--> Devnullius's Choices: A list of default programs to keep your PC running well!
0 Members and 10 Guests are viewing this topic.
McAfee VirusScan Enterprise protects your desktop and file servers from a wide range of threats, including viruses, worms, Trojan horses, and potentially unwanted code and programs. McAfee VirusScan® 8 takes anti-virus protection to the next level, integrating elements of intrusion prevention and firewall technology into a single solution for PCs and file servers. This powerful combination delivers truly proactive protection from the newest of today’s threats-including buffer - overflow exploits and blended attacks - and features advanced outbreak management responses to reduce the damage and costs of outbreaks. Everything is managed by McAfee ePolicy Orchestrator® or ProtectionPilot™ for scalable security policy compliance and graphical reporting.Release Notes for McAfee(R) VirusScan(R) Enterprise Version 8.5i Patch 8 Copyright (C) 2009 McAfee, Inc. All Rights Reserved==========================================================Patch Release: January 27, 2009This release was developed and tested with:- VirusScan Enterprise: 8.5i- DAT Version: 5474, December 24, 2008- Engine Version: 5.3.00Make sure you have installed these versions, or later,before using this release.==========================================================Thank you for using VirusScan(R) Enterprise software.This file contains important information regarding thisrelease. We strongly recommend that you read the entiredocument.__________________________________________________________WHAT'S IN THIS FILE- About This Release - Purpose - Improvements- Resolved Issues - Patch 8 Resolved Issues - Patch 7 Resolved Issues - Patch 6.1 Resolved Issues - Patch 6 Resolved Issues - Patch 5 Resolved Issues - Patch 4 Resolved Issues - Patch 3 Resolved Issues - Patch 2 Resolved Issues - Patch 1 Resolved Issues - Known Issues - Files Included With This Release- Installation - Installation Requirements - Installation Steps - Installation Steps via ePolicy Orchestrator - HotFix/Patch Reporting - Verifying the Installation - Removing the Patch- Copyright & Trademark Attributions- License Information__________________________________________________________ABOUT THIS RELEASEPURPOSEThis release contains updated binaries in a singleMicrosoft Patch installer to address all items listedin "Resolved Issues" below.For the most up-to-date copy of this Readmeinformation, refer to McAfee Support KnowledgeBasearticle 60415.Patch 8 is a High Priority release. See McAfee SupportKnowledgeBase article 614038 for information onratings.__________________________________________________________IMPROVEMENTS1. VirusScan Enterprise with the AntiSpyware Module can now be set so that it no longer places cookie detections in the quarantine folder. They instead are deleted permanently as part of the clean action. NOTE: By setting the DWORD "DisableCookieBackups" registry entry to 1, cookie detection quarantines no longer occur. HKLM\SOFTWARE\McAfee\VSCore2. The on-demand scanner has been updated to better use the System Utilization setting throughout the entire scanning process. Refer to McAfee Support KnowledgeBase article 9197288 for further information.3. This Patch contains a new Buffer Overflow and Access Protection DAT (version 378), which adds an Access Protection category for Virtual Machine Protection. These rules provide access protection functionality for virtual machines. NOTE: To manage the new Virtual Machine Protection category with ePolicy Orchestrator 3.x or ProtectionPilot, you must use the latest NAP file, which is included in this Patch package, or VirusScan 8.5i Repost Patch 5. For ePolicy Orchestrator 4.x users, the Extension update also contains the updated rule file. The updated Extension package is available on the web product download area under the Patches category.__________________________________________________________RESOLVED ISSUESThe resolved issues are divided into subsections perpatch, showing when each fix was added to thecompilation.PATCH 8 RESOLVED ISSUES1. ISSUE: In Patch 7, the McShield resource files were missing some string tables that were responsible for On-Access Scan and On-Demand Scan status. RESOLUTION: McShield.dll has been corrected to include all the proper strings for displaying information on non-English installations.2. ISSUE: A timing issue could occur during the import of the McAfee Installation Designer (MID) configuration. During the installation of VirusScan Enterprise, the temporary registry information sometimes was not available before the registry editor attempted to apply the settings. The process generated an application event, ID 1006, while the registry editor attempted to reapply the settings until it was successful. RESOLUTION: The McAfee Installation Designer configuration