New patch available for ePO 3.5.0
Release Notes for
McAfee(R) ePolicy Orchestrator(R)
Version 3.5 Patch 3
Copyright (C) 2005 McAfee, Inc.
All Rights Reserved
==========================================================
This Patch is build number:
3.5.0.635.
This release was developed and tested with:
- ePolicy Orchestrator: 3.5
*************************
* IMPORTANT INFORMATION *
*************************
Installing this Patch is required on both ePolicy
Orchestrator servers and all ePolicy Orchestrator
remote consoles to maintain full functionality. Be
sure to patch both server and console systems with
this release.
Applying this Patch does not automatically update
existing Rogue System Sensors. To update deployed
sensors, you must uninstall all sensors from target
systems and redeploy them. For details on
uninstalling and redeploying Rogue System Sensors,
refer to your product documentation.
PURPOSE
This Patch replaces server files in ePolicy
Orchestrator to resolve the issues listed below.
ePolicy Orchestrator Patch releases are cumulative
for fixes. See "Previously Resolved Issues" for
fixes in earlier Patch versions.
RESOLVED ISSUES
1. ISSUE:
Spyware infections that are cleaned show as
"Unresolved Infections" in the "Compliance
Issues" report.
RESOLUTION:
Spyware infections that are cleaned no longer
appear as "Unresolved Infections" in the
"Compliance Issues" report.
2. ISSUE:
Incomplete compiled.xml causes policy
enforcement issues.
RESOLUTION:
When a managed product is removed from ePolicy
Orchestrator, tasks and policies associated with
that product are cleanly removed to prevent
policy compilation problems.
3. ISSUE:
Notifications is unable to parse XML event files
that contain non-US characters, such as ë,
causing errors such as
"java.io.UTFDataFormatException: Invalid byte 2
of 3-byte UTF-8 sequence" to appear in the
notifications.log file.
RESOLUTION:
Notifications can now handle XML event files
containing non-US characters.
4. ISSUE:
Error 7031 appears in the System Event log
during scheduled replications: "The McAfee
ePolicy Orchestrator Server service terminated
unexpectedly."
RESOLUTION:
SrvEventInf.dll was revised to allow concurrent
access from multiple threads simultaneously so
that this error no longer occurs.
5. ISSUE:
The ePO Audit Processing SQL job runs with
errors and no audit log is generated.
RESOLUTION:
The ePO Audit Processing SQL job now runs
without errors.
6. ISSUE:
Computers with identical MAC addresses overwrite
each other in the ePolicy Orchestrator database.
This can occur if the systems are connecting to
the ePolicy Orchestrator server using network
load balancing or through a virtual private
network.
RESOLUTION:
MAC address included in the search algorithm for
finding a match in the ePolicy Orchestrator
Directory can now be disabled by a registry
setting.
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Network
Associates\ePolicy Orchestrator\Options
String Value:
DisableMACSearch
Set "DisableMACSearch" to "1" to disable the MAC
search.
The following services must be restarted in
order to begin using the new value set by this
registry key:
- McAfee ePolicy Orchestrator 3.5.0 Event
Parser
- McAfee ePolicy Orchestrator 3.5.0 Server
If this "DisableMACSearch" setting is not
present, the default value is "0" which means
that the MAC search will be activated.
7. ISSUE:
When trying to send the ePolicy Orchestrator
agent to a rogue system, the following error is
displayed: "java.io.IOException: Failed to
authenticate with ePO server!"
RESOLUTION:
A change was made so that the agent push is no
longer looking for a hard-coded user name that
might not exist, therefore allowing the push to
occur successfully.
8. ISSUE:
Older versions of ePolicy Orchestrator did not
uniformly set stored procedure permissions.
RESOLUTION:
The permissions of the stored procedures have
been reset to match those of a fresh
installation of the current version of ePolicy
Orchestrator.
9. ISSUE:
The report "Content Filter Report by Rule" shows
the count for a content filter as ##### because
the number of events is greater than 99999.
RESOLUTION:
The display field within the WebShield RPT files
is now large enough to display a number that is
larger than five digits.
10. ISSUE:
Policies are not compiled properly if a site or
group named "Directory" exists in the ePolicy
Orchestrator Directory.
RESOLUTION:
Policies are compiled successfully even when a
site or group within the ePolicy Orchestrator
Directory is named "Directory."
11. ISSUE:
Notifications including any substitution
variable that contains special characters, such
as $, ., {, }, [, ], ^, \ are not sent.
RESOLUTION:
Notifications are now sent properly when the
event includes a special character.
12. ISSUE:
Login to reporting on a remote console fails
when the ePolicy Orchestrator database is
configured to use NT authentication with a user
who does not have administrator rights on the
remote console system.
RESOLUTION:
Impersonation issue is resolved so that the
database user is not used for all remote console
operations, but just for database access, and
login is now successful.
13. ISSUE:
When making changes to an ePolicy Orchestrator
Directory containing over 1000 groups, response
is slow.
RESOLUTION:
The speed of adding and deleting sites or groups
in a Directory that contains more than 1000
groups has been significantly increased.
14. ISSUE:
The ePolicy Orchestrator console closes
unexpectedly when trying to check in an
extra.dat file that contains a very large number
of virus definitions.
RESOLUTION:
Extra.dat files containing a large number of
virus definitions can now be checked in
successfully.
15. ISSUE:
Notifications are not sent if XML events contain
any white space or trailing null characters at
the end of the file, resulting in the error:
"JDOMParseException:… Content is not allowed in
trailing section."
RESOLUTION:
Notifications are sent properly even if XML
events contain white space or trailing null
characters at the end of the file.
16. ISSUE:
Under certain circumstances, Rogue System
Detection appears to stop working because the
mail client was blocking due to waiting for a
response from the mail server. Restarting the
McAfee ePolicy Orchestrator 3.5.0 Discovery &
Notification services temporarily resolves the
issue.
RESOLUTION:
A socket timeout was added to the mail client so
that the blocked state is avoided.
17. ISSUE:
When GroupShield Exchange sends an event where
the action was "Allow Through," ePolicy
Orchestrator reports the action as "Cleaned."
RESOLUTION:
The events reported by GroupShield Exchange
should now display the action as "Warning"
instead of "Cleaned" when the action was "Allow
Through."
18. ISSUE:
When running the "DAT/Definition Deployment
Summary" report, there might be a delay before
the "Current Protection Standards" dialog box is
displayed.
RESOLUTION:
Changes were made to the stored procedure used
by the DAT/Definition Deployment Summary report
that dramatically improves the performance of
this report.
19. ISSUE:
A debug log statement indicating the number of
computers found in an Active Directory Import
was malformed, causing an exception error when
the log level is set to 8.
RESOLUTION:
The debug log statement has been fixed, so the
number of computers found in an Active Directory
Import now appears in the log when the log level
is set to 8.
20. ISSUE:
When the "DAT/Definition Deployment Summary" or
"DAT Engine Coverage" reports are run, the
"Current Protection Standards" dialog box
displays no DAT or engine information.
RESOLUTION:
The "Current Protection Standards" dialog box
displays the appropriate DAT and engine
information.
21. ISSUE:
When running the "Action Summary" report, event
IDs such as 1036 and 1037, appear as the
"Action."
RESOLUTION:
The appropriate action name appears in place of
the event IDs when the "Action Summary" report
is run.
Release Notes for
McAfee(R) ePolicy Orchestrator(R)
Version 3.5 Patch 3
Copyright (C) 2005 McAfee, Inc.
All Rights Reserved
==========================================================
This Patch is build number:
3.5.0.635.
This release was developed and tested with:
- ePolicy Orchestrator: 3.5
*************************
* IMPORTANT INFORMATION *
*************************
Installing this Patch is required on both ePolicy
Orchestrator servers and all ePolicy Orchestrator
remote consoles to maintain full functionality. Be
sure to patch both server and console systems with
this release.
Applying this Patch does not automatically update
existing Rogue System Sensors. To update deployed
sensors, you must uninstall all sensors from target
systems and redeploy them. For details on
uninstalling and redeploying Rogue System Sensors,
refer to your product documentation.
PURPOSE
This Patch replaces server files in ePolicy
Orchestrator to resolve the issues listed below.
ePolicy Orchestrator Patch releases are cumulative
for fixes. See "Previously Resolved Issues" for
fixes in earlier Patch versions.
RESOLVED ISSUES
1. ISSUE:
Spyware infections that are cleaned show as
"Unresolved Infections" in the "Compliance
Issues" report.
RESOLUTION:
Spyware infections that are cleaned no longer
appear as "Unresolved Infections" in the
"Compliance Issues" report.
2. ISSUE:
Incomplete compiled.xml causes policy
enforcement issues.
RESOLUTION:
When a managed product is removed from ePolicy
Orchestrator, tasks and policies associated with
that product are cleanly removed to prevent
policy compilation problems.
3. ISSUE:
Notifications is unable to parse XML event files
that contain non-US characters, such as ë,
causing errors such as
"java.io.UTFDataFormatException: Invalid byte 2
of 3-byte UTF-8 sequence" to appear in the
notifications.log file.
RESOLUTION:
Notifications can now handle XML event files
containing non-US characters.
4. ISSUE:
Error 7031 appears in the System Event log
during scheduled replications: "The McAfee
ePolicy Orchestrator Server service terminated
unexpectedly."
RESOLUTION:
SrvEventInf.dll was revised to allow concurrent
access from multiple threads simultaneously so
that this error no longer occurs.
5. ISSUE:
The ePO Audit Processing SQL job runs with
errors and no audit log is generated.
RESOLUTION:
The ePO Audit Processing SQL job now runs
without errors.
6. ISSUE:
Computers with identical MAC addresses overwrite
each other in the ePolicy Orchestrator database.
This can occur if the systems are connecting to
the ePolicy Orchestrator server using network
load balancing or through a virtual private
network.
RESOLUTION:
MAC address included in the search algorithm for
finding a match in the ePolicy Orchestrator
Directory can now be disabled by a registry
setting.
Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Network
Associates\ePolicy Orchestrator\Options
String Value:
DisableMACSearch
Set "DisableMACSearch" to "1" to disable the MAC
search.
The following services must be restarted in
order to begin using the new value set by this
registry key:
- McAfee ePolicy Orchestrator 3.5.0 Event
Parser
- McAfee ePolicy Orchestrator 3.5.0 Server
If this "DisableMACSearch" setting is not
present, the default value is "0" which means
that the MAC search will be activated.
7. ISSUE:
When trying to send the ePolicy Orchestrator
agent to a rogue system, the following error is
displayed: "java.io.IOException: Failed to
authenticate with ePO server!"
RESOLUTION:
A change was made so that the agent push is no
longer looking for a hard-coded user name that
might not exist, therefore allowing the push to
occur successfully.
8. ISSUE:
Older versions of ePolicy Orchestrator did not
uniformly set stored procedure permissions.
RESOLUTION:
The permissions of the stored procedures have
been reset to match those of a fresh
installation of the current version of ePolicy
Orchestrator.
9. ISSUE:
The report "Content Filter Report by Rule" shows
the count for a content filter as ##### because
the number of events is greater than 99999.
RESOLUTION:
The display field within the WebShield RPT files
is now large enough to display a number that is
larger than five digits.
10. ISSUE:
Policies are not compiled properly if a site or
group named "Directory" exists in the ePolicy
Orchestrator Directory.
RESOLUTION:
Policies are compiled successfully even when a
site or group within the ePolicy Orchestrator
Directory is named "Directory."
11. ISSUE:
Notifications including any substitution
variable that contains special characters, such
as $, ., {, }, [, ], ^, \ are not sent.
RESOLUTION:
Notifications are now sent properly when the
event includes a special character.
12. ISSUE:
Login to reporting on a remote console fails
when the ePolicy Orchestrator database is
configured to use NT authentication with a user
who does not have administrator rights on the
remote console system.
RESOLUTION:
Impersonation issue is resolved so that the
database user is not used for all remote console
operations, but just for database access, and
login is now successful.
13. ISSUE:
When making changes to an ePolicy Orchestrator
Directory containing over 1000 groups, response
is slow.
RESOLUTION:
The speed of adding and deleting sites or groups
in a Directory that contains more than 1000
groups has been significantly increased.
14. ISSUE:
The ePolicy Orchestrator console closes
unexpectedly when trying to check in an
extra.dat file that contains a very large number
of virus definitions.
RESOLUTION:
Extra.dat files containing a large number of
virus definitions can now be checked in
successfully.
15. ISSUE:
Notifications are not sent if XML events contain
any white space or trailing null characters at
the end of the file, resulting in the error:
"JDOMParseException:… Content is not allowed in
trailing section."
RESOLUTION:
Notifications are sent properly even if XML
events contain white space or trailing null
characters at the end of the file.
16. ISSUE:
Under certain circumstances, Rogue System
Detection appears to stop working because the
mail client was blocking due to waiting for a
response from the mail server. Restarting the
McAfee ePolicy Orchestrator 3.5.0 Discovery &
Notification services temporarily resolves the
issue.
RESOLUTION:
A socket timeout was added to the mail client so
that the blocked state is avoided.
17. ISSUE:
When GroupShield Exchange sends an event where
the action was "Allow Through," ePolicy
Orchestrator reports the action as "Cleaned."
RESOLUTION:
The events reported by GroupShield Exchange
should now display the action as "Warning"
instead of "Cleaned" when the action was "Allow
Through."
18. ISSUE:
When running the "DAT/Definition Deployment
Summary" report, there might be a delay before
the "Current Protection Standards" dialog box is
displayed.
RESOLUTION:
Changes were made to the stored procedure used
by the DAT/Definition Deployment Summary report
that dramatically improves the performance of
this report.
19. ISSUE:
A debug log statement indicating the number of
computers found in an Active Directory Import
was malformed, causing an exception error when
the log level is set to 8.
RESOLUTION:
The debug log statement has been fixed, so the
number of computers found in an Active Directory
Import now appears in the log when the log level
is set to 8.
20. ISSUE:
When the "DAT/Definition Deployment Summary" or
"DAT Engine Coverage" reports are run, the
"Current Protection Standards" dialog box
displays no DAT or engine information.
RESOLUTION:
The "Current Protection Standards" dialog box
displays the appropriate DAT and engine
information.
21. ISSUE:
When running the "Action Summary" report, event
IDs such as 1036 and 1037, appear as the
"Action."
RESOLUTION:
The appropriate action name appears in place of
the event IDs when the "Action Summary" report
is run.