Lotushader
IS-IT--Management
News from MCafee, Patch 12 is scheduled to be released in january, 2006. I hope the test is complete this time.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Patch 12 soon to come :-)
- Thread starter Lotushader
- Start date
- Status
VictorySabre
Technical User
I hope it works with PatchLink this time. Any link on McAfee's web site that gives us a heads up on what is fixed?
- Thread starter
- #3
Lotushader
IS-IT--Management
No links at the moment, I got the information from a meeting with mcafee about our patch 11 problems.
VictorySabre
Technical User
Has anyone heard anything new about the release date for Patch 12?
- Thread starter
- #5
Lotushader
IS-IT--Management
The latest i have heard is medio february 2006.
I have it... but it seemes that after aplying this patch I have problem with my workstations - but I'm not 100% sure that this patch 12 problem cause one hour before i aplied patch 1 to ePo 3.6 . From the workstation point of view everything looks good but user have to wait for some seconds to open command line window insteed of 1 sec (PC is freezing when you trying to open .exe file)... Don't know exactly if this patch 12 problem or something changed after upgrading to ePo 3.60 patch 1
MaR
MaR
- Thread starter
- #7
Lotushader
IS-IT--Management
Okay I`m waiting for the official release..... I hope it will work....
VictorySabre
Technical User
I'm waiting to try Patch 12 out on my test PCs, but based on SnifeR's description, it appears to be similar to the problem I observed with Patch 11. (Sluggish network response and sometimes sluggish to open applications) I hope it isn't the case!
VictorySabre
Technical User
I don't have it on my Technical Support/Portal web site either.
VictorySabre
Technical User
I just got an e-mail forwarded to me from another person in our dept who received the e-mail from McAfee.
According to that e-mail, Patch 12 is slated for release at the end of March. Here is a list of fixes that shows up in that e-mail.
• When ScriptScan is disabled, it will actually 'unload' the ScriptProxy.dll (See technical tip below - HF241572)
• Naiavfilter is triggering unnecessary scans on write which can sometimes cause performance issues (See technical tip below - HF256301)
• A machine comes out of a 'hibernate' state with the On-Access Scan 'disabled'. It will now come out of this state as 'enabled'.
• The scanning of cookies shows two log entries where it should only show one
• VsTskMgr crashes on shutdown with a privileged instruction error
• Access Denied caused by some scanners when accessing remote share
• Top ten virus reports shows "_" :underscore instead of actual data (See technical tip below - Underscore Issue)
According to that e-mail, Patch 12 is slated for release at the end of March. Here is a list of fixes that shows up in that e-mail.
• When ScriptScan is disabled, it will actually 'unload' the ScriptProxy.dll (See technical tip below - HF241572)
• Naiavfilter is triggering unnecessary scans on write which can sometimes cause performance issues (See technical tip below - HF256301)
• A machine comes out of a 'hibernate' state with the On-Access Scan 'disabled'. It will now come out of this state as 'enabled'.
• The scanning of cookies shows two log entries where it should only show one
• VsTskMgr crashes on shutdown with a privileged instruction error
• Access Denied caused by some scanners when accessing remote share
• Top ten virus reports shows "_" :underscore instead of actual data (See technical tip below - Underscore Issue)
CingularEPO
IS-IT--Management
I have a copy of Patch 12 and here is the readme.txt
Release Notes for McAfee(R) VirusScan(R) Enterprise
Version 8.0i
Patch 12
Copyright (C) 2006 McAfee, Inc.
All Rights Reserved
==========================================================
Patch Release: 23 February 2006
This release was developed and tested with:
- VirusScan Enterprise:8.0i
- DAT Version: 4702, February 21 2006
- Engine Version: 4.4.00
Make sure you have installed these versions before
using this release.
==========================================================
Thank you for using VirusScan(R) Enterprise
software. This file contains important information
regarding this release. We strongly recommend that
you read the entire document.
The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
McAfee, Inc. assumes no liability for damages
incurred either directly or indirectly as a result
of the use of these files, including but not limited
to the loss or damage of data or systems, loss of
business or revenue, or incidental damages arising
from their use. Patch files should be applied only
on the advice of McAfee Technical Support, and only
when you are actually experiencing the issue being
addressed by the Patch. Patch files should not be
proactively applied in order to prevent potential
product issues. You are responsible for reading and
following all instructions for preparation,
configuration, and installation of Patch files.
Patch files are not a substitute or replacement for
product Service Packs which may be released by
McAfee, Inc. It is a violation of your software
license agreement to distribute or share these files
with any other person or entity without written
permission from McAfee, Inc. Further, posting of
McAfee Patch files to publicly available Internet
sites is prohibited. McAfee, Inc. reserves the right
to refuse distribution of Patch files to any company
or person guilty of unlawful distribution of McAfee
software products. Questions or issues with McAfee
Patch files should be directed to McAfee Technical
Support.
__________________________________________________________
WHAT'S IN THIS FILE
- About This Release
- Purpose
- Resolved Issues
- Previously Resolved Issues
- Known Issues
- Files Included With This Release
- Installation
- Installation Requirements
- Installation Steps
- Installation Steps via ePolicy Orchestrator
- Installation Steps via McAfee Installation
Designer
- Verifying Installation
- Contact Information
- Copyright & Trademark Attributions
- License Information
__________________________________________________________
ABOUT THIS RELEASE
PURPOSE
This release combines previous patches and updated
binaries into a single Microsoft Patch installer to
address all items listed in "Resolved Issues" and
"Previously Resolved Issues" below.
RESOLVED ISSUES
1. ISSUE:
Null entries are seen in the ePolicy
Orchestrator database under the severity field
due to the VirusScan Enterprise 8.0i extended
NAP file.
RESOLUTION:
The extended NAP file has been modified to
correctly handle the severity field.
2. ISSUE:
When disabled, the ScriptScan feature will
remain registered and still handles VB Script
and Jscript operations, even though it is not
scanning.
RESOLUTION:
When the ScriptScan feature is disabled, the
component is unregistered, and when enabled the
feature is registered.
3. ISSUE:
The error "Access Denied" is seen when accessing
a remote share. This can occur when user profile
information is redirected by a Microsoft Windows
group policy object, and the user tries to save
a file to their "My Documents" folder.
RESOLUTION:
The issue has been resolved in the updated
common scan components.
4. ISSUE:
In environments using Distributed File System
shares, a noticeable increase in network traffic
activity may be experienced.
RESOLUTION:
The file system filter driver has been updated
to resolve the issue.
5. ISSUE:
During shutdown the VSTSKMGR.EXE process may
crash with an error similar to "VSTSKMGR.EXE –
the exception privileged instruction 0x00000096
occurred in the application at location
0x0012e80d."
RESOLUTION:
An update to VSTSKMGR.EXE, the McTaskManager
Service, resolves the issue.
6. ISSUE:
After applying VirusScan Enterprise 8.0i Patch
11, when a system resumes from the hibernation
power saving state, the on-access scanner may be
paused.
RESOLUTION:
The on-access scanner now correctly is enabled
when the system resumes from hibernation.
7. ISSUE:
A vulnerability exists in the Common Management
Agent (CMA) where an unexpected file can be run
with system privileges. Communication between
the VirusScan Enterprise plug-in and CMA can be
utilized as a mechanism to exploit this
vulnerability.
