1 Reply Latest reply on Feb 17, 2017 7:32 AM by mmccarthy

    Exploit Prevention disabled

    bukema81

      Hi,

       

      After upgrading to ePO 5.3.2 I've a couple of machines with ENS 10.2 installed that are detecting issue Exploit Prevention is disabled.

       

      Could anyone point me to the right troubleshooting direction?

        • 1. Re: Exploit Prevention disabled
          mmccarthy

          5.0.4.283

          10.5

           

          Same issue after upgrade to Windows 10.  Found this:

           

          Issue: When you upgrade an endpoint with ENS 10.5 installed from Windows 7 x64 to Windows 10 x64, Exploit Prevention fails to initialize and remains disabled.

           

          Cause: The issue is caused by a race condition between mfetp and the VSCore driver, ESP, or MA Service during the installation flow. This race condition leaves the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfeepmpk\Enum set to 1 by mistake, indicating a failure during initialization. The end result is that Exploit Prevention remains disabled and cannot be initialized.

           

          Workaround: Perform the following steps to avoid the issue: 

          1. Before starting the Windows 10 upgrade process, disable ENS Self Protection.
          2. Press Windows+R, type regedit, and click OK.
          3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mfeepmpk\Enum.
          4. Set INITSTARTFAILED to 0.
          5. Enable ENS Self Protection.
          6. Start the Windows 10 upgrade process.

           

          here: McAfee Corporate KB - Endpoint Security 10.x Known Issues KB82450

           

          but have yet to find a fix for when you did not know to do the above and you want to clear the red exclamation mark after the fact.

           

          Any suggestions?  Thanks!