Topic: McAfee VirusScan Enterprise Version 8.5i Patch 8 (Download)

[Samker]

McAfee VirusScan Enterprise protects your desktop and file servers from a wide range of threats, including viruses, worms, Trojan horses, and potentially unwanted code and programs. McAfee VirusScan® 8 takes anti-virus protection to the next level, integrating elements of intrusion prevention and firewall technology into a single solution for PCs and file servers. This powerful combination delivers truly proactive protection from the newest of today’s threats-including buffer - overflow exploits and blended attacks - and features advanced outbreak management responses to reduce the damage and costs of outbreaks. Everything is managed by McAfee ePolicy Orchestrator® or ProtectionPilot™ for scalable security policy compliance and graphical reporting.



Release Notes for McAfee(R) VirusScan(R) Enterprise Version 8.5i Patch 8
            Copyright (C) 2009 McAfee, Inc.
                  All Rights Reserved
==========================================================

Patch Release:    January 27, 2009

This release was developed and tested with:

- VirusScan Enterprise: 8.5i
- DAT Version:          5474, December 24, 2008
- Engine Version:       5.3.00

Make sure you have installed these versions, or later,
before using this release.

==========================================================


Thank you for using VirusScan(R) Enterprise software.
This file contains important information regarding this
release. We strongly recommend that you read the entire
document.

__________________________________________________________
WHAT'S IN THIS FILE

-   About This Release
   -   Purpose
 
-   Improvements

-   Resolved Issues
   -   Patch 8 Resolved Issues
   -   Patch 7 Resolved Issues
   -   Patch 6.1 Resolved Issues
   -   Patch 6 Resolved Issues
   -   Patch 5 Resolved Issues
   -   Patch 4 Resolved Issues
   -   Patch 3 Resolved Issues
   -   Patch 2 Resolved Issues
   -   Patch 1 Resolved Issues
   -   Known Issues
   -   Files Included With This Release

-   Installation
   -   Installation Requirements
   -   Installation Steps
   -   Installation Steps via ePolicy Orchestrator
   -   HotFix/Patch Reporting
   -   Verifying the Installation
   -   Removing the Patch

-   Copyright & Trademark Attributions

-   License Information


__________________________________________________________
ABOUT THIS RELEASE


PURPOSE

This release contains updated binaries in a single
Microsoft Patch installer to address all items listed
in "Resolved Issues" below.

For the most up-to-date copy of this Readme
information, refer to McAfee Support KnowledgeBase
article 60415.

Patch 8 is a High Priority release. See McAfee Support
KnowledgeBase article 614038 for information on
ratings.

__________________________________________________________
IMPROVEMENTS

1.  VirusScan Enterprise with the AntiSpyware Module
    can now be set so that it no longer places cookie
    detections in the quarantine folder.  They instead
    are deleted permanently as part of the clean
    action.

    NOTE:
    By setting the DWORD "DisableCookieBackups"
    registry entry to 1, cookie detection quarantines
    no longer occur.

    HKLM\SOFTWARE\McAfee\VSCore

2.  The on-demand scanner has been updated to better
    use the System Utilization setting throughout the
    entire scanning process.

    Refer to McAfee Support KnowledgeBase article
    9197288 for further information.

3.  This Patch contains a new Buffer Overflow and
    Access Protection DAT (version 378), which adds an
    Access Protection category for Virtual Machine
    Protection. These rules provide access protection
    functionality for virtual machines.

    NOTE:
    To manage the new Virtual Machine Protection
    category with ePolicy Orchestrator 3.x or
    ProtectionPilot, you must use the latest NAP file,
    which is included in this Patch package, or
    VirusScan 8.5i Repost Patch 5.

    For ePolicy Orchestrator 4.x users, the Extension
    update also contains the updated rule file. The
    updated Extension package is available on the web
    product download area under the Patches category.

__________________________________________________________
RESOLVED ISSUES

The resolved issues are divided into subsections per
patch, showing when each fix was added to the
compilation.


PATCH 8 RESOLVED ISSUES

1.  ISSUE:
    In Patch 7, the McShield resource files were
    missing some string tables that were responsible
    for On-Access Scan and On-Demand Scan status.

    RESOLUTION:
    McShield.dll has been corrected to include all the
    proper strings for displaying information on
    non-English installations.

2.  ISSUE:
    A timing issue could occur during the import of the
    McAfee Installation Designer (MID) configuration.
    During the installation of VirusScan Enterprise,
    the temporary registry information sometimes was
    not available before the registry editor attempted
    to apply the settings.  The process generated an
    application event, ID 1006, while the registry
    editor attempted to reapply the settings until it
    was successful.

    RESOLUTION:
    The McAfee Installation Designer configuration
    applicator was revised to no longer report the
    error, because it does not represent a true failure
    in the process.

    NOTE:
    To prevent the generation of this error, use the
    repost package that includes this Patch release.

3.  ISSUE:
    On multi-processor systems that receive files from
    remote clients, some instructions were being
    executed frequently and unnecessarily, acquiring an
    exclusive lock on all processors.  This created a
    bottleneck in the file I/O being written to disk.

    RESOLUTION:
    The link driver has been revised to eliminate the
    described bottleneck.

4.  ISSUE:
    Access Protection block rules that were created for
    USB devices sometimes did not handle removing and
    reinserting the device multiple times.

