Exploit Prevention is disabled due to a conflict with Microsoft Device Guard
Last Modified: 2021-12-08 18:08:34 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Exploit Prevention is disabled due to a conflict with Microsoft Device Guard
Technical Articles ID:
KB92318
Last Modified: 2021-12-08 18:08:34 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.7.0, 10.6.1 July Update Repost (and earlier) Microsoft Windows 10 version 1809 (October 2018 Update) Microsoft Device Guard Summary
In Windows 10 version 1709 (Fall Creators Update), Microsoft introduced Device Guard. Device Guard is designed to prevent malicious code from running by making sure that only known good code can run. For more information, see this Microsoft article on Device Guard.
Problem
In a rare scenario, there’s a conflict between Device Guard and Exploit Prevention that prevents the driver The main symptom of this issue is that McAfee Agent, View Security Status states: Exploit Prevention is disabled. From the McTray(15808.17140) <xxx> McTray.McTrayUPC.Debug: CheckTechnologyState: boName: BO, enabledState: 0, desiredState: 1 From the mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Error (Gbop.cpp:1451): Load Exploit Prevention engine failed: 0x13 mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Error (BoBl.cpp:1685): Exploit Prevention enabling technology failed. From the McTray(15808.3884) <xxx> McTray.McTrayUPC.Debug: UpdateMcTrayStatus: Issue: Exploit Prevention is disabled. From the mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Activity: Load Exploit Prevention engine failed: 0x13 mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Activity: Exploit Prevention enabling technology failed. From the mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::ApplyConfiguration Called mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::LazyLoadBOEngine Called mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::LoadBOEngine Called mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: HipShield debug value set to 1 mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Activity: Failed to activate Exploit Prevention engine: 0x13 mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Error: Failed to activate Exploit Prevention engine: 0x13 mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::UnloadBOEngine Called mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Debug: About to delete all registered Content mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::UnloadBOEngine All registered content were succesfully removed mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::UnLoadBOEngine Call completed mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Activity: Load Exploit Prevention engine failed: 0x13 mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Error: Load Exploit Prevention engine failed: 0x13 mfetp(7956.10664) <SYSTEM> TmpLogger.Gbop.Debug: Gbop::Init Called ended mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Debug: Setting BOP status: 3 mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Debug: Set requested setting: 2 mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Debug: Setting current state: 3 mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Activity: Exploit Prevention enabling technology failed. mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Error: Exploit Prevention enabling technology failed. mfetp(7956.10664) <SYSTEM> TmpLogger.BoBl.Debug: Failed to enable BOP Cause
The Exploit Prevention driver Solution
This issue is resolved in ENS 10.6.1 December Update and ENS 10.7.0 February 2020 Update. 製品の ダウンロードサイトでは、製品ソフトウェア、アップグレード、メンテナンスリリース、ドキュメントを入手できます。
注: アクセスには有効な認可番号が必要です。 製品のダウンロードサイトの詳細と製品の代替場所については、 KB56057-Enterprise 製品の更新とドキュメントをダウンロードする方法 を参照してください。 Workaround
Disable Device Guard. NOTE: We don't recommend disabling this system functionality.
Affected ProductsLanguages:This article is available in the following languages: |
|