McAfee EPOLICY ORCHESTRATOR 4.0 PATCH 5 - RELEASE NOTES 12-05-2009, ePolicy Orchestrator 4.0 User Manual

Release Notes for McAfee ePolicy Orchestrator 4.0 Patch 5

Thank you for using McAfee® ePolicy Orchestrator® software version 4.0 Patch 5. This document contains important information
about this release. We strongly recommend that you read the entire document.

Contents

z About this release
z Rating
z Purpose
z Known issues
z Resolved issues
z Installation Instructions
z Finding documentation for McAfee enterprise products
z License attributions

About this release

Patch Release: May 12, 2009

Patch Package: 4.0.0.1293

This release was developed for use with:

z

McAfee ePolicy Orchestrator 4.0

z

McAfee ePolicy Orchestrator 4.0 Patch 1

z

McAfee ePolicy Orchestrator 4.0 Patch 2

z

McAfee ePolicy Orchestrator 4.0 Patch 3

z

McAfee ePolicy Orchestrator 4.0 Patch 4

z

McAfee Total Protection for Endpoint

Make sure you have installed the correct version(s) before using this release.

Rating

McAfee recommends this release for all environments. This update should be applied at the earliest convenience. For more
information, see KB article KB51560

.

Purpose

This document supplements the McAfee ePolicy Orchestrator 4.0 Readme file in the release package, and details fixes included
in ePolicy Orchestrator 4.0 Patch 1, Patch 2, Patch 3, Patch 4, and Patch 5.

Refer to online KnowledgeBase article KB65506

at https://mysupport.mcafee.com/ for the most current information regarding

this release.

Known issues

Known issues in this release of the software are described below.

1. Issue: Not all characters are allowed with ePolicy Orchestrator or SQL usernames and passwords, specifically regarding
use with the ePolicy Orchestrator installer. (Reference: 387883, 395890)

Workaround: Here is a list of the allowed and disallowed characters for the usernames and passwords used by the
ePolicy Orchestrator 4.0 Patch 5 installer. This list is known to be valid only for the ePolicy Orchestrator Patch 5 installer
and might not represent the character sets allowed for previous patch installers.

{

ePO username and password official character set for the Patch 5 installer

 Allowed

 All printable characters with a hex value of 0x20 – 0x7E (ASCII 32 through 126), with exceptions

listed below.

 Exceptions (for both user names and passwords, except as noted)

 No leading space, trailing spaces, or passwords made up of solely spaces
 No double quotes (")

 No leading backslashes, trailing backslashes, or passwords made up of solely backslashes (\)
 No dollar signs ($)
 No percent signs (%)
 Usernames cannot contain a colon (:)
 Usernames cannot contain a semi-colon (;)

{ SQL user name and password official character set for the patch 5 installer

 Allowed



All printable characters with a hex value of 0x20 – 0x7E (ASCII 32 through 126), with exceptions
listed below.



Exceptions (for both usernames and passwords, except as noted)



No leading space, trailing spaces, or passwords made up of solely spaces



No double quotes (")



No single quotes (')



No backslashes (\)



No percent signs (%)



Usernames cannot contain a dollar sign ($)



Usernames cannot contain a colon (:)



Usernames cannot contain a semi-colon (;)



Password size restriction



Passwords must not exceed 40 bytes in length. For multi-byte characters, this limits the
password to a maximum of 20 characters.

2. Issue: Cluster installation on Windows 2008 server is not supported.

Workaround: Cluster users should not migrate to Windows 2008 at this time.

3. Issue: If the master repository is locked, package check-in fails, causing the installation to fail and roll back.

Workaround: Ensure that there are no repository actions that conflict with the installer. These actions can be currently
running or regularly scheduled repository pulls or replications.

4. Issue: If a previous Patch installation is successfully completed with a database user configured to use a non-default
database schema, the following tables are created:

{

<schema used>.OrionExtensionsBackup

{

<schema used>.OrionConfigurationBackup.

