McAfee
®
VirusScan
®
Enterprise 8.7i Repost Patch 5 Release Notes
Thank you for using McAfee software. This document contains important information about the current release. We stronglyrecommend that you read the entire document.
Contents
Version Product Release date Rating
About this release File inventory Improvements
Previous improvements Resolved issues
Patch 5 resolved issues Patch 4 resolved issues Patch 3 resolved issues Patch 2 resolved issues Patch 1 resolved issues Installation instructions
Standalone installation
Installation steps via ePolicy Orchestrator Removing the installation
Verifying installation Known issues License attributions
Version
Repost Patch 5Product
For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see (McAfee) KnowledgeBase article KB51111. This release was developed for use with:
VirusScan Enterprise 8.7.0i
VirusScan Enterprise 8.7.0i with McAfee®® AntiSpyware Enterprise Supported minimum versions:
McAfee Agent: 4.0.0.1496 Detection Definitions (DAT): 6400 Scan Engine: 5.4.00
This document makes references to the following products as VirusScan Modules:
McAfee® VirusScan® Enterprise for Offline Virtual Images 1.0
McAfee® VirusScan® Enterprise for Offline Virtual Images 2.0
McAfee® VirusScan® Enterprise for use with SAP NetWeaver® platform 1.0
McAfee® VirusScan® Enterprise for Storage 1.0
McAfee® Optimized Virtual Environments for Servers
McAfee® Optimized Virtual Environments - Antivirus for Virtual Desktop Infrastructure
Release date
September 01, 2011
Rating
Mandatory
McAfee considers this release to be a required update for all environments. Mandatory Patches and Hotfixes resolve vulnerabilities that may affect product functionality and compromise security. These updates must be applied to maintain a viable and supported product. Failure to apply Mandatory updates may result in a security breach.
About this release
This release contains a variety of improvements and fixes. McAfee has spent a significant amount of time finding, fixing, and testing the fixes in this release. Please review the Improvements, Known issues and Resolved issues lists for additional information. See (McAfee) KnowledgeBase article KB65944 for the most current information.
This document supplements the product Release Notes in the release package.
File inventory
This release package contains the following files:
The following files are new with this release:
No files have been updated since the release of Patch 5. Refer to the Patch5.htm Release Notes accompanying this document for information about changes to file versions since the previous Repost Patch release.
File name Description
ePOPolicyMigration.exe ePolicy Orchestrator Policy Migration Tool
example.sms Configuration file
FramePkg_UPD.exe McAfee Agent installer
mcavscv.scv Check Point SCV
msistrings.bin Configuration file
Patch5.htm Patch 5 Readme
PKGCATALOG.Z Package catalog file
Readme_DE.html Product Readme in German
Readme_EN.html Product Readme in English
Readme_ES.html Product Readme in Spanish
Readme_FR.html Product Readme in French
Readme_IT.html Product Readme in Italian
Readme_JA.html Product Readme in Japanese
Readme_KO.html Product Readme in Korean
Readme_NL.html Product Readme in Dutch
Readme_PL.html Product Readme in Polish
Readme_PT_BR.html Product Readme in Brazilian Portuguese
Readme_RU.html Product Readme in Russian
Readme_SV.html Product Readme in Swedish
Readme_ZH_CN.html Product Readme in Chinese Simplified Readme_ZH_TW.html Product Readme in Chinese Traditional
Repost5.htm This document
Setup.INI Initialization file for SETUP.EXE
SetupVSE.EXE Installer for this release
SignLic.Txt License file
UnInst.exe 32-bit uninstaller file
UnInst.ini Initialization file for UnInstal.exe and UnInstX64.exe
UnInstX64.exe 64-bit uninstaller file
VIRUSCAN8700(216).zip ePolicy Orchestrator 4.x extension for VirusScan Enterprise VIRUSCANREPORTS(154).zip ePolicy Orchestrator 4.x Reports for VirusScan Enterprise
vse870.msi Microsoft Installer file
Notes
This Patch upgrades the core system files of VirusScan Enterprise 8.7i to a newer revision than what was released with VirusScan Enterprise 8.8. For customers migrating from this Patch to VirusScan Enterprise 8.8, McAfee supports upgrading to VirusScan Enterprise 8.8 Patch 1 or later.
This Patch upgrades the core system files of VirusScan Enterprise 8.7i to a newer revision. McAfee has spent a significant
amount of time finding, fixing, and testing the fixes in this release. However, it is strongly recommended to verify this update in test and pilot groups prior to mass deployment.
MOVE 1.6 Installation: After installing this Patch, you must restart the MOVE-AV service or restart the system.
Improvements
This release of the software includes the following improvements. Additional improvements with Patch 5 can be found in the Patch5.htm Release Notes accompanying this document since the previous Repost Patch release.
1. Added Windows XP Embedded platform identification to the VirusScan Enterprise package catalog.
Previous improvements
Previous releases of the software include the following improvements.
1. VirusScan Enterprise 8.7i Repost Patch 3 is the first package to include a placeholder stub DAT that reduces the size of the package, and prevents the system from having to download a DAT package twice in order to be fully installed and up-to-date. Refer to (McAfee) KnowledgeBase article KB68449 for further information on the benefits and cautions in using this new package.
2. The Heuristic network check for suspicious files (known as Artemis) settings for On-Access, On-Demand and Email Scanners are now set to Very Low by default in the installer and in the McAfee Default policy for VirusScan Extension. Refer to (McAfee) KnowledgeBase article KB53735 for further information on Artemis Technology.
NOTE: See item #1 under Known Issues for further information about this topic.
3. The installation packages for patches and reposts have been upgraded so that the installation log name, created in the McAfeeLogs folder, has a dynamically generated name based on the current date and time of the installation. This helps save logs that might have been overwritten with the previous “backup previous log only” method.
4. The on-access scanner memory scan function (Processes on enable) has been modified significantly to make it more
comprehensive. Because of this change, the installer has been modified to enable the option only if VirusScan is installed under Maximum Security settings.
5. The installation of VirusScan Enterprise now disables the Defender feature of Microsoft Windows Vista in order to improve performance of the operating system.
6. Update to the universal uninstaller script which includes new generic logic for detecting some competitors' products.
Resolved issues
The resolved issues are divided into subsections per patch, showing when each fix was added to the compilation.
Repost Patch 5 resolved issues:
1. Issue: When installing VirusScan Enterprise 8.7 package generated with McAfee Installation Designer, the installer ignored the option to not run an AutoUpdate at the end of the installation. (Reference: 645531)
Resolution: The installer can now disable the AutoUpdate at the end of the installation by configuring the Post-Installation Options within McAfee Installation Designer.
2. Issue: VirusScan Enterprise 8.7i failed to deploy to a Windows XP Embedded Operating System.(Reference: 687005) Resolution: Installation scripts have been updated to include Windows XP Embedded Operating System.
Repost Patch 4 resolved issues:
1. Issue: Universal uninstaller file does not uninstall Symantec Endpoint Protection 11 with password protection. (Reference: 569628)
11 before continuing with the installation of VirusScan Enterprise.
2. Issue: ePolicy Orchestrator extensions do not display file version information unless checked into the ePolicy Orchestrator database.(Reference: 578075)
Resolution: ePolicy Orchestrator extension files for VirusScan Enterprise now include the build number, as a version, in the naming schema for the file.
Repost Patch 3 resolved issues:
1. Issue: VirusScan Enterprise would fail to install on a Vista or later system if Windows Defender was previously disabled. (Reference: 549951)
Resolution: The universal uninstall now accounts for when the Windows Defender service is disabled.
Repost Patch 2 resolved issues:
1. Issue: Some VirusScan Enterprise events were not being parsed properly by ePolicy Orchestrator 4.5. (Reference: 503537) Resolution: The VirusScan Enterprise Reports Extension will now handle events where specific fields are blank.
