Jul 10, 2019 An update for the McAfee Endpoint Security (ENS) security software was released today that caused major headaches for system administrators all over the world as it prevented users from being able. These instructions are for Mac OS X 10.10 users who already installed McAfee VirusScan 9.7/Endpoint Protection for Mac but do not have the correct version of the component, McAfee Agent 4.8 for Mac Patch 2 HF972377. Download McAfee Agent 4.8 for Mac Patch 2 HF972377 installer file. Log into an administrative account.
An update for the McAfee Endpoint Security (ENS) security software was released today that caused major headaches for system administrators all over the world as it prevented users from being able to login to their computers.
We were first notified of this issue when a reader pointed us to a Reddit post stating that employees at UK Power Networks were told that they were not 'allowed to log into their computers due to 'mcafee system update'. IT saying people will loose their data if they log in?'.
At first it was assumed that this was a security incident such as ransomware, but from comments we quickly learned that this was a bad McAfee ENS Exploit Prevention content update that was causing issues with older versions of ENS.
It is also reported that this update caused issues with Experian that led to an outage of their services.
Conflict with older version of McAfee ENS
According to a McAfee support bulletin, if a Windows PC is using McAfee ENS 10.2, has Exploit Prevention enabled, and installed today's Exploit Prevent definition update 9418, it would make it so you were unable to log into Windows. To fix this issue, McAfee quickly released definition update 9419, which prevented new workdstations from experiencing this issue.
Unfortunately, for the workstations that were already affected, even if you disabled Exploit Prevention, users would still be unable to login until a manual Windows Registry fix was made.
This fix would have to be done via Safe Mode, which as you can imagine, would be a royal pain for an organization with thousands, if not hundreds of thousands, workstations.
The fix offered by McAfee is to:
- Ensure that the Exploit Prevention policy is set to Disabled.
- Boot the system in Safe Mode. See the following information if you have disk encryption software.
- If you have McAfee Drive Encryption, see KB73714 for information about how to boot the system in Safe Mode.
- If you have third-party disk encryption software, you might need to obtain instructions to boot the system in Safe Mode. Contact the vendor for the disk encryption product for instructions.
- Go to the Registry and search for the following key:
HKEY_LOCAL_MACHINESOFTWAREMcAfeeEndpointCommonBusinessObjectRegistryBO - Set Enable to 0.
- Reboot the system.
BleepingComputer has reached out to UKPN, Experian, and McAfee and will update the article when we hear back.
H/T ceilt.com