hi guys,
there has some confusion for McAfee® VirusScan® Enterprise 8.7i Hotfix 643440, so publishing the Release Notes of McAfee® VirusScan® Enterprise 8.7i Hotfix 643440, if needed this forum Admin will modify ...
McAfee® VirusScan® Enterprise 8.7i Hotfix 643440 Release NotesThank you for using McAfee software. This document contains important information about this release. McAfee strongly recommends that you read the entire document.
Rating
Hotfix 643440 is considered a Mandatory Release. See (McAfee) KnowledgeBase article KB51560 for information on ratings.
Mandatory
McAfee considers this release to be a required update for all environments. Mandatory Patches and Hotfixes resolve vulnerabilities that may affect product functionality and compromise security. These updates must be applied to maintain a viable and supported product. Failure to apply Mandatory updates may result in a security breach.
About this Hotfix
For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see (McAfee) KnowledgeBase article KB51111.
Hotfix Release: 08-16-2011
This release was developed for use with:
McAfee VirusScan Enterprise 8.7i Patch 5
Files included:
File name Version
BBCpl.dll 8.7.0.971
mfeapconfig.dll 14.4.0.452
mfeapfk.sys 14.4.0.452
mfeavfk.sys 14.4.0.452
mfebopk.sys 14.4.0.452
mfehidin.exe 14.4.0.448
mfehidk_messages.dll 14.4.0.452
mfehidk.sys 14.4.0.452
mferkdet.sys 14.4.0.452
mfetdi2k.sys 14.4.0.452
mfevtps.exe 14.4.0.452
mfewfpk.sys 14.4.0.452
shstat.exe 8.7.0.971
Traceapp.dll 14.2.0.0
VIRUSCAN8700(216).zip 8.7.0.216
VSCAN.BOF 567
vsevntui.dll NONE
vsplugin.dll 8.7.0.971
Notes
This Hotfix upgrades the core system files of VirusScan Enterprise 8.7i to a newer revision then what was released with VirusScan Enterprise 8.8. For customers migrating from this Hotfix to VirusScan Enterprise 8.8, McAfee supports upgrading to VirusScan Enterprise 8.8 Patch 1 or later(
Please note; yet no patch available for VirusScan Enterprise 8.
.
This Hotfix upgrades the core system files of VirusScan Enterprise 8.7i to a newer revision. McAfee has spent a significant amount of time finding, fixing, and testing the fixes in this release. However, it is strongly recommended to verify this update in test and pilot groups prior to mass deployment.
This Hotfix supersedes Hotfix 643447. Installing this Hotfix will remove or update all files and entries related to Hotfix 643447. Checking this Hotfix into the same branch as Hotfix 64337 will remove Hotfix 643447 from the ePolicy Orchestrator repository to prevent unwanted updates to Hotfix 643447.
MOVE 1.6 Installation: After installing this Hotfix, you must restart the MOVE-AV service or restart the system.
Improvements
This Hotfix release includes the following improvements.
Performance increase to disk Input/Output (I/O).
This release enhances the Self protection to prevent unauthorized access to critical VirusScan processes. Please see Resolved issues, item 1 and 2, for further details.
This release ships with a new Access Protection rule that hardens VirusScan Enterprise 8.7i against malware that performs process injection. See (McAfee) KnowledgeBase article KB71083 and KB71812 for information regarding this improvement.
NOTE: The rule Common Standard Protection: Prevent hooking of McAfee processes is enabled by default. Legitimate applications are known to perform process injection, and this Access Protection rule may have indeterminate results with those legitimate applications. These same programs should be able to recover when failing to inject into processes. However, it is strongly recommended to verify this update in test and pilot groups prior to mass deployment.
The ePolicy Orchestrator extension file has been updated to include new Access Protection rule, Common Standard Protection: Prevent hooking of McAfee processes.
Known issues
Here is a list of known issues that we were aware of at production time.
Issue: Common Standard Protection: Prevent hooking of McAfee processes is a specialized Access Protection rule that can only be enabled or disabled. It will not be possible to exclude or include additional processes in this rule due to its unique design.
Issue: Access Protection rules are not localized with this Hotfix release. Localization is planned to be re-established with future patch releases.
Issue: Performing a Repair on VirusScan Enterprise with this Hotfix installed will remove some critical files and is not supported for this fix. If the Repair function is used after applying this Hotfix, then this Hotfix must be re-applied (as a minimum) before the system may be supported again.
Issue: Microsoft update or feature may fail to install when Access Protection is enabled. See (McAfee) KnowledgeBase article KB72458 for information regarding this issue.
Issue: A rare Bugcheck may occur if On-Access Scanner service becomes paused, disabled or restarted and the system is immediately Shutdown or Restarted. See (McAfee) KnowledgeBase article KB72678 for information regarding this issue.
Resolved issues
Resolved issues in this release of the software are described below:
Issue: Malicious software may leverage a technique for obtaining a handle with write privilege within a McAfee process, in order to disable the process. (Reference: 643298)
Resolution: Self Protection now prevents non-McAfee processes from obtaining write handles to our processes.
Issue: Malicious software may change NTFS folder permissions on McAfee folders in order to disable the software. (Reference: 643440)
Resolution: Self protection now protects McAfee folders, files and registry data from permission changes.
Issue: A Bugcheck 1E, 7E, 8E, or D1 could occur when closing multiple programs or while logging out. (Reference: 675294, 676551, 678439, 678551, 678561, 679729, 683416, 683577, 686304, 695367)
Resolution: Addressed a timing defect that could cause the driver to schedule delayed cleanup of process data that was already in the process of being cleaned up.
Issue: A Bugcheck 3B could occur if Input/Output (I/O) is passed to a volume concurrently with the volume being detached. (Reference: 678915)
Resolution: The McAfee Link driver has been revised to ensure I/O does not pass through after a volume goes offline.
Installation instructions
To use this release, you must have VirusScan Enterprise 8.7i software installed on the computer you intend to update with this release.
This release will only install to VirusScan Enterprise 8.7i Patch 5.
This release does not work with earlier versions of McAfee VirusScan Enterprise software.
A reboot may be needed to fully load the system drivers into memory.
The package installation does not force the reboot.
Installation prerequisites
VirusScan Enterprise 8.7i Patch 5
Standalone Installation
Extract the Hotfix files to a temporary folder on your hard drive.
Double-click the file VSE87HF643440.EXE inside the temporary folder created in Step 1.
Follow the instructions of the installation wizard.
Installation steps via ePolicy Orchestrator
On the computer where the ePolicy Orchestrator console resides, extract the files to a temporary folder on your hard drive.
Open the ePolicy Orchestrator console and add the package from the temporary folder created in Step 1 to your repository.
NOTE: Refer to Checking in Packages Manually in the ePolicy Orchestrator online Help, for instructions on adding a package to the repository. The package type for this install is Products or Updates.
NOTE: The ePolicy Orchestrator VirusScan Enterprise extension (VIRUSCAN8700(216).zip) was updated with this Hotfix. The newer version of the extension is included with the package and must be checked into the ePolicy Orchestrator extension repository separately.
Deploy the Hotfix to the appropriate client systems with an agent update.
PS; for the Patch 5 and the HotFix please check this post: http://scforum.info/index.php/topic,6130.0.html
Total Members: 14197
Topic: McAfee® VirusScan® Enterprise 8.7i Hotfix 643440 Release Notes (Read 10614 times)
