cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Incompatibility ENS w BeyondTrust PriviligeManagement

Jump to solution

Hello,

we are evaluating an upgrade from VSE 8.8 to ENS 10.7 and experienced an incompatibility with the also used BeyondTrust PrivilegeManagement Client. After installing ENS on a test machine, ENS informed about a blocked dll hook because of an untrusted cerftificate.  (pghook.dll by beyondtrust)

In KB83123 is mentioned that we can trust the certificate manually, this is explained in KB74176.

Now we don't know if we understand the KB74176 correctly... do we have to send in the certificate to McAfee and you will send us back a package to import into McAfee ePO? 

thanks in advance and best regards

2 Solutions

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Incompatibility ENS w BeyondTrust PriviligeManagement

Jump to solution

Hi @Seahawker,

Thank you for your post. My understanding is that you are facing the issue with ENS installed.

Based on the same, I would recommend the below extract from the product documentation referenced below.

Managing third-party certificates
A process, called MFECanary.exe, runs as a child process to MFEEsp.exe and captures digital certificate detail for any DLL that attempts to inject into the MFECanary.exe process. The information is sent to McAfee ePO from an agent event, which is processed by the McAfee ePO server. It is then sent to the Endpoint Security Common policy. From the policy, you can decide whether client systems trust or do not trust the third-party certificate. To trust it, you must add the digital signature to the certificate store.

Technical support can help in identifying the third-party certificate, obtaining the certificate file (.cer), and trusting a third-party digital certificate with signed third-party DLLs that are injected into McAfee processes.

Reference documentation:

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-common-product-guide-windows/page/GUID-AAE07...

Basically, if you have already run the process and if you can see the certification generated under Endpoint Security Common policy applied for this machine, you have the option to exclude the certificate.

If it has not already populated, you can use the certificate and upload it as mentioned in the document below to allow the signed dll for injection.

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-common-product-guide-windows/page/GUID-3DC82...

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Incompatibility ENS w BeyondTrust PriviligeManagement

Jump to solution

With ENS, you can add the certificate from the file to the ENS common, options policy under certificates section.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Incompatibility ENS w BeyondTrust PriviligeManagement

Jump to solution

Hi @Seahawker,

Thank you for your post. My understanding is that you are facing the issue with ENS installed.

Based on the same, I would recommend the below extract from the product documentation referenced below.

Managing third-party certificates
A process, called MFECanary.exe, runs as a child process to MFEEsp.exe and captures digital certificate detail for any DLL that attempts to inject into the MFECanary.exe process. The information is sent to McAfee ePO from an agent event, which is processed by the McAfee ePO server. It is then sent to the Endpoint Security Common policy. From the policy, you can decide whether client systems trust or do not trust the third-party certificate. To trust it, you must add the digital signature to the certificate store.

Technical support can help in identifying the third-party certificate, obtaining the certificate file (.cer), and trusting a third-party digital certificate with signed third-party DLLs that are injected into McAfee processes.

Reference documentation:

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-common-product-guide-windows/page/GUID-AAE07...

Basically, if you have already run the process and if you can see the certification generated under Endpoint Security Common policy applied for this machine, you have the option to exclude the certificate.

If it has not already populated, you can use the certificate and upload it as mentioned in the document below to allow the signed dll for injection.

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-common-product-guide-windows/page/GUID-3DC82...

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Incompatibility ENS w BeyondTrust PriviligeManagement

Jump to solution

With ENS, you can add the certificate from the file to the ENS common, options policy under certificates section.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community