applicator was revised to no longer report the error, because it does not represent a true failure in the process. NOTE: To prevent the generation of this error, use the repost package that includes this Patch release.3. ISSUE: On multi-processor systems that receive files from remote clients, some instructions were being executed frequently and unnecessarily, acquiring an exclusive lock on all processors. This created a bottleneck in the file I/O being written to disk. RESOLUTION: The link driver has been revised to eliminate the described bottleneck.4. ISSUE: Access Protection block rules that were created for USB devices sometimes did not handle removing and reinserting the device multiple times. RESOLUTION: The Access Protection, Anti-Virus Filter, and Link drivers have been updated to better handle re-hooking the device.5. ISSUE: The On-Access Scanner was not properly utilizing the "Scan files opened for Backup" option. RESOLUTION: The Anti-Virus Filter driver has been rectified to properly interpret the flag being sent from the On-Access Scanner.6. ISSUE: Certain detections with multiple infections or clean actions were logging the action two times. One entry was made during the middle of the process, and the other during the final resolution. RESOLUTION: The Common Shell scanner has been updated to report only the final resolution of the detection.7. ISSUE: The repair option for McAfee AntiSpyware Enterprise Module would execute during the patch process. This caused the cookie and registry scan targets to be re-added to On-Demand Scan tasks that were removed by the user. RESOLUTION: The patch installer has been updated to preserve the On-Demand Scan anti-spyware scan targets.PATCH 7 RESOLVED ISSUES1. ISSUE: When installing a VirusScan Enterprise 8.5i patch, the existing On-Access Scanner service might fail to unload. This leads to two instances of the service, with one consuming a high amount of CPU usage. RESOLUTION: The On-Access Scanner service had been updated to avoid a runaway thread scenario that caused the service, being replaced, to not stop. NOTE: To avoid this issue while installing Patch 7 or later, install HF427887 first. Refer to McAfee Support KnowledgeBase article 616344 for further information.2. ISSUE: Changes to the VirusScan Enterprise core subsystem disabled performance optimization for handling frequent write actions to INI and LOG files. RESOLUTION: The Anti-Virus Filter Driver was corrected to ensure that scanning of specified file extensions is optimized, as in previous versions.3. ISSUE: A three-party deadlock occurred, causing the On-Access Scanner to become blocked until it times out. This causes the scanner service to time out and eventually self-terminate. RESOLUTION: The Common Shell scanner has been updated to prevent the On-Access Scanner from becoming blocked while the security libraries are loaded by the system.4. ISSUE: The extended reports NAP contained some ePolicy Orchestrator stored procedures that were needed to add support for the VirusScan product line. The ePolicy Orchestrator patches have since made new modifications to the same stored procedures. Therefore, when the VirusScan extended reports NAP is checked in after the new ePolicy Orchestrator modified procedures are in place, they are overwritten and the newer functionality is lost. RESOLUTION: The VirusScan extended reports NAP has been revised to no longer replace the ePolicy Orchestrator stored procedures.5. ISSUE: If the Lotus Notes client is running during uninstall of VirusScan Enterprise 8.5i, the Lotus Notes Scanner entries might not be properly removed from the NOTES.INI file. This can cause the Lotus Notes client to crash on subsequent starts. RESOLUTION: The Lotus Notes Scanner module has been corrected to remove its entries in the NOTES.INI file for all scenarios.6. ISSUE: The VirusScan Enterprise Patch installer did not correctly preserve the MIDFileTime registry value. This caused the McAfee Installation Designer (MID) .CAB files to be re-applied at the time of installation. RESOLUTION: The Patch installer has been updated to correctly preserve the binary value of MIDFileTime.7. ISSUE: Changes made in Microsoft Vista SP1 and later, in how the operating system opens/views network files, caused delays in opening new network paths, with the On-Access Scanner’s Network Scanning feature enabled. RESOLUTION: The link driver has been modified to use a different method of accessing the network resources that avoids the delays imposed by the operating system change.8. ISSUE: A 7E bugcheck (blue screen) might occur if an application shut down immediately after sending data over the network. RESOLUTION: The link driver has been revised to better handle data that is transmitted by applications after the driver has stopped.9. ISSUE: When the VirusScan NAP is checked in, it runs