    RESOLUTION:
    The Access Protection, Anti-Virus Filter, and Link
    drivers have been updated to better handle
    re-hooking the device.

5.  ISSUE:
    The On-Access Scanner was not properly utilizing
    the "Scan files opened for Backup" option.

    RESOLUTION:
    The Anti-Virus Filter driver has been rectified to
    properly interpret the flag being sent from the
    On-Access Scanner.

6.  ISSUE:
    Certain detections with multiple infections or
    clean actions were logging the action two times.
    One entry was made during the middle of the
    process, and the other during the final
    resolution.

    RESOLUTION:
    The Common Shell scanner has been updated to report
    only the final resolution of the detection.

7.  ISSUE:
    The repair option for McAfee AntiSpyware Enterprise
    Module would execute during the patch process. This
    caused the cookie and registry scan targets to be
    re-added to On-Demand Scan tasks that were removed
    by the user.

    RESOLUTION:
    The patch installer has been updated to preserve
    the On-Demand Scan anti-spyware scan targets.


PATCH 7 RESOLVED ISSUES

1.  ISSUE:
    When installing a VirusScan Enterprise 8.5i patch,
    the existing On-Access Scanner service might fail
    to unload. This leads to two instances of the
    service, with one consuming a high amount of CPU
    usage.

    RESOLUTION:
    The On-Access Scanner service had been updated to
    avoid a runaway thread scenario that caused the
    service, being replaced, to not stop.

    NOTE:
    To avoid this issue while installing Patch 7 or
    later, install HF427887 first.  Refer to McAfee
    Support KnowledgeBase article 616344 for further
    information.

2.  ISSUE:
    Changes to the VirusScan Enterprise core subsystem
    disabled performance optimization for handling
    frequent write actions to INI and LOG files.

    RESOLUTION:
    The Anti-Virus Filter Driver was corrected to
    ensure that scanning of specified file extensions
    is optimized, as in previous versions.

3.  ISSUE:
    A three-party deadlock occurred, causing the
    On-Access Scanner to become blocked until it times
    out. This causes the scanner service to time out
    and eventually self-terminate.

    RESOLUTION:
    The Common Shell scanner has been updated to
    prevent the On-Access Scanner from becoming blocked
    while the security libraries are loaded by the
    system.

4.  ISSUE:
    The extended reports NAP contained some ePolicy
    Orchestrator stored procedures that were needed to
    add support for the VirusScan product line.  The
    ePolicy Orchestrator patches have since made new
    modifications to the same stored procedures.
    Therefore, when the VirusScan extended reports NAP
    is checked in after the new ePolicy Orchestrator
    modified procedures are in place, they are
    overwritten and the newer functionality is lost.

    RESOLUTION:
    The VirusScan extended reports NAP has been revised
    to no longer replace the ePolicy Orchestrator
    stored procedures.

5.  ISSUE:
    If the Lotus Notes client is running during
    uninstall of VirusScan Enterprise 8.5i, the Lotus
    Notes Scanner entries might not be properly removed
    from the NOTES.INI file. This can cause the Lotus
    Notes client to crash on subsequent starts.

    RESOLUTION:
    The Lotus Notes Scanner module has been corrected
    to remove its entries in the NOTES.INI file for all
    scenarios.

6.  ISSUE:
    The VirusScan Enterprise Patch installer did not
    correctly preserve the MIDFileTime registry value.
    This caused the McAfee Installation Designer (MID)
    .CAB files to be re-applied at the time of
    installation.

    RESOLUTION:
    The Patch installer has been updated to correctly
    preserve the binary value of MIDFileTime.

7.  ISSUE:
    Changes made in Microsoft Vista SP1 and later, in
    how the operating system opens/views network files,
    caused delays in opening new network paths, with
    the On-Access Scanner’s Network Scanning feature
    enabled.

    RESOLUTION:
    The link driver has been modified to use a
    different method of accessing the network resources
    that avoids the delays imposed by the operating
    system change.

8.  ISSUE:
    A 7E bugcheck (blue screen) might occur if an
    application shut down immediately after sending
    data over the network.

    RESOLUTION:
    The link driver has been revised to better handle
    data that is transmitted by applications after the
    driver has stopped.

9.  ISSUE:
    When the VirusScan NAP is checked in, it runs a
    script that enables anti-spyware settings in
    policies and tasks, if the AntiSpyware 8.5 module
    NAP is in the ePolicy Orchestrator repository. The
    intended purpose of the script is similar to the
    local AntiSpyware module installer, which enables
    its settings when installed on a local system.

    RESOLUTION:
    The VirusScan NAP has been updated so that the
    script is disabled during check-in of the VirusScan
    NAP package.  This prevents the anti-spyware
    settings from being enabled when updating the
    VirusScan NAP.

    NOTE:
    The McAfee AntiSpyware 8.5 module NAP has the same
    script in it. This means that if the McAfee
    AntiSpyware 8.5 module NAP is installed after the
    VirusScan NAP, the anti-spyware settings are still
    enabled.

10. ISSUE:
    Servers that deal with many file writes were
    becoming unresponsive.

    RESOLUTION:
    The anti-virus filter driver was revised to
    correctly filter and dispatch scans on write.


