Mac running Endpoint Protection for Mac with Application Protection enabled becomes unresponsive

Kaltsas
Contributor III

Just a quick note for any of my fellow compatriots stuck using EPM. McAfee has noted an issue with the current version and 10.10.3.

https://kc.mcafee.com/corporate/index?page=content&id=KB84462

7 REPLIES 7

mm2270
Legendary Contributor III

Lovely. Thanks for the heads up. Fortunately, or unfortunately, 10.10.3 has so many other issues for us we aren't ready to get it out there for clients. so we may be OK for the time being.

tanderson
Contributor

Is Application Protection a separate module you have to buy in order to have? I checked the McAfee preferences on my iMac and I don't see that option at all.

afa9c94e3e094651a10ea3b20fe34958

Kaltsas
Contributor III

If you're using EPO you can disable Application Protection under Policy Catalog:Endpoint Protection for Mac 2.2.0:Application Protection. I'm guessing you just have AP disabled in policy.

mm2270
Legendary Contributor III

Yes, its an individual module, along with Desktop Firewall. We're now using all 4 modules with our 10.10 Macs in our environment, so this could potentially impact us. From the KB, it looks at the moment that its limited to Messages and Reminders, both of which are rarely used by our clients. But still... reasons to avoid either 10.10.3, or McAfee, or both. :)

tanderson
Contributor

Thanks guys!

bvrooman
Valued Contributor

It looks like you can also just exclude /System/Library/CoreServices to solve the problem. That's probably what we'll end up doing.

Kaltsas
Contributor III

FYI This week I was getting a butt load of calls from Tech Ops about weird macintosh performance issues that were mysteriously resolved when they would uninstall EPM (and then get real grumpy when it automagically reappeared). We already had the exclusion in place but I was able to replicate the hanging and opened an SR, support said you need to disable Allow Apple Signed binaries and enter the exclusion, in contradiction to the KB that states do one or the other. We have entered this configuration into ePO and I will be monitoring to see if this resolves the issue.

They did not have an ETA on a resolution.