McAfee DLPe, Encryption, and HIPS processes fail to start or function with Endpoint Protection client installed
Last Updated February 21, 2018
Installing the Symantec Endpoint Protection client with default, out-of-the-box features and settings on the same computer with McAfee products may result in many McAfee processes failing to start or function as expected.
This issue may affect the following McAfee products:
Host Intrusion Prevention (HIPS)
Data Loss Prevention (DLP) Endpoint
While you may not observe specific errors, you may encounter the following symptoms with the McAfee software:
Software will not function as expected.
Processes may not start.
Software cannot be installed or upgraded and results with error.
Processes appear in a suspended state in Process Explorer.
Processes properties in Process Explorer show either "Error opening process" or "Error opening thread".
You should have the appropriate application exclusions for the Application and Device Control feature, and the appropriate "All Scans" folder exclusions for the other protection scans to allow McAfee software to function.
This ensures compatibility and minimizes any conflicts between Symantec and McAfee software.
To work around this and prevent conflicts:
Create a new "Exceptions" policy (or edit an existing policy) in the Symantec Endpoint Protection Manager, and assign the policy to the appropriate client groups where both Symantec and McAfee software is installed.
Create "Application to Monitor" (log only) or file exceptions that include child processes for the following processes:
Create "Folder" exceptions for "All Scans" for the following paths:
C:\Program Files\Common Files\McAfee\SystemCore\
C:\Program Files (x86)\McAfee\*
ID: 3958626, 4054756
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe