Application Resilience Policies for Trellix Drive Encryption

You can activate an Application Resilience policy for Trellix Drive Encryption (formerly McAfee® Drive Encryption) to collect information about the functional status of Trellix Drive Encryption installed on your Windows devices and view the results in reports. You can also configure the policy to attempt to repair or reinstall Trellix Drive Encryption and Trellix Drive Encryption Agent (formerly McAfee Endpoint Encryption Agent). In addition, you can configure the policy to repair or reinstall Trellix Drive Encryption Go (formerly McAfee Drive Encryption Go) if you select it in the policy configuration.

Application Resilience policies for Trellix Drive Encryption are supported on devices running:

  • a supported version of the Windows operating system

  • PowerShell version 5.1 or higher

    Due to PowerShell restrictions imposed by Microsoft, Application Resilience isn't supported for this application on devices running Windows 11 SE.

  • one of the following versions of Trellix Drive Encryption, Trellix Drive Encryption Agent, and Trellix Drive Encryption Go (if selected in the policy configuration):

    • 7.4.x or higher

      Significant software changes in higher versions may cause health checks to become invalid.

    • 7.0.x to 7.3.x

In addition to checking the version, the following table describes the health checks performed:

If you select Report higher versions as Compliant, higher versions report Compliant without running health checks.

Component Test performed
Services Installed Running Signed by
  • Trellix Drive Encryption Agent (MfeEpeHost.exe)
  • Trellix Drive Encryption SGX Service (MDECryptService.exe)
  • Trellix Drive Encryption Go (EegoService.exe)1
 P P

One of the signers entered in the policy configuration

By default, Signers contains "MUSARUBRA US LLC".
Application name

The application uses one of the following names:

  • Trellix Drive Encryption Agent

  • McAfee Endpoint Encryption Agent

1 Only checked if selected in the policy configuration

In addition to checking the version, the following table describes the health checks performed:

If you select Report higher versions as Compliant, higher versions report Compliant without running health checks.

Component Test performed
Services Installed Running Signed by
  • McAfee Endpoint Encryption Agent (MfeEpeHost.exe)
  • McAfee Drive Encryption SGX Service (MDECryptService.exe)
  • McAfee Drive Encryption Go (EegoService.exe)1
 P P

One of the signers entered in the policy configuration

By default, Signers contains "McAfee, Inc.".
Application name

The application uses one of the following names:

  • Trellix Drive Encryption Agent

  • McAfee Endpoint Encryption Agent

1 Only checked if selected in the policy configuration

You can configure an Application Resilience policy for Trellix Drive Encryption to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to attempt to repair Trellix Drive Encryption, Trellix Drive Encryption Agent, or Trellix Drive Encryption Go (if selected in the policy configuration) if they aren't functioning, or reinstall them if they are missing or can't be repaired.

Depending on the Absolute product licenses associated with your account, the Report and repair and Report, repair, and reinstall options may not be available.

The RAR component of the Secure Endpoint Agent can respond to the following issues:

Issue Resolution
Repair

One or more of the following services aren't running:

  • Trellix Drive Encryption Agent (MfeEpeHost.exe)
  • Trellix Drive Encryption SGX Service (MDECryptService.exe)
  • Trellix Drive Encryption Go (EegoService.exe)1

The RAR component restarts each stopped service.

One or more of the following services aren't installed and the service's executable can be detected on the device:

  • Trellix Drive Encryption Agent (MfeEpeHost.exe)
  • Trellix Drive Encryption SGX Service (MDECryptService.exe)
  • Trellix Drive Encryption Go (EegoService.exe)1

The RAR component reinstalls each missing service.
Reinstall

Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken.

One or more of the following services aren't installed and the service's executable cannot be detected on the device:

  • Trellix Drive Encryption Agent (MfeEpeHost.exe)
  • Trellix Drive Encryption SGX Service (MDECryptService.exe)
  • Trellix Drive Encryption Go (EegoService.exe)1

The RAR component downloads and installs the configured version of Trellix Drive Encryption or Trellix Drive Encryption Agent.

If Trellix Drive Encryption Go is installed, the RAR component uninstalls it. After Trellix Drive Encryption Go is uninstalled, or if it wasn't installed, the RAR component downloads and installs the configured version of Trellix Drive Encryption Go1.
Trellix Drive Encryption, Trellix Drive Encryption Agent, or Trellix Drive Encryption Go1 failed to be repaired, or the expected versions aren't installed

1 Only checked if selected in the policy configuration

Issue Resolution
Repair

One or more of the following services aren't running:

  • McAfee Endpoint Encryption Agent (MfeEpeHost.exe)
  • McAfee Drive Encryption SGX Service (MDECryptService.exe)
  • McAfee Drive Encryption Go (EegoService.exe)1

The RAR component restarts each stopped service.

One or more of the following services aren't installed and the service's executable can be detected on the device:

  • McAfee Endpoint Encryption Agent (MfeEpeHost.exe)
  • McAfee Drive Encryption SGX Service (MDECryptService.exe)
  • McAfee Drive Encryption Go (EegoService.exe)1

The RAR component reinstalls each missing service.
Reinstall

Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken.

