Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEP with Mcafee EEFF and DLP cause boot hang at splash screen

Created: 10 Apr 2013 | 6 comments

Greetings Everyone,

 

Im have upgraded to SEP 12.1.2015.2015 R in the corporate environment.

Now client machines are facing intermittent freeze at boot up splash screen after deploying the new version of SEP.

Managed to drill down to the softwares that are related to this cause, Mcafee Host Data Loss Protection, Mcafee Endpoint Encryption for Files and Folders and SEP.

If I uninstall any of the 1 above, the problem would be resolved.

I have added file and process exceptions to the SEPM for both DLP and EEFF to the clients, removed all polices for the Mcafee Products.

I have already checked with Mcafee and upgrade to their softwares to the latest version but when deployed SEP the problem persists.

I noticed some changes to the boot log when SEP is deployed.

Loaded : \Windows\System32\Drivers\fltmgr.sys

-----------------Empty Line------------

Loaded: \Windows\System32\drivers\mfehidk.sys

-----------------Empty Line------------

 

I am unclear whether any settings or policies from SEPM will conflict with the applications mentioned.

Thank you for your kind assistance.

Regards,

Yap

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

Make sure to put those exclusions in place. Did the clients update their policy yet to include the exceptions?

What SEP components are installed?

You may need to call Symantec support so they can troubleshoot further if exceptions are not working.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

yapxk's picture

Hi Brian81,

I have set the exclusions in SEPM and did the policy update on the clients itself.

Components installed are : Virus and Spyware Protection, Proactive Threat and Network Threat Protection.

How do I see the exceptions in the client  to ensure it is updated ?

 

Regards,

Yap

.Brian's picture

To see the exclusions that the client creates on 32-bit computers, you can examine the contents of the HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions

On 64-bit computers, look in HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

Here is the KB article for your reference:

http://www.symantec.com/business/support/index?pag...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

W007's picture

To see the exclusions that the client creates on 32-bit computers, you can examine the contents of the HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions Windows registry. You must not edit this Windows registry directly. On 64-bit computers, look in HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions.

The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.

You can configure any additional exclusions by using centralized exceptions.

See Configuring a Centralized Exceptions Policy.

About the automatic exclusion of files and folders

Article:HOWTO27182  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27182

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

yapxk's picture

Hi ManishS,
 

I am using the SEPM Centralized Exceptions to configure.The client machines did in fact have the latest policies which I have added.

Yet the problem still persist intermittently.

Regards,

Yap

W007's picture

 

Troubleshooting slow boot times in Symantec Endpoint Protection and Symantec AntiVirus

Article:TECH106311  |  Created: 2008-01-20  |  Updated: 2011-09-27  |  Article URL http://www.symantec.com/docs/TECH106311

also you can contact symantec support if above artical does not work

How to create a new case in MySymantec (formerly MySupport)

http://www.symantec.com/docs/TECH58873

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

OR

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)

Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.