PATCH 6.1 RESOLVED ISSUES

1.  ISSUE:
    An issue can occur when the 5300 engine is
    installed prior to installing VirusScan 8.5i Patch
    6.  The scanner engine files are partially
    overwritten with the previous 5200 version that is
    stored in the MSI cache.  This mismatch causes the
    scanner engine to fail to initialize.

    RESOLUTION:
    The Patch installation package has been updated to
    correct this issue, and does not overwrite the
    engine files.


PATCH 6 RESOLVED ISSUES

1.  ISSUE:
    The VirusScan Enterprise management plug-in writes
    all settings to the registry on every policy
    enforcement.  McShield service monitors the
    registry and reloads whenever the settings are
    written, generating frequent pause events in the
    Windows System log.

    RESOLUTION:
    The VirusScan Enterprise management plug-in has
    been updated to only write to the registry if it
    sees that it is different from the current policy.
    This will prevent McShield from generating events
    on policy enforcement, unless that policy has
    changed.

    This is an addendum to the original solution in
    Patch 5, where the fix did not work when the
    preferred language was set to something other than
    automatic.

2.  ISSUE:
    A compatibility issue has been seen with
    VirusScan’s port blocking feature, and Veritas
    backup applications.  This was causing the backup
    software services to stop running.

    RESOLUTION:
    The VirusScan Anti-Virus Mini-Firewall Driver has
    been updated to correct the compatibility issue.

3.  ISSUE:
    A race condition in the On-Access Scanner service
    can cause high CPU utilization with high
    performance systems.

    RESOLUTION:
    The On-Access Scanner service has been updated to
    remedy multi-threading synchronization issues and
    remove occurrences of runaway threads.

4.  ISSUE:
    The On-Access Scanner service sometimes crashes
    during a system shutdown or during installation of
    a Patch/HotFix.

    RESOLUTION:
    The On-Access Scanner service has been repaired to
    correct a race condition in which a
    critical-section synchronization object is deleted
    before another thread has entered.

5.  ISSUE:
    A deadlock could occur on high end servers caused
    by a race condition in VirusScan’s link driver.

    RESOLUTION:
    The link driver has been changed to properly handle
    the release of system objects, while holding a lock
    on resources.

6.  ISSUE:
    Port blocking fails on Microsoft Windows Vista
    Service Pack 1.

    RESOLUTION:
    The McAfee Driver Installer has been update to
    handle the changes in network stack load order.

7.  ISSUE:
    The On-Demand Scanner system utilization changes
    that were put in patch 5 changed the memory
    scanning function. This caused the process scanning
    to only scan the first process ID.

    RESOLUTION:
    The change has been reversed so that all processes
    are scanning irrespective of process ID.

8.  ISSUE:
    When applied to a client installation that was
    customized by McAfee Installation Designer (MID),
    the patch installer deletes the MidFileTime
    registry value.  This caused MID .CAB files to be
    re-applied to the system.

    RESOLUTION:
    The patch installer has been updated to no longer
    delete the MidFileTime registry value.

9.  ISSUE:
    A newly created user defined Unwanted Program
    Policy, does not take effect immediately if the
    file has been scanned by the On-Access Scanner
    before the change occurred.

    RESOLUTION:
    The On-Access Scanner service has been updated to
    properly recognize changes to the user defined
    detections and clear the cache of files that have
    already been scanned so that the new settings take
    effect immediately.

10. ISSUE:
    A trust relationship exists in McAfee drivers that
    can be leveraged by McAfee processes to avoid
    triggering access protection rules and other
    compatibility symptoms. When the link driver was
    updated to newer releases this trust relationship
    was lost until a reboot occurred.

    RESOLUTION:
    The link driver has been modified to better handle
    the process of future upgrades to itself without
    the need for a reboot.


PATCH 5 RESOLVED ISSUES

1.  ISSUE:
    Disabling the On-Access Scanner from the console is
    not always possible when users with sufficient
    privileges belonged to large numbers of user
    groups.

    RESOLUTION:
    VirusScan Statistics has been updated so that users
    with sufficient privileges can now disable the
    On-Access Scanner from the console regardless of
    how many user groups they belong too.

2.  ISSUE:
    The VirusScan Enterprise management plug-in writes
    all settings to the registry on every policy
    enforcement.  McShield service monitors the
    registry and reloads whenever the settings are
    written, generating frequent pause events in the
    Windows System log.

    RESOLUTION:
    The VirusScan Enterprise management plug-in has
    been updated to write to the registry only if it
    sees that it is different from the current policy.
    This prevents McShield from generating events on
    policy enforcement, unless that policy has
    changed.

    NOTE:
    If the symptom persists, refer to McAfee Support
    KnowledgeBase article 614077.

3.  ISSUE:
    With the VirusScan Policy set to "Display managed
    tasks in the client console," the tasks sometimes
    disappear in the VirusScan Console.

    RESOLUTION:
    The On-Demand Scanner and Update console plug-ins
    have been updated so that when policy enforcement
    occurs, the console now updates the list of tasks
    to ensure an accurate display.

4.  ISSUE:
    When using system variables in the folder path for
    the Quarantine Manager Policy, the list of
    quarantined items is empty, even though items were
    quarantined to the correct directory.

