Environment
- App Control Server: All Supported Versions
- App Control Agent: All Supported Versions
- McAfee Endpoint Security Agent
Symptoms
Cause
The McAfee endpoint agent is injecting into the Parityserver.exe process which triggers the App Control agent's Tamper Protection rules which then cause the server service to hang or crash
Resolution
The following solutions exist:
- Use local user login (e.g. admin) when connecting to the console
- Add exclusions in McAfee for the App Control Server per this KB
- Please verify no injection happens using Procmon > Start the capture > collect some data > double click "Parityserver.exe" > Process tab > verify no McAfee DLLs are listed
- If McAfee still injects into the "Parityserver.exe" process > please create a support case with McAfee support to have it resolved
- Disable or uninstall McAfee
- Disable the App Control Agent's Tamper Protection permanently:
- Login to the console with a local user > Go to Assets > Computers > open the Computer Details for the agent installed on the server > Disable Tamper Protection on right
Related Content