2. Issue: During an upgrade from a customized VirusScan Enterprise 8.5i to VirusScan Enterprise 8.7i, the new McAfee Installation Designer custom settings were not getting applied. (Reference: 501306)
Resolution: The Repost Patch 2 and later install packages now remove the previous McAfee Installation Designer settings when the preserve option is disabled on the upgrade.
3. Issue: Some pre-patch 7 installs of VirusScan Enterprise 8.5i were corrupting the value for the Preferred Language setting. When the install was upgraded to VirusScan Enterprise 8.7i, this caused the McAfee Agent to stop communicating with the ePolicy Orchestrator server. (Reference: 511662)
Resolution: The Repost Patch 2 and later install packages will correct the invalid registry entry during the install to prevent the situation.
Repost Patch 1 resolved issues:
1. Issue: Silent installations might fail on hard drives that are designated as dynamic. The on-access scanner service fails to start, and the installation rolls back. (Reference: 443669)
Resolution: The Repost Patch 1 and later installation packages now install to a dynamic disk, silently.
2. Issue: Modifying an installation of VirusScan Enterprise to add the on-access scanner component caused the scanner to be in a disabled state. (Reference: 464808)
Resolution: The modification to add the on-access scanner component now correctly enables the scanner at the completion of the installation.
3. Issue: An 8E bugcheck (blue screen) sometimes occurred when VirusScan Enterprise 8.7i was installed along with Checkpoint VPN-1 SecureClient. (Reference: 438771)
Resolution: The link driver was updated to avoid probing kernel memory unnecessarily.
4. Issue: During an upgrade from a customized VirusScan Enterprise 8.5i to VirusScan Enterprise 8.7i, an issue sometimes occurred where the configuration tool did not properly backup and restore the registry information. The installation was left in a state where some of the product information still showed as the older version. (Reference: 443019)
Resolution: The McAfee Installation Designer configuration applicator has been changed to be more comprehensive in backing up and in version checking during the upgrade, in order to prevent failures by other McAfee product installations that require version 8.7i.
5. Issue: Creating a McAfee Installation Designer change package for VirusScan Enterprise and the AntiSpyware Enterprise Module sometimes failed to upgrade the evaluation versions to licensed versions, for both products. (Reference: 437509)
Resolution: McAfee Installation Designer configuration applicator upgrades the licenses of VirusScan Enterprise and the AntiSpyware Enterprise Module when they are both evaluation versions.
Installation instructions
Refer to the VirusScan Enterprise 8.7i Installation Guide to install and deploy software in a production environment. VirusScan Enterprise 8.7i Repost Patch 5 includes McAfee Agent 4.0.0.1496.
A reboot may be needed to fully load the system drivers into memory. The package installation does not force a reboot.
Standalone installation
1. Extract the Patch files to a temporary folder on your hard drive.
Installation steps via ePolicy Orchestrator
1. On the computer where the ePolicy Orchestrator console resides, extract the Patch zip files to a temporary folder on your hard drive.
2. Open the ePolicy Orchestrator console and add the package from the temporary folder created in Step 1 to your repository. 3. If newer versions of the extension or report files are included with the package, they must be checked into the ePolicy
Orchestrator repository separately.
NOTE: Refer to Checking in Packages Manually in the ePolicy Orchestrator online Help, for instructions on adding a package to the repository. The package type is Product or Update (.ZIP).
NOTE: If the VirusScan Enterprise 8.8 Reports file (version 1.2.0.136 or greater) is installed, the Reports file shipped with VirusScan Enterprise 8.7 Repost Patch 5 (version 1.1.0.154) will not check-in to the ePolicy Orchestrator's Repository. This is 'as-designed', as the reports are up-to-date.
The next time an agent update task runs, the VirusScan Enterprise client will automatically download and install the Patch.
Removing the installation
Warning: Removing the installation leaves the system without any virus protection software until another installation is scheduled and completed.
For Windows XP, Windows 2003, Windows Vista, Windows 2008, and Windows 7 operating systems, the installation can be
removed manually via Add/Remove Programs if the user has administrative rights to the local system.
For all systems managed by ePolicy Orchestrator, a removal task can be set up and applied to each system that requires the
installation removed.
Note: After removing VirusScan Enterprise from a system, we recommend that you reboot the client system.
Verifying installation
Always reboot prior to validating that a Patch has been installed successfully.
Open the VirusScan Console and select About from the Help menu. The About VirusScan Enterprise window, Installed Patches,
displays '5'.
After property information has been collected by the ePolicy Orchestrator agent, the client system displays that Patch 5 is
installed as the Hotfix version within the agent About... section. If the value HotfixVersions appears, it is a temporary value and is removed after a full property collection from the client is performed.
Confirm that the expected files are installed by checking the version number of individual files. File versions should match the
list in the File inventory section, above.
NOTE: Patch releases are not displayed or do not report that the Patch is installed if an error occurred during installation, or if a file did not install correctly.
Reporting
There is update information in the ePolicy Orchestrator properties for each computer. On the ePolicy Orchestrator Properties tab for each computer, the VirusScan 8.7i General branch displays two entries:
Patch – Displays the current Patch installed.
Fixes - Displays any number of Hotfixes listed in the registry.
A check is involved to verify that the Hotfix/Patch matches the entry in the registry to the private build description of the binary. If the two don’t match, the Patch or Hotfix does not appear.
NOTE: Currently there are no reports or compliance checks that use this information.
Known issues
Here is a list of known issues that we are aware of at production time.
1. Issue: With the change in Artemis defaults there are several variables that need to be taken into account when introducing this Repost Package into the environment.
NOTE FOR CURRENT AND NEW USERS:
The product installation does not modify current settings to set the Artemis Sensitivity Level to Very Low. If VirusScan
The VirusScan 8.7i NAP and extension that are included with the Repost do change the McAfee Default policy, but do not
modify the My Default policy, or any custom policy settings that were made prior to the check-in of the new
NAP/extension. If this is the first time that the extension is checked in, however, My Defaults has Artemis levels set to Very Low.
When the ePolicy Orchestrator migration tool, which comes with this package, is used to migrate VirusScan 8.5i settings
it now sets Artemis levels to a default of Very Low.
2. Issue: VirusScan Enterprise 8.7i packages created with McAfee Installation Designer fail to install on computers running Windows 7 when they are deployed from ePolicy Orchestrator.
Workaround: See (McAfee) KnowledgeBase article KB69397 for information on obtaining the latest McAfee Installation Designer repost that resolves this issue.
3. Issue: Common Standard Protection: Prevent hooking of McAfee processes is a specialized Access Protection rule that can only be enabled or disabled. It will not be possible to exclude or include additional processes in this rule due to its unique design. 4. Issue: Access Protection rules are not localized with this release. Localization is planned to be re-established with future patch
releases.
5. Issue: Uninstalling VirusScan Enterprise 8.7i Patch 5 may remove some critical files shared by other McAfee products and is not supported for this release. If an uninstall is performed, then this release must be re-applied (as a minimum) before the system may be supported again.
6. Issue: Microsoft update or feature may fail to install when Access Protection is enabled. See (McAfee) KnowledgeBase article KB72458 for information regarding this issue.
7. Issue: A rare Bugcheck may occur if On-Access Scanner service becomes paused, disabled or restarted and the system is immediately Shutdown or Restarted. See (McAfee) KnowledgeBase article KB72678 for information regarding this issue. 8. Issue: An Access Protection log entry may be seen during a custom install of VirusScan 8.7i Repost Patch 5 when not installing
the Script scan feature with the initial installation, but later adding the Script scan feature by modifying the product. The installation completes successfully, but an Access Protection log entry is generated.
License attributions
Copyright © 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE
SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
License agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU
