cancel
Showing results for 
Search instead for 
Did you mean: 

HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

We have 16 servers which are continuously being blocked by Access Protection from McAfee in relation to the HP Insight Foundation Agents process 'CQMGHOST.exe' and as per the article from McAfee https://kc.mcafee.com/corporate/index?page=content&id=KB87659 and various support calls they are stating this a HP issue and HP will need to provide a fix\exclusion list to resolve this.

Has anyone else experienced this issue and how have you resolved it as being shunted between McAfee and HP at the moment?

Troubleshooting steps:
The process 'CQMGHOST.exe' has been added to the exclusion list for the Access Protection rule 'Common Standard Protection','Prevent modification of McAfee Common Management Agent files and settings'. This has not resolved the issue.
 
We are running ePO v5.9 and Patch 10.
 
Thanks,
 
Andy
9 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

Can you post the access protection log entries for that violation?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

DocB
Level 11
Report Inappropriate Content
Message 3 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

awburt23,

I've had the same runaround when I had the problem, posted a question here as well.  Eventually ran the profiler and was able to block the reporting via McAfee eventually.  Permenant solution was to get rid of the HP devices causing the problem, since it was very old HW.

HTH,

DocB

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

My request for the log entry wasn't meant as a runaround, but to ensure the exclusion was entered properly.  We are more than willing to assist in getting it working for you.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

DocB
Level 11
Report Inappropriate Content
Message 5 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

cdinet,

I realize this, and you provide great information to folks.  Just letting the person know what I encountered and how I eventually resolved the problem.  An exclusion did eventually resolve the issue, as well as getting rid of the obsolete HW.

Regards,

DocB

Highlighted
Reliable Contributor Nielsb
Reliable Contributor
Report Inappropriate Content
Message 6 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

The blocked "CQMGHOST.exe" access protection events are fixed by HP

Download link: 

https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_8deb11de54ea4d1fb702029745#tab-history

CQMGHOST.png

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

Hello,

We initially had an issue with 'CQMGHOST.exe' in our QA environment. This generated up to 6 million events each day. The only fix that I had at that time was to disable the rule. This issue just surfaced in my production environment and reeked havoc with my database. The update that was provided by HP seems to resolve the issue (finally.)

Do you have any idea as to what could possibly have triggered the issue with 'CQMGHOST generating such a huge amount of events?

Thank you

DocB
Level 11
Report Inappropriate Content
Message 8 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

It's  been a while and I no longer remember what it was doing every 10 seconds or more to generate the alerts.  I have no idea as to whether the latest HP patch fixes the problem.  We got rid of the HP HW causing the problem.

DocB

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 9 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

We would have to see the log and get more info from HP for why it would mess with McAfee services, if that is what it was doing.  Some products just check for permissions to do things on the system without actually doing anything.  It all depends on the product.  However, instead of disabling the rule, you could add that process as an exception to the rule.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee sbenedix
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: HP Insight Foundation Agents process 'CQMGHOST.exe' blocked by McAfee Access Protection

'CQMGHOST.exe'  would enumerate services and registry keys etc. with a wide set of privileges (possibly including the privilege to terminate or delete), hence AP (self protection is triggered) For example, a developer could specify I need x, y that should be sufficient for all and everything this application needs to do/run, but maybe at a later stage (in product life) it is discovered that also z is required to provide the services that this product is designed to provide. Now, the whole thing needs to be patched/updated/hotfixed and this needs to be QAed, shipped/rolled out etc pp, thats a tremendous effort, thus it is "more effective" to include z straight away although its possibly not needed or strictly required for most cases.

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.