We have recently upgraded our endpoints from ENS 10.6 to 10.7. Now we are starting to see McAfee ‘Self Protection - protect McAfee processes’ alerts coming in for DLL Injection Events. We had this issue in the past when we migrated from VSE 8.8 to ENS 10.6. The issue was that when machines that were checking into ePO didn’t initially have the policy at the first agent-to-server communication so that was generating this alert. Once the machine checked in it got the policy we didn’t get another alert from that machine because we had the DLL file listed in the exception list. The solution was to use package designer to integrate our policies in the deployment package and check it into our master repository. I have re-created a package for our ENS 10.7 deployment on an unmanaged endpoint and have checked it into our master repository, but we are still getting alerts from machines as they check-in. Thinking that I did something incorrectly I re-created the package again for each McAfee component using the standalone ENS install. When I check in each package is has a (Built with ENSPD) at the end of each one.

Endpoint Security Adaptive Threat Protection (Built with ENSPD)

Endpoint Security Platform (Built with ENSPD)

Endpoint Security Threat Prevention (Built with ENSPD)

Endpoint Security Web Control (Built with ENSPD)

We usually create a client task to deploy these updates, but I also tried deploying it using ‘Product Deployment’ from within ePO, but that didn’t see to make a difference. Am I missing something? Did something change from ENS 10.6 to 10.7? I was using the instructions provided in https://kc.mcafee.com/corporate/index?page=content&id=KB86438.