9 Replies Latest reply on Jun 27, 2011 8:50 AM by Timmah

    EEPC 6.0.2 Will not de-activate

    kink80

      I am trying to get a Windows 7 64-bit machine to remove EEPC 6.0.2 and the EEPC Agent 1.0.2 but I cannot get the product to de-activate so it will not decrypt. I have the EEPC Product Settings set with the Enable checkbox unmarked which I thought would trigger decryption. I looked at the client log and saw no errors and it logged that the machine received the correct policy but it still lists the System Staet as "Active". What else am I missing?

        • 1. Re: EEPC 6.0.2 Will not de-activate
          whgibbo

          Hi,

          You are correct, by removing the check with the 'Enable' check box will tell any client assigned this policy to start decrypting any encrypted drives.

          Have you performed a wakeup agent on this client with Force Policy ?

           

          If that does solve the problem, then we would need to look at the MfeEpe.log for any errors.  If you can attach it, I will have a look at if for you..

           

          Hope this helps.

          • 2. Re: EEPC 6.0.2 Will not de-activate
            kink80

            Hello whgibbo,

              I have done an agent wake up call with the Force Policy and the machine still reports as Active and encrypted. I have attached the MfeEpe.log from the problem machine. I have logging set to "4" right now.

            • 3. Re: EEPC 6.0.2 Will not de-activate
              whgibbo

              Thanks for the log file, can't seen any problems in there at the moment.

               

              Would help if you could also attach the McAfee Agent Log and answer the following questions:

              1. How many machines do you have managed by ePO?
              2. How many of those machines have EEPC installed ?
              3. Are you using policy assignment rules?
              4. What is the Agent Server Communication Interval (ASCI) ?

               

              Many thanks

              • 4. Re: EEPC 6.0.2 Will not de-activate
                kink80

                Thanks for looking at the logs for me. I have attached the agent log for the problem machine.

                 

                1. How many machines do you have managed by ePO?  ~12,000
                2. How many of those machines have EEPC installed ?  ~88 (we are in the pilot phase)
                3. Are you using policy assignment rules? No.
                4. What is the Agent Server Communication Interval (ASCI) ? 120 minutes.
                • 5. Re: EEPC 6.0.2 Will not de-activate
                  kink80

                  This morning when I powered up the laptop that would no de-activate it de-activated and started decrypting the HDD. I did not change anything on this machine or its policies. This is also not the first time since discovering the problem that I have shutdown and restarted this machine. This is just plain weird. I am glad that it de-activate but why did it take 2 days to start? This is a test machine and I had the time to see what would happen if I left the machine as is but this would not be possible if this were a production machine that needed endpoint encryption removed.

                  • 6. Re: EEPC 6.0.2 Will not de-activate
                    dwebb

                    Is there a firewall or NAT between the client and ePO or the Agent Handlers?

                    • 7. Re: EEPC 6.0.2 Will not de-activate
                      kink80

                      No and everything else is working correctly. I can send wakeup calls and send the machine properties back up to the ePO server.

                      • 8. Re: EEPC 6.0.2 Will not de-activate
                        SCtbe

                        Reaction on EEPC policy change is different like for example with VSE or even MA it is no so quick. Probably because of data channel which must to be created, so there is always some noticeable delay, sometimes it is even few minutes. From my experience it will vary and most likely depends on ePO server load.

                        • 9. Re: EEPC 6.0.2 Will not de-activate
                          Timmah

                          Hi kink80,

                           

                          If you do see this again, try checking the task manager to see if the MfeEpeHost.exe process is using CPU. If it's consistently using non-trivial CPU %, then it may actually be decrypting, but failing to report the status. It would be helpful to find out which it is.

                           

                          Cheers,

                           

                          Tim