Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5411
Views
0
Helpful
6
Replies

McAfee HIPS causing BSOD when connected via AnyConnect 3.1

ngkuchman
Level 1
Level 1

‎12-07-2012 08:11 AM - edited ‎02-21-2020 06:32 PM

We have been seeing a growing number of complaints from users that when they are connected via AnyConnect 3.1.00495 on Windows that they are getting BSODs a few minutes after the connection is established.  We are running McAfee HIPS version 8.0 / Build Number 8.0.0.2151 / Security Content Version 8.0.0.4634 / Patch 2.  The BSOD always seems to come from mfefirek.sys with DRIVER_IRQL_NOT_LESS_OR_EQUAL.  I can stop the HIPS service in Windows and restart the computer and the BSODs stop.

4 people had this problem
Labels:
Preview file
883 KB
0 Helpful
6 Replies 6

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-08-2012 08:49 AM

Please enable minidumps on machines affected, collect minidump and a DART package from Anyconnect and open a Cisco TAC case.

We will look into the crash dump and redirect you mcaffee if it's something on their side.

0 Helpful

rdpierce
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-11-2013 06:49 AM

Any update on this?  Looks like we're possibly having the same issue.  We're in pilot with the AC 3.1 client and there are a few people who have indicated that they're experiencing blue screens.

I'm working with a couple of them to try and collect the bluescreen information but this McAfee module has been implicated.

0 Helpful

ngkuchman
Level 1
Level 1
In response to rdpierce

‎01-11-2013 06:55 AM

I have opened a TAC case and a ticket with McAfee.  Cisco has deffered the issue to McAfee as the mini-dumps all point to McAfee HIPS.  McAfee has supplied a Hotfix for HIPS, but we are still in the testing phases and don't have enough data to determine if the hotfix resolves the issue.

In testing prior to the hot fix from McAfee, several users had indicated that if they wait ~30 minutes after starting up the computer before they establish the AnyConnect session they don't get the BSOD.  You may want to see if this is the same for your users to at least give them a means to connect.

0 Helpful

rdpierce
Level 1
Level 1
In response to ngkuchman

‎01-11-2013 10:34 AM

Excellent.  Thanks so much for the quick reply.

We've only seen the issue on a couple of machines but are very early in the pilot testing.  The issue has been observed sporadically and sometimes doesn't happen at all even while using the client for hours.  Our speculation was that the HIPS agent was dormant and the crash would happen when the agent initiated an action.  Perhaps it's more a matter that the user was idle for 30+ minutes after boot-up but before initiating an AnyConnect connection.

Do you have any info on the hotfix you could share with us like case # or hotfix number so we can reference that to our McAfee support team?

0 Helpful

WL8onCisco
Level 1
Level 1
In response to ngkuchman

‎07-21-2014 09:34 AM

Where's the Patch?  

 

What is it's name?

 

Which versions of AnyConnect are fixed with it?

0 Helpful

emileneth
Level 1
Level 1

‎02-27-2014 05:31 PM

This thread is from Dec 2012. Do you know where is this patch available for downloading?

0 Helpful
Customers Also Viewed These Support Documents