    RESOLUTION:
    The Quarantine Manager console plug-in has been
    corrected so that the path specified in the folder
    input field is now properly expanded and the system
    variables are replaced before the list of
    Quarantined items is requested.

    NOTE:
    For further information about this fix, refer to
    McAfee Support KnowledgeBase article 614549.

5.  ISSUE:
    When a VirusScan Patch installation failed, the
    Help "About" dialog box no longer displayed the
    previous Patch number.

    RESOLUTION:
    The patch installer has been updated to write the
    new Patch registry value only if the Patch
    succeeds.  If it fails and a rollback occurs, the
    old Patch registry value remains.

6.  ISSUE:
    A 4E bugcheck (blue screen) can occur when
    VirusScan Enterprise 8.5i is installed along side
    SafeBoot Content Encryption 3.

    RESOLUTION:
    The link driver was updated to add supportability
    for SafeBoot.

7.  ISSUE:
    On Windows Vista and later, On-Demand Scan function
    "Save as Default" does not correctly save changes
    made for future scan tasks.

    RESOLUTION:
    The On-Demand Scanner has been corrected to
    properly save the registry data for the default
    task.

8.  ISSUE:
    Access Protection port blocking rules that spanned
    a range of ports could block all processes rather
    than only those processes specified in the rule.

    RESOLUTION:
    The Access Protection driver has been updated to
    better handle requests for process names.

9.  ISSUE:
    A 19 bugcheck (blue screen) occurred intermittently
    when loading and unloading content into Link
    Driver, for example, when configuration changes
    were made or enforced.

    RESOLUTION:
    The link driver was corrected to resolve a race
    condition that could lead to this issue.


PATCH 4 RESOLVED ISSUES

1.  ISSUE:
    A crash can occur on some systems when the
    On-Demand Scan Task includes the "Memory for
    rootkits" scan item.

    RESOLUTION:
    The root kit detection driver has been updated to
    better handle different processor architectures.

2.  ISSUE:
    When a Quarantine Restore Task is run from ePolicy
    Orchestrator without specifying a restore item, the
    Scan32.exe process runs a full scan and does not
    exit properly, leaving the process orphaned.

    RESOLUTION:
    The VirusScan plug-in has been updated to check if
    a restore item is specified. If not, the restore
    task does not run.

3.  ISSUE:
    The VirusScan On-Demand Scanner has no option to
    disable cookie detection alerts in the user
    interface or registry.

    RESOLUTION:
    Alerts for On-Demand Scan cookie detections can now
    be disabled by setting the DWORD "bCookieAlerts"
    registry entry to 0.

    HKLM\SOFTWARE\McAfee\VSCore\Alert Client\VSE

4.  ISSUE:
    When a user is browsing the Internet, the On-Access
    Scanner sometimes logs entries "Not scanned (The
    file is encrypted)" on temporary files that are
    locked for use by the browser.

    RESOLUTION:
    The reporting for these types of detections can now
    be disabled by setting the DWORD
    "DoNotReportSkippedFiles" registry entry to 1.

    HKLM\SOFTWARE\McAfee\VSCore\On Access
    Scanner\McShield\Configuration

    NOTE:
    If you previously installed VSE85HF328421, the
    registry entry "DoNotReportSkippedFiles" is already
    set to 1.

5.  ISSUE:
    In environments where the Lotus Notes data folder
    is in a non-standard location, the VirusScan
    Scanner for Lotus Notes installer might crash
    during installation of VirusScan.

    RESOLUTION:
    The VirusScan Scanner for Lotus Notes installation
    files have been updated so that the search behavior
    for notes.ini is more resilient to custom Lotus
    Notes client locations.

6.  ISSUE:
    A crash can occur, where the VirusScan Scanner for
    Lotus Notes failed to initialize properly if the
    first scanned attachment of a session was stored in
    a non-standard attachment format.

    RESOLUTION:
    The VirusScan Scanner for Lotus Notes library was
    changed so that the initialization code occurs
    before the attachment prefixed file name handling
    occurs.

7.  ISSUE:
    With Self Protection enabled, the ability to
    unblock a connection from a remote computer is
    grayed out, even though the logged-on user has
    administrator privileges.

    RESOLUTION:
    VirusScan Statistics has been updated to check the
    credentials of the logged-on user, rather than the
    access level of our services, to determine if the
    "Unblock All Connections Now" button should be
    available.

8.  ISSUE:
    Installation of this Patch enables the option
    "Enable on-access scanning at system startup" if it
    was previously disabled.

    RESOLUTION:
    The Patch installer has been corrected to properly
    preserve the setting.

9.  ISSUE:
    The Patch installer returns a success code, even if
    the Patch failed to install.

    RESOLUTION:
    The Patch installer has been corrected so that it
    only returns a success code if it is actually
    successful.

10. ISSUE:
    Installing the Patch on a system that had only one
    Unwanted Programs exclusion causes that exclusion
    to fail.

    RESOLUTION:
    The installer now corrects a problem where the
    DetectionExclusions registry value was being
    changed from REG_MULTI_SZ to REG_SZ if only one
    value existed.

11. ISSUE:
    On Windows Vista, the administrator cannot disable
    the On-Access Scanner via the VirusScan system tray
    icon.

    RESOLUTION:
    VirusScan Statistics has been updated to check the
    user's logged on credentials, rather than the
    service handle that was used to determine access to
    the McShield service in older operating systems.

