McAfee VirusScan Enterprise protects your desktop and file servers from a wide range of threats, including viruses, worms, Trojan horses, and potentially unwanted code and programs. McAfee VirusScan® 8 takes anti-virus protection to the next level, integrating elements of intrusion prevention and firewall technology into a single solution for PCs and file servers. This powerful combination delivers truly proactive protection from the newest of today’s threats-including buffer - overflow exploits and blended attacks - and features advanced outbreak management responses to reduce the damage and costs of outbreaks. Everything is managed by McAfee ePolicy Orchestrator® or ProtectionPilot™ for scalable security policy compliance and graphical reporting.
Release Notes for McAfee(R) VirusScan(R) Enterprise Version 8.5i Patch 8
Copyright (C) 2009 McAfee, Inc.
All Rights Reserved
==========================================================
Patch Release: January 27, 2009
This release was developed and tested with:
- VirusScan Enterprise: 8.5i
- DAT Version: 5474, December 24, 2008
- Engine Version: 5.3.00
Make sure you have installed these versions, or later,
before using this release.
==========================================================
Thank you for using VirusScan(R) Enterprise software.
This file contains important information regarding this
release. We strongly recommend that you read the entire
document.
__________________________________________________________
WHAT'S IN THIS FILE
- About This Release
- Purpose
- Improvements
- Resolved Issues
- Patch 8 Resolved Issues
- Patch 7 Resolved Issues
- Patch 6.1 Resolved Issues
- Patch 6 Resolved Issues
- Patch 5 Resolved Issues
- Patch 4 Resolved Issues
- Patch 3 Resolved Issues
- Patch 2 Resolved Issues
- Patch 1 Resolved Issues
- Known Issues
- Files Included With This Release
- Installation
- Installation Requirements
- Installation Steps
- Installation Steps via ePolicy Orchestrator
- HotFix/Patch Reporting
- Verifying the Installation
- Removing the Patch
- Copyright & Trademark Attributions
- License Information
__________________________________________________________
ABOUT THIS RELEASE
PURPOSE
This release contains updated binaries in a single
Microsoft Patch installer to address all items listed
in "Resolved Issues" below.
For the most up-to-date copy of this Readme
information, refer to McAfee Support KnowledgeBase
article 60415.
Patch 8 is a High Priority release. See McAfee Support
KnowledgeBase article 614038 for information on
ratings.
__________________________________________________________
IMPROVEMENTS
1. VirusScan Enterprise with the AntiSpyware Module
can now be set so that it no longer places cookie
detections in the quarantine folder. They instead
are deleted permanently as part of the clean
action.
NOTE:
By setting the DWORD "DisableCookieBackups"
registry entry to 1, cookie detection quarantines
no longer occur.
HKLM\SOFTWARE\McAfee\VSCore
2. The on-demand scanner has been updated to better
use the System Utilization setting throughout the
entire scanning process.
Refer to McAfee Support KnowledgeBase article
9197288 for further information.
3. This Patch contains a new Buffer Overflow and
Access Protection DAT (version 378), which adds an
Access Protection category for Virtual Machine
Protection. These rules provide access protection
functionality for virtual machines.
NOTE:
To manage the new Virtual Machine Protection
category with ePolicy Orchestrator 3.x or
ProtectionPilot, you must use the latest NAP file,
which is included in this Patch package, or
VirusScan 8.5i Repost Patch 5.
For ePolicy Orchestrator 4.x users, the Extension
update also contains the updated rule file. The
updated Extension package is available on the web
product download area under the Patches category.
__________________________________________________________
RESOLVED ISSUES
The resolved issues are divided into subsections per
patch, showing when each fix was added to the
compilation.
PATCH 8 RESOLVED ISSUES
1. ISSUE:
In Patch 7, the McShield resource files were
missing some string tables that were responsible
for On-Access Scan and On-Demand Scan status.
RESOLUTION:
McShield.dll has been corrected to include all the
proper strings for displaying information on
non-English installations.
2. ISSUE:
A timing issue could occur during the import of the
McAfee Installation Designer (MID) configuration.
During the installation of VirusScan Enterprise,
the temporary registry information sometimes was
not available before the registry editor attempted
to apply the settings. The process generated an
application event, ID 1006, while the registry
editor attempted to reapply the settings until it
was successful.
RESOLUTION:
The McAfee Installation Designer configuration
applicator was revised to no longer report the
error, because it does not represent a true failure
in the process.
NOTE:
To prevent the generation of this error, use the
repost package that includes this Patch release.
3. ISSUE:
On multi-processor systems that receive files from
remote clients, some instructions were being
executed frequently and unnecessarily, acquiring an
exclusive lock on all processors. This created a
bottleneck in the file I/O being written to disk.
RESOLUTION:
The link driver has been revised to eliminate the
described bottleneck.
