The 1302 is a connection error where the communication socket could not be opened. Is there any antivirus running on that machine? Are there any .dmp files located in %windir%\Temp?
Yes to both questions. The antivirus rules would be the same across all our computers though so I would not suspect antivirus unless this particular computer were not healthy. Are there any antivirus rules that need to be in place for LANrev agents? (I may have put some in when we rolled out the product, I just don't remember.)
We do have .dmp files in the %windir%\Temp folder, is that not normal?
I peeked at your rules. Your McAfee rules are based on mine from a long time ago (note to others, Stephen and I work at the same org but different biz units) but I do have some added that you do not have. But I agree, you would see a wider problem and I don't know that my extra exclusions were necessary. You have the important one disabled "prevent running scripts from temp" so you're good there. To be sure, you can check logs in C:\ProgramData\McAfee\DesktopProtection. Those logs will tell you if something was blocked.
Note: One thing I have extra in my rules is I added LANrev Agent.exe to the low risk processes policy
Dave, The antivirus logs do not show anything blocked that I would suspect would have anything to do with LANrev. Do the .dmp files show us anything?
Patrick, I have added LANrev Agent.exe in the low risk processing policy as you pointed out. We'll see if that makes a difference.