McAfee VirusScan Enterprise 8.5 Patch 6.1 Released
Details here:
https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=616311&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=616311
Improvements:
1. The on-demand scanner has been updated to better use the System Utilization setting throughout the entire scanning process.
Refer to McAfee Support Knowledgebase article 9197288 for further information.
2. This Patch contains a new Buffer Overflow and Access Protection DAT (version 378) which adds an Access Protection category for Virtual Machine Protection. These rules provide access protection functionality for virtual machines.
NOTE:
In order to manage the new Virtual Machine Protection category with ePolicy Orchestrator 3.x or Protection Pilot, you will need to use the latest NAP file, included in this Patch package, or VirusScan 8.5i Repost Patch 5.
For ePolicy Orchestrator 4.x users, the Extension update also contains the updated rule file. The updated Extension package is available on the web product download area under the Patches category.
PATCH 6.1 RESOLVED ISSUES
1. ISSUE:
An issue can occur when the 5300 engine is installed prior to installing VirusScan 8.5i Patch 6. The scanner engine files are partially overwritten with the previous 5200 version that is stored in the MSI cache. This mismatch causes the scanner engine to fail to initialize.
RESOLUTION:
The Patch installation package has been updated to correct this issue, and does not overwrite the engine files.
PATCH 6 RESOLVED ISSUES
1. ISSUE:
The VirusScan Enterprise management plug-in writes all settings to the registry on every policy enforcement. McShield service monitors the registry and reloads whenever the settings are written, generating frequent pause events in the Windows System log.
RESOLUTION:
The VirusScan Enterprise management plug-in has been updated to only write to the registry if it sees that it is different from the current policy. This will prevent McShield from generating events on policy enforcement, unless that policy has changed.
This is an addendum to the original solution in Patch 5, where the fix did not work when the preferred language was set to something other then automatic.
2. ISSUE:
A compatibility issue has been seen with VirusScan’s port blocking feature, and Veritas backup applications. This was causing the backup software services to stop running.
RESOLUTION:
The VirusScan Anti-Virus Mini-Firewall Driver has been updated to correct the compatibility issue.
3. ISSUE:
A race condition in the On-Access Scanner service can cause high CPU utilization with high performance systems.
RESOLUTION:
The On-Access Scanner service has been updated to remedy multi-threading synchronization issues and remove occurrences of runaway threads.
4. ISSUE:
The On-Access Scanner service sometimes crashes during a system shutdown or during installation of a Patch/HotFix.
RESOLUTION:
The On-Access Scanner service has been repaired to correct a race condition in which a critical-section synchronization object is deleted before another thread has entered.
5. ISSUE:
A deadlock could occur on high end servers caused by a race condition in VirusScan’s link driver.
RESOLUTION:
The link driver has been changed to properly handle the release of system objects, while holding a lock on resources.
6. ISSUE:
Port blocking fails on Microsoft Windows Vista Service Pack 1.
RESOLUTION:
The McAfee Driver Installer has been update to handle the changes in network stack load order.
7. ISSUE:
The On-Demand Scanner system utilization changes that were put in patch 5 changed the memory scanning function. This caused the process
scanning to only scan the first process ID.
RESOLUTION:
The change has been reversed so that all processes are scanning irrespective of process ID.
8. ISSUE:
When applied to a client installation that was customized by McAfee Installation Designer (MID), the patch installer deletes the MidFileTime registry value. This caused MID .CAB files to be re-applied to the system.
RESOLUTION:
The patch installer has been updated to no longer delete the MidFileTime registry value.
9. ISSUE:
A newly created user defined Unwanted Program Policy, does not take affect immediately if the file has been scanned by the On-Access Scanner before the change occurred.
RESOLUTION:
The On-Access Scanner service has been updated to properly recognize changes to the user defined detections and clear the cache of files that have already been scanned so that the new settings take effect immediately.
10. ISSUE:
A trust relationship exists in McAfee drivers that can be leveraged by McAfee processes to avoid triggering access protection rules and other compatibility symptoms. When the link driver was updated to newer releases this trust relationship was lost until a reboot occurred.
RESOLUTION:
The link driver has been modified to better handle the process of future upgrades to itself without the need for a reboot.