12. ISSUE:
    A failed reinstallation of VirusScan or a failed
    Patch installation can delete the license,
    resulting in an inoperable product.

    RESOLUTION:
    The Patch installer has been updated to no longer
    cause this state in the event of a failed
    installation.

13. ISSUE:
    An incorrect rule file was packaged with the
    VirusScan NAP file included with Patch 3. This
    caused some of the Access Protection rule
    categories to not appear.

    RESOLUTION:
    A new VirusScan NAP file was created with a
    corrected rule file.

14. ISSUE:
    When Host IPS is installed with VirusScan
    Enterprise, and IPS is disabled, the interface for
    VirusScan Buffer Overflow Protection remains grayed
    out, even though it is active.

    RESOLUTION:
    The Buffer Overflow console plug-in was updated to
    check for the registry flag that is set by Host
    IPS, to tell VirusScan Enterprise that IPS is
    disabled.

15. ISSUE:
    When Self Protection is enabled on a remote machine
    and a user attempts open a remote console
    connection to that machine, the user receives an
    access denied message, and the remote console is
    not opened.

    RESOLUTION:
    The VirusScan Console was updated to make the
    connection to the remote console more robust.


PATCH 3 RESOLVED ISSUES

1.  ISSUE:
    A D1 bugcheck (blue screen) can occur with
    VirusScan Enterprise 8.5i when installed on heavily
    loaded servers.

    RESOLUTION:
    The Access Protection driver has been updated to
    resolve the issue.

2.  ISSUE:
    A D1 bugcheck (blue screen) can occur with
    VirusScan Enterprise 8.5i when installed on a
    Microsoft Exchange server.

    RESOLUTION:
    The Access Protection driver has been updated to
    resolve the issue.

3.  ISSUE:
    An 8E bugcheck (blue screen) was reported by
    customers and in Microsoft’s Online Crash Analysis
    (OCA), showing a crash in an instruction that could
    not ordinarily fail.

    RESOLUTION:
    The Link Driver was revised to bring it into
    compliance with guidelines specified in Intel’s
    Core2 Errata AI33, to prevent such unusual behavior
    on affected processors.

4.  ISSUE:
    A 7E bugcheck (blue screen) can occur with certain
    low resource conditions.

    RESOLUTION:
    The Link Driver has been updated to better handle
    scenarios where the system is low on resources.

5.  ISSUE:
    On 64-bit systems, VirusScan Statistics causes an
    issue where the user cannot open more than one
    Microsoft Virtual PC image. Virtual PC reports
    insufficient memory.

    RESOLUTION:
    VirusScan Statistics has been updated to resolve a
    memory utilization problem on 64-bit systems.

6.  ISSUE:
    When integrated with the Checkpoint SecureClient
    software, VirusScan Enterprise uses incorrect
    registry values for DAT and Engine version
    information.

    RESOLUTION:
    The binaries for Checkpoint integration have been
    updated to use appropriate registry data.

7.  ISSUE:
    With Access Protections rules set to Maximum
    Security, during the installation, VirusScan
    Enterprise Checkpoint integration fails to query
    the On-Access Scanner service state.

    RESOLUTION:
    The binaries for Checkpoint integration have been
    updated to no longer request a certain level of
    access to the service, which would be denied by the
    higher level of Access Protection security.

8.  ISSUE:
    Custom VirusScan Enterprise 8.5i policies are lost
    after upgrading from ePolicy Orchestrator 3.5 to
    3.6.x.

    RESOLUTION:
    The VirusScan NAP file has been updated to include
    additional xml code for mapping policies between
    ePolicy Orchestrator 3.5 and 3.6.x.

    NOTE:
    To migrate the policies correctly, follow the
    instructions under "Installation Steps."


PATCH 2 RESOLVED ISSUES

1.  ISSUE:
    When an AutoUpdate task copies new DAT files into
    the engine folder, VirusScan services and Microsoft
    Outlook can spike CPU utilization in excess of one
    minute.

    RESOLUTION:
    The McTaskManager service has been enhanced so that
    it no longer issues multiple reload notifications
    to the scanners after a DAT update.

    NOTE:
    Users who saw a smaller spike after the original
    fix (HF320829) should see more improvement with
    this fix.

2.  ISSUE:
    The Quarantine path cannot be changed for the
    On-Access Scanner via ePolicy Orchestrator or
    ProtectionPilot. A registry value was not being
    updated correctly.

    RESOLUTION:
    VirusScan’s Management Plug-In has been updated to
    correctly write the "RepairBackupDirectory"
    registry entry.

3.  ISSUE:
    When creating a user-defined detection in the
    Unwanted Program policy, the rule does not take
    effect immediately.  To enable the rule, the
    McShield service must be stopped and restarted.

    RESOLUTION:
    The McShield service has been updated to improve
    the monitoring of registry changes with the
    Unwanted Programs policy.

4.  ISSUE:
    VirusScan’s ability to scan "floppy during
    shutdown" prevents proper shutdown of a system with
    a clean floppy in its drive.

    RESOLUTION:
    The On-Access Scanner has been updated to better
    handle the shutdown process.

5.  ISSUE:
    A crash was reported by customers and in
    Microsoft’s Online Crash Analysis (OCA), during
    system start-up.

