hello , your antivirus is identified my website as a malware/phishing site and this is wrong and its harm our business a lot, so am asking you kindly to remove it from your blacklist.
Product: McAfee Agent 220.127.116.117
OS: Windows 10 version 1703
Microsoft seems to want switch its users tward Defender by start blocking McAfee related products... In my case when deploying/installing a managed McAfee agent..
Thats the feeling I get when I see attached below error...
Is there a solution for this in the near future? Perhaps validate McAfee as a valid publisher ?
The agent package that is downloaded from McAfee site is signed. It does not contain a framepkg.exe file. When the agent is checked into epo, epo compiles that framepkg.exe file with the sitelist, keys, etc. and creates that file, so it is not signed at that point. I doubt that will change due to the way it is compiled. Other packages of ours aren't necessarily like that. For example, when VSE is checked in, there are no creating new files and compiling anything together, so the msi and setup exe files are still digitally signed.
Agent is 5.0.6.xxx
EPO is 5.9.1.xxx
The question is there is a option tick box in the Agent Repository Policy stateing this.
"Automatically allow clients to access newly-added repositories"
Can anyone point me to any documentation on what this does and how it affects the way the agent checks which repositories that are usable in the list.
Before you tell me to read it and take it at face value test out your understanding in a lab.
1. creating a list of repositories with a couple disabled and a couple enabled and with the option ticked test.
2. check on a agent in the mcscript.log file that it tests and states which repositories are usable and which are not. You should find the list of repositories in the mcscript.log file search for " usable " or " Not Usable "
3. Now untick it and apply the policy to the endpoint and do a update now to make it check the repositories for updates. note the time you did the update so you can find the log entries.
4. Check in mcscript what repositories it is checking now and tell me does it do the same test of each repository in the list it did in the first test.
I think you may be surprised.
I'm wondering if there is an easy way to filter out events where the "Application" field is the same, but where different Signature IDs are involved.
We have some VmWare ESX servers which are VERY chatty. All of the events coming in with the application "vxpa" are not useful from a security perspective. I could disable the ASP rules one by one, but there are a lot of them involved.
Any help is apperciated!
The agent we have options to install remotely, URL and generate package and push manually.
To install the product (ENS) locally, how do I generate the manual installation package?
My server is on AWS.
If you are talking specifically for the McAfee Agent, you can build a "FramePkg" that allows you to install the agent without it having to download itself during installation from ePO. It will already have the ePO contact inforation so it will reach out to it after installation. This is in KB51661
If you are referring to the ENS modules, then you need the "Stand Alone installer" of the version you are using, which you can get from your download page using your Grant Number,
Hope this helps.
I am wondering if some of you have experienced the following issue:
I have deployed ATP 10.5.2 and the DXL client 18.104.22.1687 to systems with END TP + WC 10.5.2
On a small number of clients (approx. 15/2000), users report that when they start Internet Explorer it freezes. After disabling the McAfee plugin (for scriptscan) IE works fine again.
Before the deployment of ATP + DXL they did not have this problem.
The OS on which this is seen: W7 x64.
Is there a possible relation between the deployment of ATP + DXL and the freezing of IE?
Thanks in advance.
Hello, everyone. I'm having an issue with the HIPS log not updating. I'm on Patch 11 and the issue is occuring on a Server 2012 R2 system.
I've tried uninstalling and reinstalling HIPS, reducing the log file size in the Client UI policy, and rebooting the systems.
Any suggestions? I have zero visibility into what HIPS and its firewall are doing.
You might have an issue where the HIPS services aren't running (McAfee Host Intrusion Prevention lpc Service and McAfee Host Intrusion Prevention Service; HIPS may not be active, so no logging is generated), or possibly the "C:\ProgramData\McAfee\Host Intrusion Prevention\Event.log" file is corrupt and can't be written to (this is the file represented as the Activity log).
You might try deleting that file (stop the HIPS services first), then restart the HIPS services.
I'm having remote logs but I can not access them. What else can it be?
The tool is not a McAfee tool and can be downloaded just by searching for it on the Internet.
As for your sql server sharing databases, yes, it could affect them. You will need to get with your dba. You might have to set it up on a different sql server.
I have Total protection installed on my PC, the licence expiring in 6 days.
I want to use my licence for LifeSafe instead, valid until next year.
Do I have to deinstall total protection before installing LifeSafe? If I have to: Any hints how to do it, any program to be used?
I am looking forward to any notice.