4. ISSUE:
Access Protection block rules that were created for
USB devices sometimes did not handle removing and
reinserting the device multiple times.
RESOLUTION:
The Access Protection, Anti-Virus Filter, and Link
drivers have been updated to better handle
re-hooking the device.
5. ISSUE:
The On-Access Scanner was not properly utilizing
the "Scan files opened for Backup" option.
RESOLUTION:
The Anti-Virus Filter driver has been rectified to
properly interpret the flag being sent from the
On-Access Scanner.
6. ISSUE:
Certain detections with multiple infections or
clean actions were logging the action two times.
One entry was made during the middle of the
process, and the other during the final
resolution.
RESOLUTION:
The Common Shell scanner has been updated to report
only the final resolution of the detection.
7. ISSUE:
The repair option for McAfee AntiSpyware Enterprise
Module would execute during the patch process. This
caused the cookie and registry scan targets to be
re-added to On-Demand Scan tasks that were removed
by the user.
RESOLUTION:
The patch installer has been updated to preserve
the On-Demand Scan anti-spyware scan targets.
PATCH 7 RESOLVED ISSUES
1. ISSUE:
When installing a VirusScan Enterprise 8.5i patch,
the existing On-Access Scanner service might fail
to unload. This leads to two instances of the
service, with one consuming a high amount of CPU
usage.
RESOLUTION:
The On-Access Scanner service had been updated to
avoid a runaway thread scenario that caused the
service, being replaced, to not stop.
NOTE:
To avoid this issue while installing Patch 7 or
later, install HF427887 first. Refer to McAfee
Support KnowledgeBase article 616344 for further
information.
2. ISSUE:
Changes to the VirusScan Enterprise core subsystem
disabled performance optimization for handling
frequent write actions to INI and LOG files.
RESOLUTION:
The Anti-Virus Filter Driver was corrected to
ensure that scanning of specified file extensions
is optimized, as in previous versions.
3. ISSUE:
A three-party deadlock occurred, causing the
On-Access Scanner to become blocked until it times
out. This causes the scanner service to time out
and eventually self-terminate.
RESOLUTION:
The Common Shell scanner has been updated to
prevent the On-Access Scanner from becoming blocked
while the security libraries are loaded by the
system.
4. ISSUE:
The extended reports NAP contained some ePolicy
Orchestrator stored procedures that were needed to
add support for the VirusScan product line. The
ePolicy Orchestrator patches have since made new
modifications to the same stored procedures.
Therefore, when the VirusScan extended reports NAP
is checked in after the new ePolicy Orchestrator
modified procedures are in place, they are
overwritten and the newer functionality is lost.
RESOLUTION:
The VirusScan extended reports NAP has been revised
to no longer replace the ePolicy Orchestrator
stored procedures.
5. ISSUE:
If the Lotus Notes client is running during
uninstall of VirusScan Enterprise 8.5i, the Lotus
Notes Scanner entries might not be properly removed
from the NOTES.INI file. This can cause the Lotus
Notes client to crash on subsequent starts.
RESOLUTION:
The Lotus Notes Scanner module has been corrected
to remove its entries in the NOTES.INI file for all
scenarios.
6. ISSUE:
The VirusScan Enterprise Patch installer did not
correctly preserve the MIDFileTime registry value.
This caused the McAfee Installation Designer (MID)
.CAB files to be re-applied at the time of
installation.
RESOLUTION:
The Patch installer has been updated to correctly
preserve the binary value of MIDFileTime.
7. ISSUE:
Changes made in Microsoft Vista SP1 and later, in
how the operating system opens/views network files,
caused delays in opening new network paths, with
the On-Access Scanner’s Network Scanning feature
enabled.
RESOLUTION:
The link driver has been modified to use a
different method of accessing the network resources
that avoids the delays imposed by the operating
system change.
8. ISSUE:
A 7E bugcheck (blue screen) might occur if an
application shut down immediately after sending
data over the network.
RESOLUTION:
The link driver has been revised to better handle
data that is transmitted by applications after the
driver has stopped.
9. ISSUE:
When the VirusScan NAP is checked in, it runs a
script that enables anti-spyware settings in
policies and tasks, if the AntiSpyware 8.5 module
NAP is in the ePolicy Orchestrator repository. The
intended purpose of the script is similar to the
local AntiSpyware module installer, which enables
its settings when installed on a local system.
RESOLUTION:
The VirusScan NAP has been updated so that the
script is disabled during check-in of the VirusScan
NAP package. This prevents the anti-spyware
settings from being enabled when updating the
VirusScan NAP.
NOTE:
The McAfee AntiSpyware 8.5 module NAP has the same
script in it. This means that if the McAfee
AntiSpyware 8.5 module NAP is installed after the
VirusScan NAP, the anti-spyware settings are still
enabled.
