cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ninov_n
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 9
‎07-10-2019 06:36 AM

Restart/reboot loop on older versions of ENS like 10.2 and earlier

Jump to solution

Hello,

We noticed environments where restart loop happens after last DAT update on an exchange server and endpoints. Are you aware of any newly reported similar issues?

So far it seems re-installing and reverting DAT fixes that but we are going through testing and log collection to confirm.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Labels (2)
0 Kudos
Reply
2 Solutions

Accepted Solutions
jess_arman
Employee
Employee
Report Inappropriate Content
Message 5 of 9
‎07-10-2019 09:24 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

@ninov_n The issue that you're describing is separate from the ENS 10.5.5 and 10.6.1 July updates, as you've surmised. It is in regards to the 9418 AMCore content being loaded into the EOL 10.2 builds of ENS. 

Unfortunately, for systems already impacted, as you've experienced, it requires manual intervention on the impacted machines. However, McAfee became aware of this issue early this AM and has now posted remediation content in the version 9419 and so no further systems/environments should be affected.

If any other environments are already affected due to having 9418 still in your repositories, we recommend first stopping all deployments of that AMCore version and pull in 9419. Then reach out to Technical Support so they can equip you with the necessary remediation steps and information.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Reply
ninov_n
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 9
‎07-11-2019 01:01 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

I noticed it is now completely documented and it will help for other people affected:

Unable to log on to Windows systems with Endpoint Security 10.2 (or earlier) after you apply Exploit...

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino

View solution in original post

Reply
8 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 9
‎07-10-2019 06:47 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

Can you confirm the exact ENS version installed please?

Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 9
‎07-10-2019 07:55 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

Hi,

there is an issue with ENS

From SNS I received this alert last 6 of July

McAfee has become aware of an emerging issue with the recent July release for ENS. We have, out of caution, pulled the ENS 10.6.1 and 10.5.5 July Updates back to a Support release (RTS) only.

The emerging issue impacts only environments that have Exploit Prevention enabled and match the conditions in KB91642

https://kc.mcafee.com/corporate/index?page=content&id=KB91642

I hope this article helps you

0 Kudos
Reply
ninov_n
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 9
‎07-10-2019 08:07 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

Yes, I am aware of that issue  but the client is with older ENS release - not May or July ones. It seems latest DAT update triggered that behavior. Following the workaround in the article you mentioned, makes Threat Prevention not operational in our case. I need to gather logs to confirm exact versions installed

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
0 Kudos
Reply
jess_arman
Employee
Employee
Report Inappropriate Content
Message 5 of 9
‎07-10-2019 09:24 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

@ninov_n The issue that you're describing is separate from the ENS 10.5.5 and 10.6.1 July updates, as you've surmised. It is in regards to the 9418 AMCore content being loaded into the EOL 10.2 builds of ENS. 

Unfortunately, for systems already impacted, as you've experienced, it requires manual intervention on the impacted machines. However, McAfee became aware of this issue early this AM and has now posted remediation content in the version 9419 and so no further systems/environments should be affected.

If any other environments are already affected due to having 9418 still in your repositories, we recommend first stopping all deployments of that AMCore version and pull in 9419. Then reach out to Technical Support so they can equip you with the necessary remediation steps and information.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Reply
ninov_n
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 9
‎07-10-2019 09:51 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

Hi @jess_arman ,

Thank you for confirming that issue.

Is there any additional steps except applying 9419 AMCore content?

Probably currently affected machines could be updated locally with below contents:

Security Updates

or simply update to a newer ENS version

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
0 Kudos
Reply
ninov_n
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 9
‎07-11-2019 01:01 AM

Re: Restart/reboot loop on older versions of ENS like 10.5 and 10.6

Jump to solution

I noticed it is now completely documented and it will help for other people affected:

Unable to log on to Windows systems with Endpoint Security 10.2 (or earlier) after you apply Exploit...

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Reply
jmcg
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 9
‎07-11-2019 03:06 AM

Re: Restart/reboot loop on older versions of ENS like 10.2 and earlier

Jump to solution

Hello,

Did you had any BSOD related to this issue ?

We have some BSOD since ENS July update and Exploit Prevention 9418 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 9 of 9
‎07-11-2019 03:09 AM

Re: Restart/reboot loop on older versions of ENS like 10.2 and earlier

Jump to solution

There was no BSOD, the issue confirmed was a log in failure issue. If you are seeing a BSOD I would encourage you to install the newest content from yesterday 9419 and check if the issue is still present. If you are still encountering a BSOD then please gather a Full Memory Dump and a MER from the machine and provide it to support for analysis.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC