SCF Advanced Search

  • Total Posts: 37435
  • Total Topics: 12193
  • Online Today: 1156
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: McAfee® VirusScan® Enterprise 8.7i Hotfix 643440 Release Notes  (Read 9110 times)

0 Members and 2 Guests are viewing this topic.


  • SCF Moderators
  • *****
  • Posts: 131
  • KARMA: 20
  • Gender: Male
    • my heart bleeds for none but my own!
hi guys,

there has some confusion for McAfee® VirusScan® Enterprise 8.7i Hotfix 643440, so publishing the Release Notes of McAfee® VirusScan® Enterprise 8.7i Hotfix 643440, if needed this forum Admin will modify ...

McAfee® VirusScan® Enterprise 8.7i Hotfix 643440 Release Notes

Thank you for using McAfee software. This document contains important information about this release. McAfee strongly recommends that you read the entire document.

Hotfix 643440 is considered a Mandatory Release. See (McAfee) KnowledgeBase article KB51560 for information on ratings.

    McAfee considers this release to be a required update for all environments. Mandatory Patches and Hotfixes resolve vulnerabilities that may affect product functionality and compromise security. These updates must be applied to maintain a viable and supported product. Failure to apply Mandatory updates may result in a security breach.

About this Hotfix

For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see (McAfee) KnowledgeBase article KB51111.

    Hotfix Release: 08-16-2011

This release was developed for use with:

    McAfee VirusScan Enterprise 8.7i Patch 5

Files included:

    File name    Version
    VSCAN.BOF    567
    vsevntui.dll    NONE


    This Hotfix upgrades the core system files of VirusScan Enterprise 8.7i to a newer revision then what was released with VirusScan Enterprise 8.8. For customers migrating from this Hotfix to VirusScan Enterprise 8.8, McAfee supports upgrading to VirusScan Enterprise 8.8 Patch 1 or later(Please note; yet no patch available for VirusScan Enterprise 8.8) .

    This Hotfix upgrades the core system files of VirusScan Enterprise 8.7i to a newer revision. McAfee has spent a significant amount of time finding, fixing, and testing the fixes in this release. However, it is strongly recommended to verify this update in test and pilot groups prior to mass deployment.

    This Hotfix supersedes Hotfix 643447. Installing this Hotfix will remove or update all files and entries related to Hotfix 643447. Checking this Hotfix into the same branch as Hotfix 64337 will remove Hotfix 643447 from the ePolicy Orchestrator repository to prevent unwanted updates to Hotfix 643447.

    MOVE 1.6 Installation: After installing this Hotfix, you must restart the MOVE-AV service or restart the system.


This Hotfix release includes the following improvements.

    Performance increase to disk Input/Output (I/O).

    This release enhances the Self protection to prevent unauthorized access to critical VirusScan processes. Please see Resolved issues, item 1 and 2, for further details.

    This release ships with a new Access Protection rule that hardens VirusScan Enterprise 8.7i against malware that performs process injection. See (McAfee) KnowledgeBase article KB71083 and KB71812 for information regarding this improvement.

    NOTE: The rule Common Standard Protection: Prevent hooking of McAfee processes is enabled by default. Legitimate applications are known to perform process injection, and this Access Protection rule may have indeterminate results with those legitimate applications. These same programs should be able to recover when failing to inject into processes. However, it is strongly recommended to verify this update in test and pilot groups prior to mass deployment.

    The ePolicy Orchestrator extension file has been updated to include new Access Protection rule, Common Standard Protection: Prevent hooking of McAfee processes.

Known issues

Here is a list of known issues that we were aware of at production time.

    Issue: Common Standard Protection: Prevent hooking of McAfee processes is a specialized Access Protection rule that can only be enabled or disabled. It will not be possible to exclude or include additional processes in this rule due to its unique design.

    Issue: Access Protection rules are not localized with this Hotfix release. Localization is planned to be re-established with future patch releases.

    Issue: Performing a Repair on VirusScan Enterprise with this Hotfix installed will remove some critical files and is not supported for this fix. If the Repair function is used after applying this Hotfix, then this Hotfix must be re-applied (as a minimum) before the system may be supported again.

    Issue: Microsoft update or feature may fail to install when Access Protection is enabled. See (McAfee) KnowledgeBase article KB72458 for information regarding this issue.

    Issue: A rare Bugcheck may occur if On-Access Scanner service becomes paused, disabled or restarted and the system is immediately Shutdown or Restarted. See (McAfee) KnowledgeBase article KB72678 for information regarding this issue.

Resolved issues

Resolved issues in this release of the software are described below:

    Issue: Malicious software may leverage a technique for obtaining a handle with write privilege within a McAfee process, in order to disable the process. (Reference: 643298)
    Resolution: Self Protection now prevents non-McAfee processes from obtaining write handles to our processes.

    Issue: Malicious software may change NTFS folder permissions on McAfee folders in order to disable the software. (Reference: 643440)
    Resolution: Self protection now protects McAfee folders, files and registry data from permission changes.

    Issue: A Bugcheck 1E, 7E, 8E, or D1 could occur when closing multiple programs or while logging out. (Reference: 675294, 676551, 678439, 678551, 678561, 679729, 683416, 683577, 686304, 695367)
    Resolution: Addressed a timing defect that could cause the driver to schedule delayed cleanup of process data that was already in the process of being cleaned up.

    Issue: A Bugcheck 3B could occur if Input/Output (I/O) is passed to a volume concurrently with the volume being detached. (Reference: 678915)
    Resolution: The McAfee Link driver has been revised to ensure I/O does not pass through after a volume goes offline.

Installation instructions

    To use this release, you must have VirusScan Enterprise 8.7i software installed on the computer you intend to update with this release.
    This release will only install to VirusScan Enterprise 8.7i Patch 5.
    This release does not work with earlier versions of McAfee VirusScan Enterprise software.
    A reboot may be needed to fully load the system drivers into memory.
    The package installation does not force the reboot.

Installation prerequisites

    VirusScan Enterprise 8.7i Patch 5

Standalone Installation

    Extract the Hotfix files to a temporary folder on your hard drive.
    Double-click the file VSE87HF643440.EXE inside the temporary folder created in Step 1.
    Follow the instructions of the installation wizard.

Installation steps via ePolicy Orchestrator

    On the computer where the ePolicy Orchestrator console resides, extract the files to a temporary folder on your hard drive.
    Open the ePolicy Orchestrator console and add the package from the temporary folder created in Step 1 to your repository.

    NOTE: Refer to Checking in Packages Manually in the ePolicy Orchestrator online Help, for instructions on adding a package to the repository. The package type for this install is Products or Updates.

    NOTE: The ePolicy Orchestrator VirusScan Enterprise extension (VIRUSCAN8700(216).zip) was updated with this Hotfix. The newer version of the extension is included with the package and must be checked into the ePolicy Orchestrator extension repository separately.
    Deploy the Hotfix to the appropriate client systems with an agent update.

PS; for the Patch 5 and the HotFix please check this post:,6130.0.html

I just sit and wonder, why!! Everything i touch it dies!!!

Samker's Computer Forum -


  • SCF Administrator
  • *****
  • Posts: 7509
  • KARMA: 321
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Re: McAfee® VirusScan® Enterprise 8.7i Hotfix 643440 Release Notes
« Reply #1 on: 25. October 2011., 05:54:51 »
Thanks for clarification mate.  :thumbsup:


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising