2 Replies Latest reply on Oct 11, 2017 10:48 AM by awbattelle

    MDE 7.2+Windows10 + EUFI + HP Laptop = Frozen PBA Mouse


      We have been testing MDE 7.2 with Windows 7 and 10 with our HP EliteBooks. We only see this condition with the EUFI BIOS and Windows 10. Our Win 7 build uses the legacy BIOS option and we do not see the issue on these or on our Win 10 Surface Pro devices.

      Basically when we boot the system to the PBA, the mouse is frozen. You can see the pointer, but it will not respond to either the touch pad or an externally connected mouse. You can still authenticate. Just type in the user ID, press enter, and type in the password. This works just fine and the system is otherwise normal.

      We did open a ticket, And support had me load the default encryption policy with only the minor change to enable all drives to encrypt, and I also added a user display message in order to confirm that  this is the test policy that is applied. This test had no affect on the issue.

      After that I started fooling with the EUFI BIOS to try to find an option that might fix it.

      Strangely, I noticed that if I "Reset All options" in the EUFI BIOS, then, the mouse would function just fine in the PBA, ONCE. On subsequent reboots the issue returns. So, it's not like the BIOS changed again after I reset it. But there must be some interaction with the features we enable in Windows 10 that use the EUFI BIOS. here they are:

      Secure Boot

      Credential Guard

      Device Guard

      HCPI Disabled (Has a known issue with MDE7.x so we keep this one disabled )

      And we have TPM enabled but we don't interface this feature with the MDE policy.  Also, most of the TPM versions are 1.2 which never seemed to work well with the MDE TPM option anyway. I will note that the default McAfee policy setting is set for use if available. Once again we do note that we don't have this issue with Windows 7, most likely because we are using the legacy BIOS option. We can't very well test our Win 10 Image without EUFI, since Secure Boot, and the other features I mentioned will not work without it, and the system will just not boot if we try to switch.

      So, it is interesting to also note, that  MDE 7.1 seems to work fine with this build. So, what changed?

      Has anyone else seen anything like this?


        • 1. Re: MDE 7.2+Windows10 + EUFI + HP Laptop = Frozen PBA Mouse

          Hey Tony


          We are going through the same sort of testing, and we have found a similar UEFI issue, and we get through the PBA screen fine with mouse etc working ok, but there get a black screen and the system never boots. This seems to be due to the boot disk being GPT in the default implementation we are getting. From what I can see in various documents around the Mcafee site there may or may not be an issue with this depending on which one you read. we are running the latest version of DE, and through our discussions with HP on our test models (X360 G2) this could be something to do with the Kabylake processors as its being reported on the 850 G4 Elitebook also.

          If I get any new information I'll post it here

          1 of 1 people found this helpful
          • 2. Re: MDE 7.2+Windows10 + EUFI + HP Laptop = Frozen PBA Mouse

            So it seems that installing the latest BIOS along with updating your Hardware Compatibility list (HCL) in ePO will solve the issue.

            So the first thing to do it update the BIOS.

            If you still have issues, McAfee recommends you have the system take a new read on the latest  HCL. unfortunately, the HCL is ONLY read once! Upon activation. So you would have to completely decrypt the system, and re-encrypt it, in order to read the new HCL! Hopefully the BIOS will solve the issue. It did for us. But you should update your HCL anyway. ePO doesn't do it automatically.

            In ePO. it's under Server Settings / Drive Encryption / Hardware Compatibility Settings. Ours is currently version 68. You will have to get the new XML file from the support portal.