Blue screen error or hang when SysCore upgrades and Endpoint Security Exploit Prevention is enabled
Last Modified: 2023-01-31 22:03:03 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Blue screen error or hang when SysCore upgrades and Endpoint Security Exploit Prevention is enabled
Technical Articles ID:
KB90301
Last Modified: 2023-01-31 22:03:03 Etc/GMT Environment
Endpoint Security (ENS) 10.6.x Trellix products that include SysCore:
Problem
A blue screen error or hang might occur when you install or upgrade a product with SysCore, and ENS Exploit Prevention Exploit Prevention is enabled. Examples of the products are included in the Environment field of this article. The issue is timing-related and doesn’t always occur. The stack text references the following driver: Cause
This issue occurs as a result of stack exhaustion in the Windows kernel. The driver Solution
This issue is resolved in ENS 10.7.0. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. This issue is also resolved in ENS 10.6.1. A utility, The following restart prompt behavior occurs depending on the installation type:
The McAfee Endpoint Security installer requires a restart to continue the installation. The following options display: Restart Later
The following prompt displays for one minute:
Restart the computer to complete the update of Endpoint Security Threat Prevention. The following options display: Cancel If the user takes no action, the following prompt displays until the user does act: One or more McAfee products were installed and require a system restart. Press Yes to restart now or press No to restart later. The following options display: No For third-party deployments, it isn’t possible to display a restart prompt on endpoints. If a restart is needed on an endpoint, the ENS Boostrapper log returns code 16015. The third-party tool you’re using might provide an option to show a restart prompt based on this return code. WorkaroundThis issue is timing-related and hard to encounter. But, to eliminate the risk that you encounter the issue, disable the Exploit Prevention feature before the installation or upgrade.
Affected ProductsLanguages:This article is available in the following languages: |
|