cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
wilfredy
Level 9
Report Inappropriate Content
Message 1 of 11
‎02-19-2020 09:14 AM

Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi Guys,

We are Trying upgrade from (Endpoint Security Platform 10.7.0.1285 & Threat Prevention 10.7.0.1415) to (Endpoint Security Platform 10.7.0.1481 & Theat Prevention 10.7.0.1564). The Upgrade of new version of Security Platform is successful, but Threat Prevention new version failed.

Here some errors and logs from installation

*McAfee_ThreatPrevention_Bootstrapper_

-installation failed!! return code :1603

*McAfee_ThreatPrevention_CustomAction_Install_

-Failed to create mfeIST, Error 82

[TPCustomAction] !> Error - Could not run command to Install Custom Driver: 183

*McAfee_ThreatPrevention_Install_

-RESTART MANAGER: Failed to shut down all applications in the service's session. Error: 351

-RunCommandLine: Launching process failed: 2

-!> Error - Could not run command to install Custom Driver: 183

-CustomAction Install_BOP_CustomDriver. EF0E213A_9B42_4915_A036_4763D50F4C17 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

-Product: McAfee Endpoint Security Threat Prevention -- Configuration failed

-Windows Installer reconfigured the product. Product Name: McAfee Endpoint Security Threat Prevention. Product Version: 10.7.0. Product Language: 1033. Manufacturer: Mcafee, LLC.. Reconfiguration success or errors status :1603

We are running

ePo 5.10 Update 6
Mcafee Agent 5.6.3.157
Endpoint Security Platform 10.7.0.1285
Threat Prevention 10.7.0.1415 ( Several Systems 10.6.1.1666 )

Windows 10 & Windows 7

Any Ideas ?

Thanks

Labels (1)
Reply
1 Solution

Accepted Solutions
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 9 of 11
‎02-25-2020 01:08 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi @wilfredy,

Thank you for your kind time and patience with us.

I think I may have found the issue's resolution.

The issue is because of Access protection rule in place. So if we look closely into the already attached Access Protection log we can see numerous events like this:

2020-02-24 12:35:55.536Z|Activity|ApBl |mfeesp | 6608| 13112|AP |XModuleEvents.cpp(821) | NT AUTHORITY\SYSTEM ran C:\Windows\System32\msiexec.exe, which tried to access the file C:\WINDOWS\TEMP\mfeDrvInstaller.exe, violating the rule "Prevent EXE in TMP from Word or Excel", and was blocked. For information about how to respond to this event, see KB85494.

This block is eventually preventing ENS Threat Prevention component from running successfully on the machine!

For the deployment process, you can try disabling this rule Prevent EXE in TMP from Word or Excel in Access protection and please let me know if this helps!

*Note posting this here so that this can be followed by fellow members if this works as a solution for you 🙂

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Reply
10 Replies
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 2 of 11
‎02-19-2020 11:02 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi @wilfredy,

Very good Analysis here! Good Post! Can you kindly please look into the SelfProtection Log of endpoint (C:\ProgramData\McAfee\Endpoint Security\Logs\) and the mfemactl.log from Agent logs folder (C:\ProgramData\McAfee\Agent\logs) and share the same with us please? I suspect this issue is possibly because of Self Protection blocking the installation. Another common reason would be missing certificates as stated in https://kc.mcafee.com/corporate/index?page=content&id=KB87096.

If you can sanitize the installation logs and attach it here, I can investigate this further for you!

Also, Can you confirm this failure is seen when upgrading via a deployment task from ePO?

What happens when you try running the new setup locally?

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
wilfredy
Level 9
Report Inappropriate Content
Message 3 of 11
‎02-19-2020 12:11 PM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi Adithyant

Here the answers.

Can you confirm this failure is seen when upgrading via a deployment task from ePO? Yes, via epo Deployment.

What happens when you try running the new setup locally?  The installation is successful.

Please review the logs attached

Thanks in advance.

Mcafee Logs.zip
0 Kudos
Reply
YashT
Employee
Employee
Report Inappropriate Content
Message 4 of 11
‎02-19-2020 04:29 PM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hello @wilfredy ,

If the installation fails from EPO then we need to check masvc logs and mcscript logs from the point of deployment with the task name on client system.

This logs will be found in C:\programdata\mcafee\agent\logs.

The steps to troubleshoot this failure is given by @cdinet  at : https://community.mcafee.com/t5/ePolicy-Orchestrator/HOW-TO-TROUBLESHOOT-CLIENT-UPDATE-DEPLOYMENT-FA...

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Yash T
Reply
wilfredy
Level 9
Report Inappropriate Content
Message 5 of 11
‎02-20-2020 07:13 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi YashT

Thanks for reply, attached the files, the task name is Deployment Evaluation

Best regards,

Mcafee Logs 02-20-2020.zip
0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 6 of 11
‎02-19-2020 07:58 PM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi @wilfredy,

Thank you fr your kind response and update with logs. they do not contain any block events. We will have to look at this with the help of the install logs and access protection logs in endpoint security logs folder. Do you have a Service request created for this? if not, I would recommend creating one and passing me the logs securely and you can DM me the SR# or logs so that I can look into this for you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
wilfredy
Level 9
Report Inappropriate Content
Message 7 of 11
‎02-20-2020 08:16 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi Adithyan T 

Attached the logs.

Thanks. 

Best Regards,

 
McafeeLogs01.zip
0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 8 of 11
‎02-23-2020 12:34 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi @wilfredy,

Firstly, Thank you for taking your time to respond and update us with the requested logs My apologies for the delay. I was unfortunately available and could not response back in time. The submitted logs folder zips do not contain the custom action log that contains the actual error. However, I noticed the SR you have created. Owing to work time difference I could not own it, however if you can attach the MER logs to it for installation failure, I will have this discussed with the assigned Engineer and get back to you with an update.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 9 of 11
‎02-25-2020 01:08 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi @wilfredy,

Thank you for your kind time and patience with us.

I think I may have found the issue's resolution.

The issue is because of Access protection rule in place. So if we look closely into the already attached Access Protection log we can see numerous events like this:

2020-02-24 12:35:55.536Z|Activity|ApBl |mfeesp | 6608| 13112|AP |XModuleEvents.cpp(821) | NT AUTHORITY\SYSTEM ran C:\Windows\System32\msiexec.exe, which tried to access the file C:\WINDOWS\TEMP\mfeDrvInstaller.exe, violating the rule "Prevent EXE in TMP from Word or Excel", and was blocked. For information about how to respond to this event, see KB85494.

This block is eventually preventing ENS Threat Prevention component from running successfully on the machine!

For the deployment process, you can try disabling this rule Prevent EXE in TMP from Word or Excel in Access protection and please let me know if this helps!

*Note posting this here so that this can be followed by fellow members if this works as a solution for you 🙂

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Reply
wilfredy
Level 9
Report Inappropriate Content
Message 10 of 11
‎02-25-2020 08:33 AM

Re: Failed Upgrade Mcafee Threat Prevention 10.7.0.1564 ( ENS 10.7.0 February 2020 Update )

Jump to solution

Hi @AdithyanT  Thank you for your patience and your dedication to resolve this issue.


I disabled the rule " Prevent EXE in TMP from Word or Excel " in Access protection, and now the deployment task is working..!!

This is a solution for the issue.

Thank you very much for your help..!!


Best Regards..

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC