[Resolved] McAfee endpoint security update failed, Why?

Call McAfee AntiVirus customer service faster with myQuery

[INSERT_ELEMENTOR id=”13371″]

McAfee product installation or upgrade fails, updates with nnnnxdat.exe or
V3_nnnndat.exe packages fail, or fields do not populate (due to missing root certificates)

ENVIRONMENT

• McAfee Active Response (MAR) 2.x
• McAfee Agent (MA) 5.x
• McAfee Application and Change
  Control (MACC) 8.x
• McAfee Data Exchange Layer (DXL)
  6.x, 5.x
• McAfee Data Loss Prevention
  Endpoint (DLP Endpoint) 11.x
• McAfee Endpoint Intelligence
  Agent (EIA) 2.x
• McAfee Endpoint Security (ENS)
  Firewall 10.x
• McAfee ENS Platform (Common) 10.x
• McAfee ENS Threat Prevention 10.x
• McAfee ENS Web Control 10.x
• McAfee Host Intrusion Prevention
  (Host IPS) 8.0
• McAfee Threat Intelligence
  Exchange Module (TIEm) for VirusScan Enterprise 1.x
• McAfee VirusScan Enterprise (VSE)
  8.8

PROBLEM

In case of failure of any of the products that
is listed on the environment section, above.

There is a possibility that a failure may occur
during the installation or upgradation process of the endpoint security
program. The failure might pose a threat to the health of the installation or
upgradation process of your endpoint security program’s modules.

The following errors have been reported.

!> Error – SysCore install failed: 255
<= leave custom action Install_SysCore()
CustomAction Install_SysCore returned actual error code 1603 (Note: This code might not be 100% accurate if translation happened inside sandbox)
Fin de la acción 12:28:11: InstallExecute. Return value 3.
MSI (s) (98:70) [12:28:11:908]: Note: 1: 2265 2:  3: -2147287035

McAfee Endpoint Security Upgrade Failed

>> Installing SysCore: “C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe” -i VSE88P9 -q -mfetrust_killbit –oastrust_off -l “C:\Users\asmith\AppData\Local\Temp\McAfeeLogs\vse8.8.0.core_install_060517_163652.log” -etl “C:\Users\asmith\AppData\Local\Temp\McAfeeLogs\vse8.8.0.core_install_060517_163652.etl” -x vse.xml OAS ELAM AAC DiskFilter firecore_driver EmailScan ScriptScan
!> Error – SysCore install failed: 255
<= leave custom action Install_SysCore()
CustomAction Install_SysCore returned actual error code 1603 (Note: This code might not be 100% accurate if translation happened inside sandbox.)
Action ended 16:37:58: InstallExecute. Return value 3. 

VSE vse8.8.0.core_install_xxxxxx_xxxxxx.log:

parseCertificate: CertAddSerializedElementToStore
failed 80070005

Or:

[16:36:53:578] –
StartStopMFeServices: stopping
[16:36:53:578] – StartStopAllMMSServices: start=false
[16:36:53:594] – StartStopAllMMSServices: ERROR!
MmsControlCreate failed with -2146869243
[16:36:53:594] – StartStopAllMMSServices: exit=0

How to Solve McAfee Endpoint Security Errors

[11:04:49:893] – ERROR!
Signature check failed
[11:04:49:893] – ValidateDocument: return=0
[11:04:49:893] – ERROR! While validating document

[11:04:49:893] – StartHIP: policy
disable 0 service stopped 0

[11:04:49:893] – Returning 4294967295
 

ENS McAfee_Common_VScore_Install_date/time.log:

AAC is not installed. Err=-2146869243
ERROR! Failed to create AAC Control. Err=-2146869243
StartStopAllMMSServices: ERROR! MmsControlCreate failed with
-2146869243

ENS McAfee_MfeEpAac_date/time.log: 

VerifyParentEntryPointIsMcAfeeSigned:
VerifyProcess PID[2340] LastErr 0x80096005 The time stamp signature or
certificate could not be verified or is malformed.
LastErr 0x80096005 The time stamp signature or
certificate could not be verified or is malformed.