RESOLUTION:
The VirusScan Enterprise plug-in, VSPLUGIN.DLL,
has been updated to prevent the potential
exploit.
8. ISSUE:
When accessing some Japanese named files with a
long filename, the on-access scanner service,
MCSHIELD.EXE, could crash or cause the accessing
application to stop responding.
RESOLUTION:
MCSHIELD.EXE has been updated to resolve this
issue.
9. ISSUE:
The memory scan feature of an on-demand scan did
not detect potentially unwanted programs that
were resident in memory.
The memory scan feature did not use the
exclusion list.
The memory scan feature failed to record when a
detection was successfully cleaned.
RESOLUTION:
The issue has been resolved in the updated
on-demand scan components.
10. ISSUE:
After applying VirusScan Enterprise 8.0i Patch
11 where the Anti-Spyware Enterprise module is
installed, the Cookie Scan feature detects the
same cookie twice.
RESOLUTION:
The issue has been resolved in the updated
common scan components.
11. ISSUE:
In ePolicy Orchestrator, the "Top 10" virus
report shows a "_" character as the virus name.
RESOLUTION:
The issue has been resolved in the updated
common scan components.
12. ISSUE:
If the ePolicy Orchestrator Agent is installed,
the on-access scanner could crash when resuming
from the hibernation power-saving state.
RESOLUTION:
The issue has been resolved in the updated
on-access scanner.
PREVIOUSLY RESOLVED ISSUES
1. ISSUE:
A "Cannot find the file specified" error message
could occur when starting Lotus Notes via a
shortcut, or when starting Lotus Notes from a
shell.
The same error message could occur when
third-party applications that inject an add-on
into Lotus Notes attempt to invoke the McAfee
Lotus Notes scanner extensions and fail to find
NCDAEMON.EXE.
RESOLUTION:
NCDAEMON.EXE now loads successfully.
2. ISSUE:
A third-party application working with scripts
can encounter an access violation error if it
passes a NULL pointer to the Script Scan module
(SCRIPTPROXY.DLL). The Script Scan module does
not refer a NULL pointer.
RESOLUTION:
The Script Scan module can now refer NULL
pointers.
3. ISSUE:
The Japanese version of VirusScan Enterprise,
when detecting an infected Lotus Notes email,
takes action upon the note as expected, but
removes the original message body.
RESOLUTION:
The original message body is always preserved.
When the sending client is not Lotus Notes or is
a different version of Lotus Notes, the warning
text and infected attachment may be removed.
4. ISSUE:
The on-access scanner sometimes scans a process
in memory when the scanner service is starting.
RESOLUTION:
The on-access scanner does not scan processes in
memory.
5. ISSUE:
When installed to the debug build of Windows
2003 Server, VirusScan Enterprise causes a blue
screen (BSOD) from handling a unicode
instruction.
RESOLUTION:
The issue has been resolved in the updated
McAfee file system filter driver.
6. ISSUE:
On Microsoft Windows XP SP2, or Windows XP SP1
with Security Update 885835, a memory-mapped
write operation may not complete correctly. The
Set EndOfFileInformation IRP was being issued
twice to the file system.
RESOLUTION:
The AV filter driver has been updated to
correctly issue a single Set
EndOfFileInformation IRP.
7. ISSUE:
A potentially unwanted program contained in an
archive file was detected by an on-demand scan,
even when that program was excluded.
RESOLUTION:
The on-demand scan now correctly excludes
potentially unwanted programs contained in
archive files, when configured to exclude them.
8. ISSUE:
Some third-party applications crashed under
various conditions when the Script Scan feature
was installed. Note that the feature did not
have to be enabled. The crash was caused by a
synchronization issue when Script Scan
initialized the scan engine.
RESOLUTION:
The synchronization issue has been resolved in
the updated McAfee file system filter driver.
9. ISSUE:
When the "Blocking" feature of the on-access
scanner was configured to "Block if an unwanted
program is detected," the feature blocked a
remote user even when the potentially unwanted
program was excluded from detection.
RESOLUTION:
Potentially unwanted programs that are excluded
from detection are not blocked by the on-access
scanner "Blocking" feature.
10. ISSUE:
If the on-access scanner was configured to be
disabled and a system entered hibernation mode,
the on-access scanner was enabled once the
system awakened. Note that the shield icon and
Service Control Manager showed that the scanner
service was disabled.
RESOLUTION:
If disabled prior to entering hibernation, the
on-access scanner now remains disabled after
leaving hibernation mode.
11. ISSUE:
On some Microsoft Windows 2000 Service Pack 4
systems, the Winlogon process can crash when a
McAfee update task is launched. This issue
occurred only after Patch 10 was installed,
which contained an updated SCRIPTPROXY.DLL.
RESOLUTION:
The Script Scan binary, SCRIPTPROXY.DLL, is
updated to resolve this issue.
12. ISSUE:
When the McAfee Anti-Spyware module is installed
and an on-demand scan task is configured to scan
cookies, the on-demand scan can crash.
RESOLUTION:
The shared library, MYTILUS.DLL, has been
updated to resolve this issue.
13. ISSUE:
The Reg/Lowzones Trojan was not detected by the
on-access scanner when the primary action was
"Clean files automatically." More information
about this Trojan can be found in the virus
library:
RESOLUTION:
The on-access scanner now takes appropriate
action against the Trojan.
14. ISSUE:
An incompatibility existed between some
monitoring software packages and the Buffer
Overflow protection feature of VirusScan
Enterprise. This was due to a conflict in
hooking mechanisms being used. Software
identified includes SpectorSoft, and WebRoot
SpySweeper.
RESOLUTION:
The hooking mechanism of the Buffer Overflow
feature has been modified to be more compatible
with most third-party applications.
15. ISSUE:
A C2 blue screen error (BSOD) could occur when
the Buffer Overflow feature was enabled. This
was seen as a stop code of 0x000000c2 with the
following parameters (0x00000047, 0x84b83000,
0x00004b83, 0x000f1ffb).
RESOLUTION:
The Buffer Overflow driver has been updated to
resolve the issue.
16. ISSUE:
An error in MCSHIELD.EXE can occur on shutdown.
The memory address referred to in the error
message is 0x77f966bc or 0x7c964ed1. This
occurred from attempts to close handles that
were no longer valid.
RESOLUTION:
The software only closes valid handles on
shutdown.
17. ISSUE:
An incompatibility with some third-party
software was identified that could cause
LSASS.EXE to perpetually use 100% of CPU
resources, when Buffer Overflow protection was
enabled. The Buffer Overflow feature was in a
loop.
RESOLUTION:
The Buffer Overflow feature is updated to
identify when third-party software creates this
loop, and no longer causes the loop to be
perpetual.
18. ISSUE:
On Microsoft Windows 2003 Server with Service
Pack 1, the Buffer Overflow feature does not
function.
RESOLUTION:
This release updates the Buffer Overflow feature
to function properly with the Microsoft service
pack applied.
19. ISSUE:
If you entered an exclusion for the Buffer
Overflow feature, which is case-sensitive, it
was converted to lowercase, making the exclusion
invalid.
RESOLUTION:
The text entered for the exclusion is preserved
correctly.
20. ISSUE:
When the on-access scanner timed out while
scanning a file, the event was reported to
ePolicy Orchestrator or Protection Pilot as a
virus named "_".
RESOLUTION:
With this release, the on-access scanner
time-outs are not reported as a virus.
21. ISSUE:
The "All Port Blocking Events" query produced an
error when the ePolicy Orchestrator or
Protection Pilot database was on a SQL7 or MSDE
v1 server.
RESOLUTION:
The "All Port Blocking Events" query has been
corrected.
22. ISSUE:
Events are not processed if the language of the
account used to access SQL is not English, and
the current day of the month is greater than
12.
RESOLUTION:
This issue is resolved in the updated Extended
NAP file.
23. ISSUE:
ePolicy Orchestrator or Protection Pilot reports
might contain sentences that overlap, and chart
labels might be illegible.
RESOLUTION:
This issue is resolved in the updated Extended
NAP file.
24. ISSUE:
On-demand scan tasks configured to stop after
running for a specified amount of time might not
stop at the appointed time. The VirusScan
Enterprise plug-in did not identify the correct
task.
RESOLUTION:
The VirusScan Enterprise plug-in has been
updated to stop the correct scan task after the
specified amount of time.
25. ISSUE:
In some environments the VirusScan Enterprise
Patch 10 release encountered an installation
issue where the Windows Installer service would
hang (published in the knowledge base as article
KB40498).
RESOLUTION:
The installation of this release temporarily
disables the Buffer Overflow feature only if it
is enabled, and enables it again once the
installation is complete.
26. ISSUE:
Alert messages sent to McAfee Alert Manager
sometimes displayed a user name of "System."
RESOLUTION:
The correct user name is now sent in the alert
message.
27. ISSUE:
An event is captured by the Event log service
with the ID of 6004. This only occurred after
installing VirusScan Enterprise 8.0i, and
occurred when the McAfee TDI filter driver was
loaded.
RESOLUTION:
This is resolved with the updated McAfee TDI
filter driver.
28. ISSUE:
A blue screen error (BSOD) could be seen on a
server operating system, often with a bug check
code of D1.
RESOLUTION:
This is resolved with the updated McAfee TDI
filter driver.
29. ISSUE:
PatchLink, a third-party application, will crash
when the Script Scan module is installed.
RESOLUTION:
Updates made to the Script Scan module,
SCRIPTPROXY.DLL, and a shared scanner module,
MYTILUS.DLL, resolve the issue.
30. ISSUE:
A delay may be noticed when a computer system
shuts down. Shutdown progresses at a normal rate
if the McTaskManager service is stopped before
shutdown.
RESOLUTION:
VSTSKMGR.EXE, the McTaskManager service, has
been updated to correct this issue.
31. ISSUE:
During an engine update, scanner components may
not unload the scan engine, resulting in failure
to update the Engine because it is still in
use.
RESOLUTION:
VSTSKMGR.EXE has been updated to ensure
successful Engine updates.
32. ISSUE:
A memory leak occurred in non-page pool memory
when accessing files via the network redirector.
The TDI driver did not release memory that had
been allocated for identifying Source IP
information.
RESOLUTION:
Memory is properly released by the TDI driver.
33. ISSUE:
If the TDI driver received an I/O Request Packet
(IRP) that did not have enough stack locations
to be passed down the stack, a new IRP was
created and the original IRP was left
uncompleted. This resulted in a small memory
leak.
RESOLUTION:
The original IRP is now completed.
34. ISSUE:
A driver conflict between the McAfee TDI driver
and a driver from Aventail VPN Client software
could result in NetBIOS network connectivity
being lost.
RESOLUTION:
NetBIOS network connectivity functions as
expected when these applications are installed.
35. ISSUE:
When a system was under considerable file I/O
stress, and the path information of a file was
not examined correctly by the exclusion library,
an excluded file or a file inside an excluded
folder could be scanned.
RESOLUTION:
The exclusion library has been updated to ensure
that file path information is examined correctly
under any stress condition.
36. ISSUE:
Malformed JPEG files taking advantage of the
MS04-028 exploit could be rendered by a browser
-– without first having to cache files locally
-- to induce an attack on the system. Details of
the security bulletin can be found at:
RESOLUTION:
The processes monitored by the Buffer Overflow
Protection feature are protected against
malicious code attempting to execute after
exploiting the MS04-028 vulnerability.
IMPORTANT:
When a buffer overflow has occurred, the
affected process may become unstable and may
need to be restarted.
This Patch release is not a substitute for any
security patch(es) provided by Microsoft to
resolve the MS04-028 vulnerability.
37. ISSUE:
Toolbar icons in some applications, including
IBM WebSphere Studio, display as black boxes.
RESOLUTION:
Toolbar icons now display as expected.
38. ISSUE:
Web Inspector from Zixcorp would encounter an
error upon initializing, usually seen at logon.
RESOLUTION:
Web Inspector now loads without issue.
39. ISSUE:
Windows Media Player 10 could stop responding
after you select the option to listen to a
"Radio" stream, then select the "Music" tab.
RESOLUTION:
Windows Media Player 10 operates correctly
without interruption when you change from the
"Radio" tab to "Music" tab, and vice versa.
NOTE:
Once the Patch is applied, a reboot may be
required to resolve this issue.
40. ISSUE:
List boxes and message boxes in .NET
applications do not display any content.
RESOLUTION:
List boxes and message boxes now display content
as expected.
41. ISSUE:
In some Lotus Notes configurations where user
mail databases were located in varying
locations, the Lotus Notes Scanner did not find
a mailbox to scan.
RESOLUTION:
User mailboxes are correctly located, and the
Lotus Notes scanner protects the database.
42. ISSUE:
The user interface option that allows you to
password-protect the "On-Access Scanner:
Detection" page mistakenly protects both the
On-Access Scan "Detection" and On-Access Scan
"Set Exclusions" property pages. A user could
not add exclusions.
RESOLUTION:
Choosing to protect the "On-Access Scanner:
Detection" page from the "User Interface
Options" now protects only the On-Access Scan
"Detection" page.
43. ISSUE:
A delay in responsiveness of the script engine
would occur when executing scripts
sequentially.
RESOLUTION:
Scripts terminate correctly, allowing the script
engine to respond to subsequent script
commands.
44. ISSUE:
An "Access denied" error appeared in an
application that used the "delete-on-close" flag
when working with temporary files. The file
system filter driver would lose track of the
"delete-on-close" flag.
RESOLUTION:
The updated file system filter driver resolves
this issue, allowing temporary files to be
utilized as expected.
KNOWN ISSUES
1. When installing locally, you may not be prompted
to reboot after the installation. However, a
reboot is necessary to unload the previous
McAfee TDI filter driver and load the new
driver.
2. Installing the Patch and specifying a log file
path using the MSI switch "/L" does not log to
the specified path. A log capturing full data is
logged to the folder "NAILogs" under the Temp
folder.
3. When using McAfee Installation Designer 8.0 to
create a new installation package that includes
Patch 12, and you have VirusScan Enterprise 8.0i
and an MSP installed locally (Patch10.msp or
Patch11.msp), the resulting package may not
install to other systems.
