This is an issue, I just had it for about 20 machines over two days in our environment.
They are meant to be close to resolving the issue for good Im told...but, its been outstanding for ages already;
why don't you just turn the DAT verification off? If you have >1500 machines then I'm quite sure you would like them to get the DATs from ePO - and you may already use some staging in epo?
btw: maybe s.o. has some details on how the verification exactly works - e.g. does the client need direct internet/web access or does it work client > epo > mcafee, too? and what is exactly verified? Only that some DAT is know to cause problems (and therefore is not installed), or e.g. "DAT causes problems but only if also office 2013 is installed" (so if no office is installed, DAT will be installed, though)
I turned the policies off for Dat Reputation, it removed itself from showing as a product in EPO for that machine, yet still had the issue - would of loved for that to be the solution.
Only editing the file listed in the KB article from McAfee and that link, did it resolve the issue for the machine.
Uninstalling and cleaning the registry of all mcafee products resolve it also, however that is an intensive task to do on a few machines.
Easier to remove protection and agent protection of mcafee files and copy a file across to affected machines.
The relationship between workstation and AD wasnt the issue - as soon as access protection disabled, I could log in.
Funny thing is, as soon as I enable access protection, even though nothing is Blocked, only reporting...it still caused the issue.
Safe mode worked in some cases, but not in others - people were on holiday and had come back and they were the ones who had the issues, only link we could find between them.
See this thread for a fix;
I have been told that there will be a fix released on the 16th Feb and VSE Patch 7 is meant to be released on 17th Feb and hoping this fix can be incorporated in it before it comes out in two weeks