We encrypt all our machines before giving them to users. We have an ongoing issue with some of the machines, and what follows is a description for the one I'm working with now but this is pretty uniform across this batch of laptops.
The drive is encrypted, but in the pre-boot environment, no user names are accepted and we have to use administrator recovery -> machine recovery to proceed. Once in windows, Drive Encryption Status will progress to "Creating Event to sync updated user data", where the McAfee Drive Encryption Agent service crashes, with the following Event Viewer message:
Faulting application name: MfeEpeHost.exe, version: 188.8.131.524, time stamp: 0x579b934b
Faulting module name: EpePcEncryptionProviderPlugin.dll, version: 184.108.40.2064, time stamp: 0x579b9bae
Exception code: 0xc0000005
Fault offset: 0x00183fd1
Faulting process id: 0x1108
Faulting application start time: 0x01d20d030f03d7ad
Faulting application path: C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
Faulting module path: C:\Program Files\McAfee\Endpoint Encryption\EpePcEncryptionProviderPlugin.dll
Report Id: 1cc1e13c-05e6-4617-b3f1-7fd0a3770d11
Faulting package full name:
Faulting package-relative application ID:
The MfeEpe.log exhibits the following behaviour:
2016-09-12 14:38:21,100 INFO EpoPlugin userHandler: requesting all data for user FF333E42F4AF6148BF980D5B99112857
It requests a number of users with that syntax, then:
2016-09-12 14:38:21,100 INFO EpoPlugin userHandler: dispatching ESUserList event to McAfee Agent
2016-09-12 14:38:21,100 INFO EpoPlugin userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB71865).
2016-09-12 14:38:21,146 INFO StatusService Creating Event to sync updated user data
2016-09-12 14:44:37,891 WARNING EpoMaLpcLog Service not available
2016-09-12 14:44:38,188 WARNING EpoMaLpcLog Service not available
2016-09-12 14:44:38,188 INFO EpoPlugin userHandler: handling UserUpdatesAndAcknowledgement response
2016-09-12 14:44:38,407 INFO StatusService Updating Drive Encryption users
2016-09-12 14:44:38,485 WARNING EpoMaLpcLog Service not available
2016-09-12 14:44:38,719 WARNING EpoMaLpcLog Service not available
2016-09-12 14:44:38,938 WARNING EpoMaLpcLog Service not available
2016-09-12 14:44:39,204 WARNING EpoMaLpcLog Service not available
2016-09-12 14:44:41,344 INFO UserLib userLib: user adminaccountremoved (0F50911F4FBD574DA78676BC9ADD85A2) has had UBP updated
2016-09-12 14:44:43,063 INFO UserLib userLib: user differentadminaccountremoved (80D311ACB427F04FBBB3010DE0B8D1BF) has had UBP updated
These are fresh Windows 10 machines, running Agent version 220.127.116.113, DE version 18.104.22.1684; at the outset of this issue they were running Agent version 22.214.171.1242, and we tried with 126.96.36.1992 as well.
Has anyone seen anything similar, or have any ideas on what direction I should search to find out what the source of this crash is? I saw the issue with trying to add too many users to the machine, but as far as I understood that was fixed in a newer version (which we upgraded to).