Install McAfee Installation Designer 8.1 and
create the new installation package that
includes Patch 12.
4. When installing Patch 12 interactively and
canceling the installation on a system where a
previous Patch was installed, after the rollback
completes the previous Patch will no longer
reports to ePolicy Orchestrator or displays in
the "About VirusScan Enterprise" window.
5. If the Lotus Notes client is open when Patch 12
is installed, the installation completes
successfully, but a reboot is required to
replace the McAfee Lotus scanner files. The new
files are not used until after a reboot.
6. If Patch 12 is removed from the ePolicy
Orchestrator or Protection Pilot repository and
Patch 10 is added, clients that have Patch 12
run the Patch 10 package but do not replace any
files. These systems report that both Patch 10
and Patch 12 are installed.
FILES INCLUDED WITH THIS RELEASE
This release consists of a package called
VSE80P12.ZIP, which contains the following files:
PKGCATALOG.Z =
Package catalog file
PATCH12.TXT =
This text file
VS800DET.MCS =
VirusScan Enterprise detection script
PACKING.LST =
Packing list
SETUP.EXE =
Installer for this release
SETUP.INI =
Initialization file for SETUP.EXE
PATCH12.MSP =
Microsoft Installer Patch file
VSE_NAP\VSE800.NAP =
Management NAP file
VSE_MASE_NAP\VSE800.NAP =
Management NAP file
VSE800REPORTS.NAP =
Reporting NAP file
The following files are installed to client
systems:
ENTAPI.DLL 8.0.0.448
ENTDRVnx.SYS* 8.0.0.448
ENTSRV.DLL 8.0.0.448
FTL.DLL 8.0.0.135
MCSHIELD.EXE 8.0.0.318
MIDUTIL.DLL 8.0.0.155
MVSTDInx.SYS* 8.0.0.301
MYTILUS.DLL 8.0.0.325
NAIANN.DLL 8.0.0.308
NAIAVFIN.EXE 11.0.0.108
NAIAVFnx.SYS* 11.0.0.108
NCDAEMON.EXE 8.0.0.998
NCEXTMGR.DLL 8.0.0.998
NCINSTALL.DLL 8.0.0.998
NCMENU.DLL 8.0.0.998
NCSCAN.DLL 8.0.0.998
NCTRACE.DLL 8.0.0.998
SCRIPTPROXY.DLL 8.0.0.992
SHCFG32.EXE 8.0.0.1000
SHUTIL.DLL 8.0.0.1007
VSIDSVR.DLL 8.0.0.291
VSODSCPL.DLL 8.0.0.1011
VSPLUGIN.DLL 8.0.0.1009
VSTSKMGR.EXE 8.0.0.1004
The following files are checked in to the
ePolicy Orchestrator or Protection Pilot
repository:
VSE800.NAP **2.0.0.270 / 2.0.0.271
VSE800REPORTS.NAP3.0.0.1001
* File name depends on operating system and
processor architecture.
** The second version is for ePolicy
Orchestrator or Protection Pilot environments
that also have the Anti-Spyware Enterprise
module.
__________________________________________________________
INSTALLATION
INSTALLATION REQUIREMENTS
To use this release, you must have VirusScan
Enterprise 8.0i software installed on the computer
you intend to update with this release.
NOTE:
This release does not work with earlier versions
of VirusScan software.
INSTALLATION STEPS
1. Extract the Patch files from VSE80P12.ZIP to a
temporary folder on your hard drive.
2. Double-click the file SETUP.EXE inside the
temporary folder created in Step 1.
3. Follow the instructions of the installation
wizard.
INSTALLATION STEPS FOR ePOLICY ORCHESTRATOR
1. On the computer where the ePolicy Orchestrator
3.x console resides, extract the Patch files
from VSE80P12.ZIP to a temporary folder on your
hard drive.
2. Open the ePolicy Orchestrator 3.x console and
add the package from the temporary folder
created in Step 1 to your repository.
Consult "Checking in Package" on page 206 of the
ePolicy Orchestrator 3.0 Product Guide, or
"Checking in PKGCATALOG.Z product packages to
the master repository" on page 90 of the ePolicy
Orchestrator 3.5 Product Guide, for instructions
on adding a package to the repository. The
package type for this Patch is "Products or
Updates."
The next time an agent update task runs, the
VirusScan Enterprise client automatically
downloads and installs the Patch.
3. Skip ahead to Step 4 if you have already added
the McAfee Anti-Spyware module NAP file to your
repository.
Add the management NAP file, VSE800.NAP, from
the temporary folder created in Step 1 to your
repository.
NOTE:
Add the VSE800.NAP from the appropriate
subfolder, which is determined by whether you
have the McAfee Anti-Spyware module installed or
not.
Consult the ePolicy Orchestrator documentation
for instructions on adding new software to be
managed to the repository.
4. Add the reporting NAP file, VSE800REPORTS.NAP,
from the temporary folder created in Step 1 to
your repository by doing the following:
a. In the console tree under Reporting | Report
Repository, remove the VirusScan 8.0
reporting directory. This removes the
VSE800Reports.NAP file from the Reporting
console; it does not remove the management
NAP file from the server.
b. Stop the ePolicy Orchestrator Server service
and ePolicy Orchestrator Event Parser
service.
c. In the ePolicy Orchestrator installation
directory, delete the following:
- REPORTVERSIONS.SQL file from the AVI
directory.
- VIRUSSCAN8000RPT folder from the
DB\REPORTS directory.
d. Restart the two services from Step b.
e. In the ePolicy Orchestrator console, add the
VSE800Reports.NAP file using the "Check in
NAP" wizard.
f. If applicable, log out of the Reporting
console.
g. Log in to the Reporting console using ePolicy
Orchestrator authentication.
When the Reporting console retrieves the new
reports, the ePolicy Orchestrator console
crashes.
h. Log in to the ePolicy Orchestrator console
and the Reporting Console to view the
VirusScan 8.0 reports.
INSTALLATION STEPS VIA MCAFEE INSTALLATION DESIGNER
McAfee recommends that you use McAfee Installation
Designer version 8.1 and follow this procedure:
1. Extract the files from VSE80P12.ZIP to a
temporary folder on your hard drive.
2. Start McAfee Installation Designer 8.1, select
"Create a new installation package," and select
a source and destination folder for your
installation package; then click "Next."
3. Go to the "Patch Files" section and click "Add."
Browse to the temporary folder you created in
Step 1, and select the file PATCH12.MSP.
4. Click "Finish" and "Save" in the McAfee
Installation Designer to save a new installation
package to the destination folder you specified
in Step 2.
VERIFYING INSTALLATION
Always reboot prior to validating that a Patch has
installed successfully.
Patch 11 does not display as installed if an error
occurred during installation, or if a file or files
did not install correctly.
1. Open the VirusScan Console and choose "About"
from the "Help" menu. The "About VirusScan
Enterprise" window "Patch Versions" displays
"12."
2. After property information has been collected by
ePolicy Orchestrator and Protection Pilot
agents, the client systems show that Patch 12 is
installed.
3. Confirm that the expected files are installed by
checking the version number of individual files.
File versions should match the list in "FILES
INCLUDED WITH THIS RELEASE," above.
Release Notes for McAfee(R) VirusScan(R) Enterprise
Version 8.0i
Patch 12
Copyright (C) 2006 McAfee, Inc.
All Rights Reserved
==========================================================
Patch Release: 23 February 2006
This release was developed and tested with:
- VirusScan Enterprise:8.0i
- DAT Version: 4702, February 21 2006
- Engine Version: 4.4.00
Make sure you have installed these versions before
using this release.
==========================================================
Thank you for using VirusScan(R) Enterprise
software. This file contains important information
regarding this release. We strongly recommend that
you read the entire document.
The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
McAfee, Inc. assumes no liability for damages
incurred either directly or indirectly as a result
of the use of these files, including but not limited
to the loss or damage of data or systems, loss of
business or revenue, or incidental damages arising
from their use. Patch files should be applied only
on the advice of McAfee Technical Support, and only
when you are actually experiencing the issue being
addressed by the Patch. Patch files should not be
proactively applied in order to prevent potential
product issues. You are responsible for reading and
following all instructions for preparation,
configuration, and installation of Patch files.
Patch files are not a substitute or replacement for
product Service Packs which may be released by
McAfee, Inc. It is a violation of your software
license agreement to distribute or share these files
with any other person or entity without written
permission from McAfee, Inc. Further, posting of
McAfee Patch files to publicly available Internet
sites is prohibited. McAfee, Inc. reserves the right
to refuse distribution of Patch files to any company
or person guilty of unlawful distribution of McAfee
software products. Questions or issues with McAfee
Patch files should be directed to McAfee Technical
Support.
__________________________________________________________
WHAT'S IN THIS FILE
- About This Release
- Purpose
- Resolved Issues
- Previously Resolved Issues
- Known Issues
- Files Included With This Release
- Installation
- Installation Requirements
- Installation Steps
- Installation Steps via ePolicy Orchestrator
- Installation Steps via McAfee Installation
Designer
- Verifying Installation
- Contact Information
- Copyright & Trademark Attributions
- License Information
__________________________________________________________
ABOUT THIS RELEASE
PURPOSE
This release combines previous patches and updated
binaries into a single Microsoft Patch installer to
address all items listed in "Resolved Issues" and
"Previously Resolved Issues" below.
RESOLVED ISSUES
1. ISSUE:
Null entries are seen in the ePolicy
Orchestrator database under the severity field
due to the VirusScan Enterprise 8.0i extended
NAP file.
RESOLUTION:
The extended NAP file has been modified to
correctly handle the severity field.
2. ISSUE:
When disabled, the ScriptScan feature will
remain registered and still handles VB Script
and Jscript operations, even though it is not
scanning.
RESOLUTION:
When the ScriptScan feature is disabled, the
component is unregistered, and when enabled the
feature is registered.
3. ISSUE:
The error "Access Denied" is seen when accessing
a remote share. This can occur when user profile
information is redirected by a Microsoft Windows
group policy object, and the user tries to save
a file to their "My Documents" folder.
RESOLUTION:
The issue has been resolved in the updated
common scan components.
4. ISSUE:
In environments using Distributed File System
shares, a noticeable increase in network traffic
activity may be experienced.
RESOLUTION:
The file system filter driver has been updated
to resolve the issue.
5. ISSUE:
During shutdown the VSTSKMGR.EXE process may
crash with an error similar to "VSTSKMGR.EXE –
the exception privileged instruction 0x00000096
occurred in the application at location
0x0012e80d."
RESOLUTION:
An update to VSTSKMGR.EXE, the McTaskManager
Service, resolves the issue.
6. ISSUE:
After applying VirusScan Enterprise 8.0i Patch
11, when a system resumes from the hibernation
power saving state, the on-access scanner may be
paused.
RESOLUTION:
The on-access scanner now correctly is enabled
when the system resumes from hibernation.
7. ISSUE:
A vulnerability exists in the Common Management
Agent (CMA) where an unexpected file can be run
with system privileges. Communication between
the VirusScan Enterprise plug-in and CMA can be
utilized as a mechanism to exploit this
vulnerability.
RESOLUTION:
The VirusScan Enterprise plug-in, VSPLUGIN.DLL,
has been updated to prevent the potential
exploit.
8. ISSUE:
When accessing some Japanese named files with a
long filename, the on-access scanner service,
MCSHIELD.EXE, could crash or cause the accessing
application to stop responding.
RESOLUTION:
MCSHIELD.EXE has been updated to resolve this
issue.
9. ISSUE:
The memory scan feature of an on-demand scan did
not detect potentially unwanted programs that
were resident in memory.
The memory scan feature did not use the
exclusion list.
The memory scan feature failed to record when a
detection was successfully cleaned.
RESOLUTION:
The issue has been resolved in the updated
on-demand scan components.
10. ISSUE:
After applying VirusScan Enterprise 8.0i Patch
11 where the Anti-Spyware Enterprise module is
installed, the Cookie Scan feature detects the
same cookie twice.
RESOLUTION:
The issue has been resolved in the updated
common scan components.
11. ISSUE:
In ePolicy Orchestrator, the "Top 10" virus
report shows a "_" character as the virus name.
RESOLUTION:
The issue has been resolved in the updated
common scan components.
12. ISSUE:
If the ePolicy Orchestrator Agent is installed,
the on-access scanner could crash when resuming
from the hibernation power-saving state.
RESOLUTION:
The issue has been resolved in the updated
on-access scanner.
PREVIOUSLY RESOLVED ISSUES
1. ISSUE:
A "Cannot find the file specified" error message
could occur when starting Lotus Notes via a
shortcut, or when starting Lotus Notes from a
shell.
The same error message could occur when
third-party applications that inject an add-on
into Lotus Notes attempt to invoke the McAfee
Lotus Notes scanner extensions and fail to find
NCDAEMON.EXE.
RESOLUTION:
NCDAEMON.EXE now loads successfully.
2. ISSUE:
A third-party application working with scripts
can encounter an access violation error if it
passes a NULL pointer to the Script Scan module
(SCRIPTPROXY.DLL). The Script Scan module does
not refer a NULL pointer.
RESOLUTION:
The Script Scan module can now refer NULL
pointers.
3. ISSUE:
The Japanese version of VirusScan Enterprise,
when detecting an infected Lotus Notes email,
takes action upon the note as expected, but
removes the original message body.
RESOLUTION:
The original message body is always preserved.
When the sending client is not Lotus Notes or is
a different version of Lotus Notes, the warning
text and infected attachment may be removed.
4. ISSUE:
The on-access scanner sometimes scans a process
in memory when the scanner service is starting.
RESOLUTION:
The on-access scanner does not scan processes in
memory.
5. ISSUE:
When installed to the debug build of Windows
2003 Server, VirusScan Enterprise causes a blue
screen (BSOD) from handling a unicode
instruction.
RESOLUTION:
The issue has been resolved in the updated
McAfee file system filter driver.
6. ISSUE:
On Microsoft Windows XP SP2, or Windows XP SP1
with Security Update 885835, a memory-mapped
write operation may not complete correctly. The
Set EndOfFileInformation IRP was being issued
twice to the file system.
RESOLUTION:
The AV filter driver has been updated to
correctly issue a single Set
EndOfFileInformation IRP.
