本帖最后由 大猫熊 于 2013-7-29 18:12 编辑
McAfee® Host Intrusion Prevention Version 7.0.0 Patch 8 Release Notes
Patch Version
8
Product
Host IPS Client 7.0.0 for Windows
Release Date
June 16, 2010
Rating
Critical: McAfee considers this release to be critical for all environments. Failure to apply a Critical update may result in severe business impact.
About ReleaseRefer to online knowledgebase article KB68889 for the most current Host IPS 7.0 Patch 8 client details.
Files affected
The following binaries are version 1159
[INSTALLDIR]\IsapiEngine.dll
[INSTALLDIR]\x64\IsapiEngine.dll
[INSTALLDIR]\HcApi.dll
[INSTALLDIR]\x64\HcApi.dll
[INSTALLDIR]\HcSql.dll
[INSTALLDIR]\x64\HcSql.dll
[INSTALLDIR]\FireTray.exe
[INSTALLDIR]\FireSvc.exe
[INSTALLDIR]\McAfeeFire.exe
[INSTALLDIR]\Helper.exe
[INSTALLDIR]\x64\Helper.exe
[INSTALLDIR]\HipShield.dll
[INSTALLDIR]\HcSvc.dll
[INSTALLDIR]\WinSecCtr.exe
[INSTALLDIR]\Inf\NdisInstall.exe (32-bit or 64-bit)
[WINDOWS]\System32\FireCL.dll
[WINDOWS]\System32\FireEpo.dll
[WINDOWS]\System32\FireCore.dll
[WINDOWS]\System32\FireComm.dll
[WINDOWS]\System32\FireNHC.dll
[WINDOWS]\System32\FireSCV.dll
[WINDOWS]\System32\Drivers\FirePM.sys (32-bit or 64-bit)
[WINDOWS]\System32\Drivers\FireTdi.sys (32-bit or 64-bit)
[WINDOWS]\System32\Drivers\FireLM01.sys (32-bit or 64-bit)
The following binaries are version 7.1.0.4[INSTALLDIR]\IsapiStub.dll[INSTALLDIR]\x64\IsapiStub.dll
The following binary is version 955[WINDOWS]\System32\Drivers\FireHk.sys (32-bit or 64-bit)
The HIPSCore related binaries are version 14.1.0.437
[INSTALLDIR]\HIPScore
[INSTALLDIR]\VScore
The SysCore related binaries are version 14.1.0.648
[INSTALLDIR]\HIPScore
[INSTALLDIR]\VScore
New Resolved Issues
Issue: System startup or shutdown takes an exceedingly long time with Host IPS installed. (Reference: 533861, 537762, 540714)
Resolution: Host IPS could cause a thread from an injected process to wait unnecessarily. The process injection mechanism has been updated to remove the possibility of this wait time.
Issue: FireSvc.exe spikes the CPU when it encounters custom IPS signatures with a class directive as an advanced parameter. (Reference: 535650)
Resolution: Exception parsing logic has been updated to handle the directive advanced parameter.
Issue: Connection-aware group matching sometimes fails when “ePolicy Orchestrator Server must be reachable via this connection” under Connection options is enabled. (Reference: 538678)
Resolution: Connection-aware group matching logic has been updated to prevent matching failure.
Issue: Firewall rules that were automatically created through learn or adaptive modes do not include the remote (destination) IP address. (Reference: 557388)
Resolution: The ability to learn the remote IP address for client firewall rules was implemented with the addition of two registry key entries. Refer to online knowledgebase article KB68888 for details.
Issue: Host IPS fails to install the 32-bit ISAPI stub when IIS 6 is running in 32-bit emulation mode on 64-bit versions of Windows. (Reference: 540769, 541056)
Resolution: Added support for IIS 6 running in 32-bit emulation mode on 64-bit versions of Windows. Refer to online knowledgebase article KB66782 for the most current details.
Issue: BugCheck 8E on FirePM.sys. (Reference: 549342)
Resolution: In some cases, Windows's LoadImage notification does not provide the executable's path name, which would lead to the bugcheck. Path validation has been added to the driver code to handle this scenario.
Issue: Microsoft's Visual C++ Runtime Library detects a buffer overflow in Firesvc.exe when the user clicks "Notify Admin" after a network attack detection. (Reference: 551981, 546632, 562218)
Resolution: Modified a string operation in the service to avoid any potential buffer overflow.
Issue: The System Process (ntoskrnl.exe) incorrectly matches fingerprint-based policy rules. (Reference: 559108)
Resolution: Updated the hashing logic for the System Process to ensure the logic is consistent.
Version Reporting Host IPS 7.0.0 Patch 8 clients report Patch – 8, Hotfix – 8, and Code Version – 7.0.0.1159 in the ePolicy Orchestrator Properties tab for Host Intrusion Prevention 7.0.0.
With ePolicy Orchestrator 4.0 or 4.5 you can write a query and search for the Host IPS Plug-in Version. Patch 8 clients will report product version 7.0.0.1159.
Known Issues
Issue: The Application Hooking component of Application Blocking is not supported on Windows 7.
Workaround: Refer to online knowledgebase article KB65844 for the most current Windows 7 details.
Issue: User/process-specific exceptions do not allow the Host IPS services (FireSvc.exe and HipSvc.exe) to be stopped. (Reference: 371417)
Workaround: Create an exception for all users/processes to stop FireSvc.exe and HipSvc.exe, or disable Signature 1000.
Issue: Loss of network connectivity during Host Intrusion Prevention installation.
Workaround: Refer to online knowledgebase article KB59945 for the most current details.
© 2010 McAfee, Inc. All Rights Reserved.
安装须知:
1. 关闭HIP所有保护再安装
2. 如果运行的是EXE则是静默安装,msp可以看到用户界面
3. 之前打过汉化补丁的,升级后要重新打
欢迎访问我的博客:http://www.alexyang.me
| 
发表于 2010-7-14 10:15:58
发表于 2010-7-14 10:43:06
速去看看