Mcafee AGENT 4.0 Release Notes

Release Notes for McAfee Agent 4.0.0 Patch 2 (Windows)

Release Notes for McAfee Agent 4.0 Patch 2 (Windows)

Thank you for using McAfee Agent software version 4.0. This document contains important information
about this release. We strongly recommend that you read the entire document.

Contents

● About this release

● System requirements

● Rating

● Purpose

● Known issues

● Resolved issues

● Installation instructions

● Allowing users to configure proxy settings

● Finding release notes and documentation for McAfee enterprise products

● License attributions

About this release

Patch Release: March 10, 2009

Patch Package: 4.0.0.1421

This release was developed for use with:

● Data Loss Prevention 2.1 and 2.2

● Endpoint Encryption for Files and Folders 3.1.0

● Endpoint Encryption for PC 5.1.5

● ePolicy Orchestrator 3.6.1 and 4.0

● McAfee Anti-Spam for GroupShield 7.0

● McAfee Encrypted USB 1.0

● McAfee VDisk for Windows 4.1.0

● Host Intrusion Prevention (Windows only) 7.0

● Network Access Control 2.0, 2.5, and 3.0

● Policy Auditor 5.0, 5.0.1 and 5.1

● PortalShield 1.0 and 2.0

● Safeboot Encrypted USB 1.0

● Safeboot Endpoint Encryption for File and Folder (Content Encryption) 3.1.0

● Safeboot Endpoint Encryption for PC (Device Encryption) 5.1.5

● Safeboot VDisk for Windows 4.1.0

● SecurityShield 1.0

● SiteAdvisor Enterprise 1.5, 1.6. and 2.0

● System Compliance Profiler 1.1 and 2.0

● VirusScan Enterprise 8.0i, 8.5i (Patch 7 and above), and 8.7i (with AntiSpyware Enterprise)

Make sure you have installed the correct version(s) before using this release.

System requirements

This section specifies the system requirements for McAfee Agent 4.0.

Release Notes for McAfee Agent 4.0.0 Patch 2 (Windows)

● Installed disk space — 14–17 MB, including log files

● Memory — 128 MB RAM minimum, 256 MB RAM recommended

● Processor — Intel or compatible; Intel Pentium or Celeron (recommended); Itanium 2 processors.

● Processor speed — 133 MHz minimum

● Operating system:
❍ Windows 2000 Professional, SP 4
❍ Windows 2000 Server, SP 4
❍ Windows 2000 Advanced Server, SP 4
❍ Windows 2000 Datacenter Server, SP 4
❍ Windows 2003 Server, Standard Edition, SP 1 or 2
❍ Windows 2003 Server, Enterprise Edition, SP 1 or 2
❍ Windows 2003 Server R2, Standard Edition, SP 1 or 2
❍ Windows 2003 Server R2, Enterprise Edition, SP 1 or 2
❍ Windows 2003 Server, Standard x64 Edition, SP 1 or 2
❍ Windows 2003 Server, Enterprise x64 Edition, SP 1 or 2
❍ Windows 2003 Server R2, Standard x64 Edition, SP 1 or 2
❍ Windows 2003 Server R2, Enterprise x64 Edition, SP 1 or 2
❍ Windows XP Embedded
❍ Windows XP Home, SP 1 and 2
❍ Windows XP Professional, SP 1, 2, and 3
❍ Windows XP Professional, x64 SP 2
❍ Windows XP Tablet PC 2005
❍ Windows Vista, SP 1
❍ Windows Vista x64, SP 1
❍ Windows Server 2008
❍ Windows Server 2008 x64

This release does not support Windows 95, Windows 98, Windows Millennium Edition or Windows
NT.

The McAfee Security single tray icon does not appear on 64-bit systems.

Rating

McAfee recommends this release for all environments. This update should be applied at the earliest
convenience. For more information, see KB article KB51560.