ENS McAfee_Common_Bootstrapper_date/time.log:

Running application to gain installer exclusion failed: 2148098053
Gain installer exclusion through mfeEpAAC MFEPROTECT failed
Trying to gain installer exclusion now by mfeEpAAC protected with MFEINSTALL
Extracting MfeEpAac.exe: C:\Windows\TEMP\MfeEpAac.exe
Extraction successful
This is a 64-bit system
“C:\Windows\TEMP\MfeEpAac.exe” -add -rootlocation “C:\Program Files\McAfee\Endpoint Security” -rootlocation “C:\Program Files (x86)\McAfee\Endpoint Security” -folder “C:\ProgramData\McAfee\Endpoint Security”
PROCESS return code: 3221225506
Running application to gain installer exclusion failed: 3221225506

NOTE: Error codes 0x80096005 and -2146869243 translate to: TRUST_E_TIME_STAMP – Could not verify the time stamp or it is malformed. The error might be due to failure in validating certificate information.

How to install Endpoint Security for Mac 

PROBLEM

Failure in installation of A VSE
8.8 patch. The rollback mechanism also crashes. This failure leads to corrupted
installation of VSE within the system and puts an end to the mechanism of
McAfee Validation Trust Protection Service. In addition to that, the VSE
OnAccessScanner is left in a disabled state.

The text in VSE installation logs
present in the C:\Windows\Temp\McAfeeLogs
are as follows:

VSE88_Patch_xxxxxx_xxxxxx.log:

>> Installing SysCore:
“C:\Program Files (x86)\McAfee\VirusScan
Enterprise\VSCore\x64\mfehidin.exe” -i VSE88P7 -q -mfetrust_killbit -l
“C:\Windows\TEMP\McAfeeLogs\vse8.8.0.core_install_041416_090556.log”
-etl “C:\Windows\TEMP\McAfeeLogs\vse8.8.0.core_install_041416_090556.etl”
-x vse.xml OAS ELAM AAC DiskFilter firecore_driver EmailScan ScriptScan
!> Error – SysCore install failed: 255
<= leave custom action
Install_SysCore_Patch()
CustomAction Install_SysCore_Patch returned actual error code
1603 (Note: This code might not be 100% accurate if translation happened inside
sandbox.)
MSI (s) (DC:14) [09:06:35:968]: User policy value
‘DisableRollback’ is 0
MSI (s) (DC:14) [09:06:35:968]: Machine policy value
‘DisableRollback’ is 0

vse8.8.0.core_install_xxxxxx_xxxxxx.log:

[10:06:12:062] –
GetAccessAndDeleteFile: FileDelete(C:\Program Files (x86)\Common
Files\McAfee\SystemCore\mcvssnmp.dll) failed with error 5
[10:06:12:062] – GetAccessAndDeleteFile: FileDelete(C:\Program
Files (x86)\Common Files\McAfee\SystemCore\mcvssnmp.dll.a5a7.deleteme) failed
with error 2

[10:06:20:859] – Install error: un-winding install

[10:06:22:452] – ERROR! Failed to create AAC Control.
Err=-2146762486

[10:06:22:500] – Returning 4294967295

Problem

A failure in A VSE 8.8 patch
management extension upgrade declares further mentioned message in the Orion.log (\Program Files(x86)\McAfee\ePolicy
Orchestrator\Server\Conf\Orion):

BUILD FAILED
D:\PROGRA~1\McAfee\EPOLIC~1\server\extensions\installed\VIRUSCAN8800\8.8.0.448\install.xml:78:
com.mcafee.orion.core.cmd.
CommandException: APPolicyMigrateCommand: Failed to create AP
config

The major
reason for the occurrence of this problem is a certification validation error
while creating the APConfig object. The product
failed to validate the required DLL certificate. Hence, it is unable to create
the APConfig object for updating the policy.

