Okay, I read the following post: https://community.mcafee.com/thread/20385?decorator=print&displayFullThread=true and it didn't help me because Rule 4055 is not listed in my IPS Rules.
I have a CITRIX system with roaming profiles (profiles are added/removed as people log in/out because we have load balancing servers.)
McAfee appears to be storing log files inside of a user's profile and then locking that profile so it can't be loaded onto the selected load balanced server at login.
Is this normal behavior and/or is there an easy fix? The thrid post in the link I provided above mentioned specifying a local directory for the agent to use as it's data directory, has anyone tried that and if so, what problem did it fix? Is there a "protect product folders" rule other then 4055 in order to delete improper storage of McAfee logs file (HIPS App File) within the user profile. I'm thinking that HIPS should never store it's log files inside of a user's home directory.
Once this happens, McAfee locks the user profile from roaming properly on our system.
Another thought I'm having is to create a container that has adaptive/learn mode setup and then put the affected systems into it so it can learn normal behavior. Haven't done this in practice, only read about it.
Any guidance is greatly appreciated.
For this problem, we changed our VirusScan setting to not scan files on network shares and it appears to have resolved this issue.