To improve performance, disable the inventory rollback feature as follows:
1.            Launch the command line interface for Solidifier.
2.            Run the following command: 

​sadmin config set IsInvbackupEnabled=0

​This feature is enabled by default and creates a backup copy of the local white-list, so if the white-list corrupts, MACC can recover it from a backup copy immediately rather than be forced to re-solidify the system. This backup copy is created during the boot sequence, which increases system boot time and cause Performance issue which we are investigating but as workaround we recommend to disable it.

If the command is run through ePO using task “run command”, then check the request response and the output of this will be seen under

Menu-> Solidcore client task log -> 
And if done locally, then check under “sadmin config show -d” output

Reboot is not required.

How to know which Hotfix or patch was installed on Exchange server with McAfee Security for Microsoft Exchange 8.0, 8.5?

Go to ePO server -> System Tree
Search and click on the exchange server.
Go to Products, Click on McAfee Security for Microsoft Exchange
Under "Product properties for McAfee Security for Microsoft Exchange" -> Hotfix/Patch Version

​you can see which Hotfix or patch is installed.
​

Great Feature ePO 5.3 - Policy and Task Retention 

If you need for any reason to remove an extension, ePO 5.3 give you an option to save all policies, task, etc. so you won't need to manually create them after re-install the extension or check-in the product.

On ePO 5.3 go to Menu -> Server setting -> Policy and Task Retention 

You can choose if to save the tasks & policies or not.

For example if you choose to Keep policy and client task data, then you remove the extension of Virus Scan

Now go to Policy Catalog
The Virus Scan policies is exists, but you can't edit, rename or delete

If you try to enter to the policy you will receive an error

When you re-install the extension you will have the same policy with normal actions

McAfee Drive Encryption 7.1.3 (DE)

Problem:

When trying to boot from recovery boot disk of McAfee Drive Encryption there is a message 
Operation system is missing.

Solution:

1.  Get a USB Drive of sufficient size to contain the OS installation files you desire to install. (this drive would need to be at least 1 GB in size)
2.  Make sure the drive is completely empty of its contents.  (There should be absolutely nothing on it, if there is and you want to keep this stuff you need to move it elsewhere now.)
3.  Plug your USB drive into a USB slot on your computer. 
4. Make certain the drive is recognized, make a note of the drive letter.  Mine happens to be F:\
5.  Go to the start menu and USING ADMINISTRATOR CREDENTIALS open a command prompt.  I right clicked on command prompt and chose to Run As Administrator.
6.  Once your command prompt is open you are going to run a series of commands using the DiskPart utility. 

Type DISKPART and click Enter

​Type LIST DISK and click Enter

Type Select Disk 1 and then click Enter

Type Clean and then click Enter

Type Create Partition Primary and then click Enter

Type Select Partition 1 and then click Enter

Type Active and then click Enter

Type EXIT and then click Enter

Go to the start menu and USING ADMINISTRATOR CREDENTIALS open a command prompt.  I right clicked on command prompt and chose to Run As Administrator.

Go to the folder that contain the files: Bootdisk.exe, EETech.RTB
​​Type format F: /FS:FAT32 /V:EETech and then click Enter (​Note: "D" - Volume of USB Device)
Click Enter to Approve
​
Bootdisk.exe EETech.RTB F:
Choose "Yes"

How to create a recovery bootable USB device for McAfee Drive Encryption(MDE)

Connect a USB device(DOK) to the computer
Open command line(CMD)
Run the following command:

Format D: /FS:FAT32 /V:EETech
Note: "D" - Volume of USB Device

Bootdisk.exe EETech.RTB D:
Choose "Yes"

To test the device - Restart an Encrypted system and boot the system from the DOK.
Make sure the recovery DOK is in the same version of the Encryption program.

McAfee Drive Encryption 7.1.x

If this still does not work or you facing an issue or error(Like 'Operation system is missing') 
click here 

Application Control former Solidcore.

Problems:

Any unusual problem like:

- After Initial scan, enable and restart getting a Blue Screen
- After Initial scan, enable and restart getting a Login screen stuck

Solution:

Reproduce the problem and investigate the logs with GatherInfo.

GatherInfo is a utility that collects information related to log files, inventory, product version, and system state, which are needed for troubleshooting.
This utility is shipped with the product and is available in the product installation directory.
The default installation directory should be:
• Windows — <System drive>\Program Files\McAfee\Solidcore\Tools\GatherInfo

If you need more help open a service request at McAfee support and upload it to them.

Issue:

When installing or upgrading to McAfee Agent 5.x or above, Virus scan could block McAfee processes.

McAfee Virus scan Access protection policy contain rules with exclude to McAfee processes, but when upgrading or install new version you also need to update the default excludes.

McAfee Agent version 5 and above have new processes names so you will need to exclude those processes in access protection policies.

Add those processes:
MASvc.exe, MACmnSvc.exe, MACompatSvc.exe

 To the following access protection rules in Exclude:
- Prevent modification of McAfee files and settings
- Prevent modification of McAfee Common Management Agent files and settings
- Prevent modification of McAfee Scan Engine files and settings

Environments:  ePO 4.x, ePO 5.x

When creating a server task you must configure a schedule - when this task will run.
One of the option is Advance.
Advance need to be configure with Cron syntax.

The Cron Syntax Contain 6 variable and another one optional, Total 7.
The variable is split in to different meaning:

​The definition will be in the following order: 

each variable can be accommodate with more then one option, each option will be divided with a comma (",").

Forward slashes (/) identify increments.

The letter "L" means "last" in the Day of Week or Day of Month fields

The letter "W" means "weekday"

The pound character "#" identifies the "Nth" day of the month

On the day of week you can choose to use number or words, like:
​
0=Sun
1=Mon
2=Tue
3=Wed
4=Thu
5=Fri
6=Sat
1,3,5=Mon,Wed,Fri

In the following example the task will run every hour and 5 minutes:
 
0 5 * * * ?

In the following example the task will run every 5 minutes:
 
0 0,5,10,15,20,25,30,35,40,50,55 * * * ?

In the following example the task will run every 10 minutes:
 
0 0/10 * * * ?

When creating a Tag you will need to configure a unique criteria.

The limit for the Properties to choose is 27.

The best way to purge McAfee DLP/HDLP events, For McAfee DLP and HDLP Version 9.3,9.4

On ePO console go to Menu-> Data Protection -> DLP Incident Manager
​

Go to Incident Tasks
​

​Click Actions

Choose a Name and write a description if you want
Choose the Filter you want, I prefer always to choose the Occurred(UTC) - Is not within the Last X Days.
Click OK to save.

​Make sure the state is Enable

Go to Menu -> Automation -> Server Tasks
Click on Actions -> New Task

Click on the drop down list next to the Actions, Choose DLP Incident tasks runner
Mark the task you created, click ok.

​Make sure that the task is want you need(with the filter you configure)
​Click Next

​Configure the schedule to run the task.

If you configure to run the task in my example - Every day at 11:00 PM, The task will purge all the events older then 90 days.
​
Click Next and save.

See the task you created.
You can also run this task manually by click on the run button

The first time the task will run maybe it will be at the beginning on status waiting, at Server Task Log screen.

Be patient!!!

you can also click on the log(while it on waiting) and you will see it started and working.

​Good Luck!!!