3 Replies Latest reply on Oct 4, 2016 4:03 PM by ja2013

    MfeEpeHost.exe Crash (Drive Encryption)

    dgottinger

      Hello all,

       

      We encrypt all our machines before giving them to users. We have an ongoing issue with some of the machines, and what follows is a description for the one I'm working with now but this is pretty uniform across this batch of laptops.

       

      The drive is encrypted, but in the pre-boot environment, no user names are accepted and we have to use administrator recovery -> machine recovery to proceed. Once in windows, Drive Encryption Status will progress to "Creating Event to sync updated user data", where the McAfee Drive Encryption Agent service crashes, with the following Event Viewer message:

       

      Faulting application name: MfeEpeHost.exe, version: 7.1.3.604, time stamp: 0x579b934b

      Faulting module name: EpePcEncryptionProviderPlugin.dll, version: 7.1.3.604, time stamp: 0x579b9bae

      Exception code: 0xc0000005

      Fault offset: 0x00183fd1

      Faulting process id: 0x1108

      Faulting application start time: 0x01d20d030f03d7ad

      Faulting application path: C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe

      Faulting module path: C:\Program Files\McAfee\Endpoint Encryption\EpePcEncryptionProviderPlugin.dll

      Report Id: 1cc1e13c-05e6-4617-b3f1-7fd0a3770d11

      Faulting package full name:

      Faulting package-relative application ID:

       

      The MfeEpe.log exhibits the following behaviour:

       

      2016-09-12 14:38:21,100 INFO    EpoPlugin                            userHandler: requesting all data for user FF333E42F4AF6148BF980D5B99112857

       

      It requests a number of users with that syntax, then:

       

      2016-09-12 14:38:21,100 INFO    EpoPlugin                            userHandler: dispatching ESUserList event to McAfee Agent

      2016-09-12 14:38:21,100 INFO    EpoPlugin                            userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB71865).

      2016-09-12 14:38:21,146 INFO    StatusService                        Creating Event to sync updated user data

      2016-09-12 14:44:37,891 WARNING EpoMaLpcLog                          Service not available

      2016-09-12 14:44:38,188 WARNING EpoMaLpcLog                          Service not available

      2016-09-12 14:44:38,188 INFO    EpoPlugin                            userHandler: handling UserUpdatesAndAcknowledgement response

      2016-09-12 14:44:38,407 INFO    StatusService                        Updating Drive Encryption users

      2016-09-12 14:44:38,485 WARNING EpoMaLpcLog                          Service not available

      2016-09-12 14:44:38,719 WARNING EpoMaLpcLog                          Service not available

      2016-09-12 14:44:38,938 WARNING EpoMaLpcLog                          Service not available

      2016-09-12 14:44:39,204 WARNING EpoMaLpcLog                          Service not available

      2016-09-12 14:44:41,344 INFO    UserLib                              userLib: user adminaccountremoved (0F50911F4FBD574DA78676BC9ADD85A2) has had UBP updated

      2016-09-12 14:44:43,063 INFO    UserLib                              userLib: user differentadminaccountremoved (80D311ACB427F04FBBB3010DE0B8D1BF) has had UBP updated

       

      These are fresh Windows 10 machines, running Agent version 5.0.4.283, DE version 7.1.3.604; at the outset of this issue they were running Agent version 5.0.3.272, and we tried with 5.0.3.362 as well.

       

      Has anyone seen anything similar, or have any ideas on what direction I should search to find out what the source of this crash is? I saw the issue with trying to add too many users to the machine, but as far as I understood that was fixed in a newer version (which we upgraded to).