7. ISSUE:
A potentially unwanted program contained in an
archive file was detected by an on-demand scan,
even when that program was excluded.
RESOLUTION:
The on-demand scan now correctly excludes
potentially unwanted programs contained in
archive files, when configured to exclude them.
8. ISSUE:
Some third-party applications crashed under
various conditions when the Script Scan feature
was installed. Note that the feature did not
have to be enabled. The crash was caused by a
synchronization issue when Script Scan
initialized the scan engine.
RESOLUTION:
The synchronization issue has been resolved in
the updated McAfee file system filter driver.
9. ISSUE:
When the "Blocking" feature of the on-access
scanner was configured to "Block if an unwanted
program is detected," the feature blocked a
remote user even when the potentially unwanted
program was excluded from detection.
RESOLUTION:
Potentially unwanted programs that are excluded
from detection are not blocked by the on-access
scanner "Blocking" feature.
10. ISSUE:
If the on-access scanner was configured to be
disabled and a system entered hibernation mode,
the on-access scanner was enabled once the
system awakened. Note that the shield icon and
Service Control Manager showed that the scanner
service was disabled.
RESOLUTION:
If disabled prior to entering hibernation, the
on-access scanner now remains disabled after
leaving hibernation mode.
11. ISSUE:
On some Microsoft Windows 2000 Service Pack 4
systems, the Winlogon process can crash when a
McAfee update task is launched. This issue
occurred only after Patch 10 was installed,
which contained an updated SCRIPTPROXY.DLL.
RESOLUTION:
The Script Scan binary, SCRIPTPROXY.DLL, is
updated to resolve this issue.
12. ISSUE:
When the McAfee Anti-Spyware module is installed
and an on-demand scan task is configured to scan
cookies, the on-demand scan can crash.
RESOLUTION:
The shared library, MYTILUS.DLL, has been
updated to resolve this issue.
13. ISSUE:
The Reg/Lowzones Trojan was not detected by the
on-access scanner when the primary action was
"Clean files automatically." More information
about this Trojan can be found in the virus
library:
RESOLUTION:
The on-access scanner now takes appropriate
action against the Trojan.
14. ISSUE:
An incompatibility existed between some
monitoring software packages and the Buffer
Overflow protection feature of VirusScan
Enterprise. This was due to a conflict in
hooking mechanisms being used. Software
identified includes SpectorSoft, and WebRoot
SpySweeper.
RESOLUTION:
The hooking mechanism of the Buffer Overflow
feature has been modified to be more compatible
with most third-party applications.
15. ISSUE:
A C2 blue screen error (BSOD) could occur when
the Buffer Overflow feature was enabled. This
was seen as a stop code of 0x000000c2 with the
following parameters (0x00000047, 0x84b83000,
0x00004b83, 0x000f1ffb).
RESOLUTION:
The Buffer Overflow driver has been updated to
resolve the issue.
16. ISSUE:
An error in MCSHIELD.EXE can occur on shutdown.
The memory address referred to in the error
message is 0x77f966bc or 0x7c964ed1. This
occurred from attempts to close handles that
were no longer valid.
RESOLUTION:
The software only closes valid handles on
shutdown.
17. ISSUE:
An incompatibility with some third-party
software was identified that could cause
LSASS.EXE to perpetually use 100% of CPU
resources, when Buffer Overflow protection was
enabled. The Buffer Overflow feature was in a
loop.
RESOLUTION:
The Buffer Overflow feature is updated to
identify when third-party software creates this
loop, and no longer causes the loop to be
perpetual.
18. ISSUE:
On Microsoft Windows 2003 Server with Service
Pack 1, the Buffer Overflow feature does not
function.
RESOLUTION:
This release updates the Buffer Overflow feature
to function properly with the Microsoft service
pack applied.
19. ISSUE:
If you entered an exclusion for the Buffer
Overflow feature, which is case-sensitive, it
was converted to lowercase, making the exclusion
invalid.
RESOLUTION:
The text entered for the exclusion is preserved
correctly.
20. ISSUE:
When the on-access scanner timed out while
scanning a file, the event was reported to
ePolicy Orchestrator or Protection Pilot as a
virus named "_".
RESOLUTION:
With this release, the on-access scanner
time-outs are not reported as a virus.
21. ISSUE:
The "All Port Blocking Events" query produced an
error when the ePolicy Orchestrator or
Protection Pilot database was on a SQL7 or MSDE
v1 server.
RESOLUTION:
The "All Port Blocking Events" query has been
corrected.
22. ISSUE:
Events are not processed if the language of the
account used to access SQL is not English, and
the current day of the month is greater than
12.
RESOLUTION:
This issue is resolved in the updated Extended
NAP file.
23. ISSUE:
ePolicy Orchestrator or Protection Pilot reports
might contain sentences that overlap, and chart
labels might be illegible.
RESOLUTION:
This issue is resolved in the updated Extended
NAP file.
24. ISSUE:
On-demand scan tasks configured to stop after
running for a specified amount of time might not
stop at the appointed time. The VirusScan
Enterprise plug-in did not identify the correct
task.
RESOLUTION:
The VirusScan Enterprise plug-in has been
updated to stop the correct scan task after the
specified amount of time.
25. ISSUE:
In some environments the VirusScan Enterprise
Patch 10 release encountered an installation
issue where the Windows Installer service would
hang (published in the knowledge base as article
KB40498).
RESOLUTION:
The installation of this release temporarily
disables the Buffer Overflow feature only if it
is enabled, and enables it again once the
installation is complete.
26. ISSUE:
Alert messages sent to McAfee Alert Manager
sometimes displayed a user name of "System."
RESOLUTION:
The correct user name is now sent in the alert
message.
27. ISSUE:
An event is captured by the Event log service
with the ID of 6004. This only occurred after
installing VirusScan Enterprise 8.0i, and
occurred when the McAfee TDI filter driver was
loaded.
RESOLUTION:
This is resolved with the updated McAfee TDI
filter driver.
28. ISSUE:
A blue screen error (BSOD) could be seen on a
server operating system, often with a bug check
code of D1.
RESOLUTION:
This is resolved with the updated McAfee TDI
filter driver.
29. ISSUE:
PatchLink, a third-party application, will crash
when the Script Scan module is installed.
RESOLUTION:
Updates made to the Script Scan module,
SCRIPTPROXY.DLL, and a shared scanner module,
MYTILUS.DLL, resolve the issue.
30. ISSUE:
A delay may be noticed when a computer system
shuts down. Shutdown progresses at a normal rate
if the McTaskManager service is stopped before
shutdown.
RESOLUTION:
VSTSKMGR.EXE, the McTaskManager service, has
been updated to correct this issue.
31. ISSUE:
During an engine update, scanner components may
not unload the scan engine, resulting in failure
to update the Engine because it is still in
use.
RESOLUTION:
VSTSKMGR.EXE has been updated to ensure
successful Engine updates.
32. ISSUE:
A memory leak occurred in non-page pool memory
when accessing files via the network redirector.
The TDI driver did not release memory that had
been allocated for identifying Source IP
information.
RESOLUTION:
Memory is properly released by the TDI driver.
