Andrew Berges

Configuration Manager, Security, and other musings from a self-confessed IT geek.

December 2008 - Posts

McAfee Agent 4.0 Patch 1 Released

Download

McAfee KB

Resolved issues

Issues that are resolved in this release are listed below.

  1. Issue: An update dialog box appeared in English rather than the non-English language running on the system. (Reference: 389523)

Resolution: Update dialog boxes now appear in the language running on the system.

  1. Issue: When using the “/forceinstall” switch and only changing the data (/datadir=<new folder>) folder, the upgrade process did not remove the old data folder and used the new folder. (Reference: 393182)

Resolution: Now when using the “/forceinstall” switch and changing the data (/datadir=<new folder>) folder, the upgrade process removes the old data folder and uses the new folder.

  1. Issue: When the AgentEvents folder was missing, the upgrade process failed. (Reference: 393764)

Resolution: Now the upgrade process creates the AgentEvents folder when it is missing.

  1. Issue: Managed product installation routines were executed each time a deployment task ran on systems that used a language other than English. (Reference: 399232)

Resolution: Managed product installation routines now execute only when necessary.

  1. Issue: If the installation or data folder contained a double-byte character, the upgrade process failed. (Reference: 404111)

Resolution: Now the installation and data folders can contain non-English characters.

  1. Issue: When executing the VirusScan update process (mcupdate.exe) with the “/update” and “/quiet” switches, an upgrade dialog box would still be displayed. (Reference: 405004)

Resolution: The VirusScan update process now honors the “/quiet” switch.

  1. Issue: The upgrade process was checking for the existence of the “My Favorites” and “Fonts” folders. If they were not present, the upgrade failed. (Reference: 405314)

Resolution: The upgrade process no longer requires the “My Favorites” and “Fonts” folders to be present.

  1. Issue: When an error occurred during Host Intrusion Prevention policy enforcement, the system could be “locked out of the network”. (Reference: 406896)

Resolution: Now the ePolicy Orchestrator server connection information (server IP, name and port, and incoming agent wake-up port) is recorded. This allows Host Intrusion Prevention to create specific rules that allow communication to and from the ePolicy Orchestrator server, even in the absence of Host IPS policies.

  1. Issue: The name of the ePO server the system last communicated with appears in the XML log file. The value is initially blank and remained blank for a period of time after the first communication. (Reference: 407154)

Resolution: The name of the ePO server the system last communicated with now appears immediately after the last server communication.

  1. Issue: The McAfee Agent deployed managed products to Microsoft Vista or Windows Server 2008 that were not supported on these platforms. (Reference: 408989)

Resolution: Managed products are now deployed only to their supported platforms.

  1. Issue: The Mirror task created a duplicate repository, but it failed to copy the sitestat.xml file. This caused the duplicate repository to remain disabled. (Reference: 409637)

Resolution: The Mirror task now copies the sitestat.xml file to the duplicated repository.

  1. Issue: During a managed product update, a dialog box could be presented requesting a system reboot. The dialog box asked the user if they wanted to reboot now and rebooted the system even when the user selected “No”. (Reference: 410573)

Resolution: The managed product update process now honors the user's selected reboot response.

  1. Issue: Certain dates, such as leap years, were recorded incorrectly in the agent_<machinename>.xml log file. (Reference: 413415)

Resolution: All dates are now recorded correctly in the agent_<machinename>.xml log file.

  1. Issue: The McAfee Agent only updated the VirusScan engine if the minor version was newer than what was installed. This prevented the VirusScan engine from updating to a newer build of the same version. (Reference: 414065)

Resolution: The McAfee Agent now supports build-to-build VirusScan engine updates.

  1. Issue: The installation and upgrade processes failed if the data folder was located in the “Windows” or “WinNT” folders. (Reference: 415578)

Resolution: Now the installation and upgrade processes allow the data folder to be located in the “Windows” or “WinNT” folders with the exception of the system32 folder. The installation and upgrade processes prohibit the data folder from including the system32 folder.

  1. Issue: Some non-McAfee product installation routines removed critical registry entries, such as the Windows IStream COM registration, causing the McAfee Agent to fail. (Reference: 416298)

Resolution: The upgrade process now re-registers the ole32.dll file when it detects it is missing.

  1. Issue: The installation and upgrade processes failed if the installation or data folders contained double-byte characters. (Reference: 416559)

Resolution: The installation and upgrade processes now allow the installation and data folders to contain double-byte characters.

  1. Issue: Several install and uninstall error messages made no sense when displayed on a Japanese language system. (Reference: 418729)

Resolution: The upgrade process now displays meaningful install and uninstall error messages on a Japanese language system.

  1. Issue: On systems running VirusScan Enterprise version 8.0 the McAfee Agent did not remove the Temp files created during the execution of an “Agent Update Task”. (Reference: 419066)

Resolution: The McAfee Agent now removes the Temp files created during the execution of an “Agent Update Task”.

Note: This change does not remove the Temp files created during the execution of an "Agent Update Task" prior to implementing this patch.

  1. Issue: During Policy Enforcement, when the McAfee Agent failed to compile the policy file, the policy enforcement failed and the agent crashed on the next Policy Enforcement. (Reference: 423070)

Resolution: The McAfee Agent now detects failed Policy Enforcements and retries the policy compilation until it completes successfully.

  1. Issue: DAT updates were postponed indefinitely and the message “Update will be retried after 3 mins because update is already in progress” appeared repeatedly in the agent log file. (Reference: 424203)

Resolution: The DAT update process now terminates properly when it detects an error in an FTP transaction.

Posted: Dec 17 2008, 12:06 PM by aberges | with no comments
Filed under: ,
McAfee ePolicy Orchestrator Server 4.0 Patch 3 Released

Download

McAfee KB

Resolved issues

Issues that are resolved in this release are listed below.

  1. Issue: SuperAgent Repositories on Windows Vista and Windows 2008 systems did not appear as Distributed Repositories in the ePolicy Orchestrator console. (Reference: 371932, 405958)

Resolution: SuperAgent Repositories on Windows Vista and Windows 2008 systems now appear as Distributed Repositories in the ePolicy Orchestrator console.

  1. Issue: A synchronization point could not be created, edited, or deleted for the “My Organization” group. (Reference: 384135)

Resolution: A synchronization point for the “My Organization” group can now be created, edited, and deleted.

  1. Issue: Grouped Summary Table queries could not be ordered by label values when grouped by a version number column. For example, a group summary of managed systems grouped by group name and DAT version could not be ordered by the group name label and then by DAT version label. (Reference: 386121)

Resolution: Grouped Summary Table queries can now be ordered by the label values when grouped by a version number column.

  1. Issue: When configuring an Active Directory synchronization group, the “Browse” button for browsing and “Add” button for exceptions were disabled unless the user first selected an NT domain synchronization type. (Reference: 391830)

Resolution: The “Browse” and “Add” buttons are now enabled without having to first select an NT domain synchronization type.

  1. Issue: Active Directory synchronization failed when a synchronized folder name included a semicolon. (Reference: 392803)

Resolution: Active Directory folder names can now contain a semicolon.

  1. Issue: When viewing the system properties of a system that has never communicated with the ePolicy Orchestrator server, clicking on the “more” link resulted in a blank page. (Reference: 398952)

Resolution: Selecting the “more” link for a managed system that has never communicated with the ePolicy Orchestrator server no longer results in a blank page.

  1. Issue: Extra.DAT packages were not updated on Windows Vista or Windows 2008 Server managed systems. (Reference: 400563)

Resolution: Extra.DAT packages are now updated on Windows Vista and Windows 2008 Server managed systems.

Note: All Extra.DAT packages in the repository must be reinstalled before this change takes effect.

  1. Issue: The McAfee Agent failed to enforce Host Intrusion Protection rule policies when the rule name contained an angled bracket character. (Reference: 400808)

Resolution: The McAfee Agent now enforces Host Intrusion Protection rule policies regardless of the rule name.

  1. Issue: A client task with a “repeat starting at” schedule could have a repeat duration that was less than the repeat interval, resulting in the client task never running. (Reference: 401301)

Resolution: New or modified client tasks with a “repeat starting at” schedule must now have a repeat duration that is greater than or equal to the repeat interval.

  1. Issue: When viewing the results of a query for Events, the “Show Related Systems” action is not available. (Reference: 402250)

Resolution: The “Show Related Systems” action is now available for Event queries.

  1. Issue: Importing managed systems into the System Tree from a Unicode text file created erroneous entries in the System Tree. (Reference: 402271)

Resolution: An error message is now displayed when non-UTF-8 encoded text files are imported, and the System Tree is unaffected.

