As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Added ENSLTP 10.7.16 and 10.7.17 release details. No new known issues.
July 10, 2023
Added ENSLTP 10.7.15 release details.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents
Click to expand the section you want to view:
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Issue: When the on-demand scan (ODS) policy option Use the scan cache is enabled, and an infected archive file is cached as clean, the ODS doesn't detect the archive file. This issue occurs even if the ODS archive scan setting is enabled. It's the result of the disabled On-Access Scan (OAS) archive scan setting.
Issue: The ENSLTP service doesn't restart after you upgrade to McAfee Agent (MA) 5.7.4. You see this issue on systems that have the SELinux security module enabled.
Workaround: On a system where the SELinux module is enabled, you must manually start the ENSLTP service.
Resolution: This issue is resolved in ENSLTP 10.7.7. See the related article for more information.
Issue: The McScript.log file on a Linux system doesn't adhere to the specified log size set in the MA policy. All other log files rotate once the limit is reached.
Resolution: This issue is resolved in ENSLTP 10.7.1. See the related article for more information.
Issue: The operating system might get into a hang state, after installation or upgrade to ENSLTP 10.7.1 and later. For this issue to trigger, all these conditions must exist:
ENSLTP is configured to run using Fanotify mode.
OAS is configured to scan file-read operations.
The operating system boot configuration uses the option ipv6.disable=1, which disables IPv6.
Workaround: Disable Global Threat Intelligence in the OAS policy, make sure that only Scan on write is configured, or set the option ipv6.disable to off in the kernel boot configuration.
Resolution: This issue is resolved in ENSLTP 10.7.3. See the related article for more information.
Issue: When ENSLTP 10.6.5 initially starts, one or more of the following errors display in the messages log. Also, ENSLTP fails to start:
isectpd: error: Failed to initialize NSS library
isectpd: error: no dbpath has been set
isectpd: message repeated 10 times: [error: no dbpath has been set]
systemd: isectpd.service stop-sigterm timed out. Killing.
systemd: isectpd.service: main process exited, code=killed, status=9/KILL
systemd: Stopped McAfee Endpoint Security for Linux Threat Prevention.
systemd: Unit isectpd.service entered failed state.
systemd: isectpd.service failed.
Resolution: This issue is resolved in ENSLTP 10.6.7. See the related article for more information.
Issue: Access Protection can't be enabled in ENSLTP. The system isn't able to detect the correct kernel on the system in some Linux distributions. The modinfo isn't able to find the installed kernel-devel, because the directory isn't the same in each distribution.
Example error from the isecespd.log:
XXXX ERROR AACKMInterface [13559] Unable to open kernel module directory - /opt/isec/ens/esp/modules/aac/kernel/2.6.32-754.27.1.el6.x86_64
XXXX ERROR AacControl [13559] InitException (Failed to load kernel module. - KEXT_LOAD_ERROR)
XXXX ERROR AACRegistration [13559] AAC control creation failed with error code : 1
XXXX ERROR AccessProtection [13559] Access protection failed to initialize due to failure in creating AAC control object
XXXX ERROR AccessProtection [13559] Failed to enable Access Protection while initializing AAC
XXXX ERROR TpAPPolicy [13559] Failed to enable Access Protection
Resolution: This issue is resolved in ENSLTP 10.6.4. See the related article for more information.
ESFL-1182
10.6.1
Issue: Update to the ENSL 10.6.1 packages fails through the ePO Software Download Manager if the option Move existing packages in the Current branch to the Previous branch is selected.
Workaround: Don't select the option Move existing packages in the Current branch to the Previous branch when you update to the ENSL 10.6.1 packages using ePO Software Download Manager. If any of the ENSL 10.6.0 packages are already in the Previous or Evaluation branch, remove them from the respective branches.
1265665
10.6.0
McAfee Agent 5.6.2
Issue: Policy enforcement from ePO fails after restarting MA 5.6.0.
Resolution: This issue is resolved in MA 5.6.2.
ESFL-868
10.6.0
10.6.1
Issue: After you uninstall, cgroup information isn't removed. There's no functional impact.
Resolution: This issue is resolved in ENSLTP 10.6.1.
Issue: You see the following message recorded in the syslog (in /var/log/messages). A line containing [fileaccess_mod] and [scanCache_init] appears in the call trace:
Nov 6 20:03:02 hostname kernel: FILEACCESS_ERROR : Failed to create mempool memory for scan cache record
Nov 6 20:03:02 hostname kernel: FILEACCESS_ERROR : Failed to restart event processing services.
Resolution: This issue is resolved in ENSLTP 10.6.1. See the related article for more information.
1225881
10.6.0
Issue: Access Protection rules fail to resolve Linux paths with a "//".
Issue: In a non-ePO-managed environment, there's no way to remove a repository that's added using the command line.
Resolution: This issue won't be resolved. Instead of removing the repository, disable the repository so that the agent doesn't have access to the repository. For the specific command-line option, see the Man Page in the software or see the related article as a reference.
1183815
10.6.0
Issue: The "Log files location" appears as a configurable setting for the Linux platform in the Endpoint Security Common policy extension. This display isn't correct. The ENSLTP log file location isn't configurable.
If you are a registered user, type your User ID and Password, and then click Log In.
If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.