1 Reply Latest reply on Feb 17, 2017 7:32 AM by mmccarthy

    Exploit Prevention disabled




      After upgrading to ePO 5.3.2 I've a couple of machines with ENS 10.2 installed that are detecting issue Exploit Prevention is disabled.


      Could anyone point me to the right troubleshooting direction?

        • 1. Re: Exploit Prevention disabled



          Same issue after upgrade to Windows 10.  Found this:


          Issue: When you upgrade an endpoint with ENS 10.5 installed from Windows 7 x64 to Windows 10 x64, Exploit Prevention fails to initialize and remains disabled.


          Cause: The issue is caused by a race condition between mfetp and the VSCore driver, ESP, or MA Service during the installation flow. This race condition leaves the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfeepmpk\Enum set to 1 by mistake, indicating a failure during initialization. The end result is that Exploit Prevention remains disabled and cannot be initialized.


          Workaround: Perform the following steps to avoid the issue: 

          1. Before starting the Windows 10 upgrade process, disable ENS Self Protection.
          2. Press Windows+R, type regedit, and click OK.
          3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfeepmpk\Enum.
          4. Set INITSTARTFAILED to 0.
          5. Enable ENS Self Protection.
          6. Start the Windows 10 upgrade process.


          here: McAfee Corporate KB - Endpoint Security 10.x Known Issues KB82450


          but have yet to find a fix for when you did not know to do the above and you want to clear the red exclamation mark after the fact.


          Any suggestions?  Thanks!