更新内容如下:
Patch 1
The McAfee Link Driver has been updated to ensure the terminal server logoff does not finish before handles are cleaned up, in order to prevent a potential race condition.
This release enhances the Self protection to prevent unauthorized access to critical VirusScan Enterprise processes. Please see Resolved issues, reference 643440, for further details.
This release ships with a new Access Protection rule that hardens VirusScan Enterprise against malware that performs process injection. See (McAfee) KnowledgeBase article KB71083 and KB71812 for information regarding this improvement.
NOTE: The rule Common Standard Protection: Prevent hooking of McAfee processes is enabled by default. Legitimate applications are known to perform process injection, and this Access Protection rule might have indeterminate results with those legitimate applications. These same programs should be able to recover when failing to inject into processes. However, it is strongly recommended to verify this update in test and pilot groups prior to mass deployment.
The ePolicy Orchestrator extension file has been updated to include management of the new Access Protection rule, Common Standard Protection: Prevent hooking of McAfee processes.
Patch 1
Issue: Installation fails with ERROR 1920, citing 'The McShield Service failed to start'. This can occur when Microsoft Windows is installed to a sub-folder rather than the root. (Reference: 638858)
Resolution: The system core installer has been revised to recognize all system paths.
Issue: A Bugcheck 5 error could occur if memory allocations are not checked for failure, resulting in an invalid memory reference. (Reference: 643013, 651019, 673463, 676448)
Resolution: The memory allocation is now checked for success prior to referencing it.
Issue: Malicious software might change NTFS folder permissions on McAfee folders in order to disable the software. (Reference: 643440)
Resolution: Self protection now protects McAfee folders, files and registry data from permission changes.
Issue: Process exclusion for Buffer Overflow was broken after introducing more granularities in Buffer Overflow exclusions using Module Name and API Name. (Reference: 651569, 686711, 687670)
Resolution: Process exclusions for Buffer Overflow work as expected on standalone machines, ePolicy Orchestrator managed systems and during ePolicy Orchestrator Policy Migration.
Issue: When multiple signatures are included in an EXTRA.DAT, the buffer used to store the description information for the “About” window might not be large enough. (Reference: 651670)
Resolution: Buffer size for storing Extra.DAT signature information has been increased to 4 times its original size.
Issue: When the option “Show add-in user interface error” is enabled in Outlook, the following pop-up error appears every time Outlook is started and the first e-mail is opened or created: “Custom UI Runtime Error in McAfee E-mail Scan Add-in”. (Reference: 651887, 656365, 656366, 656644, 656674, 656678, 657131, 657398, 657409, 657411, 657413, 657414, 657433, 661628, 675246)
Resolution: McAfee E-mail Scan Add-in has been fixed to return correct “success” error code to Outlook. The pop-up error no longer appears.
Issue: Files on network locations might trigger an unhandled exception leading to a system crash if the network experiences a failure or the object is unreadable. One report of this occurred when opening Outlook 2010 with PST files configured to reside on remote storage. (Reference: 660014, 663389, 665822, 667934)
Resolution: The exception is handled to avoid a system crash.
Issue: Access Protection rules involving the block of System:Remote fail to enforce. This also applies to preventing remote access to shares. (Reference: 661424)
Resolution: VirusScan Enterprise identifies remote share access and enforces Access Protection rules that prevent remote access to shares.
Issue: The XML file generated for Event 1202 contained incorrect values for GMTTime and UTCTime fields. (Reference: 661702, 676893)
Resolution: GMTTime and UTCTime fields for Event 1202 now have the correct time information.
Issue: A Bugcheck C2, “Bad_Pool_Caller” error, could occur under varied conditions. One instance was triggered when using Virtual Machine Converter. (Reference: 662350, 666697, 673448, 678179, 690657, 691258)
Resolution: A memory corruption issue has been resolved.
Issue: A variety of symptoms, including an application crash, might occur with the ScriptScan feature disabled. (Reference: 662684, 665748, 668796, 668807, 669035, 669605, 669773, 669875, 671666, 671668, 671671, 671672, 672710, 675259, 675261, 676492, 685467, 685551, 685566, 685650, 686667, 686828, 687336, 693321, 696789, 696834)
Resolution: ScriptScan DLLs are no longer accessed if the feature is disabled.
Issue: An attempt to add an exclusion to the Access Protection rule "Protect Internet Explorer favorites and settings" failed when the edit box reached its maximum limit. (Reference: 663135)
Resolution: Buffer size for storing processes to exclude has been increased, enabling customers to add exclusions.
Issue: When filtering network Input/Output, a timing issue could occur, leading to a kernel thread stack exhaustion. This issue could result in a system crash. (Reference: 664539, 665345)
Resolution: VirusScan Enterprise now uses a Deferred Procedure Call to ensure a fresh thread stack.
Issue: A bugcheck 50 error could occur when a McAfee driver encountered unexpected data while examining loaded resources of a third-party application. (Reference: 667172)
Resolution: The McAfee driver has been updated to handle this situation.
Issue: A memory leak could occur with the process validation service and the Microsoft .NET runtime support library, mscoree.dll. (Reference: 673462)
Resolution: Changes made to the process validation service have removed the dependency of the Microsoft .NET runtime support library, mscoree.dll.
Issue: When Hotfix 660014, which introduces folder permission restrictions, is installed, McAfee Agent installations might be blocked by an Access Protection rule. (Reference: 684965, 686259, 686272)
Resolution: The McAfee Agent is no longer blocked when trying to set folder permissions.
Issue: A defect in the matching engine prevents the deletion of folder names that are a substring of “Program Files”, such as “c:\pro” or “c:\prog”. (Reference: 685273)
Resolution: The matching engine now only matches complete folder names, so deleting “Program Files” is prevented, but deleting “C:\pro”, “c:\prog”, or other substrings is allowed.
Issue: An issue in the clean-file scan cache logic was identified on systems supporting the Server Message Block 2 (SMB2) protocol that could allow files to be written to a share and not be scanned. (Reference: 686645, 686650, 690277)
Resolution: When On-Access Scanner tries to scan a share file and the scan does not succeed, the scanner now returns an OPLOCK error to McShield. McShield returns NOTSCANNED status to the driver and the file is not added to the cache, causing the file to be scanned when accessed.
Issue: When Hotfix 660014, which introduces Access Protection rule: Prevent modification of McAfee files and settings, is installed, VirusScan Enterprise prevents installation and adding features to Windows systems. (Reference: 691269, 691651)
Resolution: VSCAN.BOF content file has been modified to properly restrict access to McAfee files and settings.
Issue: The On-Demand Scanner cleanup events (1034, 1035, 1202, and 1203) have timestamps that are identical to the On-Demand Scanner start time. (Reference: 691660)
Resolution: VirusScan Enterprise now obtains the current time before generating On-Demand Scab cleanup events. |
楼主: zhousf
[复制链接]
发表于 2011-11-15 10:19:28
同楼上,求详细介绍啊···
楼主