    RESOLUTION:
    The Link Driver was updated to correct
    synchronization issues during the start of
    processes.

6.  ISSUE:
    VirusScan does not correctly remove Buffer Overflow
    Protection process exclusions that are introduced
    by ePolicy Orchestrator or ProtectionPilot.

    RESOLUTION:
    The VirusScan plug-in has been updated to properly
    remove old Buffer Overflow Protection registry
    values when ePolicy Orchestrator or ProtectionPilot
    policies are enforced.

7.  ISSUE:
    When a detection occurs on an EMC network share
    (CAVA/Celera) and the file has the read-only
    attribute, the delete action fails.

    RESOLUTION:
    The Anti-Virus Filter and Link drivers where
    updated to properly remove the read-only attribute
    when taking action on files on the EMC share.

8.  ISSUE:
    Detections on a network share may leave behind zero
    byte files on the share.

    RESOLUTION:
    The Anti-Virus Filter and Link drivers were updated
    to ensure proper cleanup of detections on a network
    share.

9.  ISSUE:
    The On-Access Scanner functions in Console are not
    updating properly when Access Protection is
    disabled.

    RESOLUTION:
    The state of Self Protection is now correctly
    tracked by the On-Access Scanner Console plug-in.

10. ISSUE:
    The Self Protection feature of Access Protection is
    disabled after removing a Patch from the system.

    RESOLUTION:
    The MSP installer has been updated to fix a
    mismatched name between the custom action and
    installer execution sequence tables in the cached
    MSI file.

11. ISSUE:
    Interacting with Remote Console On-Demand Scan and
    AutoUpdate tasks caused the local tasks with the
    same id to be acted upon, instead of the remote
    task.

    RESOLUTION:
    The Update and On-Demand Scanner binaries were
    updated to properly call the remote task instead of
    the local one.

12. ISSUE:
    When you upgrade from VirusScan Enterprise 7.1 or
    8.0i to version 8.5i and choose to preserve
    settings, previously created console tasks do not
    display in the VirusScan console.

    RESOLUTION:
    The MSP Installer package has been updated to
    initialize the console tasks that were not
    previously initialized, so they display in the
    VirusScan console.

    NOTE:
    This fix is for those who used the originally
    released VirusScan Enterprise 8.5i.  The current
    8.5i repost package includes this fix.

13. ISSUE:
    With the McAfee Installation Designer (MID) option
    to "Allow Users to Uninstall" disabled, the
    UninstallString registry value was removed to
    prevent product removal.  This registry value was
    also used by ePolicy Orchestrator to determine that
    VirusScan was installed.

    RESOLUTION:
    The VirusScan Detection Script has been updated to
    check for the existence of the uninstall key,
    instead of the UninstallString value, to determine
    if the VirusScan Enterprise install package needs
    to be pushed to the client.

14. ISSUE:
    Some threats were not being detected in the
    Quarantine Manager by the rescan functionality.

    RESOLUTION:
    The Common Shell Scanner binaries have been updated
    to resolve this issue.

15. ISSUE:
    If McShield and McTaskManager Services were stopped
    and restarted in a specific order, the Access
    Protection and Buffer Overflow features remained
    disabled after the services started.

    RESOLUTION:
    The On-Access Scan Console plug-in has been updated
    to recognize the last known state of Access
    Protection and Buffer Overflow Protection when
    McShield service is stopped.

16. ISSUE:
    McShield service may crash when a configuration
    change occurs during scanning.

    RESOLUTION:
    The McShield service has been updated to properly
    change states when altering configurations.

17. ISSUE:
    Setting a user interface password for Access
    Protection did not prevent the ability for the user
    to right-click and disable that feature.  The
    option to disable right-click ability is under the
    "Other" category (Console and Miscellaneous).

    RESOLUTION:
    The password functionality has been moved to the
    BehaviorBlocking console plug-in so that the
    right-click option is now included with the Access
    Protection password options.

18. ISSUE:
    The Buffer Overflow Protection displays a detection
    in the On-Access Messages window when the "Show the
    messages when a buffer overflow is detected" option
    is disabled.

    RESOLUTION:
    The On-Access Scan Statistics binary has been
    updated to properly suppress the Buffer Overflow
    detection when configured to do so.

19. ISSUE:
    On-Access Scanner’s Network Drive Scanning causes
    network copy times to increase, more then what is
    normally expected, when this option is enabled.

    RESOLUTION:
    The Common Shell binaries have been updated to no
    longer request a certain level of access to the
    network file(s), which would always be denied.


PATCH 1 RESOLVED ISSUES

1.  ISSUE:
    Applications that perform operations with temporary
    files, such as printing, generate a "file missing"
    error.

    RESOLUTION:
    The link driver has been updated to correctly
    handle file operations that use the DeleteOnClose
    flag.

2.  ISSUE:
    When McAfee Policy Enforcer is pushed out to a
    system with VirusScan Enterprise 8.5i, McAfee
    trusted processes might trigger Access Protection
    rules. A reboot is required to correct the
    problem.

    RESOLUTION:
    The link driver has been revised to ensure trusted
    policies are propagated between instances of loaded
    drivers.

3.  ISSUE:
    Some files remain locked indefinitely. Third-party
    tools indicate that McShield.exe was leaking
    handles, thereby locking the file.