The existence of these files causes the Patch 5 installation to fail. (Reference: 461433)

Workaround: Delete these tables and try the installation again.

5. Issue: When using Windows 2008 ePolicy Orchestrator servers, a blank “Domain” selection drop-down list appears when
the user tries to browse for systems while adding new systems to the System Tree in the ePolicy Orchestrator console.
(Reference: 391040)

Workaround: On Windows 2008 servers, the McAfee ePolicy Orchestrator 4.0.0 Application Server service must have
sufficient permissions to complete the request. For more information, see KB article KB53861

.

6. Issue: On Windows 2008 ePolicy Orchestrator servers, external commands are not executed. (Reference: 433570)

Workaround: On Windows 2008 servers, the McAfee ePolicy Orchestrator 4.0.0 Application Server service must have
sufficient permissions to complete the request. For more information, see KB article KB53862

.

7. Issue: During a cluster installation, the IP address for a client system appears as 128.0.0.0 after an agent push.
(Reference: 435257)

Workaround: After the first successful communication, the IP address reflects the correct address.

8. Issue: When the SQL Server “Nested Triggers” option is disabled, policy assignment timestamps are not updated. This
causes ePolicy Orchestrator to fail to deliver full policies to client systems. (Reference: 406765)

Workaround: Verify that the “Nested Triggers” SQL Server option is enabled for the ePolicy Orchestrator database. For
more information, see KB article KB52512

.

9. Issue: Modifications to policies are not written to the audit log unless they are from Host Intru s ion Prevention policies.
(Reference: 470204)

Workaround: None.

Resolved issues

Issues that are resolved in this release are listed below.

1. Issue: If an administrator changes the "Agent-server secure communication keys," non-Windows agents will not use the
new key(s). (Reference: 366792)

Resolution: The agent key updater package now allows non-Windows agents to use new agent-server secure
communication keys.

2. Issue: Distributed repositories are not used for global

updating if the master repository has been updated with packages

other than DATs and Engines. (Reference: 419665)

Resolution: Global updating will use distributed repositories even if the master repository has been updated with
packages other than DATs and Engines.

3. Issue: When the ePO server receives an invalid package from an agent, it logs extraneous data about the invalid
package contents that does not contain information to aid administrators in determining which agent is sending the
invalid package. (Reference: 475017)

Resolution: The server log now contains information about the machines sending malformed SPIPE packages and no
longer contains the contents of invalid packages.

4. Issue: The product summary version information might not match the detailed product properties version information.
In particular, the detailed product properties might include a build number that is missing in the product summary
version information. (Reference: 467030)

Resolution: Product summary version information and the detailed product properties now has the correct values for
products deployed after this Patch has been installed.

Note: This patch does not correct version mismatches from prior deployments, only from deployments after the patch
has been put into place. Mismatches from prior deployments can be corrected by performing an agent wake up with full
properties on those machines reporting a version mismatch.

5. Issue: When 4.0 agents call in to the ePolicy Orchestrator server with a lower sequence number than the ePolicy
Orchestrator server expects, communication is rejected by the ePolicy Orchestrator server. (Reference: 467325, 464319)

Resolution: This Patch introduces several new ways to aid ePolicy Orchestrator administrators in finding sequence error
problems in their network. For more information, see KB article KB65611

.

6. Issue: Active Directory synchronization with the option to move systems causes the AgentGUID to become Null in the
database. (Reference: 461112)

Note: Systems with a Null AgentGUID receive new AgentGUIDs on the next agent-to-server-communication.

Resolution: The AgentGUID are now retained after a system is moved via Active Directory synchronization.

7. Issue: ePolicy Orchestrator servers running on Windows 2000 show the property of "Free Memory" as 0 for all systems
in the System Tree. (Reference: 450048)

Resolution: ePolicy Orchestrator servers running on Windows 2000 now show the correct "Free Memory" for systems in
the System Tree, after each system's next agent-to-server-communication.