a script that enables anti-spyware settings in policies and tasks, if the AntiSpyware 8.5 module NAP is in the ePolicy Orchestrator repository. The intended purpose of the script is similar to the local AntiSpyware module installer, which enables its settings when installed on a local system. RESOLUTION: The VirusScan NAP has been updated so that the script is disabled during check-in of the VirusScan NAP package. This prevents the anti-spyware settings from being enabled when updating the VirusScan NAP. NOTE: The McAfee AntiSpyware 8.5 module NAP has the same script in it. This means that if the McAfee AntiSpyware 8.5 module NAP is installed after the VirusScan NAP, the anti-spyware settings are still enabled.10. ISSUE: Servers that deal with many file writes were becoming unresponsive. RESOLUTION: The anti-virus filter driver was revised to correctly filter and dispatch scans on write.PATCH 6.1 RESOLVED ISSUES1. ISSUE: An issue can occur when the 5300 engine is installed prior to installing VirusScan 8.5i Patch 6. The scanner engine files are partially overwritten with the previous 5200 version that is stored in the MSI cache. This mismatch causes the scanner engine to fail to initialize. RESOLUTION: The Patch installation package has been updated to correct this issue, and does not overwrite the engine files.PATCH 6 RESOLVED ISSUES1. ISSUE: The VirusScan Enterprise management plug-in writes all settings to the registry on every policy enforcement. McShield service monitors the registry and reloads whenever the settings are written, generating frequent pause events in the Windows System log. RESOLUTION: The VirusScan Enterprise management plug-in has been updated to only write to the registry if it sees that it is different from the current policy. This will prevent McShield from generating events on policy enforcement, unless that policy has changed. This is an addendum to the original solution in Patch 5, where the fix did not work when the preferred language was set to something other than automatic.2. ISSUE: A compatibility issue has been seen with VirusScan’s port blocking feature, and Veritas backup applications. This was causing the backup software services to stop running. RESOLUTION: The VirusScan Anti-Virus Mini-Firewall Driver has been updated to correct the compatibility issue.3. ISSUE: A race condition in the On-Access Scanner service can cause high CPU utilization with high performance systems. RESOLUTION: The On-Access Scanner service has been updated to remedy multi-threading synchronization issues and remove occurrences of runaway threads.4. ISSUE: The On-Access Scanner service sometimes crashes during a system shutdown or during installation of a Patch/HotFix. RESOLUTION: The On-Access Scanner service has been repaired to correct a race condition in which a critical-section synchronization object is deleted before another thread has entered.5. ISSUE: A deadlock could occur on high end servers caused by a race condition in VirusScan’s link driver. RESOLUTION: The link driver has been changed to properly handle the release of system objects, while holding a lock on resources.6. ISSUE: Port blocking fails on Microsoft Windows Vista Service Pack 1. RESOLUTION: The McAfee Driver Installer has been update to handle the changes in network stack load order.7. ISSUE: The On-Demand Scanner system utilization changes that were put in patch 5 changed the memory scanning function. This caused the process scanning to only scan the first process ID. RESOLUTION: The change has been reversed so that all processes are scanning irrespective of process ID.8. ISSUE: When applied to a client installation that was customized by McAfee Installation Designer (MID), the patch installer deletes the MidFileTime registry value. This caused MID .CAB files to be re-applied to the system. RESOLUTION: The patch installer has been updated to no longer delete the MidFileTime registry value.9. ISSUE: A newly created user defined Unwanted Program Policy, does not take effect immediately if the file has been scanned by the On-Access Scanner before the change occurred. RESOLUTION: The On-Access Scanner service has been updated to properly recognize changes to the user defined detections and clear the cache of files that have already been scanned so that the new settings take effect immediately.10. ISSUE: A trust relationship exists in McAfee drivers that can be leveraged by McAfee processes to avoid triggering access protection rules and other compatibility symptoms. When the link driver was updated to newer releases this trust relationship was lost until a reboot occurred. RESOLUTION: The link driver has been modified to better handle the process of future upgrades to itself without the need for a reboot.PATCH 5 RESOLVED ISSUES1. ISSUE: Disabling the On-Access Scanner from the console is not always possible