New McAfee Management Service (MMS)
SystemCore 15.4 or later, installed on newer versions of endpoint products, adds a Windows service, McAfee Management Service.
MMS replaces the Windows Service Control Manager (SCM) as the service control manager for several 15.4 core-related security services. The MMS service is listed on the SCM snap-in as the
McAfee Service Controller.
Windows Service Dependencies
- MMS depends on the Microsoft Cryptographic Service. The CryptSvc provides key-management service and trusted certificate validation services. SystemCore drivers depend on these functions to validate secure authentication. The default Windows setting for CryptSvc is Automatic Start. Don't disable it or set it to Delayed Start.
- MMS depends on the Microsoft User Mode Power Service. SystemCore drivers might not manage power-related properties and events as intended when the Microsoft Power Service is disabled or set to Delayed Start. MMS registers with the Power Service for callback event information about changes in power-dependent properties. The default Windows setting for Power Service is Automatic Start. Don't disable it or set it to Delayed Start. A system power management event is a change in the system power status, the operational mode of a device or the system, or the value of a power setting. Because these events can affect the operation of applications and installable drivers, the system notifies all applications and installable drivers by broadcasting a notification for each event.
Other SysCore Window Services Dependencies
- NetSetupSvc - NetSetupSvc is an NDIS Firecore driver that depends on this service. The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress can be canceled.
For more information about Windows Power Management, see this
Windows Power Management article.
IMPORTANT: If you change the default Windows service settings, key services might not run correctly. Be cautious when you change the
Startup type or
Logon as settings of services that are configured to start automatically.
For more information about changes to Windows services, see the
Threat and Countermeasures Guide: System Services.
MMS as a service
The goal of MMS is to reduce the security risks of Microsoft SCM-managed services being shut down or disabled by malware. MMS rather than SCM manages core security services. Self-protection features make them less susceptible to malware attacks and security vulnerabilities.
MMS is a Windows SCM-managed service, and as such, is listed in the Windows SCM as
McAfee Service Controller (service name:
mfemms).
The LockDown API protects the service from being shut down or disabled. Services that MMS manages aren't dependent on MMS. So, if MMS stops responding, managed services continue to operate without interruption. MMS also includes a self-protection watchdog and automatically restarts in the unlikely event that it stops unexpectedly.
Checking the status of an endpoint-related service
We designed MMS to be as similar to Windows SCM as possible. So, the same concepts for managing services apply. Starting, stopping, dependencies, and command-line arguments apply to all services that MMS manages.
To query services running under MMS, perform the following steps. You can use the
mmsinfo utility with the following command-line switches to gather information about MMS-managed services:
mmsinfo.exe -start [short name of service]
mmsinfo.exe -query [short name of service]
mmsinfo.exe -qc [short name of service]
mmsinfo.exe -enum (enumerates all managed endpoint services)
mmsinfo.exe -enumdepend [short name of service]
- Use the mmsinfo tool. The tool is found in the SystemCore common files directory.
- Open an administrator command prompt.
- To enumerate and list all managed endpoint services, run the following command:
c:\Program Files\Common Files\McAfee\SystemCore>mmsinfo -enum
NOTE: If an MMS-managed service fails to start or stop, look to see why the start or stop action fails. Usually, the failure is related to either a configuration error or the failure of a service dependency. MMS logs events to the Windows System Event log. You can filter by
McAfee Service Controller to see when specific MMS-managed services are successfully started or stopped. You can also see when they fail to start or stop.
Listing Firewall Core service in the SCM table
The Firewall (FW) Core service listed in the SCM snap-in displays as a manual startup type. This entry isn't related to the FW Core service that MMS manages. This entry still exists in SCM to support older legacy managed products that might still require this service under the old SCM-managed model. Usually, if you're only running Host IPS 8.0 Patch 6 or later, the service status is blank (not started).