One or more of the following services aren't installed and the service's executable cannot be detected on the device:

  • McAfee Endpoint Encryption Agent (MfeEpeHost.exe)
  • McAfee Drive Encryption SGX Service (MDECryptService.exe)
  • McAfee Drive Encryption Go (EegoService.exe)1
 The RAR component downloads and installs the configured version of McAfee Drive Encryption, McAfee Endpoint Encryption Agent, or McAfee Drive Encryption Go1.
McAfee Drive Encryption, McAfee Endpoint Encryption Agent, or McAfee Drive Encryption Go1 failed to be repaired, or the expected versions aren't installed

1 Only checked if selected in the policy configuration

For each application, you can add a 32-bit installer, a 64-bit installer, or both. The installers:

  • must be MSI files

  • can have any file name

The RAR component looks for the following files names when checking pre-cached installers:

Component File name
Installers
  • McAfeeEEAgent.msi
  • McAfeeDE.msi
  • McAfeeDEGo.msi1

1 Only required if selected in the policy configuration

Before you activate an Application Resilience policy, you need to configure the policy. You need to configure the application version in addition to the settings in Configuring Application Resilience policies.

To configure the application versions:

  1. Under Application version, select 7.4.* or higher from the drop-down.

  2. Under Trellix Drive Encryption Agent (formerly McAfee Endpoint Encryption Agent) version, enter the version of Trellix Drive Encryption Agent you expect to be running on your devices.

    • The target version must be a sequence of digits separated by a period.
    • You can use wildcard "*" characters after the major version number, for example, 7.*, 7.4.*, or 7.4.2.*.

    Make sure the version you are entering is consistent with version 7.4.x or higher.

  3. Under Trellix Drive Encryption (formerly McAfee Drive Encryption) version, enter the version of Trellix Drive Encryption you expect to be running on your devices.

    • The target version must be a sequence of digits separated by a period.
    • You can use wildcard "*" characters after the major version number, for example, 7.*, 7.4.*, or 7.4.2.*.

    Make sure the version you are entering is consistent with version 7.4.x or higher.

  4. [Optional] If you want to monitor the health of Trellix Drive Encryption Go, select the Select this option to monitor Trellix Drive Encryption Go (formerly McAfee Drive Encryption Go) checkbox.

  5. [Optional] Under Trellix Drive Encryption Go version, enter the version of Trellix Drive Encryption Go you expect to be running on your devices if you selected the Select this option to monitor Trellix Drive Encryption Go (formerly McAfee Drive Encryption Go) checkbox.

    • The target version must be a sequence of digits separated by a period.
    • You can use wildcard "*" characters after the major version number, for example, 7.*, 7.4.*, or 7.4.2.*.

    Make sure the version you are entering is consistent with version 7.4.x or higher.

If you selected the Report, repair, and reinstall option, you also need to configure this setting in addition to the settings in Configuring Application Resilience policies.

To configure the Trellix Drive Encryption specific setting:

[Optional] To only reinstall the application if it's missing, select the checkbox next to Do not reinstall or upgrade if the app is already installed. When this option is selected, the application is not reinstalled when either of the following conditions apply:

  • The application version is lower than the expected version.
  • The application can't be repaired.

Before you activate an Application Resilience policy, you need to configure the policy. You need to configure the application version in addition to the settings in Configuring Application Resilience policies.

To configure the application versions:

  1. Under Application version, select 7.0.* - 7.3.* from the drop-down.

  2. Under Trellix Drive Encryption Agent (formerly McAfee Endpoint Encryption Agent) version, enter the version of McAfee Endpoint Encryption Agent you expect to be running on your devices.

    • The target version must be a sequence of digits separated by a period.
    • You can use wildcard "*" characters after the major version number, for example, 7.*, 7.2.*, or 7.2.10.*.

    Make sure the version you are entering is consistent with version 7.0.x to 7.3.x.

  3. Under Trellix Drive Encryption (formerly McAfee Drive Encryption) version, enter the version of McAfee Drive Encryption you expect to be running on your devices.

    • The target version must be a sequence of digits separated by a period.
    • You can use wildcard "*" characters after the major version number, for example, 7.*, 7.2.*, or 7.2.10.*.

    Make sure the version you are entering is consistent with version 7.0.x to 7.3.x.

  4. [Optional] If you want to monitor the health of McAfee Drive Encryption Go, select the Select this option to monitor Trellix Drive Encryption Go (formerly McAfee Drive Encryption Go) checkbox.

  5. [Optional] Under Trellix Drive Encryption Go version, enter the version of McAfee Drive Encryption Go you expect to be running on your devices if you selected the Select this option to monitor Trellix Drive Encryption Go (formerly McAfee Drive Encryption Go) checkbox.

    • The target version must be a sequence of digits separated by a period.
    • You can use wildcard "*" characters after the major version number, for example, 7.*, 7.2.*, or 7.2.10.*.

    Make sure the version you are entering is consistent with version 7.0.x to 7.3.x.