In the secondary environment did you test with the first user still logged in (they may lock the screen)?
This is from the 9.3 Readme:
Multiple user sessions
Fast User Switching (FUS) on Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, and Windows Server 2012 is now supported with multiple user sessions. If Plug-and-Play device rules are differentiated by user, the most restrictive rule is applied to all user sessions.
I upgraded our test environment to 9.3 and multiple user sessions are now working.
However, a major issue I have discovered is when upgrading from 9.2 to 9.3 the McAfee Agent does not pull policy for DLP after rebooting. As a result no policies are enforced, DLP is inactive and the system is left unprotected. The only way to get the newly upgraded clients to pull policy is to go into the DLP console and apply the policy which increases the Policy Revision Id and Global Agent Configuration Revision Id. Please advise.
McAfee Agent 22.214.171.12422 and McAfee DLP Endpoint 126.96.36.1997.
From the 9.3 Readme:
If you are upgrading from an older version of McAfee Data Loss Prevention Endpoint (McAfee DLP Endpoint), verify that the DLP Policy Push task is scheduled to run every 2 hours. This new ePolicy Orchestrator Server Task pushes McAfee DLP policies to endpoint computers that have no DLP policy. The task is optimized for performance and does not push a policy to endpoints that have already received that policy.
This server task is necessary because ePolicy Orchestrator 4.5 and 4.6 fail to push policies to products whose internal product code ID has changed. Since McAfee DLP Endpoint client 9.2.2xx has a new product code, this task must be run periodically until all endpoints are upgraded to McAfee DLP Endpoint client 9.2.214.