5 Replies Latest reply on Jan 3, 2012 4:20 PM by SteveKaye@Baird

    VSE 8.8 w/Patch 1 - mfeavfk.sys BSODs?

    SteveKaye@Baird

      Has anyone noticed the resurfacing of the mfeavfk.sys blue screens after upgrading to VirusScan 8.8 patch 1?  This seems to be a regression of https://kc.mcafee.com/corporate/index?page=content&id=KB60216 which affected the 8.5i client.

       

      Message was edited by: SteveKaye@Baird on 12/13/11 12:19:58 PM CST
        • 1. Re: VSE 8.8 w/Patch 1 - mfeavfk.sys BSODs?

          Post a dump or call support.  I haven't seen any BSOD's with 8.8 patch 1 specifically so we'd need to take a closer look.  Not a known issue.

          • 2. Re: VSE 8.8 w/Patch 1 - mfeavfk.sys BSODs?
            SteveKaye@Baird

            A ticket has been opened. 

            • 3. Re: VSE 8.8 w/Patch 1 - mfeavfk.sys BSODs?
              SteveKaye@Baird

              We updated from 8.7i patch 4, not patch 5.  I wonder if this has something to do with it.

               

              Release notes for VirusScan 8.7i Patch 5

              https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23040/en_US/VSE87i_Patch5.pdf

               

              Check out item #21:

               

              Issue: A Bugcheck 1E, 7E, 8E, or D1 could occur when closing multiple programs or while logging out. (Reference: 675294,

              676551, 678439, 678551, 678561, 679729, 683416, 683577, 686304, 686007, 686662, 686665, 695367)

              Resolution: Addressed a timing defect that could cause the driver to schedule delayed cleanup of process data that was already in the process of being cleaned up.

              • 4. Re: VSE 8.8 w/Patch 1 - mfeavfk.sys BSODs?
                SteveKaye@Baird

                McAfee has identified a compatibility issue in the VirusScan driver code of several McAfee productswhen interacting with McAfee Host DLP 9.1+.

                This issue is critical, but the risk of encounter is low.

                Specifically, when any of these products — VirusScan Enterprise (VSE) 8.8 Patch 1, VSE 8.7 Patch 5, *OR* Host Intrusion Protection (HIPs) 8.0 Patch 1 — are operating on the same system as Host Data Loss Prevention (HDLP) 9.1+, random BSODs (Blue Screens of Death) may occur.PLEASE NOTE that HDLP does not need to be configured, only active on endpoints for this random issue to occur.

                VSE 8.8 Patch 1 is functional and operational, and resolves numerous VSE issues.  McAfee will resolve the incompatibility with a VSE and/or HIPS patch.

                RECOMMENDATIONS
                1.  If you DO have HDLP 9.1+ installed on a system running VSE and HIPS, do NOT upgrade to any of the following versions:
                    - VSE 8.7 Patch 5
                    - VSE 8.8 Patch 1
                    - Host IPS 8.0 Patch 1
                   Wait to install VSE 8.8 or HIPS 8.0 with the hot fixes as soon as they are available.

                2.  If you DO have HDLP 9.1+ *AND* the affected VSE/HIPS versions installed on the same system, de-install HDLP. This can be accomplished via ePO. Wait to install VSE 8.8 or HIPS 8.0 with the hot fixes as soon as they are available.

                3. If you do NOT have HDLP 9.x installed on any system in your production environment, proceed with the VSE 8.8 Patch 1, 8.7 Patch 5, or HIPS 8.0 Patch 1 installations. Again, VSE 8.8 Patch 1 is functional and operational, and resolves numerous VSE issues.

                For further information, please reference the McAfee KnowledgeBase. Log in to mysupport.mcafee.com and search for KB73722.

                • 5. Re: VSE 8.8 w/Patch 1 - mfeavfk.sys BSODs?
                  SteveKaye@Baird

                  Please see the following:

                   

                  KB73722:
                  https://kc.mcafee.com/corporate/index?page=content&id=KB73722&pmv=print

                   

                  Intermittent BugChecks might occure when running VSE 8.7i Patch 5, VSE 8.8 Patch 1, or Host IPS 8.0 Patch 1 with Host DLP 9.x

                   

                  McAfee Engineering has determined that there is a defect in a kernal component collectively used by VSE 8.7i patch 5, VSE 8.8 Patch 1 and Host IPS 8.0 Patch 1.

                   

                  Host DLP 9.1 exposes the defect intermittently, causing one of the two bugchecks below...

                  ccroff wrote:

                   

                  Post a dump or call support.  I haven't seen any BSOD's with 8.8 patch 1 specifically so we'd need to take a closer look.  Not a known issue.