    RESOLUTION:
    The link driver has been updated to detect and
    handle the oplock break-in-progress status code and
    ensure file locks are released.

4.  ISSUE:
    Under certain conditions, VirusScan Enterprise
    scanner for Lotus Notes can mistakenly deny access
    to the Lotus Notes internal processes, if another
    Note is being accessed by the user. The message
    "You are not authorized to perform that operation"
    is displayed for the user.

    RESOLUTION:
    The Lotus Notes scanner binaries have been updated
    to resolve the issue.

5.  ISSUE:
    For non-English platforms, a control ID is
    displayed in the Status field of the On-Access
    Messages window, rather than the localized
    strings.

    RESOLUTION:
    The resource binary for the On-Access Scanner
    service has been updated to resolve this issue.

6.  ISSUE:
    When VirusScan Enterprise 8.5i is installed to
    Windows Vista 32-bit platforms, the Buffer Overflow
    Protection feature is not available.

    RESOLUTION:
    This Patch enables Buffer Overflow Protection for
    Windows Vista 32-bit environments.

7.  ISSUE:
    When a scheduled On-Demand Scan task fails to
    authenticate to a specified location, the user
    receives an erroneous error asking that VirusScan
    Enterprise be reinstalled.

    RESOLUTION:
    The localized binaries file has been updated to
    handle the specific event.

8.  ISSUE:
    ePolicy Orchestrator could fail to replicate
    distributed repositories when VirusScan Enterprise
    8.5i is installed.

    RESOLUTION:
    The Common Shell binary has been updated to allow
    sharing of files with other processes.

9.  ISSUE:
    Users without local administrative rights are not
    able to use the Help file unless it was previously
    downloaded by an administrator.

    RESOLUTION:
    Non-administrative users can now download and use
    the current Help file.

10. ISSUE:
    Not all VirusScan Enterprise events can be filtered
    in ePolicy Orchestrator reporting.

    RESOLUTION:
    The extended reports NAP file has been updated to
    allow filtering of all VirusScan Enterprise
    events.

11. ISSUE:
    In certain circumstances, when a state change
    occurs with Access Protection, the On-Access
    Scanner cannot be disabled/enabled, and some Access
    Protection rules fail to log messages.

    RESOLUTION:
    The McTaskManager Service and Access Protection
    binaries have been updated to resolve this issue.

12. ISSUE:
    When resuming from the hibernate state, the system
    tray icon might be in the disabled state,
    reflecting the status of the On-Access Scanner.
    However, the scanner service is functioning
    normally.

    RESOLUTION:
    The system tray icon should always reflect the
    correct state of the On-Access Scanner when
    resuming from hibernation.


KNOWN ISSUES

1.  The 5200 or later engine must be installed prior to
    deploying Patch 5 or later. The Patch updates the
    cached MSI tables to prevent a repair from
    restoring an unusable version of the engine.

2.  On-Access Scan Messages might fail to populate on
    detections after Patch 8 is installed. A reboot
    might be needed to resolve this issue.  This does
    not affect detection logging and alerting, or
    reporting to ePolicy Orchestrator and
    ProtectionPilot.

3.  Some customers have reported seeing VirusScan
    Statistics (VShield) crashing/disappearing from the
    system tray. Refer to McAfee Support KnowledgeBase
    article 613892 for more information on this issue.

4.  If Host Intrusion Prevention 6.x or later is
    installed and disabled prior to VirusScan
    Enterprise, it is necessary to re-enable IPS and
    disable it again in order for VirusScan Buffer
    Overflow Protection to be properly enabled.

5.  Sporadic crashes of the McShield Service have been
    seen during the patch install, on systems running
    McAfee AntiSpyware Enterprise Module.  The service
    recovers correctly at the end of the patch
    process.

6.  If you install this release interactively and
    cancel the installation on a system where a
    previous Patch was installed, after the rollback
    completes, the previous Patch no longer reports to
    ePolicy Orchestrator or appears in the "About
    VirusScan Enterprise" window.

7.  Installing the Patch and specifying a log file path
    using the Microsoft Installer (MSI) switch "/L"
    does not log to the specified path. A log file
    capturing full data is logged to the folder
    "McAfeeLogs" under the Temp folder.

8.  If the Lotus Notes client is open when this release
    is installed, the installation completes
    successfully, but a reboot is required to replace
    the McAfee Lotus scanner files. The new files are
    not used until after a reboot.

9.  Uninstalling VirusScan Enterprise Patches is now
    possible for computers running Windows Installer
    v3.x or later.  This technology is not fully
    integrated for Windows 2000 operating systems, so
    there is no option to remove the Patch in
    Add/Remove programs.  Please see instructions under
    "Removing the Patch" for removal via command-line
    options.

10. Uninstalling VirusScan Patches is not available for
    Windows NT platforms, because Windows Installer
    v3.x is not supported on this platform. The Patch
    still installs to all platforms supported by
    VirusScan Enterprise 8.5i.

11. Patches for VirusScan Enterprise 8.5i can only be
    uninstalled via Add/Remove programs, not via
    ePolicy Orchestrator or ProtectionPilot.


