We have these products installed on our server:
2018.4 HF3, WPM 2.2.3, NPM 12.4, UDT 3.3.2, NetPath 1.1.4
Ever since going to Mcafee EndPoint 10.7 we've experienced issues. The issues:
Mcafee with everything enabled - NPM slows to a crawl and w3wp.exe begins consuming lots of cpu. WE can't run with all mcafee's modules enabled.
Mcafee with exploit prevention disabled - we appear to work fine in this mode but secteam does not like it so.
Mcafee with exploit prevention enabled and IIS excluded - this appeared to work but we recently hit issues in which mcafee blocked Solarwinds from doing its job so the system had issues and we had to revert to disabling exploit prevention.
I have provided my secteam with the exclusion link
Is anyone else running Mcafee 10.x, are you only using the above link ot is there more or other ways of performing the same to allow a happy middle ground between secteam/mcafee and solarwinds products to co-exist?
Thanks in advance!
Thanks for asking, i had completely forgotten about this post, ha...
So yeah I ended up finding out it was SCOM monitoring causing the issue (well actually APMagent which is a sub module of the scom monitoring). I removed scom (Monitoring Agent) from the npm primary server and wow, things cleared up for everyone and mcafee was happy again (and obviously SO WAS I). We were having all kinds of issues - discovery's wouldn't run right and users would have weird issues interacting with solarwinds. I was on pins and needles for nearly 8 months working on this issue. I had tickets open with solarwinds and mcafee but no real help unfortunately.
Happy this issue is in my past!!
Here is a link that describes in-depth the scom/APM agent and troubleshooting (wish i had found that article sooner).
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.