McAfee ENS WEB CONTROL outlook.exe chart.dll crash

 

01.09.2020, this is solved in 10.7.0.1607 JULY 2020 Release

Produktversion (Endpoint Security Platform)

10.7.0.1961 JUL 2020 Release

Produktversion (Endpoint Security Threat Prevention)

10.7.0.2021 JUL 2020 Release

Web Control

10.7.0.1607 JUL 2020 Release

 

 

 

On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active.

This behavior is seen up to Release 10.7.0.1675 and HOTFIX 10.7.0.1733 on 19.05.2020 and is because of the function "E-Mail annotations" in Mcafee Web Control Module from ENS (Endpoint security).

This function will check existing URL in existing E-Mail and if the URL is Malicious Block or warn the user WITHIN the E-Mail.

For Mcafee to draw that warning it needs chart.dll. On some systems there is know old story with mix of chart.dll (We are unsure of 32/64 or language MIX like German and English lead finally MS side to this error but Google is full of it). Mainly it's because Windows itself has a chart.dll and there is a version from Office. Those are different.

Error your see:

"Required file chart.dll not found in your path. Install Microsoft Outlook again"

"Die erfoderliche Datei chart.dll wurde"

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

 

Event

Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 16.0.4954.1000, Zeitstempel: 0x5df956bf

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.18362.628, Zeitstempel: 0x54734dee

Ausnahmecode: 0xc06d007e

Fehleroffset: 0x00113db2

ID des fehlerhaften Prozesses: 0x2bac

Startzeit der fehlerhaften Anwendung: 0x01d5e67e5d8b1520

Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE

Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll

Berichtskennung: 55ace164-ec8b-4166-8170-8616d13f0366

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

 

Version 16.0.4924.1000 +"chart.dll"

 

For Mcafee to draw that warning it needs chart.dll. On some systems there is know old story with mix of chart.dll (We are unsure of 32/64 or language MIX like German and English lead finally MS side to this error but Google is full of it). Mainly it's because Windows itself has a chart.dll and there is a version from Office. Those are different.

You can see what happens here. The YELLOW is when it does not find the chart.dll at that certain path.

 

 

SOLUTION:

McAfee ENS > Web Control > Optionen > Advanced Options > TURN off the FIRST OPTION (Uncheck)

View German Mcafee ENS

View EPO Policy English

 

This is what the function does. It highlights malicious URL. Here a sample from a Mcafee SECURITY FOR Exchange

Alert warning which had a malicious URL link. (This is a double alert but just to show what we talk about)

 

 

 

 

You don't have to reinstall Outlook.exe, Office, or ENS Modules. Just turn off the option.

Some Links with chart.dll (Not related to McAfee)

https://answers.microsoft.com/en-us/office/forum/office_2016-outlook/2016-outlook-has-error-message-required-file/772b47c6-ead1-4d6f-9ad1-41da627cb9c7

Links with Mcafee at askwoody.com

https://www.askwoody.com/forums/topic/outlook-2016-and-chart-dll-error-multiple-pcs/

https://community.mcafee.com/t5/Endpoint-Security-ENS/Outlook-2016-and-chart-dll-error/m-p/651239

HP W10 Phonewise Install Bluetooth error

ERROR: Install a driver failed because Bluetooth is off or unavailable.

Product: HP Phonewise Driver Install Error

Finally found a solution to a HP W10 Setup brand Problem. Had that under 1803/1809/1903. We are unsure If this was related to a CLEANUP tool we use to remove/Uninstall certain

HP bloat ware from Github. Install a driver failed because Bluetooth is off or unavailable.

This seems a rather complex installation because HP has to make sure that the BLUETOOTH drive is ON in BIOS, is active in W10 itself

And only then can install or uninstall the driver. If you look at the twi batch they are rather complex and handle reboot persistence etc.

We finally found a way to get rid of the error. There is a schedule Task running which handles the reboot persistence.

Remove that entry and you get of the warning. The RED Error we could not explain since the correct file was there AND the used

Mcafee ENS 10.7 virus protection DID not block the file.

HP PhoneWise Device Maintenance

 

 

Exchange 2016 numeric larger files under C:\Windows\Temp\SAFe\ if c: no space

Exchange 2016

McAfee Security for Exchange 8.6 SP2 (Safeservice.exe, RPCserv.exe (two instances), Postgres.exe (multiple instances))

D:\Program Files (x86)\McAfee\MSME\bin\SAFeService.exe

Server 2016

Source was: C: had no space in test lab server

If you see random Files with 96'201'998 (96MB) size under "C:\Windows\Temp\SAFe\" on your Exchange 2013/2016 those are from McAfee Security for Exchange 8.6. The shown server was a test lab running for long times a space on c: Drive did run out because it was unattended. You also see the "SAFe" directory under "D:\Program Files (x86)\McAfee\MSME\bin\lang\0409\SAFe"

Problem is finding something about thise issue since 99% google result end up in is it "safe" to delete "c:\windows\temp" ;-)

We used procmon.exe from Systernals to see what generates the files since the content is encrypted. You always have a bad feeling if you

See such files since Ransomware so maybe this helps someone once.

(From a first peek and moving files you think this is some kind of breach. Not very smart done by Mcafee…)

 

 

This event (IF your send E-Mail Alerts) should help too.

Since the Mcafee Security for Exchange OFTEN throws too much errors (RPC Crash > and it's back) people often turn those reports OFF we have seen in Mcafee Forum.

Loading the Anti-Virus Engine failed on '11/01/2018 19:19:53'.

1. Check whether the Product Update Information in the user interface is correct.
2. Check whether the corresponding folders with respect to DATs/Anti-Virus Engine version exists in the installation\\bin directory.
3. contact McAfee Technical Support.

 

Server 2016 unable to change Product key MAK in GUI (BUG)

We have a Server 2016 fully patched until 05/2019. We run a KMS-Server which does not have a SRV KMS 2016 channel activated.

PROBLEM: Strangely we can't change to Product key with the GUI. There is simply no reaction when you click "Change product key" button.

We have seen things like this under Control Panel (Unable to scroll) in W10 1903 where Dameware did not work and only possible with RDP.

 

 

 

Use the Activation Wizards to do it. In a cmd type.

slui 3

 

The wizard appears

Enter the MAK key (NOT any KMS please ;-)

You can also change the key with Commandline direct:

slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
slmgr.vbs /ato

 

Fortigate Forticlient Silent Installlevel 1 does not work on 6.X Version how to solve

 

Problem: Forticlient Silent Option to select different Module to install does not work as before with Forticlient 6.X up to 6.0.5 (FortiClientSetup_6.0.5.0209_x64)

Problem: You see an empty Forticlient Window when you open it

 

 

Explanation:

Bis jetzt gab es fuer den Forticlient:

  • Forti Configurator (Ein Tool bei welchem man die Optionen wählen konnte und dann gleichzeitig ein CONFIG file mitgeben und es machte am Schluss ein MSI)
  • Ein Windows Installer OPTION INSTALLLEVEL (Mit dieser konnte man bis Forticlient 5.9.X sagen was man will (SSLVPN/VPN/Antivirus usw.)

 

Den Configurator gibt es nur noch auf dem Developer Network von Fortinet. Damit man dort an das File kommt MUSS man zwei Fortinet Mitarbeiter als Referenz angeben.

To get the Configurator where you can you have to open a developer account with Fortinet. And to do that you have to get approval of TWO Fortinet employees (Fortinet E-mail Addresses). That's simply because they don't want customer to modify the default install and use the ONLINE Installer so everybody tries their Antivirus and Patch Module. Before you could download the Forticlient Configurator for free und the Support Forticlient download section.

There are also other nice things there like the VPN Automation scripts and SSLVPN Commandline tools. I am sure a lot of Fortinet Customer would like to use those and don't even know they exists and swap to VPN technology from Microsoft https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/always-on-vpn-technology-overview

 

 

This thread Shows what happens when you use Installlevel=1 (As worked before with Forticlient 5.X)

https://forum.fortinet.com/tm.aspx?m=165279

https://docs.fortinet.com/document/forticlient/6.0.2/configurator-tool/823336/use-forticlient-configurator-tool-tool-for-windows

 

Forticonfigurator:

 

Nice ;-.)

 

Solution:

Use INSTALLLEVEL 3 instead of 1

 

msiexec.exe /i FortiClientSetup_6.0.5.0209_x64\forticlient.msi /quiet INSTALLLEVEL=3

The MSI package:

VPN, SSLVPN, SSO is fine for most enterprise users.

We don't see the NAC Option in the GUI even if we choose it with option 3 > We don't want that so Installlevel 1 would be the choice but that DOES not work as mentioned.

 

 

Here is the reason Fortigate makes this so complex. They want to sell EMS which can be used to Deploy Forticlient.