7 Replies Latest reply on Oct 6, 2011 9:43 AM by RobertM

    Problems with McAfee Solidcore deployment

      Hello everyone.

       

      We have a complex deployment of McAfee products. HDLP+EEPC+AppControl. We faced with a problems like:

      1. MS IE is not working. It starts normally and we are able to navigate customer's internal web-site, but when we are trying to navigate the Internet, IE hung. Nothing in the logs. Any executable  file was not blocked by AppControl that moment.
      2. From some time Application Control agent didn't apply the policies, that are sent to him from ePO. McAfee agent get the policy package from ePO, but the changes from that package didn't affect Application Control. So it is impossible to make any changes to ApplicationControl agent. At some machines we were able to uninstall AppControl, but it was still impossible to apply policies to EEPC, for example. At some machines we totally lost control over AppControl agent (remote and local CLI). But log to ePO from this machine are sending correctly. All this problems starts right after soldifying and enabling application control.

       

      Did anyone face some king of problems, I've just described?

       

      I will appreciate any type of your help.

       

      Regards, Evgeny,

        • 1. Re: Problems with McAfee Solidcore deployment
          RobertM

          Is it possible to disable HDLP and EEPC to isolate problem? It will be helpful to have gatherinfo logs.

          • 2. Re: Problems with McAfee Solidcore deployment

            Hello, Robert.

             

            In fact we solve this problems, but face another one -  We have got a case when McAfee Application Control blocks McAfee agent. We can fix this by switching off memory protection feature.  But when we are talking aboutdeploying appControl at 2000 machines, we are facing the difficulties – First we deloy McAfee agent, when we deploy AppControl, But then AppControl blocksMcAfee agent BEFORE McAfee agent is able to get the policies from ePO with the command to disable memory protection. So we are facing the situation when McAfee agent is blocked by appcontrol and mp could not be disabled remotely,because of that. Do you know how could we fix this situation and disable mp before activating AppControl?

            • 3. Re: Problems with McAfee Solidcore deployment
              RobertM

              Solidcore had issue with policy are randomly remove prior to 5.1.2. This might be the case if you deploying 5.1.1.

               

              McAfee Default policy is applied and it has all updaters and attr list for McAfee Agent. I suspect the default policy was partially apply when SC Enable task took over sadmin cli. I suggest you defer initial scan for SC enable task. This will push license to Solidcore Agent and boot system with Solidcore in update mode. Check updaters and attr list after reboot before pushing initial scan client task to Solidcore Agent. I recommend upgrade or deploy Solidcore 5.1.2.

              • 4. Re: Problems with McAfee Solidcore deployment

                Hello, Robert.

                 

                Thanks for you reply. It is very helpful. We already use 5.1.2. So now we have another confusing moment. We defer initial scan from SC enable. But when we sent only SC enable task to the machine with force reboot, after reboot machine is in update mode (just as you told us), but thus mp is enabled in update mode also, McAfee agent stops working.... So we are in the situation when we need to sent SC enable task without reboot, then sent "sadmin features disable mp" comand and only then reboot the machine. But it is a hard task for the machines that are offline right now, because we can't order the sequence of the tasks... Because if "sadmin features disable mp" comand task will come to the machine before "SC enable" task, the we will still lost a machine (due to McAfee agent will be stopped by AppControl).  So we face a problem that we could not control the order ot the tasks deployment. What do you think about it?

                • 5. Re: Problems with McAfee Solidcore deployment
                  RobertM

                  Can you provide solidcore.log, s3diag.log, checklist.txt, andMcScript.log? I want to see what Solidcore is doing with client task.

                  • 6. Re: Problems with McAfee Solidcore deployment

                    Hello, Robert.

                     

                    We solve the problem with the use task scheduling. But we face another issue with WinXP machines - at some machines after Appcontrol activation, initil scan and following reboot the machine went to the blue screen like this and then machine went to the loop reboot. Have you ever faced something like this?http://forum.wisecomp.ru/files/206_1255494664.jpg_919.jpg

                    • 7. Re: Problems with McAfee Solidcore deployment
                      RobertM

                      There are some tests we can perform to narrow the issue. It is advisable to also test with the latest 5.1.2 release.

                       

                      1. Reboot system with Solidcore in update mode. Do the system boot normal?

                      2. Disable Solidcore and disable memory protection (sadmin features disable mp). Enable Solidcore and reboot.

                       

                      The two test will determine if Solidcore is preventing Windows necessary services from running. This is a complex issue you should raise an issue with McAfee Support. Please configure system for full memory dump and provide dump file along with gatherinfo to McAfee Support.

                       

                      Thank you.