when users with sufficient privileges belonged to large numbers of user groups. RESOLUTION: VirusScan Statistics has been updated so that users with sufficient privileges can now disable the On-Access Scanner from the console regardless of how many user groups they belong too.2. ISSUE: The VirusScan Enterprise management plug-in writes all settings to the registry on every policy enforcement. McShield service monitors the registry and reloads whenever the settings are written, generating frequent pause events in the Windows System log. RESOLUTION: The VirusScan Enterprise management plug-in has been updated to write to the registry only if it sees that it is different from the current policy. This prevents McShield from generating events on policy enforcement, unless that policy has changed. NOTE: If the symptom persists, refer to McAfee Support KnowledgeBase article 614077.3. ISSUE: With the VirusScan Policy set to "Display managed tasks in the client console," the tasks sometimes disappear in the VirusScan Console. RESOLUTION: The On-Demand Scanner and Update console plug-ins have been updated so that when policy enforcement occurs, the console now updates the list of tasks to ensure an accurate display.4. ISSUE: When using system variables in the folder path for the Quarantine Manager Policy, the list of quarantined items is empty, even though items were quarantined to the correct directory. RESOLUTION: The Quarantine Manager console plug-in has been corrected so that the path specified in the folder input field is now properly expanded and the system variables are replaced before the list of Quarantined items is requested. NOTE: For further information about this fix, refer to McAfee Support KnowledgeBase article 614549.5. ISSUE: When a VirusScan Patch installation failed, the Help "About" dialog box no longer displayed the previous Patch number. RESOLUTION: The patch installer has been updated to write the new Patch registry value only if the Patch succeeds. If it fails and a rollback occurs, the old Patch registry value remains.6. ISSUE: A 4E bugcheck (blue screen) can occur when VirusScan Enterprise 8.5i is installed along side SafeBoot Content Encryption 3. RESOLUTION: The link driver was updated to add supportability for SafeBoot.7. ISSUE: On Windows Vista and later, On-Demand Scan function "Save as Default" does not correctly save changes made for future scan tasks. RESOLUTION: The On-Demand Scanner has been corrected to properly save the registry data for the default task.8. ISSUE: Access Protection port blocking rules that spanned a range of ports could block all processes rather than only those processes specified in the rule. RESOLUTION: The Access Protection driver has been updated to better handle requests for process names.9. ISSUE: A 19 bugcheck (blue screen) occurred intermittently when loading and unloading content into Link Driver, for example, when configuration changes were made or enforced. RESOLUTION: The link driver was corrected to resolve a race condition that could lead to this issue.PATCH 4 RESOLVED ISSUES1. ISSUE: A crash can occur on some systems when the On-Demand Scan Task includes the "Memory for rootkits" scan item. RESOLUTION: The root kit detection driver has been updated to better handle different processor architectures.2. ISSUE: When a Quarantine Restore Task is run from ePolicy Orchestrator without specifying a restore item, the Scan32.exe process runs a full scan and does not exit properly, leaving the process orphaned. RESOLUTION: The VirusScan plug-in has been updated to check if a restore item is specified. If not, the restore task does not run.3. ISSUE: The VirusScan On-Demand Scanner has no option to disable cookie detection alerts in the user interface or registry. RESOLUTION: Alerts for On-Demand Scan cookie detections can now be disabled by setting the DWORD "bCookieAlerts" registry entry to 0. HKLM\SOFTWARE\McAfee\VSCore\Alert Client\VSE4. ISSUE: When a user is browsing the Internet, the On-Access Scanner sometimes logs entries "Not scanned (The file is encrypted)" on temporary files that are locked for use by the browser. RESOLUTION: The reporting for these types of detections can now be disabled by setting the DWORD "DoNotReportSkippedFiles" registry entry to 1. HKLM\SOFTWARE\McAfee\VSCore\On Access Scanner\McShield\Configuration NOTE: If you previously installed VSE85HF328421, the registry entry "DoNotReportSkippedFiles" is already set to 1.5. ISSUE: In environments where the Lotus Notes data folder is in a non-standard location, the VirusScan Scanner for Lotus Notes installer might crash during installation of VirusScan. RESOLUTION: The VirusScan Scanner for Lotus Notes installation files have been updated so that the search behavior for notes.ini is more resilient to custom Lotus Notes client locations.6. ISSUE: A crash can occur, where the VirusScan Scanner for Lotus Notes failed to initialize properly if the first scanned attachment of a session was stored in a non-standard attachment format. RESOLUTION: The VirusScan Scanner for Lotus Notes library was changed so that the initialization code occurs before the attachment prefixed file name handling occurs.7. ISSUE: With Self Protection enabled, the ability to unblock a connection from a remote computer is grayed out, even though the logged-on user has administrator privileges. RESOLUTION: VirusScan Statistics has been updated to check the credentials of the logged-on user, rather than the access level of our services, to determine if the "Unblock All Connections Now" button should be available.8. ISSUE: Installation of this Patch enables the option "Enable on-access scanning at system startup" if it was previously disabled. RESOLUTION: The Patch installer has been corrected to properly preserve the setting.9. ISSUE: The Patch installer returns a success code, even if the Patch failed to install. RESOLUTION: The Patch installer has been corrected so that it only returns a success code if it is actually successful.10. ISSUE: Installing the Patch on a system that had only one Unwanted Programs exclusion causes that exclusion to fail. RESOLUTION: The installer now corrects a problem where the DetectionExclusions registry value was being changed from REG_MULTI_SZ to REG_SZ if only one value existed.11. ISSUE: On Windows Vista, the administrator cannot disable the On-Access Scanner via the VirusScan system tray icon. RESOLUTION: VirusScan Statistics has been updated to check the user's logged on credentials, rather than the service handle that was used to determine access to the McShield service in older operating systems.12. ISSUE: A failed reinstallation of VirusScan or a failed Patch installation can delete the license, resulting in an inoperable product. RESOLUTION: The Patch installer has been updated to no longer cause this state in the event of a failed installation.13. ISSUE: An incorrect rule file was packaged with the VirusScan NAP file included with Patch 3. This caused some of the Access Protection rule categories to not appear. RESOLUTION: A new VirusScan NAP file was created with a corrected rule file.14. ISSUE: When Host IPS is installed with VirusScan Enterprise, and IPS is disabled, the interface for VirusScan Buffer Overflow Protection remains grayed out, even though it is active. RESOLUTION: The Buffer Overflow console plug-in was updated to check for the registry flag that is set by Host IPS, to tell VirusScan Enterprise that IPS is disabled.15. ISSUE: When Self Protection is enabled on a remote machine and a user attempts open a remote console connection to that machine, the user receives an access denied message, and the remote console is not opened. RESOLUTION: The VirusScan Console was updated to make the connection to the remote console more robust.PATCH 3 RESOLVED ISSUES1. ISSUE: A D1 bugcheck (blue screen) can occur with VirusScan Enterprise 8.5i when installed on heavily loaded servers. RESOLUTION: The Access Protection driver has been updated to resolve the issue.2. ISSUE: A D1 bugcheck (blue screen) can occur with VirusScan Enterprise 8.5i when installed on a Microsoft Exchange server. RESOLUTION: The Access Protection driver has been updated to resolve the issue.3. ISSUE: An 8E bugcheck (blue screen) was reported by customers and in Microsoft’s Online Crash Analysis (OCA), showing a crash in an instruction that could not ordinarily fail. RESOLUTION: The Link Driver was revised to bring it into compliance with guidelines specified in Intel’s Core2 Errata AI33, to prevent such unusual behavior on affected processors.4. ISSUE: A 7E bugcheck (blue screen) can occur with certain low resource conditions. RESOLUTION: The Link Driver has been updated to better handle scenarios where the system is low on resources.5. ISSUE: On 64-bit systems, VirusScan Statistics causes an issue where the user cannot open more than one Microsoft Virtual PC image. Virtual PC reports insufficient memory. RESOLUTION: VirusScan Statistics has been updated to resolve a memory utilization problem on 64-bit systems.6. ISSUE: When integrated with the Checkpoint SecureClient software, VirusScan Enterprise uses incorrect registry values for DAT and Engine version information. RESOLUTION: The binaries for Checkpoint integration have been updated to use appropriate registry data.7. ISSUE: With Access Protections rules set to Maximum Security, during the installation, VirusScan Enterprise Checkpoint integration fails to query the On-Access Scanner service state. RESOLUTION: The binaries for Checkpoint integration have been updated to no longer request a certain level of access to the service, which would be denied by the higher level of Access Protection security.8. ISSUE: Custom VirusScan Enterprise 8.5i policies are lost after upgrading from ePolicy Orchestrator 3.5 to 3.6.x. RESOLUTION: The VirusScan NAP file has been updated to include additional xml code for mapping policies between ePolicy Orchestrator 3.5 and 3.6.x. NOTE: To migrate the policies correctly, follow the instructions under "Installation Steps."PATCH 2 RESOLVED ISSUES1. ISSUE: When an AutoUpdate task copies new DAT files into the engine folder, VirusScan services and Microsoft Outlook can spike CPU utilization in excess of one minute. RESOLUTION: The McTaskManager service has been enhanced so that it no longer issues multiple reload notifications to the scanners after a DAT update. NOTE: Users who saw a smaller spike after the original fix (HF320829) should see more improvement with this fix.2. ISSUE: The Quarantine path cannot be changed for the On-Access Scanner via ePolicy Orchestrator or ProtectionPilot. A registry value was not being updated correctly. RESOLUTION: VirusScan’s Management Plug-In has been updated to correctly write the "RepairBackupDirectory" registry entry.3. ISSUE: When creating a user-defined detection in the Unwanted Program policy, the rule does not take effect immediately. To enable the rule, the McShield service must be stopped and restarted. RESOLUTION: The McShield service has been updated to improve the monitoring of registry changes with the Unwanted Programs policy.4. ISSUE: VirusScan’s ability to scan "floppy during shutdown" prevents proper shutdown of a system with a clean floppy in its drive. RESOLUTION: The On-Access Scanner has been updated to better handle the shutdown process.5. ISSUE: A crash was reported by customers and in Microsoft’s Online Crash Analysis (OCA), during system start-up. RESOLUTION: The Link Driver was updated to correct synchronization issues during the start of processes.6. ISSUE: VirusScan does not correctly remove Buffer Overflow Protection process exclusions that are introduced by ePolicy Orchestrator or ProtectionPilot. RESOLUTION: The VirusScan plug-in has been updated to properly remove old Buffer Overflow Protection registry values when ePolicy Orchestrator or ProtectionPilot policies are enforced.7. ISSUE: When a detection occurs on an EMC network share (CAVA/Celera) and the file has the read-only attribute, the delete action fails. RESOLUTION: The Anti-Virus Filter and Link drivers where updated to properly remove the read-only attribute when taking action on files on the EMC share.8. ISSUE: Detections on a network share may leave behind zero byte files on the share. RESOLUTION: The Anti-Virus Filter and Link drivers were updated to ensure proper cleanup of detections on a network share.9. ISSUE: The On-Access Scanner functions in Console are not updating properly when Access Protection is disabled. RESOLUTION: The state of Self Protection is now correctly tracked by the On-Access Scanner Console plug-in.10. ISSUE: The Self Protection feature of Access Protection is disabled after removing a Patch from the system. RESOLUTION: The MSP installer has been updated to fix a mismatched name between the custom action and installer execution sequence tables in the cached MSI file.11. ISSUE: Interacting with Remote Console On-Demand Scan and AutoUpdate tasks caused the local tasks with the same id to be acted upon, instead of the remote task. RESOLUTION: The Update and On-Demand Scanner binaries were updated to properly call the remote task instead of the local one.12. ISSUE: When you upgrade from VirusScan Enterprise 7.1 or 8.0i to version 8.5i and choose to preserve settings, previously created console tasks do not display in the VirusScan console. RESOLUTION: The MSP Installer package has been updated to initialize the console tasks that were not previously initialized, so they display in the VirusScan console. NOTE: This fix is for those who used the originally released VirusScan Enterprise 8.5i. The current 8.5i repost package includes this fix.13. ISSUE: With the McAfee Installation Designer (MID) option to "Allow Users to Uninstall" disabled, the UninstallString registry value was removed to prevent product removal. This registry value was also used by ePolicy Orchestrator to determine that VirusScan was installed. RESOLUTION: The VirusScan Detection Script has been updated to check for the existence of the uninstall key, instead of the UninstallString value, to determine if the VirusScan Enterprise install package needs to be pushed to the client.14. ISSUE: Some threats were not being detected in the Quarantine Manager by the rescan functionality. RESOLUTION: The Common Shell Scanner binaries have been updated to resolve this issue.15. ISSUE: If McShield and McTaskManager Services were stopped and restarted in a specific order, the Access Protection and Buffer Overflow features remained disabled after the services started. RESOLUTION: The On-Access Scan Console plug-in has been updated to recognize the last known state of Access Protection and Buffer Overflow Protection when McShield service is stopped.16. ISSUE: McShield service may crash when a configuration change occurs during scanning. RESOLUTION: The McShield service has been updated to properly change states when altering configurations.17. ISSUE: Setting a user interface password for Access Protection did not prevent the ability for the user to right-click and disable that feature. The option to disable right-click ability is under the "Other" category (Console and Miscellaneous). RESOLUTION: The password functionality has been moved to the BehaviorBlocking console plug-in so that the right-click option is now included with the Access Protection password options.18. ISSUE: The Buffer Overflow Protection displays a detection in the On-Access Messages window when the "Show the messages when a buffer overflow is detected" option is disabled. RESOLUTION: The On-Access Scan Statistics binary has been updated to properly suppress the Buffer Overflow detection when configured to do so.19. ISSUE: On-Access Scanner’s Network Drive Scanning causes network copy times to increase, more then what is normally expected, when this option is enabled. RESOLUTION: The Common Shell binaries have been updated to no longer request a certain level of access to the network file(s), which would always be denied.PATCH 1 RESOLVED ISSUES1. ISSUE: Applications that perform operations with temporary files, such as printing, generate a "file missing" error. RESOLUTION: The link driver has been updated to correctly handle file operations that use the DeleteOnClose flag.2. ISSUE: When McAfee Policy Enforcer is pushed out to a system with VirusScan Enterprise 8.5i, McAfee trusted processes might trigger Access Protection rules. A reboot is required to correct the problem. RESOLUTION: The link driver has been revised to ensure trusted policies are propagated between instances of loaded drivers.3. ISSUE: Some files remain locked indefinitely. Third-party tools indicate that McShield.exe was leaking handles, thereby locking the file. RESOLUTION: The link driver has been updated to detect and handle the oplock break-in-progress status code and ensure file locks are released.4. ISSUE: Under certain conditions, VirusScan Enterprise scanner for Lotus Notes can mistakenly deny access to the Lotus Notes internal processes, if another Note is being accessed by the user. The message "You are not authorized to perform that operation" is displayed for the user. RESOLUTION: The Lotus Notes scanner binaries have been updated to resolve the issue.5. ISSUE: For non-English platforms, a control ID is displayed in the Status field of the On-Access Messages window, rather than the localized strings. RESOLUTION: The resource binary for the On-Access Scanner service has been updated to resolve this issue.6. ISSUE: When VirusScan Enterprise 8.5i is installed to Windows Vista 32-bit platforms, the Buffer Overflow Protection feature is not available. RESOLUTION: This Patch enables Buffer Overflow Protection for Windows Vista 32-bit environments.7. ISSUE: When a scheduled On-Demand Scan task fails to authenticate to a specified location, the user receives an erroneous error asking that VirusScan Enterprise be reinstalled. RESOLUTION: The localized binaries file has been updated to handle the specific event.8. ISSUE: ePolicy Orchestrator could fail to replicate distributed repositories when VirusScan Enterprise 8.5i is installed. RESOLUTION: The Common Shell binary has been updated to allow sharing of files with other processes.9. ISSUE: Users without local administrative rights are not able to use the Help file unless it was previously downloaded by an administrator. RESOLUTION: Non-administrative users can now download and use the current Help file.10. ISSUE: Not all VirusScan Enterprise events can be filtered in ePolicy Orchestrator reporting. RESOLUTION: The extended reports NAP file has been updated to allow filtering of all VirusScan Enterprise events.11. ISSUE: In certain circumstances, when a state change occurs with Access Protection, the On-Access Scanner cannot be disabled/enabled, and some Access Protection rules fail to log messages. RESOLUTION: The McTaskManager Service and Access Protection binaries have been updated to resolve this issue.12. ISSUE: When resuming from the hibernate state, the system tray icon might be in the disabled state, reflecting the status of the On-Access Scanner. However, the scanner service is functioning normally. RESOLUTION: The system tray icon should always reflect the correct state of the On-Access Scanner when resuming from hibernation.KNOWN ISSUES1. The 5200 or later engine must be installed prior to deploying Patch 5 or later. The Patch updates the cached