Skip to main content

Trellix Endpoint Security 10.7.0 requires Azure Code Signing updates from April 2023

Updated
Environment
Trellix Endpoint Security (ENS) 10.7.0 April 2023 Update and later

Summary

With the ENS 10.7.0 April 2023 Update, we have implemented Azure Code Signing (ACS).
To support ACS signing, Windows platforms require specific Microsoft updates to be applied before updating to this ENS release.

Note: If you see the below error, you can find more information in the article Product install or upgrade issues due to missing root certificates:

Pre-install Check failed, Please refer Microsoft KB5022661 for more details.

Symptom

When you try to install or upgrade to the ENS 10.7.0 April 2023 Update, the installation or update to this version fails.

On a standalone Installation or upgrade, you see the following error recorded in McAfee_Endpoint_BootStrapper_<timestamp>:

<date> <time> [PID] [BootStrapperMain] Install failed return code : 577
 
On an ePolicy Orchestrator (ePO)-based deployment, you see a similar 577 error in the Trellix Agent McScript_deploy.log file:
<date> <time>    E    #4600    ScrptExe      Failed to invoke the application - error:  577
<date> <time>    I    #4600    ScrptMgr    Update failed to version Install 10.7.0.xxxx.

Note: This is a generic Microsoft error code, indicating an issue with Cryptographic Services.

In some scenarios, the Common Platform may successfully install, but the Threat Prevention Module installation fails. The McAfee_Endpoint_BootStrapper_<timestamp>.log records the following:

22/05/2024 16:08:28.567 [5408] [BootStrapperMain] Successfully installed Dependencies
22/05/2024 16:08:28.567 [5408] [BootStrapperMain] Starting modules Installation
22/05/2024 16:08:28.567 [5408] [BootStrapperMain] Proceeding to first module installation
22/05/2024 16:08:28.582 [5408] [BootStrapperMain] Installing Threat Prevention 6177.1
22/05/2024 16:10:21.746 [5408] [BootStrapperMain] Install failed return code : 1603
22/05/2024 16:10:21.809 [5408] [BootStrapperMain] [ERROR]: Module Installation Failed. Module :Threat Prevention
22/05/2024 16:10:21.809 [5408] [BootStrapperMain] Installation failed

The McAfee_ThreatPrevention_Install_<timestamp>.log records many iterations of a service start failure, and then fails with a 1603 return code.  Example:

16:10:4:433 - Error : Could not start service. Last error : 1067. Iteration : 54
16:10:5:519 - Error : Could not start service. Last error : 1067. Iteration : 55
16:10:6:630 - Error : Could not start service. Last error : 1067. Iteration : 56
16:10:7:724 - Error : Could not start service. Last error : 1067. Iteration : 57
16:10:8:818 - Error : Could not start service. Last error : 1067. Iteration : 58
16:10:9:917 - Error : Could not start service. Last error : 1067. Iteration : 59
16:10:10:942 - Error : Could not start service. Could not proceed further
CustomAction CreateAndStartService_x64 returned actual error code 1603

Cause

We have implemented ACS with the ENS 10.7.0 April 2023 Update.
To support ACS signing, Windows platforms must be updated with patches from Microsoft, before you update to this ENS release.


Solution

From Windows 10 22H2 and later, ACS support is included in monthly rollups.

The patches required by other Windows operating systems can be found in the Microsoft article Windows support for the Azure Code Signing program.

Note: Microsoft may indicate that the specific KB update has expired and recommend that you "update your devices to the latest security quality update."  To get this update, you will need to apply a security rollup or cumulative package, as the individual update is no longer available.

Powered by Zendesk