Purpose

This document supplements the McAfee Agent 4.0 Readme file in the release package, and details fixes
included in McAfee Agent 4.0 Patch releases.

This Patch contains a variety of improvements. McAfee has spent a significant amount of time finding,
fixing, and testing the fixes in this release. Please review the Known and Resolved Issues lists for
additional information on the individual issues.

Refer to online KnowledgeBase article KB60681 at http://knowledge.mcafee.com for the most current
information regarding this release.

Known issues

Known issues in this release of the software are described below:

● Issue: On systems with EMC’s Power Path software installed, the McAfee Agent fails to start and

the error message “Cannot generate keypair” appears in the Agent_<system name> log file.
(Reference: 452955, 436864, 445158, 447296, 451228, 437592 )

Release Notes for McAfee Agent 4.0.0 Patch 2 (Windows)

Workaround: The McAfee Agent must be rolled back to Common Management Agent version

3.6.0 Patch 4 for the systems with EMC's Power Path software installed.

Resolved issues

Issues that are resolved in this release are listed below.

1. Issue: The error message “Failed >> Setting naInet transfer option RelativePath =” appeared in
the McScript and Aviview log files when a UNC repository when it was defined without a
subdirectory following a share name. For example, the definition “\\server\share\directory”
worked as expected, but the definition “\\server\share” caused the error message to appear. The
download would work correctly in spite of this error message. (Reference: 391232, 455183)

Resolution: UNC repositories can now be defined with or without specifying a subdirectory.

2. Issue: When a UNC repository was configured to use download credentials and to use ping time
repository sorting, and the UNC repository was inaccessible for pinging, the McAfee Agent
might run with lowered privileges. When this occurred, the error message “Permission
denied” appeared in the Agent_ log file when the McAfee Agent attempted to write to the registry.
(Reference: 416303, 417404, 432919, 432931)

Resolution: The UNC Repository Updater process now continues to run under the System user’s
credentials when a UNC repository cannot be reached during the ping time sorting process.

3. Issue: When UNC repositories were configured to use the download credentials of the logged-on
user and the logged-on user was not an Administrator, the download would fail. (Reference:
418162, 424677, 425454, 437584, 458651, 466124, 466186)

Resolution: The UNC Repository Updater process now allows UNC replication using the logged-on
user’s credentials.

4. Issue: The download of a product deployment process could fail when an earlier version of the
product had been deployed. (Reference: 421222)

Resolution: The product deployment process has been updated to consistently detect and deploy
updated products.

5. Issue: Updates via a UNC repository would fail on 64-bit systems when the update was
configured to use the credentials of the logged-on user. When this occurred, the error message
“Failed to steal Explorer token” would appear in the Agent_<system name> log file. (Reference:

429292)

Resolution: The UNC Repository Updater process now runs on 64-bit operating systems when
defined to use download credentials.

6. Issue: During the repository download process when the download of a product failed and a
subsequent download of a different product succeeded, the download session was treated as a
success and not retried using the next repository. (Reference: 429950, 429759)

Resolution: The repository download process has been updated to retry the entire update from
the next repository when any products fail to download.

7. Issue: The McAfee Agent no longer provided an embedded credential installation package option.
(Reference: 432427)

Release Notes for McAfee Agent 4.0.0 Patch 2 (Windows)

Resolution: An embedded credential installation package is now available through McAfee Tier III
Support. For information on obtaining this package, see KB article KB59954.

8. Issue: Requesting updates from the ePolicy Orchestrator server through HTTP resulted in a large
number of “client denied by server configuration…” error messages to be incorrectly reported in
the server log file. (Reference: 433704)

Resolution: The HTTP connection process has been updated to avoid creating this error message
incorrectly.

9. Issue: During the deployment of Host Intrusion Prevention, the product detection script would
prematurely end when the Host Intrusion Prevention service was not registered. (Reference:

436914)

Resolution: The script engine has been updated to properly detect and report unregistered
services as an error rather than exiting.