PROBLEM

Once you upgrade the extensions
for VSE 8.8 patch, the data in fields for Categories and Rules is nil in the
VSE Access Protection policies.

PROBLEM

Once you upgrade the extensions
for VSE 8.8 patch, the data in fields for Rules is nil in the VSE Access
Protection policies.

PROBLEM

In case one or multiple root certificates are
missing, update that utilizes the nnnnxdat.exe (V2) or V3_nnnndat.exe (V3) package fails.

PROBLEM

The core installation log has reported the
following error:

Warning: Certificate
– not found in Root

The errors in the product core installation log are similar to the below mentioned examples:

NOTE: In the core installation log, the title of certificate may tend to differ.

MACC mac_mpt.log

[09:14:16:612] – Total 1 Warning Value present
[09:14:16:612] – Code [0x60001100] : A required certificate couldn’t be located in certificate store.
[09:14:16:612] – Total 1 Error Value present
[09:14:16:612] – Code [0x20005011] : Internal error has occurred during installation.
[09:14:16:612] – Warning: Certificate UTN-USERFirst-Object – not found in Root.
[09:14:16:628] – Warning: Certificate GlobalSign Root CA – R1 – not found in Root.
[09:14:16:628] – Exit code will be 4294967295

VSE VSEInst_.log

[10:39:15:420] – Warning: Certificate UTN-USERFirst-Object – not found in Root.
[10:39:15:420] – RecordActionCode: Action Result 1 Category 1 Message 16 (Final 0x60001100).
[10:39:15:436] – Warning: Certificate GlobalSign Root CA – R1 – not found in Root.
[10:39:15:436] – LoadElamPplCerts: Ensure PPL certificates are loaded in the OS
[10:39:15:436] – StartStopMFeServices: stopping
[10:39:15:436] – StartStopAllMMSServicesExceptVTP: start=false
[10:39:15:436] – StartStopAllMMSServicesExceptVTP: ERROR! MmsControlCreate failed with -2146762486
[10:39:15:436] – StartStopAllMMSServicesExceptVTP: exit=0
[10:39:15:436] – ERROR: StartStopMfeServices: failed to stop services…
[10:39:15:436] – StartStopMFeServices: return=0
[10:39:15:436] – ERROR! while stopping services.

Cause

One or more than one of the below
mentioned certificatesare missing:

• Root certificates:
  • AAA Certificate Services
  • AddTrust External CA Root
  • GlobalSign
  • GlobalSign Root CA
  • Microsoft Code Verification Root
  • USERTrust RSA Certification Authority
  • UTN-USERFirst-Object
  • Verisign Universal Root Certification Authority
  • Verisign Class 3 Public Primary Certification Authority – G5

Intermediate Certification Authorities certificates:

• AddTrust External CA Root

• COMODO RSA Code Signing CA

• GlobalSign

• GlobalSign Root CA

• GlobalSign CodeSigning CA – G3

• GlobalSign CodeSigning CA – SHA256 – G3

• McAfee Code Signing CA 2

• McAfee OV SSL CA 2

• USERTrust RSA Certification Authority

Verisign Class 3 Code Signing 2010 CA

The recent McAfee binaries have been tied and signed with up-to-date SHA-1 and SHA-256 certificates. In order to validate the digital signatures, the root certificates are required. These certifications are not distributed by Microsoft. For McAfee activation get in touch with our professional experts.

There are various reasons for root certificates getting missed. The reasons may include following causes, but no necerssarily:

• An administrator ended up removing the certificate from the system.
• The connectivity to an online network is missing from the system. It is highly required for performing a Root Auto-update (An automated root updating).
• The root certificate update is prevented by a group policy that is working effectively:
• The value in registry

HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate is set to 1.

• The registry key HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots exist.

Solution

The certificates required to validate the digital signature should be imported. The product is successfully installed or updated once you install the certificates.