10. ISSUE:
Servers that deal with many file writes were
becoming unresponsive.
RESOLUTION:
The anti-virus filter driver was revised to
correctly filter and dispatch scans on write.
PATCH 6.1 RESOLVED ISSUES
1. ISSUE:
An issue can occur when the 5300 engine is
installed prior to installing VirusScan 8.5i Patch
6. The scanner engine files are partially
overwritten with the previous 5200 version that is
stored in the MSI cache. This mismatch causes the
scanner engine to fail to initialize.
RESOLUTION:
The Patch installation package has been updated to
correct this issue, and does not overwrite the
engine files.
PATCH 6 RESOLVED ISSUES
1. ISSUE:
The VirusScan Enterprise management plug-in writes
all settings to the registry on every policy
enforcement. McShield service monitors the
registry and reloads whenever the settings are
written, generating frequent pause events in the
Windows System log.
RESOLUTION:
The VirusScan Enterprise management plug-in has
been updated to only write to the registry if it
sees that it is different from the current policy.
This will prevent McShield from generating events
on policy enforcement, unless that policy has
changed.
This is an addendum to the original solution in
Patch 5, where the fix did not work when the
preferred language was set to something other than
automatic.
2. ISSUE:
A compatibility issue has been seen with
VirusScan’s port blocking feature, and Veritas
backup applications. This was causing the backup
software services to stop running.
RESOLUTION:
The VirusScan Anti-Virus Mini-Firewall Driver has
been updated to correct the compatibility issue.
3. ISSUE:
A race condition in the On-Access Scanner service
can cause high CPU utilization with high
performance systems.
RESOLUTION:
The On-Access Scanner service has been updated to
remedy multi-threading synchronization issues and
remove occurrences of runaway threads.
4. ISSUE:
The On-Access Scanner service sometimes crashes
during a system shutdown or during installation of
a Patch/HotFix.
RESOLUTION:
The On-Access Scanner service has been repaired to
correct a race condition in which a
critical-section synchronization object is deleted
before another thread has entered.
5. ISSUE:
A deadlock could occur on high end servers caused
by a race condition in VirusScan’s link driver.
RESOLUTION:
The link driver has been changed to properly handle
the release of system objects, while holding a lock
on resources.
6. ISSUE:
Port blocking fails on Microsoft Windows Vista
Service Pack 1.
RESOLUTION:
The McAfee Driver Installer has been update to
handle the changes in network stack load order.
7. ISSUE:
The On-Demand Scanner system utilization changes
that were put in patch 5 changed the memory
scanning function. This caused the process scanning
to only scan the first process ID.
RESOLUTION:
The change has been reversed so that all processes
are scanning irrespective of process ID.
8. ISSUE:
When applied to a client installation that was
customized by McAfee Installation Designer (MID),
the patch installer deletes the MidFileTime
registry value. This caused MID .CAB files to be
re-applied to the system.
RESOLUTION:
The patch installer has been updated to no longer
delete the MidFileTime registry value.
9. ISSUE:
A newly created user defined Unwanted Program
Policy, does not take effect immediately if the
file has been scanned by the On-Access Scanner
before the change occurred.
RESOLUTION:
The On-Access Scanner service has been updated to
properly recognize changes to the user defined
detections and clear the cache of files that have
already been scanned so that the new settings take
effect immediately.
10. ISSUE:
A trust relationship exists in McAfee drivers that
can be leveraged by McAfee processes to avoid
triggering access protection rules and other
compatibility symptoms. When the link driver was
updated to newer releases this trust relationship
was lost until a reboot occurred.
RESOLUTION:
The link driver has been modified to better handle
the process of future upgrades to itself without
the need for a reboot.
PATCH 5 RESOLVED ISSUES
1. ISSUE:
Disabling the On-Access Scanner from the console is
not always possible when users with sufficient
privileges belonged to large numbers of user
groups.
RESOLUTION:
VirusScan Statistics has been updated so that users
with sufficient privileges can now disable the
On-Access Scanner from the console regardless of
how many user groups they belong too.
2. ISSUE:
The VirusScan Enterprise management plug-in writes
all settings to the registry on every policy
enforcement. McShield service monitors the
registry and reloads whenever the settings are
written, generating frequent pause events in the
Windows System log.
RESOLUTION:
The VirusScan Enterprise management plug-in has
been updated to write to the registry only if it
sees that it is different from the current policy.
This prevents McShield from generating events on
policy enforcement, unless that policy has
changed.
NOTE:
If the symptom persists, refer to McAfee Support
KnowledgeBase article 614077.
3. ISSUE:
With the VirusScan Policy set to "Display managed
tasks in the client console," the tasks sometimes
disappear in the VirusScan Console.
RESOLUTION:
The On-Demand Scanner and Update console plug-ins
have been updated so that when policy enforcement
occurs, the console now updates the list of tasks
to ensure an accurate display.
4. ISSUE:
When using system variables in the folder path for
the Quarantine Manager Policy, the list of
quarantined items is empty, even though items were
quarantined to the correct directory.
RESOLUTION:
The Quarantine Manager console plug-in has been
corrected so that the path specified in the folder
input field is now properly expanded and the system
variables are replaced before the list of
Quarantined items is requested.
NOTE:
For further information about this fix, refer to
McAfee Support KnowledgeBase article 614549.
5. ISSUE:
When a VirusScan Patch installation failed, the
Help "About" dialog box no longer displayed the
previous Patch number.
RESOLUTION:
The patch installer has been updated to write the
new Patch registry value only if the Patch
succeeds. If it fails and a rollback occurs, the
old Patch registry value remains.
6. ISSUE:
A 4E bugcheck (blue screen) can occur when
VirusScan Enterprise 8.5i is installed along side
SafeBoot Content Encryption 3.
RESOLUTION:
The link driver was updated to add supportability
for SafeBoot.
7. ISSUE:
On Windows Vista and later, On-Demand Scan function
"Save as Default" does not correctly save changes
made for future scan tasks.
RESOLUTION:
The On-Demand Scanner has been corrected to
properly save the registry data for the default
task.
8. ISSUE:
Access Protection port blocking rules that spanned
a range of ports could block all processes rather
than only those processes specified in the rule.
RESOLUTION:
The Access Protection driver has been updated to
better handle requests for process names.
9. ISSUE:
A 19 bugcheck (blue screen) occurred intermittently
when loading and unloading content into Link
Driver, for example, when configuration changes
were made or enforced.
RESOLUTION:
The link driver was corrected to resolve a race
condition that could lead to this issue.
PATCH 4 RESOLVED ISSUES
1. ISSUE:
A crash can occur on some systems when the
On-Demand Scan Task includes the "Memory for
rootkits" scan item.
RESOLUTION:
The root kit detection driver has been updated to
better handle different processor architectures.
2. ISSUE:
When a Quarantine Restore Task is run from ePolicy
Orchestrator without specifying a restore item, the
Scan32.exe process runs a full scan and does not
exit properly, leaving the process orphaned.
RESOLUTION:
The VirusScan plug-in has been updated to check if
a restore item is specified. If not, the restore
task does not run.
3. ISSUE:
The VirusScan On-Demand Scanner has no option to
disable cookie detection alerts in the user
interface or registry.
RESOLUTION:
Alerts for On-Demand Scan cookie detections can now
be disabled by setting the DWORD "bCookieAlerts"
registry entry to 0.
HKLM\SOFTWARE\McAfee\VSCore\Alert Client\VSE
4. ISSUE:
When a user is browsing the Internet, the On-Access
Scanner sometimes logs entries "Not scanned (The
file is encrypted)" on temporary files that are
locked for use by the browser.
RESOLUTION:
The reporting for these types of detections can now
be disabled by setting the DWORD
"DoNotReportSkippedFiles" registry entry to 1.
HKLM\SOFTWARE\McAfee\VSCore\On Access
Scanner\McShield\Configuration
NOTE:
If you previously installed VSE85HF328421, the
registry entry "DoNotReportSkippedFiles" is already
set to 1.
5. ISSUE:
In environments where the Lotus Notes data folder
is in a non-standard location, the VirusScan
Scanner for Lotus Notes installer might crash
during installation of VirusScan.
RESOLUTION:
The VirusScan Scanner for Lotus Notes installation
files have been updated so that the search behavior
for notes.ini is more resilient to custom Lotus
Notes client locations.
6. ISSUE:
A crash can occur, where the VirusScan Scanner for
Lotus Notes failed to initialize properly if the
first scanned attachment of a session was stored in
a non-standard attachment format.
RESOLUTION:
The VirusScan Scanner for Lotus Notes library was
changed so that the initialization code occurs
before the attachment prefixed file name handling
occurs.
7. ISSUE:
With Self Protection enabled, the ability to
unblock a connection from a remote computer is
grayed out, even though the logged-on user has
administrator privileges.
RESOLUTION:
VirusScan Statistics has been updated to check the
credentials of the logged-on user, rather than the
access level of our services, to determine if the
"Unblock All Connections Now" button should be
available.
8. ISSUE:
Installation of this Patch enables the option
"Enable on-access scanning at system startup" if it
was previously disabled.
RESOLUTION:
The Patch installer has been corrected to properly
preserve the setting.
9. ISSUE:
The Patch installer returns a success code, even if
the Patch failed to install.
RESOLUTION:
The Patch installer has been corrected so that it
only returns a success code if it is actually
successful.
10. ISSUE:
Installing the Patch on a system that had only one
Unwanted Programs exclusion causes that exclusion
to fail.
RESOLUTION:
The installer now corrects a problem where the
DetectionExclusions registry value was being
changed from REG_MULTI_SZ to REG_SZ if only one
value existed.
11. ISSUE:
On Windows Vista, the administrator cannot disable
the On-Access Scanner via the VirusScan system tray
icon.
RESOLUTION:
VirusScan Statistics has been updated to check the
user's logged on credentials, rather than the
service handle that was used to determine access to
the McShield service in older operating systems.
12. ISSUE:
A failed reinstallation of VirusScan or a failed
Patch installation can delete the license,
resulting in an inoperable product.
RESOLUTION:
The Patch installer has been updated to no longer
cause this state in the event of a failed
installation.
13. ISSUE:
An incorrect rule file was packaged with the
VirusScan NAP file included with Patch 3. This
caused some of the Access Protection rule
categories to not appear.
RESOLUTION:
A new VirusScan NAP file was created with a
corrected rule file.
14. ISSUE:
When Host IPS is installed with VirusScan
Enterprise, and IPS is disabled, the interface for
VirusScan Buffer Overflow Protection remains grayed
out, even though it is active.
RESOLUTION:
The Buffer Overflow console plug-in was updated to
check for the registry flag that is set by Host
IPS, to tell VirusScan Enterprise that IPS is
disabled.
15. ISSUE:
When Self Protection is enabled on a remote machine
and a user attempts open a remote console
connection to that machine, the user receives an
access denied message, and the remote console is
not opened.
RESOLUTION:
The VirusScan Console was updated to make the
connection to the remote console more robust.
PATCH 3 RESOLVED ISSUES
1. ISSUE:
A D1 bugcheck (blue screen) can occur with
VirusScan Enterprise 8.5i when installed on heavily
loaded servers.
RESOLUTION:
The Access Protection driver has been updated to
resolve the issue.
2. ISSUE:
A D1 bugcheck (blue screen) can occur with
VirusScan Enterprise 8.5i when installed on a
Microsoft Exchange server.
RESOLUTION:
The Access Protection driver has been updated to
resolve the issue.
3. ISSUE:
An 8E bugcheck (blue screen) was reported by
customers and in Microsoft’s Online Crash Analysis
(OCA), showing a crash in an instruction that could
not ordinarily fail.
RESOLUTION:
The Link Driver was revised to bring it into
compliance with guidelines specified in Intel’s
Core2 Errata AI33, to prevent such unusual behavior
on affected processors.
4. ISSUE:
A 7E bugcheck (blue screen) can occur with certain
low resource conditions.
RESOLUTION:
The Link Driver has been updated to better handle
scenarios where the system is low on resources.
5. ISSUE:
On 64-bit systems, VirusScan Statistics causes an
issue where the user cannot open more than one
Microsoft Virtual PC image. Virtual PC reports
insufficient memory.
RESOLUTION:
VirusScan Statistics has been updated to resolve a
memory utilization problem on 64-bit systems.
6. ISSUE:
When integrated with the Checkpoint SecureClient
software, VirusScan Enterprise uses incorrect
registry values for DAT and Engine version
information.
RESOLUTION:
The binaries for Checkpoint integration have been
updated to use appropriate registry data.
7. ISSUE:
With Access Protections rules set to Maximum
Security, during the installation, VirusScan
Enterprise Checkpoint integration fails to query
the On-Access Scanner service state.
RESOLUTION:
The binaries for Checkpoint integration have been
updated to no longer request a certain level of
access to the service, which would be denied by the
higher level of Access Protection security.
8. ISSUE:
Custom VirusScan Enterprise 8.5i policies are lost
after upgrading from ePolicy Orchestrator 3.5 to
3.6.x.
RESOLUTION:
The VirusScan NAP file has been updated to include
additional xml code for mapping policies between
ePolicy Orchestrator 3.5 and 3.6.x.
NOTE:
To migrate the policies correctly, follow the
instructions under "Installation Steps."
PATCH 2 RESOLVED ISSUES
1. ISSUE:
When an AutoUpdate task copies new DAT files into
the engine folder, VirusScan services and Microsoft
Outlook can spike CPU utilization in excess of one
minute.
RESOLUTION:
The McTaskManager service has been enhanced so that
it no longer issues multiple reload notifications
to the scanners after a DAT update.
NOTE:
Users who saw a smaller spike after the original
fix (HF320829) should see more improvement with
this fix.
2. ISSUE:
The Quarantine path cannot be changed for the
On-Access Scanner via ePolicy Orchestrator or
ProtectionPilot. A registry value was not being
updated correctly.
RESOLUTION:
VirusScan’s Management Plug-In has been updated to
correctly write the "RepairBackupDirectory"
registry entry.
3. ISSUE:
When creating a user-defined detection in the
Unwanted Program policy, the rule does not take
effect immediately. To enable the rule, the
McShield service must be stopped and restarted.
RESOLUTION:
The McShield service has been updated to improve
the monitoring of registry changes with the
Unwanted Programs policy.
4. ISSUE:
VirusScan’s ability to scan "floppy during
shutdown" prevents proper shutdown of a system with
a clean floppy in its drive.
RESOLUTION:
The On-Access Scanner has been updated to better
handle the shutdown process.
5. ISSUE:
A crash was reported by customers and in
Microsoft’s Online Crash Analysis (OCA), during
system start-up.
RESOLUTION:
The Link Driver was updated to correct
synchronization issues during the start of
processes.
6. ISSUE:
VirusScan does not correctly remove Buffer Overflow
Protection process exclusions that are introduced
by ePolicy Orchestrator or ProtectionPilot.
RESOLUTION:
The VirusScan plug-in has been updated to properly
remove old Buffer Overflow Protection registry
values when ePolicy Orchestrator or ProtectionPilot
policies are enforced.
7. ISSUE:
When a detection occurs on an EMC network share
(CAVA/Celera) and the file has the read-only
attribute, the delete action fails.
RESOLUTION:
The Anti-Virus Filter and Link drivers where
updated to properly remove the read-only attribute
when taking action on files on the EMC share.
8. ISSUE:
Detections on a network share may leave behind zero
byte files on the share.
RESOLUTION:
The Anti-Virus Filter and Link drivers were updated
to ensure proper cleanup of detections on a network
share.
9. ISSUE:
The On-Access Scanner functions in Console are not
updating properly when Access Protection is
disabled.
RESOLUTION:
The state of Self Protection is now correctly
tracked by the On-Access Scanner Console plug-in.
10. ISSUE:
The Self Protection feature of Access Protection is
disabled after removing a Patch from the system.
RESOLUTION:
The MSP installer has been updated to fix a
mismatched name between the custom action and
installer execution sequence tables in the cached
MSI file.
11. ISSUE:
Interacting with Remote Console On-Demand Scan and
AutoUpdate tasks caused the local tasks with the
same id to be acted upon, instead of the remote
task.
RESOLUTION:
The Update and On-Demand Scanner binaries were
updated to properly call the remote task instead of
the local one.
12. ISSUE:
When you upgrade from VirusScan Enterprise 7.1 or
8.0i to version 8.5i and choose to preserve
settings, previously created console tasks do not
display in the VirusScan console.
RESOLUTION:
The MSP Installer package has been updated to
initialize the console tasks that were not
previously initialized, so they display in the
VirusScan console.
NOTE:
This fix is for those who used the originally
released VirusScan Enterprise 8.5i. The current
8.5i repost package includes this fix.
13. ISSUE:
With the McAfee Installation Designer (MID) option
to "Allow Users to Uninstall" disabled, the
UninstallString registry value was removed to
prevent product removal. This registry value was
also used by ePolicy Orchestrator to determine that
VirusScan was installed.
RESOLUTION:
The VirusScan Detection Script has been updated to
check for the existence of the uninstall key,
instead of the UninstallString value, to determine
if the VirusScan Enterprise install package needs
to be pushed to the client.
14. ISSUE:
Some threats were not being detected in the
Quarantine Manager by the rescan functionality.
RESOLUTION:
The Common Shell Scanner binaries have been updated
to resolve this issue.
15. ISSUE:
If McShield and McTaskManager Services were stopped
and restarted in a specific order, the Access
Protection and Buffer Overflow features remained
disabled after the services started.
RESOLUTION:
The On-Access Scan Console plug-in has been updated
to recognize the last known state of Access
Protection and Buffer Overflow Protection when
McShield service is stopped.
16. ISSUE:
McShield service may crash when a configuration
change occurs during scanning.
RESOLUTION:
The McShield service has been updated to properly
change states when altering configurations.
17. ISSUE:
Setting a user interface password for Access
Protection did not prevent the ability for the user
to right-click and disable that feature. The
option to disable right-click ability is under the
"Other" category (Console and Miscellaneous).
RESOLUTION:
The password functionality has been moved to the
BehaviorBlocking console plug-in so that the
right-click option is now included with the Access
Protection password options.
18. ISSUE:
The Buffer Overflow Protection displays a detection
in the On-Access Messages window when the "Show the
messages when a buffer overflow is detected" option
is disabled.
RESOLUTION:
The On-Access Scan Statistics binary has been
updated to properly suppress the Buffer Overflow
detection when configured to do so.
19. ISSUE:
On-Access Scanner’s Network Drive Scanning causes
network copy times to increase, more then what is
normally expected, when this option is enabled.
RESOLUTION:
The Common Shell binaries have been updated to no
longer request a certain level of access to the
network file(s), which would always be denied.
PATCH 1 RESOLVED ISSUES
1. ISSUE:
Applications that perform operations with temporary
files, such as printing, generate a "file missing"
error.
RESOLUTION:
The link driver has been updated to correctly
handle file operations that use the DeleteOnClose
flag.
2. ISSUE:
When McAfee Policy Enforcer is pushed out to a
system with VirusScan Enterprise 8.5i, McAfee
trusted processes might trigger Access Protection
rules. A reboot is required to correct the
problem.
RESOLUTION:
The link driver has been revised to ensure trusted
policies are propagated between instances of loaded
drivers.
3. ISSUE:
Some files remain locked indefinitely. Third-party
tools indicate that McShield.exe was leaking
handles, thereby locking the file.
RESOLUTION:
The link driver has been updated to detect and
handle the oplock break-in-progress status code and
ensure file locks are released.
4. ISSUE:
Under certain conditions, VirusScan Enterprise
scanner for Lotus Notes can mistakenly deny access
to the Lotus Notes internal processes, if another
Note is being accessed by the user. The message
"You are not authorized to perform that operation"
is displayed for the user.
RESOLUTION:
The Lotus Notes scanner binaries have been updated
to resolve the issue.
5. ISSUE:
For non-English platforms, a control ID is
displayed in the Status field of the On-Access
Messages window, rather than the localized
strings.
RESOLUTION:
The resource binary for the On-Access Scanner
service has been updated to resolve this issue.
6. ISSUE:
When VirusScan Enterprise 8.5i is installed to
Windows Vista 32-bit platforms, the Buffer Overflow
Protection feature is not available.
RESOLUTION:
This Patch enables Buffer Overflow Protection for
Windows Vista 32-bit environments.
7. ISSUE:
When a scheduled On-Demand Scan task fails to
authenticate to a specified location, the user
receives an erroneous error asking that VirusScan
Enterprise be reinstalled.
RESOLUTION:
The localized binaries file has been updated to
handle the specific event.
8. ISSUE:
ePolicy Orchestrator could fail to replicate
distributed repositories when VirusScan Enterprise
8.5i is installed.
RESOLUTION:
The Common Shell binary has been updated to allow
sharing of files with other processes.
9. ISSUE:
Users without local administrative rights are not
able to use the Help file unless it was previously
downloaded by an administrator.
RESOLUTION:
Non-administrative users can now download and use
the current Help file.
10. ISSUE:
Not all VirusScan Enterprise events can be filtered
in ePolicy Orchestrator reporting.
RESOLUTION:
The extended reports NAP file has been updated to
allow filtering of all VirusScan Enterprise
events.
11. ISSUE:
In certain circumstances, when a state change
occurs with Access Protection, the On-Access
Scanner cannot be disabled/enabled, and some Access
Protection rules fail to log messages.
RESOLUTION:
The McTaskManager Service and Access Protection
binaries have been updated to resolve this issue.
12. ISSUE:
When resuming from the hibernate state, the system
tray icon might be in the disabled state,
reflecting the status of the On-Access Scanner.
However, the scanner service is functioning
normally.
RESOLUTION:
The system tray icon should always reflect the
correct state of the On-Access Scanner when
resuming from hibernation.
KNOWN ISSUES
1. The 5200 or later engine must be installed prior to
deploying Patch 5 or later. The Patch updates the
cached MSI tables to prevent a repair from
restoring an unusable version of the engine.
2. On-Access Scan Messages might fail to populate on
detections after Patch 8 is installed. A reboot
might be needed to resolve this issue. This does
not affect detection logging and alerting, or
reporting to ePolicy Orchestrator and
ProtectionPilot.
3. Some customers have reported seeing VirusScan
Statistics (VShield) crashing/disappearing from the
system tray. Refer to McAfee Support KnowledgeBase
article 613892 for more information on this issue.
4. If Host Intrusion Prevention 6.x or later is
installed and disabled prior to VirusScan
Enterprise, it is necessary to re-enable IPS and
disable it again in order for VirusScan Buffer
Overflow Protection to be properly enabled.
5. Sporadic crashes of the McShield Service have been
seen during the patch install, on systems running
McAfee AntiSpyware Enterprise Module. The service
recovers correctly at the end of the patch
process.
6. If you install this release interactively and
cancel the installation on a system where a
previous Patch was installed, after the rollback
completes, the previous Patch no longer reports to
ePolicy Orchestrator or appears in the "About
VirusScan Enterprise" window.
7. Installing the Patch and specifying a log file path
using the Microsoft Installer (MSI) switch "/L"
does not log to the specified path. A log file
capturing full data is logged to the folder
"McAfeeLogs" under the Temp folder.
8. If the Lotus Notes client is open when this release
is installed, the installation completes
successfully, but a reboot is required to replace
the McAfee Lotus scanner files. The new files are
not used until after a reboot.