33. ISSUE:
If the TDI driver received an I/O Request Packet
(IRP) that did not have enough stack locations
to be passed down the stack, a new IRP was
created and the original IRP was left
uncompleted. This resulted in a small memory
leak.
RESOLUTION:
The original IRP is now completed.
34. ISSUE:
A driver conflict between the McAfee TDI driver
and a driver from Aventail VPN Client software
could result in NetBIOS network connectivity
being lost.
RESOLUTION:
NetBIOS network connectivity functions as
expected when these applications are installed.
35. ISSUE:
When a system was under considerable file I/O
stress, and the path information of a file was
not examined correctly by the exclusion library,
an excluded file or a file inside an excluded
folder could be scanned.
RESOLUTION:
The exclusion library has been updated to ensure
that file path information is examined correctly
under any stress condition.
36. ISSUE:
Malformed JPEG files taking advantage of the
MS04-028 exploit could be rendered by a browser
-– without first having to cache files locally
-- to induce an attack on the system. Details of
the security bulletin can be found at:
RESOLUTION:
The processes monitored by the Buffer Overflow
Protection feature are protected against
malicious code attempting to execute after
exploiting the MS04-028 vulnerability.
IMPORTANT:
When a buffer overflow has occurred, the
affected process may become unstable and may
need to be restarted.
This Patch release is not a substitute for any
security patch(es) provided by Microsoft to
resolve the MS04-028 vulnerability.
37. ISSUE:
Toolbar icons in some applications, including
IBM WebSphere Studio, display as black boxes.
RESOLUTION:
Toolbar icons now display as expected.
38. ISSUE:
Web Inspector from Zixcorp would encounter an
error upon initializing, usually seen at logon.
RESOLUTION:
Web Inspector now loads without issue.
39. ISSUE:
Windows Media Player 10 could stop responding
after you select the option to listen to a
"Radio" stream, then select the "Music" tab.
RESOLUTION:
Windows Media Player 10 operates correctly
without interruption when you change from the
"Radio" tab to "Music" tab, and vice versa.
NOTE:
Once the Patch is applied, a reboot may be
required to resolve this issue.
40. ISSUE:
List boxes and message boxes in .NET
applications do not display any content.
RESOLUTION:
List boxes and message boxes now display content
as expected.
41. ISSUE:
In some Lotus Notes configurations where user
mail databases were located in varying
locations, the Lotus Notes Scanner did not find
a mailbox to scan.
RESOLUTION:
User mailboxes are correctly located, and the
Lotus Notes scanner protects the database.
42. ISSUE:
The user interface option that allows you to
password-protect the "On-Access Scanner:
Detection" page mistakenly protects both the
On-Access Scan "Detection" and On-Access Scan
"Set Exclusions" property pages. A user could
not add exclusions.
RESOLUTION:
Choosing to protect the "On-Access Scanner:
Detection" page from the "User Interface
Options" now protects only the On-Access Scan
"Detection" page.
43. ISSUE:
A delay in responsiveness of the script engine
would occur when executing scripts
sequentially.
RESOLUTION:
Scripts terminate correctly, allowing the script
engine to respond to subsequent script
commands.
44. ISSUE:
An "Access denied" error appeared in an
application that used the "delete-on-close" flag
when working with temporary files. The file
system filter driver would lose track of the
"delete-on-close" flag.
RESOLUTION:
The updated file system filter driver resolves
this issue, allowing temporary files to be
utilized as expected.
KNOWN ISSUES
1. When installing locally, you may not be prompted
to reboot after the installation. However, a
reboot is necessary to unload the previous
McAfee TDI filter driver and load the new
driver.
2. Installing the Patch and specifying a log file
path using the MSI switch "/L" does not log to
the specified path. A log capturing full data is
logged to the folder "NAILogs" under the Temp
folder.
3. When using McAfee Installation Designer 8.0 to
create a new installation package that includes
Patch 12, and you have VirusScan Enterprise 8.0i
and an MSP installed locally (Patch10.msp or
Patch11.msp), the resulting package may not
install to other systems.
Install McAfee Installation Designer 8.1 and
create the new installation package that
includes Patch 12.
4. When installing Patch 12 interactively and
canceling the installation on a system where a
previous Patch was installed, after the rollback
completes the previous Patch will no longer
reports to ePolicy Orchestrator or displays in
the "About VirusScan Enterprise" window.
5. If the Lotus Notes client is open when Patch 12
is installed, the installation completes
successfully, but a reboot is required to
replace the McAfee Lotus scanner files. The new
files are not used until after a reboot.
6. If Patch 12 is removed from the ePolicy
Orchestrator or Protection Pilot repository and
Patch 10 is added, clients that have Patch 12
run the Patch 10 package but do not replace any
files. These systems report that both Patch 10
and Patch 12 are installed.
FILES INCLUDED WITH THIS RELEASE
This release consists of a package called
VSE80P12.ZIP, which contains the following files:
PKGCATALOG.Z =
Package catalog file
PATCH12.TXT =
This text file
VS800DET.MCS =
VirusScan Enterprise detection script
PACKING.LST =
Packing list
SETUP.EXE =
Installer for this release
SETUP.INI =
Initialization file for SETUP.EXE
PATCH12.MSP =
Microsoft Installer Patch file
VSE_NAP\VSE800.NAP =
Management NAP file
VSE_MASE_NAP\VSE800.NAP =
Management NAP file
VSE800REPORTS.NAP =
Reporting NAP file
The following files are installed to client
systems:
ENTAPI.DLL 8.0.0.448
ENTDRVnx.SYS* 8.0.0.448
ENTSRV.DLL 8.0.0.448
FTL.DLL 8.0.0.135
MCSHIELD.EXE 8.0.0.318
MIDUTIL.DLL 8.0.0.155
MVSTDInx.SYS* 8.0.0.301
MYTILUS.DLL 8.0.0.325
NAIANN.DLL 8.0.0.308
NAIAVFIN.EXE 11.0.0.108
NAIAVFnx.SYS* 11.0.0.108
NCDAEMON.EXE 8.0.0.998
NCEXTMGR.DLL 8.0.0.998
NCINSTALL.DLL 8.0.0.998
NCMENU.DLL 8.0.0.998
NCSCAN.DLL 8.0.0.998
NCTRACE.DLL 8.0.0.998
SCRIPTPROXY.DLL 8.0.0.992
SHCFG32.EXE 8.0.0.1000
SHUTIL.DLL 8.0.0.1007
VSIDSVR.DLL 8.0.0.291
VSODSCPL.DLL 8.0.0.1011
VSPLUGIN.DLL 8.0.0.1009
VSTSKMGR.EXE 8.0.0.1004
The following files are checked in to the
ePolicy Orchestrator or Protection Pilot
repository:
VSE800.NAP **2.0.0.270 / 2.0.0.271
VSE800REPORTS.NAP3.0.0.1001
* File name depends on operating system and
processor architecture.
** The second version is for ePolicy
Orchestrator or Protection Pilot environments
that also have the Anti-Spyware Enterprise
module.
__________________________________________________________
INSTALLATION
INSTALLATION REQUIREMENTS
To use this release, you must have VirusScan
Enterprise 8.0i software installed on the computer
you intend to update with this release.
NOTE:
This release does not work with earlier versions
of VirusScan software.
