1 2 Previous Next 19 Replies Latest reply on Feb 2, 2010 11:38 AM by Science.Copperfield

    Chronic Issues Once The DLP Agent is installed on any system...

      I have updated recently to DLP v3 and v4 in order to try and fix this problem. I am afraid it hasn't resolved it.

      We are attempting to set up a DLP policy using DLP to restrict the usuage of USB sticks in the firm.

      I can install the McAfee Agent (EPO) and the EEFF Agent and they work fine. However as soon as I install the DLP Agent I and reboot I get chronic issues. The majority of the items that should start and run in the system tray simply do not start and accessing any applications becomes are difficult process (you have to go through several "this application is already being used" messages).

      Also the majority of devices lose their drivers and are shown in the device manager with exclamation marks.

      In order to fix this I have to follow the instructions below before I am able to run the un-install process for the agent:

      Disable the registry keys related to DLP:
      Click Start, Run, type Regedit and press ENTER.
      Navigate to each of the following keys, right-click each one, select Modify and set the Value Data to 4:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeDLPAgentService\ [START]
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcdrv1\ [START]
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcdrv2\ [START]
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcdrv3\ [START]
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcdrv4\ [START]
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcdrv5\ [START]
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeFramework\ [START]


      Rename the following files in the Agent directory:
      Navigate to: C:\Program Files\McAfee\DLP\Agent.
      Locate the following files:

      fcag.exe
      fcags.exe
      fcagt.exe
      fcagte.exe

      Right-click each file, select Rename and add BAK. to the beginning of the file name.
      Restart the client computer.
      The DLP agent will not load when the client restarts. To uninstall the DLP Agent use, one of the MSI removal methods above.

      Any help you are able to give will be very much appreciated as obviously this is causing a huge issue going forwards. Clearly there is either an issue with what we are doing or the set up of our systems.

      Many Thanks,

      Steve.
        • 1. RE: Chronic Issues Once The DLP Agent is installed on any system...


          I never know of a dlp agent 4.0. Yes they have dlp 3.0. Can you elaborate a little bit - how you deployed dlp and mee? What is your environment (client OS, laptop make etc)

          - A
          • 2. RE: Chronic Issues Once The DLP Agent is installed on any system...
            Apologies.... It is DLP v3 and EPO v4.5 after the upgrade.

            The laptop in question is Windows XP fully patched.

            I have been trying it on imaged machines but am just about to try a basic windows install.... and just install DLP nothig else.... see what happens.....
            • 3. RE: Chronic Issues Once The DLP Agent is installed on any system...
              Ok so we now know that the issue is an incompatibility with CA Etrust 8.1 (which we have on all 1300 machines!) and DLP (of any version) - Our resellers have also confirmed this as they have managed to replicate the problem at their site......

              I have managed though some extensive googling to find that a few other people have reported issues with the same thing but as of yet no conclusive fixes.....

              Any suggestions always apprecited.....

              I have tried adding E-Trust to the trusted applications list in DLP and also adding DLP as an exception in ETrust.....
              • 4. Re: RE: Chronic Issues Once The DLP Agent is installed on any system...

                In my environment, users have been experiencing blue screen of death.  One instance was java.exe crashing on fcdrv1.sys, and the other was scan32.exe crashing on fcdrv1.sys.  Renaming fcdrv1.sys to something else fixes the issue of the computer blue screening...but I don't know what effect this has on the overall security of the system, or what it does to the DLP agent.

                 

                Can someone tell me exactly what fcdrv1.sys is supposed to do?

                • 5. Re: RE: Chronic Issues Once The DLP Agent is installed on any system...

                  Hi Steve,

                   

                  Have you had any luck with this, I deployed it to about 50 workstations on friday and was hit hard with exactly the same thing. We run CA Etrust 8.1. I need to deploy it to 1500 within the next month.

                   

                  To get our users back up and running I had to uninistall the Etrust , then remove the DLP and then reinstall the Etrust.

                   

                  Damit nothing is straight forward.

                   

                  Cheers for your input, If I had not found your post I would have been lost.

                  • 6. Re: RE: Chronic Issues Once The DLP Agent is installed on any system...

                    Hi Steve,

                     

                    Have you had any luck with this, I deployed it to about 50 workstations on friday and was hit hard with exactly the same thing. We run CA Etrust 8.1. I need to deploy it to 1500 within the next month.

                     

                    To get our users back up and running I had to uninistall the Etrust , then remove the DLP and then reinstall the Etrust.

                     

                    Damit nothing is straight forward.

                     

                    Cheers for your input, If I had not found your post I would have been lost.

                    • 7. Re: Chronic Issues Once The DLP Agent is installed on any system...
                      maziz

                      Hi

                       

                      I have seen this case before and the issue seems to be with the eTrust driver.

                       

                      We tested McAfee DLP alongside an older driver of eTrust and their were no issues, so its something thats been updated in the eTrust driver.

                       

                      You may want to raise / log this issue with eTrust but please can you also try the following on 1-3 machines:

                       

                      Click Start, Run, type regedit and click OK.
                      Navigate to the following key:

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\INO_FLTR\Setting]


                      Create a new DWORD value, name it Controls, and assign it a value of 3 (decimal).
                      Restart the computer.

                       

                      Thanks.

                      • 8. Re: Chronic Issues Once The DLP Agent is installed on any system...

                        Hi,

                         

                        See Mo's response...... this was what fixed it for us....... Modifying the reg key fixed machines with existing problems and also new installs.....

                         

                        I have been up and running for about a month now after applying the same reg fix that Mo has pointed out......

                         

                        It took a good 4 months to get one of the two companies to give us a fix though which was pretty frustrating but at least we got thefre in the end!!!

                         

                        Steve.

                        • 9. Re: Chronic Issues Once The DLP Agent is installed on any system...

                          Hi:

                           

                          Here's the thing...in my environment we are *not* using E-Trust.  We are using McAfee ePO Antivirus (or a reasonalble combination thereof).

                           

                           

                          Our desktop images are based on images past...updates/uninstalls/newinstalls, etc.  We haven't built a new desktop image from scratch in a while...probably something we should do, but for now.....   In our history, we *used* to have E-Trust, but haven't since about 2006.  So I thought, could there be some old, stale registry entry?  Or could it be that we have deployed within our enterprise many other CA product such as DSM and Unicenter?  Some shared, reused code in a dll perhaps?  All speculation, I just don't know.  What I do know is that my developers bluescreen consistently when trying to compile java code.  And in one instance, a non-developer simply bluescreened while staring at an email.  In that case, Scan32.exe (the McAfee antivirus executable) conflicted with fcdrv1.sys.

                           

                          Renaming fcdrv1.sys to something else stops the blue screens.  But I still don't know what this file is for, or if renaming it has any effect on the DLP agent or overall security of the system.

                           

                          Can anyone tell me what the function of this fcdrv1.sys file is?

                           

                          Thanks....

                          1 2 Previous Next