MSI tables to prevent a repair from restoring an unusable version of the engine.2. On-Access Scan Messages might fail to populate on detections after Patch 8 is installed. A reboot might be needed to resolve this issue. This does not affect detection logging and alerting, or reporting to ePolicy Orchestrator and ProtectionPilot.3. Some customers have reported seeing VirusScan Statistics (VShield) crashing/disappearing from the system tray. Refer to McAfee Support KnowledgeBase article 613892 for more information on this issue.4. If Host Intrusion Prevention 6.x or later is installed and disabled prior to VirusScan Enterprise, it is necessary to re-enable IPS and disable it again in order for VirusScan Buffer Overflow Protection to be properly enabled.5. Sporadic crashes of the McShield Service have been seen during the patch install, on systems running McAfee AntiSpyware Enterprise Module. The service recovers correctly at the end of the patch process.6. If you install this release interactively and cancel the installation on a system where a previous Patch was installed, after the rollback completes, the previous Patch no longer reports to ePolicy Orchestrator or appears in the "About VirusScan Enterprise" window.7. Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch "/L" does not log to the specified path. A log file capturing full data is logged to the folder "McAfeeLogs" under the Temp folder.8. If the Lotus Notes client is open when this release is installed, the installation completes successfully, but a reboot is required to replace the McAfee Lotus scanner files. The new files are not used until after a reboot.9. Uninstalling VirusScan Enterprise Patches is now possible for computers running Windows Installer v3.x or later. This technology is not fully integrated for Windows 2000 operating systems, so there is no option to remove the Patch in Add/Remove programs. Please see instructions under "Removing the Patch" for removal via command-line options.10. Uninstalling VirusScan Patches is not available for Windows NT platforms, because Windows Installer v3.x is not supported on this platform. The Patch still installs to all platforms supported by VirusScan Enterprise 8.5i.11. Patches for VirusScan Enterprise 8.5i can only be uninstalled via Add/Remove programs, not via ePolicy Orchestrator or ProtectionPilot.FILES INCLUDED WITH THIS RELEASEThis release consists of a package called VSE85P8.ZIP,which contains the following files: PKGCATALOG.Z = Package catalog file PATCH8.TXT = This text file VSE850DET.MCS = VirusScan Enterprise detection script SETUP.EXE = Installer for this release SETUP.INI = Initialization file for SETUP.EXE PATCH8.MSP = Microsoft Installer Patch file VSE850.NAP = Management NAP for VirusScan Enterprise VSE850REPORTS.NAP = Reporting NAP file The following files are installed to client systems: STRINGS.BIN No version MIDUTIL.DLL 8.5.0.156 CONDL.DLL 8.5.0.857 COPTCPL.DLL 8.5.0.857 MCAVDETECT.DLL 8.5.0.869 MCAVSCV.DLL 8.5.0.869 BBCPL.DLL 8.5.0.895 CONSL.DLL 8.5.0.895 MCCONSOL.EXE 8.5.0.895 SHUTIL.DLL 8.5.0.895 OASCPL.DLL 8.5.0.909 FTCFG.DLL 8.5.0.936 MCUPDATE.EXE 8.5.0.936 NAIANN.DLL 8.5.0.936 NCDAEMON.EXE 8.5.0.936 NCEXTMGR.DLL 8.5.0.936 NCINSTALL.DLL 8.5.0.936 NCMENU.DLL 8.5.0.936 NCSCAN.DLL 8.5.0.936 NCTRACE.DLL 8.5.0.936 QUARCPL.DLL 8.5.0.936 SCAN32.EXE 8.5.0.936 SCAN64.EXE 8.5.0.936 SCNCFG32.EXE 8.5.0.936 SHSTAT.EXE 8.5.0.936 VSODSCPL.DLL 8.5.0.936 VSTSKMGR.EXE 8.5.0.936 VSUPDCPL.DLL 8.5.0.936 VSPLUGIN.DLL 8.5.0.937 ENTSRV.DLL 13.3.0.169 MFEBOPA.DLL 13.3.0.169 MFEBOPK.SYS 13.3.0.169 MFEAPFA.DLL 13.3.0.169 MFEAPFK.SYS 13.3.0.169 MFEAVFA.DLL 13.3.0.169 MFEAVFK.SYS 13.3.0.169 MFEHIDA.DLL 13.3.0.169 MFEHIDN.EXE 13.3.0.169 MFEHIDK.SYS 13.3.0.169 MFERKDA.DLL 13.3.0.169 MFERKDK.SYS 13.3.0.169 MFETDIK.SYS 13.3.0.169 ADSLOKUU.DLL 13.3.2.137 CSSCAN.EXE 13.3.2.137 ENTVUTIL.EXE 13.3.2.137 FTL.DLL 13.3.2.137 LOCKDOWN.DLL 13.3.2.137 MCSHIELD.DLL 13.3.2.137 MCSHIELD.EXE 13.3.2.137 MCSHIELDPERFDATA.DLL 13.3.2.137 MCVSSNMP.DLL 13.3.2.137 MYTILUS.DLL 13.3.2.137 MYTILUS2.DLL 13.3.2.137 NAEVENT.DLL 13.3.2.137 NAIEVENT.DLL 13.3.2.137 SCANOTLK.DLL 13.3.2.137 SCRIPTCL.DLL 13.3.2.137 SCRIPTSV.DLL 13.3.2.137 LOGPARSER.EXE 1.2.0.131 The following files are checked in to the ePolicy Orchestrator or ProtectionPilot repository: VSE850.NAP 2.0.0.696 VSE850REPORTS.NAP 3.0.0.781Download: http://rapidshare.com/files/204744835/VSE85iP8_SCF.rarDownload Mirror: http://www.megaupload.com/?d=GN9MP08RP.S.Only SCF Members with at least 10 useful Forum posts can request password in reply to this Topic!Real reason for this is that some Members only visit SCforum, download Patch and never show again until new Update.We want loyal Members who want to Learn and Share Knowledge with others.Hope you all will agree with this reasons & decisions.Best Regards,Samker
Kursevi programiranja za ucenike u Sarajevu