in addition to EXPLORER.EXE process... Looks like when file explorer is called, or any file is right clicked on to call a menu, explorer.exe after going via mcafee reg keys tries to access some scan process that is mentioned in registry, and looks like this is when svhost.exe calls msiexec with parameter /v which is why msibox is displayed.
however the whole reason why this is happening is unknown, and why threat prevention tries to reinstall itself, or may be fix itself... there's nothing in mcafee log, and I can't trace what file msiexec is actually executing. and more importantly why the msibox is even visible
I can't even check in 10.5.2. If I try to check in the components through the software manager in ePO, platform first, it just hangs at 50%. I have to stop and restart the services, log back into ePO and then when I look it appears to have been checked into the repository, but still appears as an update that needs to be check in/updated.
There is a KB that indicates a hotfix was released on the 12th, but it is nowhere to be found on the My Products download pages, the ePO software manager or otherwise. I guess I should consider myself lucky?
I added all stuff from the master repository, download install packages from mcafee web and check them in using the repo
We have this same issue, luckily we haven't widely deployed ENS 10.5 yet but this has cropped up on our test users and is preventing any further roll out for us.
We also running EPO 5.3.1 and the clients are Windows 10.
No problems until we checked in Patch 2 for ENS.
Any help would be appreciated.
Thank you for the reply. For whatever reason if I try to download and check in that way it still results in either a outright failed result or hangs at 50% indefinitely. And more frustrating as mentioned above is that platform appears to be both check in and needing to be check in.
the only solution that I've come up was to remove all ENS 10.5.2 patches and just check in 10.5.2 install packages. Then I pushed the deployment of 10.5.2 on devices that had 10.5.1 installed. No msibox. For the affected machines that had previously received the 10.5.2 patches (not full install packages!) I created a temp self protection policy with an exclusion for msiexec.exe process. After that on the affected machines msibox appears only once, fixes itself and that's it. I investigated further, and it looks like msibox is triggered because something is wrong with Scan for threats icon that is present on a context menu, when you right click on the file..
no idea...I guess you need to drill through the logs on the ePO server to see what's going on. my approach usually is if I can't check in a package via software manager I do it manually and it always works. I would also try to delete all the ENS packages from master repository and try to recheck them manually by downloading zips. Also don't forget to check in relevant extensions
Thank you for replying and my apologies for the hijack.
I had tried removing all the ENS stuff in the repository and it would fail and all content would remain, but figured I would try again and messed with the order of removal and it worked. Checking in then succeeded.
Now, not sure if that was a good or bad idea yet as I haven't started updating clients by that means, though I have used the standalone installer without any issues. We'll see.
Mcafee have a support document for this issue now and a workaround.
Going to hold off deploying 10.5.2 for now until this is properly fixed.
Thanks for the link mate!
I was on HipHandlers64.dll actually when I was monitoring the processes, but droped it because only a few clients had this file missing. In fact, when I copied this file to the clients that originally had is missing it helped only for a couple of days. After that msibox started appearing again.
Well, hopefully the fix will fix it