本帖最后由 kafan_Seal 于 2010-2-19 20:44 编辑
About this release
Patch Release: 02-09-2010
Release to World (RTW): Approx. 9 March 2010
This release was developed for use with:
VirusScan Enterprise: 8.7i
Detection Definitions (DAT): 5850.0000
Scan Engine: 5.4.00
Make sure you have installed the correct version of the product(s) in this list before using this release.
*This document makes references to the following products as VirusScan Modules:
McAfee® VirusScan® Enterprise for Offline Virtual Images 1.0
McAfee® VirusScan® Enterprise for Offline Virtual Images 2.0
McAfee® VirusScan® Enterprise for use with SAP NetWeaver® platform 1.0
McAfee® VirusScan® Enterprise for Storage 1.0
Rating
McAfee recommends this release for all environments. Patch 3 is considered a High Priority Release.
Improvements
This release of the software includes the following improvements.
1. Changes were made to the service startup sequence to have less impact on the system during startup.
Known issues
Here is a list of known issues that we were aware of at production time
1. Issue: In some situations, the product switches over to using the normal copy of the DAT files, instead of the runtime DATs:
If the McAfee AntiSpyware Enterprise module is installed after VirusScan Enterprise 8.7i Patch 3 is on the system, some of
the new registry settings, which are new for the runtime functionality, were changed back. This resolves itself with a
restart of the McTaskManager service or with a reboot.
If one of the scanners is busy on a large file when the AutoUpdate process posts the revised copy of the DATs, the process
of refreshing the runtime copy of the DATs times out. All scanners use the normal DATs until the next successful update.
The VirusScan Modules* will not use the runtime DAT functionality until they received their next Patch.
2. Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged systems may see a
performance impact at startup and after a successful AutoUpdate of the engine or DATs. Currently the Process on enable option
is enabled by default on the shipping version of VirusScan Enterprise 8.7i. McAfee recommends that in a managed environment,
disable this option prior to deployment of the Patch, until the impact of memory scanning can be determined for your
environment. It is not possible to maintain both the more comprehensive scanning that comes with Patch 1 and later, and the
former level of scanning. Therefore, only the more comprehensive scan is used.
NOTE FOR CURRENT AND NEW USERS:
The Patch installation does not modify current settings to disable the Process on enable option.
The VirusScan 8.7i NAP and extension that are included with the Patch do change the McAfee Default policy, but do not
modify the My Default policy, or any custom policy settings that were made prior to the check-in of the new
NAP/extension.
The VirusScan Enterprise 8.7i Repost with Patch now installs with the Process on enable option disabled, unless the
Maximum Security option is selected during the installation.
3. Issue: With the introduction of support for Russian, you might need to remove the previous version of the extension from
ePolicy Orchestrator before adding the new extension. If you do not, some of the interface might be displayed in the original
language.
4. Issue: McAfee Agent 4.0 Patch 2 and later include support for displaying status and logs in Russian. Older versions display this
information in English by default.
5. Issue: Since VirusScan Enterprise 8.7i Patch 2 and later include the new interface for reporting status to Windows Security
Center, uninstalling the Patch removes this function -- without reintroducing the older expired function. This means that Windows
Security Center does not report VirusScan Enterprise 8.7i being installed until Patch 2 or later is implemented.
6. Issue: When you remove the McAfee AntiSpyware Module, the status in Windows Security Center is not updated.
7. Issue: In deployments of VirusScan Enterprise 8.7i Patch 2 and later with McAfee Agent 4.5, the VirusScan tray plug-in does not
appear until after a restart of the McAfee system tray icon. If VirusScan is uninstalled, the VirusScan tray plug-in is still visible
until a similar restart.
8. Issue: This Patch adds needed support for McAfee VirusScan Enterprise for Offline Virtual Images 2.0, and should not be
removed unless the VirusScan Module is removed first.
9. Issue: The Patch installer included an MSI deferred action to resolve an issue found when attempting to uninstall the Patch on
some newer operating systems. The deferred.mfe file updated the cached MSI of the currently installed VirusScan 8.7i product. If
the Patch is included in a McAfee Installation Designer customized package, the deferred.mfe file was not included, and therefore
the Patch might not be able to be uninstalled in some newer operating systems.
10. Issue: If you installed this release interactively and cancelled the installation on a system where a previous Patch was installed,
after the rollback was complete, the previous Patch might no longer reported to ePolicy Orchestrator or appeared in the About
VirusScan Enterprise window.
11. Issue: Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch “/L” did not log to the
specified path. A log file capturing full data was logged to the folder “McAfeeLogs” under the Temp folder.
12. Issue: If Host Intrusion Prevention 6.x or later was installed and disabled prior to installing VirusScan Enterprise, it was
necessary to re-enable Host Intrusion Prevention and disable it again, in order for VirusScan Buffer Overflow Protection to be
properly enabled.
13. Issue: Uninstalling VirusScan Enterprise Patches is possible for computers running Windows Installer v3.x or later. This
technology is not fully integrated for Windows 2000 operating systems, so there is no option to remove the Patch in Add/Remove
programs. See instructions under Removing the Patch for removal via command-line options.
14. Issue: Patches for VirusScan Enterprise 8.7i can only be uninstalled via Add/Remove programs, not via ePolicy Orchestrator.
Resolved issues
1. Issue: Users would see Windows Security Center notification pop-ups at regular intervals, stating that VirusScan was disabled.
(Reference: 529651)
Resolution: The VirusScan Enterprise Windows Security Center reporting tool now only updates its status when the state of
VirusScan changes, rather than at regular intervals.