8. Issue: When viewing or exporting a report, the Close button in the console does not work properly. Instead of closing,
the Export page then the Result page are displayed in an endless loop. (Reference: 451729)

Resolution: The Close button on the export page now returns the user to a page where they can continue to navigate,
without having to log out or use the browser Back button.

9. Issue: When creating an FTP Distributed Repository in a non-English environment with the Anonymous option selected,
the FTP Distributed Repository "Anonymous" credential is translated to the localized language and stored in the
sitelist.xml instead of "Anonymous". This might cause errors authenticating anonymously to FTP servers on non-English
ePolicy Orchestrator environments. (Reference: 449159)

Resolution: "Anonymous" is now correctly used for all languages in the FTP Distributed Repository credential setup.

10. Issue: ePolicy Orchestrator 4.0 does not support port IDs greater than 32767 for the target port referenced in a client
event, whereas IANA allows for port numbers up to 65535. (Reference: 462087)

Resolution: All valid port values are now supported as the target port in a client event.

11. Issue: The download credentials for a source repository

site cannot be modified in ePolicy Orchestrator after the site has

been created. (Reference: 450163, 480057)

Resolution: The download credentials for source repository sites can now be edited.

12. Issue: Checking a new agent package into the ePolicy Orchestrator repository does not always update the ePolicy
Orchestrator list of supported platforms correctly. (Reference: 467664)

Resolution: Checking a new agent package into the ePolicy Orchestrator repository correctly updates the ePolicy
Orchestrator list of supported platforms.

13. Issue: In some environments, repository pulls from HTTP source repositories might never finish. (Reference: 453274)

Resolution: A new registry setting has been created to work around this issue. The new registry DWORD value is called
"RawHTTPDownloadSocketsOnly" and exists in the HLM\SOFTWARE\Network Associates\ePolicy Orchestrator key.

{

A value of 1 changes the HTTP pull functionality to use Windows Sockets (Winsock).

{

A value of 0, absence of a value, or absence of this key provides the pre-existing pull functionality using Windows
Internet (WinINet).

14. Issue: Replication of specific, selected packages to a distributed repository can intermittently fail if multiple replication
tasks are running simultaneously. (Reference: 462653)

Resolution: A concurrency problem with multiple running replication tasks has been resolved.

15. Issue: The Extra DAT package cannot be deployed to additional platforms without a patch to ePolicy Orchestrator each
time additional platform support is required. (Reference: 397874)

Resolution: The supported platform list for Extra DAT

packages can now be updated without requiring a patch to ePolicy

Orchestrator.

16. Issue: The failure to push an agent can result in the ePO server not being able to create new network mappings, which
can cause pushagent commands and replication to UNC repositories to fail. (Reference: 449780)

Resolution: UNC network resource handles are now returned to the operating system after an agent push failure.

17. Issue: The removal of non-Windows agent packages from the ePolicy Orchestrator master repository prevents agent
update tasks from detecting that a new master server key has been assigned. (Reference: 463964)

Resolution: The removal of non-Windows agent packages no longer prevents agent update tasks from detecting new
master server keys.

18. Issue: The Roll Up server task can intermittently process the same computer twice, causing failure of the task and
computers not to be imported. (Reference: 446354)

Resolution: Computers are now processed only once each, and the server task completes successfully.

19. Issue: Threat-based notification rules can be triggered for non-threat events if the product and category filters of the
rules are satisfied. (Reference: 461917)

Resolution: Threat-based notification rules now are triggered only for threat events.

20. Issue: During an Active Directory synchronization, disabled computer accounts were being imported into ePolicy
Orchestrator. (Reference: 439191)

Resolution: Disabled computer accounts in Active Directory are no longer imported into ePolicy Orchestrator.

