How it Works
McAfee
Loading...
VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - RELEASE NOTES 24-04-2009
Release Note
11 pgs102.64 Kb0

McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - RELEASE NOTES 24-04-2009, VIRUSSCAN ENTERPRISE 8.7i Release Note

Release Notes for McAfee® VirusScan® Enterprise 8.7i Patch 1
Thank you for using McAfee VirusScan Enterprise software version 8.7i Patch 1. This document contains important information about this release. We strongly recommend that you read the entire document.
z
Purpose
z
Rating
z
Improvements
z
Known issues
z
Resolved issues
{
Patch 1 resolved issues
z
Installation instructions
{
Verifying installation
{
Removing the patch
z
License attributions
About this release
z
Patch Release: 04-24-2009
This release was developed for use with:
z
VirusScan Enterprise: 8.7i
z
Virus Definitions (DAT): 5575.0000
z
Scan Engine: 5.3.00
Make sure you have installed the correct version of the product(s) in this list before using this release.
*This document makes references to the following products as VirusScan Modules:
z
McAfee® VirusScan® Enterprise for Offline Virtual Images 1.0
z
McAfee® VirusScan® Enterprise for use with SAP NetWeaver® platform 1.0
z
McAfee® VirusScan® Enterprise for Storage 1.0
Purpose
This document supplements the product Release Notes in the release package and details fixes included in VirusScan Enterprise 8.7i Patch 1.
This Patch contains a variety of improvements. McAfee has spent a significant amount of time finding, fixing, and testing the fixes in this release. Please review the Known and Resolved Issues lists for additional information on the individual issues. Refer to online KnowledgeBase article KB65381 at http://knowledge.mcafee.com for the most current information regarding this release.
Rating
McAfee recommends this release for all environments. Patch 1 is considered a Manditory Release. See McAfee Support KnowledgeBase article KB51560 for information on ratings.
Improvements
Improvements made with this release of the software are described below:
1. The VirusScan Reports extension now has updated queries to show the status of Artemis settings for the on-
access, on-demand, and email scanners.
NOTE: The Artemis status requires VirusScan Enterprise 8.5i
Patch 8 or VirusScan Enterprise 8.7i Patch 1 to be installed on the client systems, in order to correctly populate the reports. Refer to McAfee Support KnowledgeBase article KB53732 for further information on Artemis functionality.
2. On-Access Scanner’s Artemis level setting is now modifiable via the properties UI, and the equivalent VirusScan 8.7i NAP and Extension included in the patch package.
NOTE: Because this setting is new with this release of the VirusScan 8.7i NAP and extension, there is no preserved setting upon check-in of the management package. The ePolicy Orchestrator administrator will need to update that setting in the policies to match the current Artemis policy.
3. Several modifications have been made to the way VirusScan Enterprise interacts with the operating system on startup, suspend, and shutdown. These modifications resolve and improve performance issues.
4. Current DAT files are compressed to conserve network bandwidth. Now, changes have been made to decompress the DATs during the AutoUpdate process and leave them in that state, so that scanners do not have to decompress them during initialization of the scan.
5. The on-demand scanner now uses Windows Priority Control setting for the scan process. This lets the operating system set the amount of CPU time that the on-demand scanner receives at any point in the scan process. The System Utilization setting in the On-Demand Scan Properties maps to Windows Priority Control as:
6. The on-access, on-demand, email, and script scanners now use a runtime copy of the DATs. This change has reduced the memory consumption of affected scanners by having the DATs in a readily available state for the scan engine to load.
NOTE: In some scenarios, the runtime DATs are not available. See item #1 under Known Issues. Refer to McAfee Support KnowledgeBase article KB65459 for further information on runtime DATs.
7. VirusScan Enterprise functions that request the current version of DATs no longer need to initialize the scan engine to do so. This prevents excessive
CPU spikes during ePolicy Orchestrator properties collection, as well
as other areas that poll the DATs.
8. The on-access scanner memory scan function (Processes on enable) has been
modified significantly to make
it more comprehensive.