• The missing root certificates must be installed in the physical Third-Party Trusted Root Certification Authorities supply. (AAA Certificate Services, AddTrust External
  CA Root, GlobalSign, GlobalSign Root CA, Microsoft Code Verification Root,
  USERTrust RSA Certification Authority, UTN-USERFirst-Object, Verisign Class 3
  Public Primary Certification Authority – G5, and Verisign Universal Root
  Certification Authority)
• The missing Intermediate
  Certification Authorities Certificates must be installed in the physical Intermediate Certification Authorities store. (AddTrust External CA Root, COMODO RSA Code Signing CA, GlobalSign, GlobalSign CodeSigning CA – G3, GlobalSign CodeSigning CA – SHA256 – G3, GlobalSign Root CA, McAfee Code Signing CA 2, McAfee OV SSL CA 2, USERTrust RSA Certification Authority (2028), and Verisign Class 3 Code Signing 2010 CA)

OPTION 1: The certificate can be installed with the help of Active Directory group policy

It is highly recommended by McAfee to install the ertificates using Active Directory group policy in case of wide deployment. If you need to know how you can deploy changes in the registry with the help of group policy, you must read the following article by Microsoft: https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx.

The registry change must be deployed for Computer policy instead of User policy. If you wish to learn about detailed instructions on how a certificate can be added using group policy, please check out KB92948.

OPTION 2: The certificate can be installed directly into the system.

In case you have only one or only a few systems, you may try following the further mentioned files for installing the certificates directly on the system. Or, you can try installing the certificates in seclusion by utilizing a suitable managerial deployment methodology.

To begin with installing the certificates:

• Download the following file: USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.bat.txt
  and rename it to
  USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.bat. Then,
  finally run it.
• Download the file: USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.reg.txt
  and rename it
  to USERFirst_and_VeriSign_and_Comodo_and_GlobalSign_and_USERTrust.reg.
  Then, finally run it.

SOLUTION

Addressal of problem that hinders the automated updating of root certificates on the system.

The management of root certificate stores are allowed by Microsoft. Although, there are various group policy objects and automated updates. If you require to know more about this issue, please visit: https://technet.microsoft.com/en-us/library/cc749331(v=ws.10).aspx. The administration of certificate storage does not come under the technical support level.

In case the group policy hinders
the root certificate update, please try using the below mentioned solution:

CAUTION:

In this article, you get to learn
about information regarding opening or modifying the registry.

• This particular information is considered for System Administrators. The modifications in registry cannot be reversed and they may cause a complete failure in the system if it is conducted wrongly.
• It his highly recommended by the Technical Support Experts to back up the data in registry and carefully understand the entire registry process prior to proceeding with the registry modifications. If you want more details on this, please refer to: https://support.microsoft.com/kb/256986.
• Running a REG file which does not possess any confirmation as an authentic registry import file should be strictly avoided.
• Change the value of registry for:

HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate from 1 to 0

NOTE: In case you are creating this change with the use of group policy for wide-level deployment, the Group Policy Object (GPO) for this purpose is at: Computer Configuration, Administrative Templates, System, Internet Communication Management, Internet Communication settings, Turn off Automatic Root Certificates Update. Change Turn off Automatic Root Certificates Update from Enabled to Disabled.

1. Press Windows+R, type regedit, and click OK.
   1. Navigate to HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate.
   1. Change the value from 1 to 0.
   1. Exit the registry editor.

• If present, remove the registry key ProtectedRoots, which is at HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots:
  • Press Windows+R, type regedit, and click OK.
  • Navigate to HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root.
  • Right-click ProtectedRoots, click Export, and
    choose a location in which to save a backup copy.
  • Right-click ProtectedRoots, click Delete, and
    click Yes when prompted.
  • Exit the registry editor.

Quick links: McAfee Refund / McAfee.com/activate / Login McAfee /

[INSERT_ELEMENTOR id=”11874″]