cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Prevention Access Protection and Exploit Prevention exclusion Lists are not functioning.

Jump to solution

Dear all,

Kindly not that we are installing a new endpoint security product to to be working in parallel with our Mcafee ENS at the same time ( it is not a signature base solution)

We are facing issues while installing the agent on the workstation as the windows is always crashing after the installation mandatory restart except if we disabled the McAfee access protection and the exploit prevention. We have an official exclusion list to be applied on the mcafee and vise versa and also configured but with no success.

I have tried a lot of scenarios with no hope, do you have any findings/info that could help regarding this issue please? how can we correctly exclude the list from the McAfee side?

Thanks a lot in advance

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Threat Prevention Access Protection and Exploit Prevention exclusion Lists are not functioning.

Jump to solution

I am not sure the 2 products would be compatible with each other, as we don't know what kind of drivers this other solution has.  ENS has several kernel drivers that could easily cause conflict if that software also has similar kernel drivers.  That is not a recommended scenario. 

That being said, I would recommend opening a ticket with the ENS team to verify compatibility.  That will require full memory dumps for when Windows crashes with a corresponding mer.  To prepare for that, you might want to configure a test system for full memory dumps (mini dumps are insufficient).  Refer to KB56023 for how to configure that. 

For the mer, you can get that from mer.mcafee.com.  When you run it (after you reboot from crash), be sure to run it as administrator and choose the specific products of McAfee's that are installed rather than choose all products.  When you specify the products, we get more specific information on those products.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Threat Prevention Access Protection and Exploit Prevention exclusion Lists are not functioning.

Jump to solution

I am not sure the 2 products would be compatible with each other, as we don't know what kind of drivers this other solution has.  ENS has several kernel drivers that could easily cause conflict if that software also has similar kernel drivers.  That is not a recommended scenario. 

That being said, I would recommend opening a ticket with the ENS team to verify compatibility.  That will require full memory dumps for when Windows crashes with a corresponding mer.  To prepare for that, you might want to configure a test system for full memory dumps (mini dumps are insufficient).  Refer to KB56023 for how to configure that. 

For the mer, you can get that from mer.mcafee.com.  When you run it (after you reboot from crash), be sure to run it as administrator and choose the specific products of McAfee's that are installed rather than choose all products.  When you specify the products, we get more specific information on those products.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Threat Prevention Access Protection and Exploit Prevention exclusion Lists are not functioning.

Jump to solution

Hi cdinet,

Thanks a lot for your feedback, that was already done also with a lot of support remote session but with no luck. the only confirmed point is that we reached out that the issue is only solved once disabling only the Exploit Prevention under the Threat Prevention component.

We have applied all the third party exclusion here (i mean in the Exploit Prevention exclusion) but also with no hope.

They also collected a Mer, Pocmon and ENSTracer after simulating the same issue again and the windows crashing but they didn't find any sufficient log that can isolate or identify what the issue is comming from?

We are not able to disable such feature. So, what can we do?

Thanks a lot in advance

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Threat Prevention Access Protection and Exploit Prevention exclusion Lists are not functioning.

Jump to solution

If windows is actually crashing, as in blue screen, then a full memory dump is the only way to really tell what is going on.  That will reveal driver conflicts causing the problem.  If logging isn't giving you the info you need and issue goes away by disabing a feature, which also can unload the driver, then you need a memory dump when windows crashes.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator