Missing product properties in the ePO console or failure to apply policies
Last Modified: 2023-07-07 12:19:57 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
After December 1, 2024, please log in to the Thrive Portal for support, knowledge articles, tools, and downloads. For information about using the Thrive Portal, view the Trellix Thrive Portal User Guide.
Missing product properties in the ePO console or failure to apply policies
Technical Articles ID:
KB94666
Last Modified: 2023-07-07 12:19:57 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x
Problem
This problem can affect several products that are installed on any given endpoint. There can be several symptoms, for example:
From the <time and date> macompatsvc(2888.4868) LpcConnMgr.Info: Processing health check request <time and date> macompatsvc(2888.4340) cmasvc.Info: Application DXL_____1000 is installed. <time and date> macompatsvc(2888.4340) cmasvc.Error: Insufficient information about the application DXL_____1000. <time and date> macompatsvc(2888.4340) cmasvc.Error: Manageability client creation failed for the application DXL_____1000. ... <time and date> macompatsvc(2888.4340) cmasvc.Info: Application ENDP_AM_1070 is installed. <time and date> macompatsvc(2888.4868) LpcConnMgr.Info: Processing health check request <time and date> macompatsvc(2888.4340) cmasvc.Error: Insufficient information about the application ENDP_AM_1070. <time and date> macompatsvc(2888.4340) cmasvc.Error: Manageability client creation failed for the application ENDP_AM_1070. In addition, the <time and date> |Error |McTray |McTray 8692| 8936|McTrayUPC dllmain.cpp(514) SubscribeToBoAvailableEvent failed: boName: COMBO, error: 80000100 <time and date> |Error |McTray |McTray 8692| 8936|McTrayUPC TechnologyTopicHandler.cpp(152) | CheckTechnologyState failed to get technology status from BO: AMSI <time and date> |Error |McTray |McTray 8692| 8936|McTrayUPC TechnologyTopicHandler.cpp(217) | AMSI is not responding. <time and date> |Error |McTray |McTray 8692| 8936|McTrayUPC TechnologyTopicHandler.cpp(152) | CheckTechnologyState failed to get technology status from BO: ATP Key components of ENS can report a failure to run/start for the same reason. Time stamps recorded should correlate. System Change
The update of root certificates has been disabled or is impeded in some other way. For example, there's no internet connectivity or due to Group Policy Object settings.
Cause
Because of the missing root certificates, the integrity of communication channels between McAfee Agent (which collects properties from managed products) and ENS can't be verified. So, these interprocess communications might fail, leading to the symptoms described in this article.
Solution
Update the root certificates on the affected systems per the guidance provided in the following articles: KB87096 - Product install or upgrade issues due to missing root certificates KB92937 - Secondary root certificate for TLS might need to be updated Furthermore, you can try to remove/disable the following registry keys: CAUTION: This article contains information about opening or modifying the registry.
Affected ProductsLanguages:This article is available in the following languages: |
|