10. Issue: Non-English versions of the McAfee Agent could fail to apply incremental DAT updates, and
instead download the full DAT package, resulting in unnecessary network bandwidth consumption.
(Reference: 439397, 441679, 443381)

Resolution: The DAT update process has been updated to ensure that non-English versions apply
incremental updates correctly.

11. Issue: The error message “File is corrupt. Downloading complete file again.” would be incorrectly
written to the McScript log file during the update process. (Reference: 440080, 445479)

Resolution: The update process has been updated to record this error message only when the
file download process detects a corrupt file.

12. Issue: After a successful update of a DAT file, a temporary copy of the DAT package would not be
deleted from the McAfee Agent data directory, resulting in unnecessary disk space consumption.
(Reference: 440930)

Note: This issue could consume all of a system's available disk space.

Resolution: The DAT update process now deletes the DAT package after a successful update.

13. Issue: The McAfee Agent upgrade process would fail to install when it could not successfully
terminate the currently running version, resulting in a McAfee Agent that failed to start.
(Reference: 441182)

Resolution: The McAfee Agent upgrade process has been updated so that if it detects that the
currently installed version cannot be stopped, it quits and leaves the currently running version of
the McAfee Agent operational.

14. Issue: The error log file did not “roll over,” resulting in unnecessary disk space consumption.
(Reference: 449107, 449111, 449341, 450554, 462905)

Note: This issue could consume all of a system's available disk space.

Resolution: The error log file now “rolls over” in the same manner as the Agent_<system name>
log file.

Release Notes for McAfee Agent 4.0.0 Patch 2 (Windows)

Note: When writing a message to the error log file, the size of the current file is checked. If the
size equals or exceeds the file size limit set in the registry, the following actions will occur:

❍

If the backup file (Agent_<system name>_backup.log) exists in the target folder, it is

deleted.

❍

The current file (Agent_<system name>.log) is renamed as the backup file.

❍

A new current file is created and the message is written in this file.

15. Issue: When the Internet Explorer setting “Automatically detect settings” is selected and “Use a
proxy server for your LAN” is not selected, an automated configuration script caused the update
process to fail. (Reference: 450058, 451906, 452028, 461210, 463930)

Resolution: The update process now runs as expected, independent of these Internet Explorer
settings.

Issues from the Patch 1 release of the software that are resolved in this release are listed below.

1. Issue: An update dialog box appeared in English rather than the non-English language running on
the system. (Reference: 389523)

Resolution: Update dialog boxes now appear in the language running on the system.

2. Issue: When using the “/forceinstall” switch and only changing the data (/datadir=<new folder>)
folder, the upgrade process did not remove the old data folder and used the new folder.
(Reference: 393182)

Resolution: Now when using the “/forceinstall” switch and changing the data (/datadir=<new
folder>) folder, the upgrade process removes the old data folder and uses the new folder.

3. Issue: When the AgentEvents folder was missing, the upgrade process failed. (Reference:

393764)

Resolution: Now the upgrade process creates the AgentEvents folder when it is missing.

4. Issue: Managed product installation routines were executed each time a deployment task ran on
systems that used a language other than English. (Reference: 399232)

Resolution: Managed product installation routines now execute only when necessary.

5. Issue: If the installation or data folder contained a double-byte character, the upgrade process
failed. (Reference: 404111)

Resolution: Now the installation and data folders can contain non-English characters.

6. Issue: When executing the VirusScan update process (mcupdate.exe) with the “/update” and “/
quiet” switches, an upgrade dialog box would still be displayed. (Reference: 405004)

Resolution: The VirusScan update process now honors the “/quiet” switch.

7. Issue: The upgrade process was checking for the existence of the “My Favorites” and “Fonts”
folders. If they were not present, the upgrade failed. (Reference: 405314)

Resolution: The upgrade process no longer requires the “My Favorites” and “Fonts” folders to be
present.