9. Uninstalling VirusScan Enterprise Patches is now
possible for computers running Windows Installer
v3.x or later. This technology is not fully
integrated for Windows 2000 operating systems, so
there is no option to remove the Patch in
Add/Remove programs. Please see instructions under
"Removing the Patch" for removal via command-line
options.
10. Uninstalling VirusScan Patches is not available for
Windows NT platforms, because Windows Installer
v3.x is not supported on this platform. The Patch
still installs to all platforms supported by
VirusScan Enterprise 8.5i.
11. Patches for VirusScan Enterprise 8.5i can only be
uninstalled via Add/Remove programs, not via
ePolicy Orchestrator or ProtectionPilot.
FILES INCLUDED WITH THIS RELEASE
This release consists of a package called VSE85P8.ZIP,
which contains the following files:
PKGCATALOG.Z =
Package catalog file
PATCH8.TXT =
This text file
VSE850DET.MCS =
VirusScan Enterprise detection script
SETUP.EXE =
Installer for this release
SETUP.INI =
Initialization file for SETUP.EXE
PATCH8.MSP =
Microsoft Installer Patch file
VSE850.NAP =
Management NAP for VirusScan Enterprise
VSE850REPORTS.NAP =
Reporting NAP file
The following files are installed to client
systems:
STRINGS.BIN No version
MIDUTIL.DLL 8.5.0.156
CONDL.DLL 8.5.0.857
COPTCPL.DLL 8.5.0.857
MCAVDETECT.DLL 8.5.0.869
MCAVSCV.DLL 8.5.0.869
BBCPL.DLL 8.5.0.895
CONSL.DLL 8.5.0.895
MCCONSOL.EXE 8.5.0.895
SHUTIL.DLL 8.5.0.895
OASCPL.DLL 8.5.0.909
FTCFG.DLL 8.5.0.936
MCUPDATE.EXE 8.5.0.936
NAIANN.DLL 8.5.0.936
NCDAEMON.EXE 8.5.0.936
NCEXTMGR.DLL 8.5.0.936
NCINSTALL.DLL 8.5.0.936
NCMENU.DLL 8.5.0.936
NCSCAN.DLL 8.5.0.936
NCTRACE.DLL 8.5.0.936
QUARCPL.DLL 8.5.0.936
SCAN32.EXE 8.5.0.936
SCAN64.EXE 8.5.0.936
SCNCFG32.EXE 8.5.0.936
SHSTAT.EXE 8.5.0.936
VSODSCPL.DLL 8.5.0.936
VSTSKMGR.EXE 8.5.0.936
VSUPDCPL.DLL 8.5.0.936
VSPLUGIN.DLL 8.5.0.937
ENTSRV.DLL 13.3.0.169
MFEBOPA.DLL 13.3.0.169
MFEBOPK.SYS 13.3.0.169
MFEAPFA.DLL 13.3.0.169
MFEAPFK.SYS 13.3.0.169
MFEAVFA.DLL 13.3.0.169
MFEAVFK.SYS 13.3.0.169
MFEHIDA.DLL 13.3.0.169
MFEHIDN.EXE 13.3.0.169
MFEHIDK.SYS 13.3.0.169
MFERKDA.DLL 13.3.0.169
MFERKDK.SYS 13.3.0.169
MFETDIK.SYS 13.3.0.169
ADSLOKUU.DLL 13.3.2.137
CSSCAN.EXE 13.3.2.137
ENTVUTIL.EXE 13.3.2.137
FTL.DLL 13.3.2.137
LOCKDOWN.DLL 13.3.2.137
MCSHIELD.DLL 13.3.2.137
MCSHIELD.EXE 13.3.2.137
MCSHIELDPERFDATA.DLL 13.3.2.137
MCVSSNMP.DLL 13.3.2.137
MYTILUS.DLL 13.3.2.137
MYTILUS2.DLL 13.3.2.137
NAEVENT.DLL 13.3.2.137
NAIEVENT.DLL 13.3.2.137
SCANOTLK.DLL 13.3.2.137
SCRIPTCL.DLL 13.3.2.137
SCRIPTSV.DLL 13.3.2.137
LOGPARSER.EXE 1.2.0.131
The following files are checked in to the ePolicy
Orchestrator or ProtectionPilot repository:
VSE850.NAP 2.0.0.696
VSE850REPORTS.NAP 3.0.0.781
Download: http://rapidshare.com/files/204744835/VSE85iP8_SCF.rarDownload Mirror: http://www.megaupload.com/?d=GN9MP08RP.S.
Only SCF Members with at least 10 useful Forum posts can request password in reply to this Topic!
Real reason for this is that some Members only visit SCforum, download Patch and never show again until new Update.
We want loyal Members who want to Learn and Share Knowledge with others.
Hope you all will agree with this reasons & decisions.
Best Regards,
Samker
Total Members: 14197
