How it Works
McAfee
Loading...
VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - RELEASE NOTES 09-02-2009
Release Note
14 pgs117.82 Kb0

McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - RELEASE NOTES 09-02-2009, VIRUSSCAN ENTERPRISE 8.7I Release Note

Release Notes for McAfee® VirusScan® Enterprise 8.7i Patch 3
Thank you for using McAfee software. This document contains important information about the current release. We strongly recommend that you read the entire document.
Purpose
Rating
Improvements
Previous Improvements
Known issues
Resolved issues
Patch 3 resolved issues
Patch 2 resolved issues
Patch 1 resolved issues
Installation instructions
Verifying installation
Removing the patch
License attributions
About this release
Patch Release: 02-09-2010
This release was developed for use with:
VirusScan Enterprise: 8.7i
Detection Definitions (DAT): 5850.0000
Scan Engine: 5.4.00
Make sure you have installed the correct version of the product(s) in this list before using this release.
*This document makes references to the following products as VirusScan Modules:
McAfee® VirusScan® Enterprise for Offline Virtual Images 1.0
McAfee® VirusScan® Enterprise for Offline Virtual Images 2.0
McAfee® VirusScan® Enterprise for use with SAP NetWeaver® platform 1.0
McAfee® VirusScan® Enterprise for Storage 1.0
Purpose
This Patch contains a variety of improvements. McAfee has spent a significant amount of time finding, fixing, and testing the fixes in this release. Please review the Known and Resolved Issues lists for
additional information on the individual issues. Refer to online KnowledgeBase article KB65944 at http://knowledge.mcafee.com for the most current information regarding this release.
This document supplements the product Release Notes in the release package and details fixes included in VirusScan Enterprise 8.7i Patch 3.
Rating
McAfee recommends this release for all environments. Patch 3 is considered a High Priority Release. See McAfee Support KnowledgeBase article KB51560 for information on ratings.
Improvements
This release of the software includes the following improvements.
1. Changes were made to the service startup sequence to have less impact on the system during startup.
Previous Improvements
Previous releases of the software include the following improvements.
1. Improvements were made to the way that the CommonShell scanner interacts with file I/O. This improves performance with on-access scanners within the product.
2. VirusScan Enterprise 8.7i Patch 2 and later now has the ability to report compliance to the newer versions of Windows Security Center.
3. The VirusScan Enterprise 8.7i extension has improved support for ePolicy Orchestrator 4.5 with Firefox 3.0 and Internet Explorer 8.0.
4. Several modification were made to the way that VirusScan Enterprise's system tray icon interacts with the new functionality of McAfee Agent 4.5.
5. The file extension .txt was added to the SmoothWritesExtension registry value to increase performance in handling text files.
6. Russian language support was added to the VirusScan Enterprise user interface, NAP file, and extension.
NOTE: See items #3 and #4 under Known Issues for further information about this topic.
7. The VirusScan Reports extension now has updated queries to show the status of Artemis settings for the on­access, on-demand, and email scanners.
NOTE: The Artemis status requires VirusScan Enterprise 8.5i Patch 8 or VirusScan Enterprise 8.7i Patch 1 and later to be installed on the client systems, in order to correctly populate the reports. Refer to McAfee Support KnowledgeBase article KB53732 for further information on Artemis functionality.
8. On-Access Scanner’s Artemis level setting is now modifiable via the properties UI, and the equivalent VirusScan 8.7i NAP and Extension included in the patch package.
NOTE: Because this setting is new with this release of the VirusScan 8.7i NAP and extension, there is no preserved setting upon check-in of the management package. The ePolicy Orchestrator administrator will need to update that setting in the policies to match the current Artemis policy.
9. Several modifications have been made to the way VirusScan Enterprise interacts with the operating system on startup, suspend, and shutdown. These modifications resolve and improve performance issues.
10. Current DAT files are compressed to conserve network bandwidth. Now, changes have been made to decompress the DATs during the AutoUpdate process and leave them in that state, so that scanners do not have to decompress them during initialization of the scan.
11. The on-demand scanner now uses Windows Priority Control setting for the scan process. This lets the operating system set the amount of CPU time that the on-demand scanner receives at any point in the scan process. The System Utilization setting in the On-Demand Scan Properties maps to Windows Priority Control as:
12. The on-access, on-demand, email, and script scanners now use a runtime copy of the DATs. This change has reduced the memory consumption of affected scanners by having the DATs in a readily available state for the scan engine to load.
Utilization Priority
10% Low 20%-50% Below Normal 60%-100% Normal
NOTE: In some scenarios, the runtime DATs are not available. See item #1 under Known Issues. Refer to McAfee Support KnowledgeBase article KB65459 for further information on runtime DATs.
13. VirusScan Enterprise functions that request the current version of DATs no longer need to initialize the scan engine to do so. This prevents excessive CPU spikes during ePolicy Orchestrator properties collection, as well as other areas that poll the DATs.
14. The on-access scanner memory scan function (Processes on enable) has been modified significantly to make it more comprehensive.
NOTE: The improved functionality can cause a performance impact to the system. See item #2 under Known Issues.
15. When a web browser opens a site that is script-intensive, scanning the scripts adds to the delay of loading the page. This Patch contains new functionality for ScriptScan whitelisting. If the web site is a trusted Intranet and/or frequently visited, the new
implementation now allows for the exclusion of that the site from
script scanning.
NOTE: Refer to McAfee Support KnowledgeBase article KB65382 for further information.
16. The installation packages for patches and reposts have been upgraded so that the installation log name, created in the McAfeeLogs folder, has a dynamically generated name based on the current date and time of the installation. This helps save logs that might have been overwritten with the previous “backup previous log only” method.
Known issues
Here is a list of known issues that we were aware of at production time.
1. Issue: In some situations, the product switches over to using the normal copy of the DAT files, instead of the runtime DATs:
If the McAfee AntiSpyware Enterprise module is installed after VirusScan Enterprise 8.7i Patch 3 is on the system, some of the new registry settings, which are new for the runtime functionality, were changed back. This resolves itself with a restart of the McTaskManager service or with a reboot.
If one of the scanners is busy on a large file when the AutoUpdate process posts the revised copy of the DATs, the process of refreshing the runtime copy of the DATs times out. All scanners use the normal DATs until the next successful update.
The VirusScan Modules* will not use the runtime DAT functionality until they received their next Patch.
2. Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged systems may see a performance impact at startup and after a successful AutoUpdate of the engine or DATs. Currently the Process on enable option is enabled by default on the shipping version of VirusScan Enterprise
8.7i. McAfee recommends that in a managed environment, disable this option prior to deployment of the Patch, until the impact of memory scanning can be determined for your environment. It is not possible to maintain both the more comprehensive scanning that comes with Patch 1 and later, and the former level of scanning. Therefore, only the more comprehensive scan is used.
NOTE FOR CURRENT AND NEW USERS:
The Patch installation does not modify current settings to disable the Process on enable option.
The VirusScan 8.7i NAP and extension that are included with the Patch do change the McAfee Default policy, but do not modify the My Default policy, or any custom policy settings that were made
prior to
the check-in of the new NAP/extension.
The VirusScan Enterprise 8.7i Repost with Patch now installs with the Process on enable option disabled, unless the Maximum Security option is selected during the installation.
3. Issue: With the introduction of support for Russian, you might need to remove the previous version of the extension from ePolicy Orchestrator before adding the new extension. If you do not, some of the interface might be displayed in the original language.
4. Issue: McAfee Agent 4.0 Patch 2 and later include support for displaying status and logs in Russian. Older versions display this information in English by default.
5. Issue: Since VirusScan Enterprise 8.7i Patch 2 and later include the new interface for reporting status to Windows Security Center, uninstalling the Patch removes this function -- without reintroducing the older expired function. This means that Windows Security Center does not report VirusScan Enterprise 8.7i being installed until Patch 2 or later is implemented.
6. Issue: When you remove the McAfee AntiSpyware Module, the status in Windows Security Center is not updated.
7. Issue: In deployments of VirusScan Enterprise 8.7i Patch 2 and later with McAfee Agent 4.5, the VirusScan tray plug-in does not appear until after a restart of the McAfee system tray icon. If VirusScan is uninstalled, the VirusScan tray plug-in is still visible until a similar restart.
8. Issue: This Patch adds needed support for McAfee VirusScan Enterprise for Offline Virtual Images 2.0, and should not be removed unless the VirusScan Module is removed first.
9. Issue: The Patch installer included an MSI deferred action to resolve an issue found when attempting to uninstall the Patch on some newer operating systems. The deferred.mfe file updated the cached MSI of the currently installed VirusScan 8.7i product. If the Patch is included in a McAfee Installation Designer customized package, the deferred.mfe file was not included, and therefore the
Patch might not be able to be
uninstalled in some newer operating systems.
10. Issue: If you installed this release interactively and cancelled the installation on a system where a previous Patch was installed, after the rollback was complete, the previous Patch might no longer reported to ePolicy Orchestrator or appeared in the About VirusScan Enterprise window.
11. Issue: Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch “/L” did not log to the specified path. A log file capturing full data was logged to th e folder “McAfeeLogs” under the Temp folder.
12. Issue: If Host Intrusion Prevention 6.x or later was installed and disabled prior to installing VirusScan Enterprise, it was necessary to re-enable Host Intrusion Prevention an d disable it again, in order for VirusScan Buffer Overflow Protection to be properly enabled.
13. Issue: Uninstalling VirusScan Enterprise Patches is possible for computers running Windows Installer v3.x or later. This technology is not fully integrated for Windows 2000 operating systems, so there is no option to remove the Patch in Add/Remove programs. See instructions under Removing the Patch for removal via command-line options.
14. Issue: Patches for VirusScan Enterprise 8.7i can only be uninstalled via Add/Remove programs, not via ePolicy Orchestrator.
Resolved issues
The resolved issues are divided into subsections per Patch, showing when each fix was added to the compilation.
Patch 3 resolved issues:
1. Issue: Users would see Windows Security Center notification pop-ups at regular intervals, stating that VirusScan was disabled. (Reference: 529651) Resolution: The VirusScan Enterprise Windows Security Center reporting tool now only updates its status when the state of VirusScan changes, rather than at regular intervals.
2. Issue: The On-Access Scanner service failed to start after running Chkdsk at startup. (Reference: 450357) Resolution: The Anti-Virus Filter driver no longer treats the disks as having been dismounted after the Chkdsk procedure is completed.
3. Issue: Some VBScript types were not being properly scanned on Windows 2008 R2. (Reference: 505001) Resolution: The ScriptScan application has been updated to account for changes in the Windows 2008 R2 platform.
4. Issue: A 3B bugcheck (blue screen) could occur immediately after an unexpected device-removal. (Reference: 519656)
Resolution: The Link driver has been revised to cease processing outstanding IO requests immediately upon being notified that device removal has occurred.
5. Issue: When an Access Protection warning existed in McAfee Security Status window, the warning status clear function caused a crash. (Reference: 517265) Resolution: The VirusScan tray files now have updated logic to handle the Access Protection messages in the McAfee Security Status window.
6. Issue: When an On-Demand Scan task was created manually via console, but had not yet run, the task started up at the next reboot. (Reference: 521200) Resolution: The VirusScan task manager service prevented an uninitialized variable, which caused the task to indicate that a scan was in progress.
7. Issue: On-Demand Scan tasks on Windows 2008 failed to authenticate to network shares with specified credentials. (Reference: 503155) Resolution: The On-Demand Scanner now requests the necessary elevated privileges to authenticate on Windows 2008.
8. Issue: The On-Demand Scanner /LOG switch logged only part of the data from the scan in the specified location, while the rest of the information was still recorded in the default location. (Reference: 525694) Resolution: When Scan32.exe is executed via command line, it now reads from the default settings and overwrites, but does not save, the setting based on what is specified with the command-line switches.
9. Issue: With VirusScan installed alongside the McAfee Agent 4.5 in an unmanaged environment, the VirusScan legacy tray icon did not load. (Reference: 523823) Resolution: The VirusScan Statistics tray icon now properly queries the McAfee Agent for version and managed/unmanaged state before deciding to load itself.
10. Issue: Removing the current Patch from the system did not replace the Patch_ registry data from the previous Patch. (Reference: 523806) Resolution: The Microsoft Patch (MSP) installer now reverts the Patch_ registry information to the previous version.
11. Issue: If VirusScan was set to show its tray settings with minimal options, the McAfee Agent 4.5 tray icon did not display an item under Managed Products. (Reference: 528792) Resolution: The VirusScan Statistics tray plug-in now uses the legacy Help/About as a menu option when VirusScan is set to Show the system tray icon with minimal menu options.
12. Issue: When a specific scan task had both Defer scan when using battery power and User may defer scheduled scans options set, the user was still prompted to defer the scan when on battery power. (Reference: 537126)
Resolution: The On-Demand Scan plug-in was changed so that the property option, User may defer scheduled scans, is not encountered first, so it doesn’t override the other selections.
13. Issue: The user dialog box for the scan task option, User may defer scheduled scans, did not appear when VirusScan 8.7i was managed by the McAfee Agent 4.5. (Reference: 534348) Resolution: The VirusScan Statistics tray plug-in was updated to inclu de this same functionality from the VirusScan Statistics legacy tray icon.
14. Issue: Using the %ProgramFiles% variable to exclude folders and files did not translate all possibilities across 64-bit and 32-bit operating systems. To ensure you exclude any possible “Program files” location (including “Program Files (x86)”), you had to enter the exclusions two ways: 1) “%programfiles%” 2) “% programfiles(x86)%” (Reference: 491796) Resolution: The Access Protection Filter API now always translates the %ProgramFiles% variable into all lowercase to prevent the operating system from misinterpreting the intended location.
15. Issue: Some access protection policies were enforced by ePolicy Orchestrator when the Access Protection feature was not installed to the system. (Reference: 503635) Resolution: The VirusScan Management Plug-in now recognizes when the Access Protection feature is installed or not and enforces policies accordingly.
16. Issue: The Task name entry for the default "Full Scan" used the translation string name instead of the translated name. (Reference: 505217) Resolution: The Announcer library now uses the proper translation name instead of the string.
Loading...
+ 9 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use