Been trying for hours to resolve an issue where failed updates in the past had put the agent into a not behaving state (wont take updates, deployments from ePO, wont enforce new policies, using the uninstall by command wont work even with the /forceuninstall option.
The issue is two part, 1 of a known issue and one that is not. The known part of this is the issue where naprdmgr (product manager) has been running for greater than 7 days. By design, the service tries to restart itself, but VSE stops it from restarting due to the “Prevent McAfee Services from Being Restarted” option being on in policy. Yes, that’s correct, It didnt even even trust itself to restart the service lol. Only resolution for the known issue from McAfee is “This does not occur with McAfee Agent 5.x. Well that’s great, but once the system is in this state, the Agent stops listening to ePO and therefore you can’t push the new agent 5.x to it (or install locally etc.). In some cases restarting the McAfee Framework Service will resolve it locally, in most cases it will not. McAfee released VSE P9 and said it greatly improved the validation process of trusted services (which tells me basically to expect inconsistent validations without). Again, this is great but how do you get the new policy\patch to apply to the machine if its not responding as described above? The other part to this is this can happen when trying to upgrade a older agent\product to a new one without following the recommended upgrade path. Failed installations\upgrades leave file mismatches and can\will create the agent to be in a funky state.
Well, here it is!
Open a command prompt on the local machine and enter this….
REG ADD "HKLM\Software\Wow6432Node\McAfee\SystemCore\VSCore\On Access Scanner\BehaviourBlocking" /v APEnabled /t REG_DWORD /d 0 /f
This will turn off the Access Protection\Self Protection, thus allowing the agent to now restart the services needed to perform upgrades\updates from ePO. This can also be performed to remote machines by psexec, sms task, or any other remote admin tool you want to use.
Behaviors to look for this to be as a fix
Agent log can\will show “failed to restart Product Manager”. This is naPRDmgr.exe
Agent log can\will show agent sub system is in a failed state, or failed to restart agent subsystem
Agent fails to enforce new policies defined on the Epo that is assigned to the agent
Deployments of products\agent installs fail even with the force install option