INSTALLATION STEPS
1. Extract the Patch files from VSE80P12.ZIP to a
temporary folder on your hard drive.
2. Double-click the file SETUP.EXE inside the
temporary folder created in Step 1.
3. Follow the instructions of the installation
wizard.
INSTALLATION STEPS FOR ePOLICY ORCHESTRATOR
1. On the computer where the ePolicy Orchestrator
3.x console resides, extract the Patch files
from VSE80P12.ZIP to a temporary folder on your
hard drive.
2. Open the ePolicy Orchestrator 3.x console and
add the package from the temporary folder
created in Step 1 to your repository.
Consult "Checking in Package" on page 206 of the
ePolicy Orchestrator 3.0 Product Guide, or
"Checking in PKGCATALOG.Z product packages to
the master repository" on page 90 of the ePolicy
Orchestrator 3.5 Product Guide, for instructions
on adding a package to the repository. The
package type for this Patch is "Products or
Updates."
The next time an agent update task runs, the
VirusScan Enterprise client automatically
downloads and installs the Patch.
3. Skip ahead to Step 4 if you have already added
the McAfee Anti-Spyware module NAP file to your
repository.
Add the management NAP file, VSE800.NAP, from
the temporary folder created in Step 1 to your
repository.
NOTE:
Add the VSE800.NAP from the appropriate
subfolder, which is determined by whether you
have the McAfee Anti-Spyware module installed or
not.
Consult the ePolicy Orchestrator documentation
for instructions on adding new software to be
managed to the repository.
4. Add the reporting NAP file, VSE800REPORTS.NAP,
from the temporary folder created in Step 1 to
your repository by doing the following:
a. In the console tree under Reporting | Report
Repository, remove the VirusScan 8.0
reporting directory. This removes the
VSE800Reports.NAP file from the Reporting
console; it does not remove the management
NAP file from the server.
b. Stop the ePolicy Orchestrator Server service
and ePolicy Orchestrator Event Parser
service.
c. In the ePolicy Orchestrator installation
directory, delete the following:
- REPORTVERSIONS.SQL file from the AVI
directory.
- VIRUSSCAN8000RPT folder from the
DB\REPORTS directory.
d. Restart the two services from Step b.
e. In the ePolicy Orchestrator console, add the
VSE800Reports.NAP file using the "Check in
NAP" wizard.
f. If applicable, log out of the Reporting
console.
g. Log in to the Reporting console using ePolicy
Orchestrator authentication.
When the Reporting console retrieves the new
reports, the ePolicy Orchestrator console
crashes.
h. Log in to the ePolicy Orchestrator console
and the Reporting Console to view the
VirusScan 8.0 reports.
INSTALLATION STEPS VIA MCAFEE INSTALLATION DESIGNER
McAfee recommends that you use McAfee Installation
Designer version 8.1 and follow this procedure:
1. Extract the files from VSE80P12.ZIP to a
temporary folder on your hard drive.
2. Start McAfee Installation Designer 8.1, select
"Create a new installation package," and select
a source and destination folder for your
installation package; then click "Next."
3. Go to the "Patch Files" section and click "Add."
Browse to the temporary folder you created in
Step 1, and select the file PATCH12.MSP.
4. Click "Finish" and "Save" in the McAfee
Installation Designer to save a new installation
package to the destination folder you specified
in Step 2.
VERIFYING INSTALLATION
Always reboot prior to validating that a Patch has
installed successfully.
Patch 11 does not display as installed if an error
occurred during installation, or if a file or files
did not install correctly.
1. Open the VirusScan Console and choose "About"
from the "Help" menu. The "About VirusScan
Enterprise" window "Patch Versions" displays
"12."
2. After property information has been collected by
ePolicy Orchestrator and Protection Pilot
agents, the client systems show that Patch 12 is
installed.
3. Confirm that the expected files are installed by
checking the version number of individual files.
File versions should match the list in "FILES
INCLUDED WITH THIS RELEASE," above.
drew1701d
You only get the patches through the mcafee customer portal. My link points to and when I login, I can download various patches for the various McAfee products I'm licensed for. My portal link only lists patch 11. I have patch 11a for a specific fault with a specific application but no sign of patch 12 on our portal yet.
You only get the patches through the mcafee customer portal. My link points to and when I login, I can download various patches for the various McAfee products I'm licensed for. My portal link only lists patch 11. I have patch 11a for a specific fault with a specific application but no sign of patch 12 on our portal yet.
CingularEPO
IS-IT--Management
I got the word from Mcafee that the patch will be released in 2 weeks but there have been problems reported so it may be delayed.
This is forward email from my corp.
Date 10.04.2006
-----------------------------
Dear all,
The Patch 12 release for VirusScan Enterprise 8.0i will NOT be posting
to Service Portal, as planned.
An issue has been found during the phased rollout, which has merited
that the patch undergo further engineering work.
In order to allow a smooth upgrade for VirusScan Enterprise 8.0i
customers running any patch level for the product the patch shall now be
called Patch 13.
Please, see below for information on the issue:
Environment: McAfee VirusScan Enterprise 8.0i
Symptom: Slow performance from an application that is writing to
disk
Symptom: Significant delay in performance
Symptom: A process is writing to a file multiple times per second
Change: Applied hotfix 256301 (VSE80HF256301)
The listed symptoms do not occur if this hotfix has not
been applied.
Fix: An immediate solution may be available in configuring the On
Access Scanner properties to scan "Default Files" instead of "All Files"
Fix: If you are experiencing any of the listed symptoms, contact
McAfee Support with reference to this knowledge base article.
A hotfix is available (HF270548) from Support that addresses
these symptoms.
The same update will be included in Patch 13.
I do not, as yet, have a date for the release of patch 13, but I will
keep you informed as and when I receive updates.
I do apologise for this delay.
Regards,
xxxxx xxxxxx
Technical Account Manager
McAfee Platinum Technical Support
------------------------------
end of forward
Date 10.04.2006
-----------------------------
Dear all,
The Patch 12 release for VirusScan Enterprise 8.0i will NOT be posting
to Service Portal, as planned.
An issue has been found during the phased rollout, which has merited
that the patch undergo further engineering work.
In order to allow a smooth upgrade for VirusScan Enterprise 8.0i
customers running any patch level for the product the patch shall now be
called Patch 13.
Please, see below for information on the issue:
Environment: McAfee VirusScan Enterprise 8.0i
Symptom: Slow performance from an application that is writing to
disk
Symptom: Significant delay in performance
Symptom: A process is writing to a file multiple times per second
Change: Applied hotfix 256301 (VSE80HF256301)
The listed symptoms do not occur if this hotfix has not
been applied.
Fix: An immediate solution may be available in configuring the On
Access Scanner properties to scan "Default Files" instead of "All Files"
Fix: If you are experiencing any of the listed symptoms, contact
McAfee Support with reference to this knowledge base article.
A hotfix is available (HF270548) from Support that addresses
these symptoms.
The same update will be included in Patch 13.
I do not, as yet, have a date for the release of patch 13, but I will
keep you informed as and when I receive updates.
I do apologise for this delay.
Regards,
xxxxx xxxxxx
Technical Account Manager
McAfee Platinum Technical Support
------------------------------
end of forward
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question