Note: If the ePO administrator has configured the Active Directory synchronization to "remove deleted systems" from
the System Tree, deleted systems and disabled systems are automatically removed at the next Active Directory
synchronization.

21. Issue: Installation for ePolicy Orchestrator 4.0 fails if

461677)

Resolution: The "$" character is now an acceptable character for the SQL password. For a complete listing of allowed
characters for your ePO and SQL user names and passwords, refer to the first entry under Known Issues (above).

the password for SQL includes the dollar ($) character. (Reference:

22. Issue: An event purge fails for Purge with 0 Days. (Reference: 471355)

Resolution: An event log will Purge with 0 days.

23. Issue: Users get a message "Exception occurred in OrionCore.dialogBoxOkHandler!" when trying to purge Notification
Logs. (Reference: 472788)

Resolution: Users no longer receive an exception message when purging the Notification Logs.

24. Issue: Items Event Group and Event Type cannot be sorted in the Response Builder. (Reference: 424139)

Resolution: Event Group and Event Type are now sortable, based on the users locale.

25. Issue: Failed to create chart “FSE: FoundScore Trend for Last 30 Days” is displayed when My FoundScore is selected.
(Reference: 428041)

Resolution: Chart creation is now fixed for “FSE: FoundScore Trend for Last 30 Days” when selecting My FoundScore.

26. Issue: Incorrect text appeared in options to filter data for "Description text goes here." (Reference: 428904)

Resolution: This text has been updated to read "Build table filter criteria."

27. Issue: The console date defaults to US format (MM/DD/YY). (Reference: 430784)

Resolution: The date is set to correspond to the system locale format.

28. Issue: The error message "Page cannot be found" is displayed when the Back button is clicked on within the Notification
Log page. (Reference: 449202)

Resolution: The Back button has now been fixed for the Notification Log page.

29. Issue: The Grouped Bar Chart report shows bars in each group, even if not applicable. (Reference: 450500)

Resolution: The Grouped Bar Charts no longer display bars with a group count of "0".

30. Issue: Policy Auditor Dashboard tables incorrectly display the column title "Total" on localized builds. (Reference:

455340)

Resolution: The column title for the Grouped Summary Table has been fixed on localized builds.

31. Issue: Users, within the same admin group, can view the console of the last admin user’s session, until the page is
refreshed. (Reference: 456088)

Resolution: The Admin console session cache now uses a different method to update the cache key.

32. Issue: Users cannot use "§" in the ePolicy Orchestrator user name or password. (Reference: 457497)

Resolution: We now allow the use of "§" in ePolicy Orchestrator user name and password. For a complete listing of
allowed characters for your ePO and SQL user names and passwords, please refer to the first entry under Known Issues
(above).

33. Issue: Exporting a query to email with "Compress the output files" enabled fails. (Reference: 462057)

Resolution: Exporting a query to email with "Compress the output files" enabled is now successful.

Issue: Titles in the export table are truncated when output to PDF format. (Reference: 462067)

34.

Resolution: Titles in PDF format export are no longer truncated.

35. Issue: Radio buttons from one server task action alter the radio buttons for the subsequent action. (Reference: 463196)

Resolution: Radio buttons from one server task action no longer alter the radio buttons for the subsequent action.

36. Issue: Advanced filters are not working correctly when defined systems are selected on the page. (Reference: 472299)

Resolution: Advanced filters are now filtering systems correctly when defined systems are selected on the page.

37. Issue: Users cannot see all created dashboards if they exceed the static viewable area. (Reference: 472925)

Resolution: A scrollbar now appears on the dashboard page if the viewable area is exceeded.

Issues from the Patch 4 release of the software that are resolved in this release are listed below.

1. Issue: When an event package contained System Compliance Profiler and another point-product’s events, the System
Compliance Profiler events would not be saved to the database. (Reference: 370718, 442064)

Resolution: System Compliance Profiler events are now saved in the database when included with other point-product
events.

2. Issue: Replication to a UNC site could fail reporting error code 5 when different download and replication credentials are
specified. (Reference: 411431)

Resolution: The download and UNC replication sessions have been modified to operate independently.

3. Issue: Registered executables with reserved HTML characters in their names could not be duplicated. (Reference:

414572)

Resolution: Registered executable names can now contain reserved HTML characters and be duplicated successfully.

4. Issue: Non-global administrators would receive the message “You are not authorized for this operation” when
attempting to review McAfee Agent push failures. (Reference: 420764)

Resolution: The correct permissions are now enforced, allowing authorized users to review McAfee Agent push failures.

5. Issue: When manually checking in a package to the ePolicy Orchestrator’s master repository, a copy of the package
would be abandoned in a temporary location. (Reference: 423560)

Resolution: The Patch installation removes all packages in the temporary location and prevents additional packages
from being abandoned.

6. Issue: Purge Event Log Tasks would not delete events when the selection “Purge records older than:” was chosen.
(Reference: 424692)

Resolution: The Purge Event Log Tasks routine has been modified to properly delete “Purge records older than:” events.

7. Issue: The Client Task Schedule option, “Only run this task once a day,” would not remain selected or be enforced when
a task was saved. (Reference: 431479)

Resolution: The selection of Client Task Schedule option, “Only run this task once a day,” is now properly saved and
enforced.

8. Issue: When a system requested full policies, the Host Intrusion Protection policies were incomplete when delivered.
(Reference: 432785)

Resolution: The policy preparation routine was modified to ensure that Host Intrusion Protection policies are generated
correctly.

9. Issue: An unexpected error occurred when executing an Events type query with a specified Tag Filter. (Reference:

433592)

Resolution: The user is now able to execute Event type queries with a Tag Filter.

10. Issue: The VirusScan Enterprise DAT Deployment report would display “unexpected error occurred” when attempting to
drill into a DAT group of version “N/A.” (Reference: 437213)

Resolution: The VirusScan Enterprise DAT Deployment report has been modified to allow drilling into a DAT group of

version “N/A.”

11. Issue: Event ID 1038 was incorrectly associated with the event category, “Virus Detected but not
Removed.” (Reference: 437525)

Resolution: Event ID 1038 indicates that no particular action was taken and is now associated with the event category
“Non-compliance.”

12. Issue: When an installation failed and reverted to the previous version, the Site Manager file was not re-registered.
(Reference: 437841)

Resolution: The installation routine has been modified to correctly re-register all critical files when reverting to the
previous version.

13. Issue: The installation routine could replace Tomcat configuration files, causing Tomcat to fail to start. (Reference:

438104)

Resolution: The installation routine has been modified to avoid replacing Tomcat configuration files.

14. Issue: Saving an Enforcement Message Policy Client Assignment could result in the message “unexpected error
occurred.” (Reference: 439548)

Resolution: The Enforcement Message Policy Client Assignment process has been modified to correctly save policy
updates.

15. Issue: Improperly formatted event files resulted in prolonged Event Parser performance degradation. (Reference:

440091)

Resolution: The Event Parser has been modified to skip improperly formatted event files.

16. Issue: The installation process would fail if the SQL Server Agent service was not running. (Reference: 441846)

Resolution: The installation routine has been modified, removing the dependency on the SQL Server Agent service.

17. Issue: Changing the owner of a policy with a large number of registered users could result in error. (Reference: 442364)

Resolution: Changing the owner of a policy is no longer dependant on the number of registered users.

18. Issue: Communication with ePolicy Orchestrator would fail when a system reported its CPU Speed as greater than
32,767 MHz. (Reference: 442734)

Resolution: The ePolicy Orchestrator system update process has been modified to limit CPU Speed properties to 32,767
MHz, allowing the system update to succeed.

19. Issue: Setting the Filter Data option on the Event Log had no effect on the returned events. (Reference: 427905,
434696, 440692, 443370, 444508, 444813, 445867)

Resolution: The process for filtering the Event Log has been modified to include the correct Filter Data options.

20. Issue: When configuring new client tasks in the Client Task wizard, the list of available client task types included client
types the user could only view. (Reference: 443963)

Resolution: The Client Task wizard has been modified to list only the client task types the user has permission to edit.

21. Issue: When a Microsoft Windows-based McAfee Agent was uninstalled through ePolicy Orchestrator before it first
communicated with ePolicy Orchestrator, the corresponding record would not be removed from the ePolicy Orchestrator
database. This system would then continue to be included in compliance reporting, resulting in incorrect information.
(Reference: 444928)

Resolution: Now when a Microsoft Windows-based McAfee Agent is uninstalled before its first communication with
ePolicy Orchestrator, the corresponding record is marked for removal and removed when necessary.

22. Issue: Adding a filter to a list of systems with a specific tag had no effect on the systems returned. (Reference: 445161)

Resolution: The process for filtering tagged systems has been modified to filter the results correctly.

23. Issue: Non-Microsoft Windows-based McAfee Agents that

failed to uninstall through ePolicy Orchestrator, were manually

uninstalled and reinstalled, never reappeared in ePolicy Orchestrator. (Reference: 445488)

Resolution: Non-Microsoft Windows-based McAfee Agents are now listed in ePolicy Orchestrator as expected.

24. Issue: SuperDAT packages could not be deployed from ePolicy Orchestrator to Microsoft Windows 2008 Server and
Microsoft Windows Vista systems. (Reference: 450405)

Resolution: SuperDAT packages can now be deployed from ePolicy Orchestrator to Microsoft Windows 2008 Server and
Microsoft Windows Vista systems.

25. Issue: Under certain conditions the server was becoming non-responsive, and non-paged pool memory for apache.exe
would grow very large. (Reference: 447222)

Resolution: The condition has been addressed so that the server does not become unresponsive, but rather waits until
error handling services are running before issuing error pages.

26. Issue: The “unexpected error occurred” page would be displayed when the user clicked “Update Filter” or “Remove
Filter” from within the Notification Log Report. (Reference: 450126)

Resolution: There is no longer an error when the user clicks the “Update Filter” or “Remove Filter” links.

27. Issue: Upgrading the Issues extension to version 1.5.1 failed. (Reference: 431353)

Resolution: Upgrading the Issue extension to version 1.5.1 now is performed correctly.

28. Issue: There was a failure when trying to install a particular version of the Help files. (Reference: 450059)

Resolution: Help files are now installed without incident.

29. Issue: The ePolicy Orchestrator Help Index tab was empty after upgrading. (Reference: 446253)

Resolution: The ePolicy Orchestrator Help Index tab is now correctly populated.

30. Issue: Remote command execution was failing if the admin password included non-standard ASCII characters, HI-ASCII
characters, or double-byte characters. (Reference: 395890)

Resolution: Remote command execution now works correctly if the admin password contains any of the characters
mentioned.

31. Issue: Pie charts did not have the option to limit the number of pie slices when sorting labels from A to Z or Z to A.
(Reference: 428377)

Resolution: The user now has the option to select the

number of pie slices when sorting labels from A to Z or Z to A in a

pie chart.

32. Issue: Dashboards that contained double quotation marks in the returned data displayed JavaScript errors when the
dashboards were rendered. (Reference: 438775)

Resolution: The dashboards are now correctly displayed if there are double quotation marks in the returned data of the
dashboard.

33. Issue: Double-byte characters were causing problems when submitted to the server on some pages. (Reference:

442581)

Resolution: The encoding has been changed so that double-byte characters do not cause a problem.

34. Issue: The file names of PDF attachments were garbled when sent to a Lotus Notes server. (Reference: 445256)

Resolution: The configuration type has been changed so that the file names are no longer jumbled.