 12

Failed to find valid repository while updating VSE DAT

Jump to solution

Hi There!

Environment:

ePO 5.10/ agent 5.6.2/VSE 8.8 P11/P13/ Win10 1803

I'm doing POC in cx environment and encountered this issue on one client:

 

Customer has DLPe/MDE managed by ePO, VSE is also installed on this client but ePO has no VSE extension/packaged checked into ePO - cx has 2 offices, VSE only need to connect to mcafee update server to update the DAT via proxy.

 

Things we tried:

1. port is OK, also tried to open mcafee update server url via browser, it's accessible correctly. sitestat.xml file can also be downloaded successfully.

2. reinstall VSE/Agent, no help.

3. checked the agent compatible log seems it has the below information:

2019-10-15 15:56:27.248 mfemactl(7592.7004) mfemactl.Info: The process <C:\PROGRAM FILES\MCAFEE\AGENT\X86\MCSCRIPT_INUSE.EXE>(556) was blocked from accessing('CREATE' (1)) <AAC_OBJECT_SECTION:C:\PROGRAM FILES (X86)\BONJOUR\MDNSNSP.DLL> via the rule <Sanitize selected MA Processes>
2019-10-15 15:56:27.248 mfemactl(7592.7004) mfemactl.Info: The process <C:\PROGRAM FILES\MCAFEE\AGENT\X86\MCSCRIPT_INUSE.EXE>(556) was blocked from accessing('CREATE' (1)) <AAC_OBJECT_SECTION:C:\PROGRAM FILES (X86)\SANGFOR\SSL\CLIENTCOMPONENT\2_SANGFORNSP.DLL> via the rule <Sanitize selected MA Processes>

Is this a software conflict or something else? i tried to renamed the mentioned dll then update again, still no help.

 

Can you guide me on how to further troubleshoot this issue? thanks!!!

2 Solutions

Accepted Solutions
Highlighted
McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Hi eg211,

I understand that the client machine is not managed by EPO it seems. Looking at the below logs, there are lot of third party DLL injection. 

Could you please uninstall "BONJOUR" and "SANGFOR" application and try again. Also you can check McScript log to check the failure. These dll's are untrusted or unsigned.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

View solution in original post

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 12 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

To answer this question - McAfee Agent uses it's internal aac self-protection mechanism(sanitize selected MA processes) and detecting those 2 DLLs hooked into Mcscript_inuse.exe contain unsigned/untrusted codes/digital signatures, and THEN, agent stops(not third-party software forces agent to stop) to process further and causes agent failed to find the valid repository.

When any untrusted dll or process tries to inject itself into our processes, we block that from happening to prevent things such as malware or other type processes that might even try to modify the behavior or code of our processes to protect them.  In doing so, mcscript_inuse is prevented/blocked from executing its own functions.  One of those functions is to invoke an mue.exe process to start running the scripts for the update.  If our process is injected with an untrusted dll, we can't trust it to not alter the behavior of what mcscript_inuse is trying to do, so we block its functionality.  That is why it fails any updates or deployments.  The 3rd party software isn't what forces the agent to stop, we stop ourselves so we do no harm if the 3rd party software happened to be malicious.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

11 Replies
Highlighted
McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Hi eg211,

I understand that the client machine is not managed by EPO it seems. Looking at the below logs, there are lot of third party DLL injection. 

Could you please uninstall "BONJOUR" and "SANGFOR" application and try again. Also you can check McScript log to check the failure. These dll's are untrusted or unsigned.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

View solution in original post

eg211
Level 10
Report Inappropriate Content
Message 3 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Thanks, @LKS , the issue has been resolved after uninstalling Sangfor. will work further with cx and updat e this post.

McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Glad to hear.....🙂

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 5 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

You can follow the below article to handle third party DLL injection.

https://kc.mcafee.com/corporate/index?page=content&id=KB88085

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

McAfee Employee ATD
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Hi eg211,

Thank you for the below Information. I appreciate on the steps you have followed.

Yes It looks to be moreover an issue with the Software conflict where 3rd Party process/DLL is trying to hook into McAfee Process and hence failing the DAT Update.

This behavior is as designed. We allow only properly signed software to be loaded by our processes.

Next Steps: 

  1. Could you please try uninstall the associate Software where the MDNSNSP.DLL and 2_SANGFORNSP.DLL belongs to and try the DAT update?
  2. It might Most likely the MDNSNSP.DLL and 2_SANGFORNSP.DLL file is not properly signed. Please check this. I'd recommend using Sysinternals' sigcheck.exe on such a system.
  3. Does software has a newer version of their software (with properly signed executables) that doesn't have this problem (if this turns out to really be the problem)?

Could you please follow the above recommendations and let me know if it helps you to resolve this issue?

Many Thanks!

 

eg211
Level 10
Report Inappropriate Content
Message 7 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Hi @ATD , @LKS ,

Sorry to bother again, could i have more deep insights on why this third-party dll causing agent failed to find valid repository?

 

My understanding of the errors in mfemactl.log is below:

McAfee Agent uses it's internal aac self-protection mechanism(sanitize selected MA processes) and detecting those 2 DLLs hooked into Mcscript_inuse.exe contain unsigned/untrusted codes/digital signatures, and THEN, agent stops(not third-party software forces agent to stop) to process further and causes agent failed to find the valid repository.

 

Is my understanding correct?  please kindly share your comments/knowledge, any further insights is much appreciated! thanks!!

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

If mcscript_inuse is blocked, it typically doesn't even follow through with the update process.  I would need to look at your mcscript log for why invalid repository.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 11 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

Hi eg211,

Hope you got my message in private window. Please try the suggested method and let me know the status. If you are unable to download Sitestate.xml file, then you have to investigate with your internal network team.

Please do not upload any logs directly to public forums.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 11 of 12

Re: Failed to find valid repository while updating VSE DAT

Jump to solution

For your own company's privacy, I removed your log entry post due to sensitive information being posted in a public forum.  

Can the user get to http://update.nai.com:80/Products/CommonUpdater in their browser?  If so, are any proxy settings enabled at all in the browser, including automatically detect?  If they are, uncheck them all and see if they can still get to the site.  I suspect the proxy is your problem.  You do have one in use, as the agent is trying to go through it.  There are also a lot of could not resolve host messages.  This seems purely network at this point.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community