FILES INCLUDED WITH THIS RELEASE

This release consists of a package called VSE85P8.ZIP,
which contains the following files:

    PKGCATALOG.Z =
       Package catalog file
    PATCH8.TXT =
       This text file
    VSE850DET.MCS =
       VirusScan Enterprise detection script
    SETUP.EXE =
       Installer for this release
    SETUP.INI =
       Initialization file for SETUP.EXE
    PATCH8.MSP =
       Microsoft Installer Patch file
    VSE850.NAP =
       Management NAP for VirusScan Enterprise
    VSE850REPORTS.NAP =
       Reporting NAP file


    The following files are installed to client
    systems:

       STRINGS.BIN               No version
       MIDUTIL.DLL               8.5.0.156
       CONDL.DLL                 8.5.0.857
       COPTCPL.DLL               8.5.0.857
       MCAVDETECT.DLL            8.5.0.869
       MCAVSCV.DLL               8.5.0.869
       BBCPL.DLL                 8.5.0.895
       CONSL.DLL                 8.5.0.895
       MCCONSOL.EXE              8.5.0.895
       SHUTIL.DLL                8.5.0.895
       OASCPL.DLL                8.5.0.909
       FTCFG.DLL                 8.5.0.936
       MCUPDATE.EXE              8.5.0.936
       NAIANN.DLL                8.5.0.936
       NCDAEMON.EXE              8.5.0.936
       NCEXTMGR.DLL              8.5.0.936
       NCINSTALL.DLL             8.5.0.936
       NCMENU.DLL                8.5.0.936
       NCSCAN.DLL                8.5.0.936
       NCTRACE.DLL               8.5.0.936
       QUARCPL.DLL               8.5.0.936
       SCAN32.EXE                8.5.0.936
       SCAN64.EXE                8.5.0.936
       SCNCFG32.EXE              8.5.0.936
       SHSTAT.EXE                8.5.0.936
       VSODSCPL.DLL              8.5.0.936
       VSTSKMGR.EXE              8.5.0.936
       VSUPDCPL.DLL              8.5.0.936
       VSPLUGIN.DLL              8.5.0.937
       ENTSRV.DLL                13.3.0.169
       MFEBOPA.DLL               13.3.0.169
       MFEBOPK.SYS               13.3.0.169
       MFEAPFA.DLL               13.3.0.169
       MFEAPFK.SYS               13.3.0.169
       MFEAVFA.DLL               13.3.0.169
       MFEAVFK.SYS               13.3.0.169
       MFEHIDA.DLL               13.3.0.169
       MFEHIDN.EXE               13.3.0.169
       MFEHIDK.SYS               13.3.0.169
       MFERKDA.DLL               13.3.0.169
       MFERKDK.SYS               13.3.0.169
       MFETDIK.SYS               13.3.0.169
       ADSLOKUU.DLL              13.3.2.137
       CSSCAN.EXE                13.3.2.137
       ENTVUTIL.EXE              13.3.2.137
       FTL.DLL                   13.3.2.137
       LOCKDOWN.DLL              13.3.2.137
       MCSHIELD.DLL              13.3.2.137
       MCSHIELD.EXE              13.3.2.137
       MCSHIELDPERFDATA.DLL      13.3.2.137
       MCVSSNMP.DLL              13.3.2.137
       MYTILUS.DLL               13.3.2.137
       MYTILUS2.DLL              13.3.2.137
       NAEVENT.DLL               13.3.2.137
       NAIEVENT.DLL              13.3.2.137
       SCANOTLK.DLL              13.3.2.137
       SCRIPTCL.DLL              13.3.2.137
       SCRIPTSV.DLL              13.3.2.137
       LOGPARSER.EXE             1.2.0.131

    The following files are checked in to the ePolicy
    Orchestrator or ProtectionPilot repository:
       VSE850.NAP                2.0.0.696
       VSE850REPORTS.NAP         3.0.0.781



Download: http://rapidshare.com/files/204744835/VSE85iP8_SCF.rar

Download Mirror: http://www.megaupload.com/?d=GN9MP08R



P.S.

Only SCF Members with at least 10 useful Forum posts can request password in reply to this Topic!

Real reason for this is that some Members only visit SCforum, download Patch and never show again until new Update.

We want loyal Members who want to Learn and Share Knowledge with others.


Hope you all will agree with this reasons & decisions.

Best Regards,

Samker

[gfalcoz]

Hi,


Thank you for the Mcafee vscan 8.5i patch 8.
Please, send me the password to open it

Regards
Gfalcoz

Is there any place where I can find the CMA patch 4 (upgrade to  version 3.6.0.608)

[ChK]

Hi,

I would like to know the password for the download.

Thanks alot for the patch.

ChK

[m_univ]

Hi,

I would like to know the password for the download.

Thanks alot for the patch

[hepper]

Hi Samker,

thanks for patch 8. Please, send me the password.

Regards,
hepper

[NetRanger]

Thank you, Samker.

Just send the password for the file.

Regards.

[Iscariah]

Hi, Samker, thanks for the post!

Could you send me the password for the archive?
Thanks a lot!

[kriki]

Hi,

I would like to know the password for the download.

Thanks alot for the patch

[marcel]

Hi, can u please send me pass for patch 8, also need for patch 7....which I have also downloaded.

thanx.

[marcelpicas]

Hi, can u please send me pass for patch 8, also need for patch 7....which I have also downloaded.

thanx.