Howdy. Let me list vitals, first:
* ePO 5.3.1
* VSE 8.8p6+
* ePO Agent 22.214.171.124+
* Windows 7 64-bit Enterprise SP1 clients; fully updated
* ePO/AD Synch
So, my tale of woe:
I've got a custom Access Protection Policy that's worked fine for a couple years. A couple of months ago, I noticed that machines weren't getting any new blocked apps when I checked the McAfee Console on the local machines. There are a couple of very odd things to this:
* If I modify the items blocked, etc., in the APP, the changes won't trickle down to the client machines, even if I did Wake Up/Force Policy on the ePO side or hit Check New/Enforce Policies in the McAfee Agent Monitor on the client machine -- and I'd see activity in the McAfee Agent Monitor.
* If I play with the Check New/Enforce Policies in the McAfee Agent Monitor, I see activity in the Agent Status window, including things like "Enforcing Policies," but there's no change on the client side.
* If I change the APP on the OU, it'll say that the policy's changed in the ePO console, but, again, no policy change on the client computers. Again, as above, I see activity in the McAfee Agent Monitor.
* If I change the APP by using the "Modify Policies on a Single System" in the ePO console, it'll say that the policy's changed in the console, but, again, no policy change on the client computers. Again, as above, I see activity in the McAfee Agent Monitor.
* We use SCCM imaging. One of the steps before installing an OS, etc., is to add the computer to a Domain and OU. Even if I assign the computer to a Domain and/or OU that uses the McAfee Default APP, the computer gets assigned the custom APP. Really weird. (McAfee software's not on the image.)
The really fun thing is if I downgrade the McAfee Agent to 126.96.36.1990, the APPs work great. No problems. Update to 5.0.2 or better? Start having the problem again. An extra fun thing is that I've got folks that are managed by a different server admin and they can switch back and forth to my custom APP without any problem. It's also not a network problem: if I take a freshly-imaged computer and put it on a different network segment, it still has problems.
I haven't had a chance to test on Windows 10 computers. I'm in the process of building an OS-only Windows 7 VM, as well. I'd love to say that this was a Windows Update that causes this problem. I'm also going to just wipe out my custom policy to see what happens.