Resolved issues

The current release of the product resolves these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release.

Note: The resolved issues cover all management platforms.


Reference Resolution
1192753 Groups with duplicate rules in the Host IPS Catalog now successfully migrate to the Firewall Catalog.
1196358 McAfee Host IPS Trusted Network policies that contain Internet Protocol version 6 subnets now correctly migrate to the Endpoint Security policy.


Reference Resolution
1191919 You can now configure the event database size from 50–999 MB.
1195840 Self Protection events now report the correct product version to McAfee ePO by correctly storing and retrieving information from the registry.
1198960 An Endpoint Security installation no longer fails in the presence of McAfee Drive Encryption due to an inability to write to HKEY_CURRENT_USER\Software\McAfee\Endpoint\Common\BusinessoBjectRegistry\SystemInfo\.
1199374 A Windows system restore no longer fails on systems where Endpoint Security is installed.

TIC log no longer stops when Adaptive Threat Protection debug logging is enabled.

LoggerBL.xml is updated in the installer and always overwrites the file on the system. This means that logger settings are replaced by defaults until policy enforcement returns the configured settings.

1210456 Endpoint Security now successfully deploys installation, patch, and hotfix packages when they are in the same McAfee ePO repository.

Threat Prevention

Reference Resolution
1181771 Windows systems no longer periodically show the Windows Action Center prompt to enable McAfee security software.
1182718 On-demand scans now successfully work with exclusions for potentially unwanted program.
1191580 dllhost.exe no longer crashes after deploying a Sysprep image or performing a Cortana search on a Windows 10 Creators Update system when Exploit Prevention is enabled.
1191719 An update to network file caching now prevents a printing delay.
1193467 McShield.exe no longer consumes high CPU.
1194014 McShield.exe no longer experiences high CPU when opening applications.
1197122 The Threat Prevention installer no longer removes IBM Lotus Notes version 9 when upgrading to Endpoint Security.
1198993 Quarantine items with invalid time values no longer cause Threat Prevention to crash, and Threat Prevention now appears in the Endpoint Security Client About window.
1204316 The correct AMCore content version now appears in the Endpoint Security Client and McAfee ePO after an update.
1204416 McShield.exe no longer consumes high CPU when saving policies.
1205489 Installation of Endpoint Security 10.5.1 Hotfix 2 from the command line no longer fails on the first attempt.
1209107 The Event Manager now deletes corrupted event database files and replaces them with new event database files.
1211550 Exploit Prevention Content updates no longer overwrite customized rules in the Application Protection Rules policy.
1215606 Websense services now successfully start after a system restart with Endpoint Security installed.


Reference Resolution
1184449 Endpoint Security Firewall now correctly starts after a system restart with a correct state and no longer blocks packets when the Firewall was disabled from the context menu before restarting.
1188069 Only one instance of a location now appears in the Firewall Catalog, regardless of how many groups contain the location.
1190907 Location Aware Groups now successfully work with Big IP VPN tunnels.
1193034 Firewall rules from the Policy Catalog now correctly function when added to subsequent groups in a Firewall policy.
1194924 Endpoint Security Firewall no longer blocks the process when process IDs are not returned from Firecore and successfully continues to the next rule.
1195190 A thread no longer hangs in Endpoint Security Firewall, which prevented it from applying policies.
1198251 Location Aware Groups now correctly function on systems with two Ethernet adapters.

Location Aware Groups function with IP addresses that are defined in the registry and no longer cause mfefw.exe to consume high CPU.

The number of matching locations no longer increases with every policy enforcement. To reduce the number of locations, disable the Retain existing user-added rules and Adaptive mode rules when this policy is enforced setting in the Firewall Options policy.

1200295 Domain reachability now successfully connects with the alias domain in configurations where the server couldn't download certificates from the Endpoint Security Client.
1204936 Mfefw.exe no longer experiences sustained high CPU.

Adaptive Threat Protection

Reference Resolution
1199556 Files marked as Known Trusted by Enterprise Reputation are no longer processed by Dynamic Application Containment (DAC) rules.
1199945 Adaptive Threat Protection no longer submits erroneous application and DLL telemetry to the Threat Intelligence Exchange (TIE) server when that telemetry was already sent.
1201425 DAC no longer blocks trusted files when the files are opened from a UNC path.
1205806 Adaptive Threat Protection no longer blocks files marked as Known Trusted by Enterprise Reputation.

Web Control

Reference Resolution
1181847 Web Control no longer enforces empty user-based policies for domain users when no Policy Assignment Rules are configured in McAfee ePO.
1186850 The mfeavfk driver is now in a correct state after installing Endpoint Security, and installed components now correctly appear in McAfee ePO reports.