NOTE: The improved functionality can cause a performance impact to the system. See item #2 under Known Issues.
9. When a web browser opens a site that is script-intensive, scanning the scripts adds to the delay of loading the page. This Patch contains new functionality for ScriptScan whitelisting. If the web site is a trusted Intranet and/or frequently visited, the new implementation now allows for the
exclusion of that the site from
script scanning.
NOTE: Refer to McAfee Support KnowledgeBase article KB65382 for further information.
10. The installation packages for patches and reposts have been upgraded so that the installation log name, created in the McAfeeLogs folder, has a dynamically generated name based on the current date and time of the installation. This helps save logs that might have been overwritten with the previous “backup previous log only” method.
Known issues
Known issues in this release of the software are described below:
Utilization Priority
10% Low 20%-50% Below Normal 60%-100% Normal
1. Issue: In some situations, the product switches over to using the normal copy of the DAT files, instead of the runtime DATs:
{ If the McAfee AntiSpyware Enterprise module is installed after VirusScan
Enterprise 8.7i Patch 1 is on the system, some of the new registry settings, which are new for the runtime functionality, were changed back. This resolves itself with a restart of the McTaskManager service or with a reboot.
{ If one of the scanners is busy on a large file when the AutoUpdate process posts the revised copy of
the DATs, the process of refreshing the runtime copy of the DATs times out. All scanners use the normal DATs until the next successful update.
{
The VirusScan Modules* will not use the runtime DAT functionality until they received their next Patch.
2. Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged systems may see a performance impact at startup and after a successful AutoUpdate of the engine or DATs. Currently the Process on enable option is enabled by default on the shipping version of VirusScan Enterprise
8.7i. McAfee recommends that in a managed environment, disable this option prior to deployment of the Patch, until the impact of memory scanning can be determined for your environment. It is not possible to maintain both the more comprehensive scanning that comes with Patch 1 and later, and the former level of scanning. Therefore, only the more comprehensive scan is used.
NOTE FOR CURRENT AND NEW USERS:
{
The Patch installation does not modify current settings to disable the Process on enable option.
{ The VirusScan 8.7i NAP and extension that are included with the Patch do change the McAfee Default
policy, but do not modify the My Default policy,
or any custom policy settings that were made prior to
the checkin of the new NAP/extension.
{ The VirusScan Enterprise 8.7i Repost with Patch now installs with the Process on enable option
disabled, unless the Maximum Security option is selected during the installation.
3. Issue: VirusScan 8.7i Patch 1 introduced an issue with Microsoft Outlook where keyboard entries made during the delivery of an email were lost.
NOTE: This issue is resolved by HotFix VSE85HF464768, included with this release. Refer to "Additional Steps for HotFix 464768" for installation instructions.
4. Issue: The Access Protection rule "Prevent termination of McAfee processes" was improperly disabled, on 32-bit systems, even when the managed policy specified otherwise.
NOTE: This issue has been resolved in the fully released version of the Patch. HotFix VSE85HF464768, included with this release, resolves the issue for customers who installed Patch 1 during the managed release cycle. Refer to "Additional Steps for HotFix 464768" for installation instructions.
5. Issue: The Patch installer included an MSI deferred action to resolve an issue found when attempting to uninstall the Patch on some newer operating systems. The deferred.mfe file updated the cached MSI of the currently installed VirusScan 8.7i product. If the Patch is included in a McAfee Installation Designer customized package, the deferred.mfe file was not
included, and therefore the Patch might not be able to be
uninstalled in some newer operating systems.
6. Issue: If you installed this release interactively and cancelled the installation on a system where a previous Patch was installed, after the rollback was complete, the previous Patch might no longer reported to ePolicy Orchestrator or appeared in the About VirusScan Enterprise window.
7. Issue: Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch “/L” did not log to the specified path. A log file capturing full data was logged to the folder “McAfe eLogs” under the Temp folder.
8. Issue: If Host Intrusion Prevention 6.x or later was installed and disabled prior to installing VirusScan Enterprise, it was necessary to re-enable Host Intrusion Prevention and disable it again, in order for VirusScan Buffer Overflow Protection to be properly enabled.
9. Issue: Uninstalling VirusScan Enterprise Patches is possible for computers running Windows Installer v3.x or later. This technology is not fully integrated for Windows 2000 operating systems, so there is no option to remove the Patch in Add/Remove programs. See instructions under Removing the Patch for removal via command-line options.
10. Issue: Patches for VirusScan Enterprise 8.7i can only be uninstalled via Add/Remove programs, not via ePolicy Orchestrator.
Resolved issues
The resolved issues are divided into subsections per patch, showing when each fix was added to the compilation.
Patch 1 resolved issues:
1. Issue: An unauthenticated remote denial-of-service attack was discovered. (Reference: 470184) Resolution: The product no longer allows the denial-of-service attack.
2. Issue: Under certain conditions, the Lotus Notes scanner of VirusScan Enterprise can mistakenly deny access to the Lotus Notes internal processes, if a note was being accessed more than once. (Reference:
438541) Resolution: The Lotus Notes scanner has been adjusted to better handle re-entrance scanning of the same note.
3. Issue: Silent installs may fail on hard drives that are designated as dynamic. The on-access scanner service fails to start, and the installation will roll back. (Reference: 443669) Resolution: The patch 1 and later install packages will now install to a dynamic disk, silently.
4. Issue: Sporadic crashes were seen on multi-processor systems, with the Lotus Notes scanner file ncdaemon.exe, during startup and general use of Lotus Notes. (Reference: 442337) Resolution: The Lotus Notes scanner has been corrected to prevent a race condition where different scanner threads were starting and stopping out of sequence.
5. Issue: A 8E bugcheck (blue screen) sometimes occurred when
VirusScan Enterprise 8.7i was installed along
with Checkpoint VPN-1 SecureClient. (Reference: 438771)
Resolution: The link driver was updated to avoid probing kernel memory unnecessarily.
NOTE: For this fix to prevent the above issue, the files need to be placed on the system during the
installation of VirusScan Enterprise, before the services start. The repost of VirusScan Enterprise 8.7i with Patch 1 will be needed to see the resolution.
6. Issue: A flaw in the caching algorithm sometimes caused files in removable media to not be scanned. (Reference: 443104) Resolution: The Anti-Virus Filter driver was updated to clear the cache of removable media upon attaching to the system.
7. Issue: The on-access scanner contained a flaw in the scan on close logic. This could cause a file to be queued up for scanning a second time. (Reference: 434475) Resolution: The Anti-Virus Filter driver no longer queues these unnecessary scan requests.
8. Issue: During an upgrade from a customized VirusScan Enterprise 8.5i to VirusScan Enterprise 8.7i, An issue sometimes occurred where the configuration tool did not properly backup and restore the registry information. The installation was left in a state where some of the product information still showed as the older version. (Reference: 443019) Resolution: The McAfee Installation Designer configuration applicator has been changed to be more comprehensive in backing up and in version checking during the upgrade, in order to prevent failures by other McAfee product installations that require version 8.7i.
NOTE: For this fix to prevent the above issue, the files need to be placed on the system during the installation of VirusScan Enterprise, before the services start. The repost of VirusScan Enterprise 8.7i with Patch 1 will be needed to see the resolution.
9. Issue: On Microsoft Windows Vista SP1 or 2008 server, sharing violations could occur when working with remote files while network drive scanning was enabled. This resulted in being denied access to files, or being unable to modify or save a file. (Reference: 447282) Resolution: The Anti-Virus Filter driver has been updated to better handle potential sharing violations that could occur and avoid conflicts.
10. Issue: Prolonged use of the VirusScan Console was causing delays in loading subsequent loading of the Console window. (Reference: 456831) Resolution: The VirusScan Console plug-in was corrected to properly clean up the .tmp files it creates at load time.
Loading...
+ 7 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use