cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
KingInTheNorth
Level 9
Report Inappropriate Content
Message 1 of 9
‎08-09-2021 02:17 PM

Installing via PSEXEC hangs in McAfee ENS

ENS appears to be preventing things from being installed remotely via PSEXEC. When I turn ENS off on the system the installation proceeds successfully. No errors or blocks show up in ENS, so I am having trouble identifying which signature or settings is blocking it. 

We are using ePO 5.10 and ENS 10.7.x.

Please advise on how to pinpoint what is blocking PSEXEC from running.

Thank you in advance.

 

0 Kudos
Reply
8 Replies
Sivakumar1
Employee
Employee
Report Inappropriate Content
Message 2 of 9
‎08-09-2021 06:40 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Thank you for the post @KingInTheNorth . What are the features do you use with McAfee ENS ?. Do we use Exploit Prevention ?. Could you please turn off exploit prevention Feature In OAS settings and check with any one machine and Try with executing the PowerShell script and check whether it gets executed.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
KingInTheNorth
Level 9
Report Inappropriate Content
Message 3 of 9
‎08-10-2021 02:34 PM

Re: Installing via PSEXEC hangs in McAfee ENS

This made no difference. Threat events reports services.exe executing psexesvc.exe (Signature 70412) but it is a warning and not blocked. Though Windows Event Viewer is reporting this as an error at the same time the installation fails. It is as if McAfee says it is not blocking it, but is blocking it.

Signature 70412, 70411, 70410 are all set to report only.

0 Kudos
Reply
ktankink
Employee
Employee
Report Inappropriate Content
Message 4 of 9
‎08-10-2021 02:49 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Hi @KingInTheNorth

Please be aware of this documented issue that may be related.

KB94701 - Endpoint Security installation fails when the installer is called remotely
https://kc.mcafee.com/corporate/index?page=content&id=KB94701

0 Kudos
Reply
KingInTheNorth
Level 9
Report Inappropriate Content
Message 5 of 9
‎08-10-2021 02:56 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Though there may be some relation to the issue. We are not trying to install or upgrade ENS we are updating various products like Chrome, Java, Firefox on the systems.

0 Kudos
Reply
Sivakumar1
Employee
Employee
Report Inappropriate Content
Message 6 of 9
‎08-10-2021 06:16 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Thank you for your Post @KingInTheNorth . Could you please help us with more information on the  signatures you have mentioned [ Signature 70412, 70411, 70410 ]  How did we disable it?. We would also need to analyze the ENS and we would require the logs for that l because we might have to find out the component which is blocking it. Do we have ATP [Adaptive Threat Protection ] Enabled?.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 7 of 9
‎08-10-2021 11:05 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Hi @KingInTheNorth,

Thank you or your posts and updates. May I know what product is being used?

If it is ENS, Signature 70412 does not belong to our default exploit prevention signatures, meaning this must have been a part of a customer rule crated at your end. Please help us with Event details and the rule details to assist you further on this.

What if the rules are set to neither block nor report? or if exploit prevention is turned OFF? Does the issue still occur? You have mentioned that you "turned Off" ENS. Can you be more specific on the same as to what component was turned of here?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 8 of 9
‎08-10-2021 11:07 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Hi @KingInTheNorth,

Just noticed that you have turned off Exploit Prevention as well and there is no effect. Kindly please help us with "what was turned OFF" to have the issue go away at your end.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
Sivakumar1
Employee
Employee
Report Inappropriate Content
Message 9 of 9
‎08-15-2021 05:08 PM

Re: Installing via PSEXEC hangs in McAfee ENS

Thank you for your Post @KingInTheNorth . Could you please help us with more information on the  signatures you have mentioned [ Signature 70412, 70411, 70410 ] . Did we create those signatures?. How did we disable it?. We would also need to analyze the ENS and we would require the logs for that  because we might have to find out the component which is blocking it. Do we have ATP [Adaptive Threat Protection ] Enabled?.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC