Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 8
Report Inappropriate Content
Message 1 of 6

adaptive threat protection status unknown

I came across the problem described in
The currently used version of endpoint security is 10.6.1 August. The solution mentioned in KB (updating to 10.6.1 december) in my case it did not solve the problem on a large number of test PC.
The workaround solves the problem but I would prefer not to deploy it on all PC.
Would anybody by able to suggest a way to list endpoints with the mentioned issue?
PS, before I found this KB, I raised and service request and unfortunetlu got an answer "sadly there is no such query/report that we can run. The closest thing you could query for, is machines showing out of compliance, however this may not be accurate as sometimes the unknown module status does not always manifest in machines being out of compliance."


5 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 6

Re: adaptive threat protection status unknown

Hi @PawelEm 

I'm afraid the response Support gave you is correct. There is no way of seeing this in ePO except potentially via the Compliance Reports.

Level 8
Report Inappropriate Content
Message 3 of 6

Re: adaptive threat protection status unknown

I have one idea that could be a workaround for a lack of suitable reports , but I admit that my script writing skills are poor.

Create a script that will analyze EndpointSecurityPlatform_Errors.log for strings "is not running" or "is not running", then will return the date of the last occurrence and will set it as a wallue in agent custom properties

Then make a custom package using EEDK and deploy it to all endpoints.

The rest should be quite easy.

Level 8
Report Inappropriate Content
Message 4 of 6

Re: adaptive threat protection status unknown

After several attempts I was able to write a script.

This script is crude and some parts of this script are based on examples found on forums.

In a short brief.

If after updating to END 10.6.1 december update problem with corrupted xml still exist in evety case that i've seen ATP satus is unknown and in the EndpointSecurityPlatform_Errors.log

So the script searches for last occurence of "Adaptive Threat Protection is not responding" in the log file, extracts date from time stamp in this line and sets it as agent custom prep1
it also sets custop prep2 field witch current system date.

then it collect agent properties to the ePO server.

There is a downside to this, while updating there also is an "Adaptive Threat Protection is not responding" message in the log so it is better to check it the day after updating.

and hear are the scripts.


RUNME.ps1 -----------

#gGet last "Adaptive Threat Protection is not responding" event date
$data0 = Get-Content $env:DEFLOGDIR\EndpointSecurityPlatform_Errors.log | Where-Object { $_.Contains("Adaptive Threat Protection is not responding") }
$data0 = $data0 | select-object -last 1
$data0 = $data0.substring(0,10)

#Get current date
$CurrentDate = Get-Date -Format "dd/MM/yyyy"

#MaConfig Path
$MAConfigPath = "C:\Program Files\McAfee\Agent\maconfig.exe"

#CMDagent Patch
$CMDAgentPath = "C:\Program Files\McAfee\Agent\cmdagent.exe"

#Apply custom props
& $MAConfigPath -custom -prop1 "$data0" -prop2 "$CurrentDate"
Sleep -Seconds 5

#RCollect and send properties to the ePO server
& $CMDAgentPath /p
Sleep -Seconds 5

RUNME.bat -----------

@Former Member OFF

ECHO ==================================================

ECHO Run RUNME.ps1...

:: PushD

pushd "%~dp0"

:: Get software package source directory and set as variable SRCDIR


for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

:: Run PowerShell Script...

%comspec% /c %systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "%SRCDIR%\RUNME.ps1"

:: Always exit with Code 0

Exit /B 0

Level 8
Report Inappropriate Content
Message 5 of 6

Re: adaptive threat protection status unknown

One more thing to fix this problem 

i've made a script (in 2 versions) that runs ENS RepairCache against ATP,  unfortunetly both of them are stuck in progress while running them from ePO

Both of them when run directly on the target system work fine. Running them using psexec with -h -s switches

After creating a package in eedk and deploying it through ePO first script repairs atp but it is stuck on "in progress" status
the second also is stuck in progress" but unfortunetlu don't repair atp

Could anyone provide some atvice for resolving this problem?

@Former Member Off
cd "C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\RepairCache\"
start /w setupATP.exe /fam
the second script ends 
Exit /B 0

Level 11
Report Inappropriate Content
Message 6 of 6

Re: adaptive threat protection status unknown

This same issue is occurring on some machines that had the ENS December 2019 Update. They now have the ENS April 2020 update & are still experiencing this issue. I'm digging to find out was there a fix released in a recent update, but I have yet to find information on that. I'm probably going to have to open a support case to further investigate if a fix will be in a an update or if the Workaround is the fix.

In ENS window Status of ATP "Unknown"

In the view McAfee Security Status windows its shows:  McAfee Endpoint Security - Issue: ATP is not responding.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community