2. Issue: The On-Access Scanner service failed to start after running Chkdsk at startup. (Reference: 450357)
Resolution: The Anti-Virus Filter driver no longer treats the disks as having been dismounted after the Chkdsk procedure is
completed.
3. Issue: Some VBScript types were not being properly scanned on Windows 2008 R2. (Reference: 505001)
Resolution: The ScriptScan application has been updated to account for changes in the Windows 2008 R2 platform.
4. Issue: A 3B bugcheck (blue screen) could occur immediately after an unexpected device-removal. (Reference: 519656)
Resolution: The Link driver has been revised to cease processing outstanding IO requests immediately upon being notified that
device removal has occurred.
5. Issue: When an Access Protection warning existed in McAfee Security Status window, the warning status clear function caused a
crash. (Reference: 517265)
Resolution: The VirusScan tray files now have updated logic to handle the Access Protection messages in the McAfee Security
Status window.
6. Issue: When an On-Demand Scan task was created manually via console, but had not yet run, the task started up at the next
reboot. (Reference: 521200)
Resolution: The VirusScan task manager service prevented an uninitialized variable, which caused the task to indicate that a
scan was in progress.
7. Issue: On-Demand Scan tasks on Windows 2008 failed to authenticate to network shares with specified credentials. (Reference:
503155)
Resolution: The On-Demand Scanner now requests the necessary elevated privileges to authenticate on Windows 2008.
8. Issue: The On-Demand Scanner /LOG switch logged only part of the data from the scan in the specified location, while the rest
of the information was still recorded in the default location. (Reference: 525694)
Resolution: When Scan32.exe is executed via command line, it now reads from the default settings and overwrites, but does
not save, the setting based on what is specified with the command-line switches.
9. Issue: With VirusScan installed alongside the McAfee Agent 4.5 in an unmanaged environment, the VirusScan legacy tray icon
did not load. (Reference: 523823)
Resolution: The VirusScan Statistics tray icon now properly queries the McAfee Agent for version and managed/unmanaged
state before deciding to load itself.
10. Issue: Removing the current Patch from the system did not replace the Patch_ registry data from the previous Patch.
(Reference: 523806)
Resolution: The Microsoft Patch (MSP) installer now reverts the Patch_ registry information to the previous version.
11. Issue: If VirusScan was set to show its tray settings with minimal options, the McAfee Agent 4.5 tray icon did not display an
item under Managed Products. (Reference: 528792)
Resolution: The VirusScan Statistics tray plug-in now uses the legacy Help/About as a menu option when VirusScan is set to
Show the system tray icon with minimal menu options.
12. Issue: When a specific scan task had both Defer scan when using battery power and User may defer scheduled scans options
set, the user was still prompted to defer the scan when on battery power. (Reference: 537126)
Resolution: The On-Demand Scan plug-in was changed so that the property option, User may defer scheduled scans, is not
encountered first, so it doesn’t override the other selections.
13. Issue: The user dialog box for the scan task option, User may defer scheduled scans, did not appear when VirusScan 8.7i was
managed by the McAfee Agent 4.5. (Reference: 534348)
Resolution: The VirusScan Statistics tray plug-in was updated to include this same functionality from the VirusScan Statistics
legacy tray icon.
14. Issue: Using the %ProgramFiles% variable to exclude folders and files did not translate all possibilities across 64-bit and 32-bit
operating systems. To ensure you exclude any possible “Program files” location (including “Program Files (x86)”), you had to
enter the exclusions two ways: 1) “%programfiles%” 2) “%programfiles(x86)%” (Reference: 491796)
Resolution: The Access Protection Filter API now always translates the %ProgramFiles% variable into all lowercase to prevent
the operating system from misinterpreting the intended location.
15. Issue: Some access protection policies were enforced by ePolicy Orchestrator when the Access Protection feature was not
installed to the system. (Reference: 503635)
Resolution: The VirusScan Management Plug-in now recognizes when the Access Protection feature is installed or not and
enforces policies accordingly.
16. Issue: The Task name entry for the default "Full Scan" used the translation string name instead of the translated name.
(Reference: 505217)
Resolution: The Announcer library now uses the proper translation name instead of the string.
17. Issue: The Network Port Access Protection Rule window under the user-defined access protection policies did not always display
an OK or Cancel button. (Reference: 517382)
Resolution: The VirusScan 8.7i extension has been updated to properly display the buttons.
18. Issue: The threat event 1119 event showed an incorrect Engine and DAT version when an update failed or was cancelled.
(Reference: 468233)
Resolution: The AutoUpdate application now reports the proper information for the event.
19. Issue: The process name involved in a Buffer Overflow detection did not show in the ePolicy Orchestrator query "Top 10 Buffer
Overflows Detected". (Reference: 459789)
Resolution: VirusScan Reports extension was corrected to display the information under the proper column name.
20. Issue: The query "Number of Detections by Tag" did not execute properly on ePolicy Orchestrator 4.5. (Reference: 460304)
Resolution: The VirusScan Reports extension now uses the proper column validation.
21. Issue: The Access Protection and Buffer Overflow rule file that was contained in the VirusScan extension introduced an
incorrectly defined variable that prevented the McAfee Agent from calling back to the ePolicy Orchestrator server if custom
policies were made to the rules. (Reference: 530900)
Resolution: The VirusScan Extension has been updated to include a revised Access Protection and Buffer Overflow rule that does
not have this variable.
|
[复制链接]
发表于 2010-2-19 20:22:34
楼主
