1 2 Previous Next 19 Replies Latest reply on Dec 7, 2017 8:39 AM by bandit61

    VSE 8.8. P10 with ePo 5.3.3 (build 279)

    bandit61

      Out of 400 systems, we found one w7-notebook (at the moment) with a strange behaviour: not updating but telling update successful. what we did already

       

      -) uninstall agent 5.0.6.220

      -) uninstall vse 8.8.1906

      -) unabled access protection via policy, worked on the special notebook as well

      -) next installed both products

      -) booted the notebook

       

      Now it shows up in the ePo-Console just with agent and mcdatrep installed, not showin vse. Locally we find that VSE 8.8.1906 is installed.Wakeup agent

      shows success, updates the timestamp as well. I have some printscreens and log-files attached.

        • 1. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
          cdinet

          We would need more logs than what is posted.  The logs in the agent\logs folder, as well as the install logs from VSE and the agent - should be in windows\temp\mcafeelogs.  Preferable would be a mer from the system to view some registry entries and all relevant logs. (mer.mcafee.com - run the mer as administrator and choose vse and the agent as products).

          There are several reasons for VSE not showing installed.  See KB60593 for one.  Are all the McAfee services running in services?  Does the agent log show any policy enforcement, property collection, or plugin errors for VSE?  That would be in the masvc log.

          • 2. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
            bandit61

            Sorry, found out that some of the printscreens were just black. Grabbed the last 5 minutes from the user before going home to get more logs. Found some remains in the temp-folder of this notebook fo the McAfee Agent AAC Host. I assume the cleanup-job shoudl get rid of this.

            • 3. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
              bandit61

              Downloaded the actual mer.exe and will run it tomorrow morning.

               

              thanks for your advise

              • 4. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
                bandit61

                Checked KB60593: Plugin Flag for both 32/64: value is 0x00000000 (0)

                 

                compared to another w7-notebook all services are running

                 

                masvc.log is in notebook_2.zip

                • 5. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
                  cdinet

                  2017-11-30 15:00:00.417 macompatsvc(6224.7180) plugin.Error: Failed to open the plugin = C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsPlugin.dll 5

                  2017-11-30 15:00:00.418 macompatsvc(6224.7180) plugin.Error: Failed to initialize the plugin for product id = VIRUSCAN8800 and plugin path = C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsPlugin.dll.

                  2017-11-30 15:00:00.418 macompatsvc(6224.7180) compatbase.Error: Manageability client initialization failed for the application VIRUSCAN8800, error = 2003.

                  2017-11-30 15:00:00.418 macompatsvc(6224.7180) cmasvc.Error: Manageability client initialize/start failed for the application VIRUSCAN8800.

                   

                  The mer will tell us a little more, but it is clear there are issues with the VSE plugin.  You might want to try removing VSE, reboot, then reinstall and reboot again after install to see if that resolves before running the mer.

                  • 6. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
                    bandit61

                    Sorry for the delay, but here comes the result of the MER, before i uninstalled

                    and cleaned the workstation.

                    • 7. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
                      bandit61

                      Installed VSE P9 an connected to ePo-console successfully. The Auto-Update-Task installed P10, the VSE P10 and the actual agent 5.0.6.220 show up in the ePo-console now.

                      The Dat-File is on 1111.0000, but should take up from the repository in the next hour. Now the user ist logged-on and we will see, how it progresses. Actually I took a second MER before i handed the computer back to the user.

                      • 8. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
                        bandit61

                        Update:

                         

                        after more than 24h, the notebook doesn't update to the newer dat-file, still on 1111.0000. The update from the epo-server failed, as well as the AutoUpdate from the client virusScan-Console.Still getting the same error: "Errro occured while getting point product callback component interface". In the client-console telling update successful tuesday, 5 of dec 2017 at 1pm:08:17.

                         

                        compared the registry-content from a similar notebook and found out the following entries missing but can't tell the reason why at the moment

                         

                         

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\MCDATREP1000]

                         

                        "Plugin Path"="C:\\Program Files (x86)\\Common Files\\McAfee\\DATReputation\\mgmtplugin\\datrepmp.dll"

                         

                        "Language"="0409"

                         

                        "McTrayAboutBoxDisplay"=dword:00000000

                         

                        "Software ID"="MCDATREP1000"

                         

                        "Product Name"="McAfee DAT Reputation"

                         

                        "Version"="1.0.4.385"

                         

                        "Uninstall Command"=""

                         

                        "Plugin Flag"=dword:00000000

                         

                         

                         

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8800]

                         

                        "EngineInstallDate"="20170823152844"

                         

                        "EngineVersion"="5900.7806"

                         

                        "DatDate"="20171205"

                         

                        "DatInstallDate"="20171205081228"

                         

                        "DATVersion"="8735.0000"

                         

                        "ExtraDatInstallDate"="20170823170005"

                         

                        "LastExtraDATVersion"="2017.0628.0637.55"

                        • 9. Re: VSE 8.8. P10 with ePo 5.3.3 (build 279)
                          cdinet

                          from the mer, it looks like you are running into issues with our processes being injected by 3rd party dll's and vse/agent processes are being blocked.  Here is a screenshot of all the instances of this occurring in the system event log.

                           

                          To resolve this, attached is a tool that will detect and add to the McAfee trust, any dll's that are injecting and causing this issue (refer to KB74176 for more info).  Please remove VSE and the agent, reboot, run this tool, then reinstall the products and see if that resolves.  Run the setup file.

                          1 2 Previous Next