  1. Issue:  An updated version of the System Compliance Profiler 2.0 extension is available. (Reference: 404381)

Resolution: Version 2.0.2.191 of the System Compliance Profiler 2.0 extension is now installed during ePolicy Orchestrator 4.0 Patch 3.

  1. Issue: Running a previous upgrade a second time, after it had been successfully installed, failed. (Reference: 405288)

Resolution: The upgrade can now be run multiple times.

  1. Issue: VirusScan DAT and Engine version information was missing on Managed System Rollup queries. (Reference: 405383)

Resolution: Managed System Rollup queries now include VirusScan DAT and Engine version information.

  1. Issue: In the ePolicy Orchestrator console, the option that uninstalls the McAfee Agent from managed systems was not supported by non-Windows agents, but it was a selectable option. When this option was selected and the agents were manually uninstalled and later reinstalled, the managed systems never reappeared in the ePolicy Orchestrator System Tree. (Reference: 405859)

Resolution: A non-Windows managed system, which successfully reinstalls the McAfee Agent after a failed agent uninstall from the ePolicy Orchestrator console, now reappears in the ePolicy Orchestrator console System Tree.

  1. Issue: An ePolicy Orchestrator 4.0 upgrade failed when the SQL Server UDP port was enabled for the initial ePolicy Orchestrator 4.0 installation and disabled before upgrading. The inverse scenario also caused the upgrade to fail. (Reference: 406814, 415166)

Resolution: The ePolicy Orchestrator 4.0 upgrade no longer fails when the SQL Server UDP port was enabled for the initial ePolicy Orchestrator 4.0 installation and disabled before upgrading. The inverse scenario has also been corrected.

  1. Issue: The Synchronization Group Agent Deployment checkbox, “Force installation over existing Version,” does not remain selected after saving the Synchronization Group and accessing it again for editing. (Reference: 410246, 426930)

Resolution: The Synchronization Group Agent Deployment checkbox, “Force installation over existing Version,” now retains the selected value.

  1. Issue: Installations in clustered server environments incorrectly set the ePolicy Orchestrator services to start “Automatically.” (Reference: 410543)

Resolution: Installations in clustered server environments now correctly set the ePolicy Orchestrator services to start “Manually.”

  1. Issue: The managed system name is truncated to a length of 14 characters on the ePolicy Orchestrator console “Systems” tab. (Reference: 410779)

Resolution: The column “DNS Name,” containing a “Fully Qualified Domain Name,” can now be selected as the managed system name on the ePO console “Systems” tab.

  1. Issue: The import policies process did not verify the ownership of the existing policies, which could result in policies being overwritten by users other than the owner. (Reference: 410917)

Resolution: The import policies process now verifies the ownership of the existing policies and prevents policies from being overwritten by users other than the owner.

  1. Issue: Changes to existing policies were not recorded in the Audit Log. (Reference: 412589)

Resolution: Changes to existing policies are now recorded in the Audit Log.

  1. Issue: The ePolicy Orchestrator Alerting extension, used by Rogue System Detection 2.0, was not localized. (Reference: 412661)

Resolution: The ePolicy Orchestrator Alerting extension is upgraded to a localized version, on ePolicy Orchestrator servers with Rogue System Detection 2.0 installed.

  1. Issue: The ePolicy Orchestrator server failed to respond if a corrupt package file was checked in. (Reference: 413466)

Resolution: The ePolicy Orchestrator server responds correctly when a corrupt package file is checked in.

  1. Issue: Editing a client task could result in the error message “An Unexpected error occurred” being displayed in the ePolicy Orchestrator console. (Reference: 413963)

Resolution: Editing client tasks no longer results in unexpected errors.

  1. Issue: Client tasks, for managed product extensions that do not have a default policy, were not available for configuration. (Reference: 415739)

Resolution: Client tasks, for managed product extensions that do not have a default policy, are now available for configuration.

  1. Issue: An ePolicy Orchestrator 4.0 upgrade stopped installing the included managed product extensions after the first failure was discovered. (Reference: 415974)

Resolution: An ePolicy Orchestrator 4.0 upgrade now attempts to install each of the included managed product extensions, even if an error occurs during the installation of a previous managed product extension.

  1. Issue: When the ePolicy Orchestrator server did not have a “Master Agent to Server Communication Key,” the ePolicy Orchestrator 4.0 upgrade failed leaving the ePolicy Orchestrator server in a non-functional state. (Reference: 419859)

Resolution: The ePolicy Orchestrator 4.0 upgrade now verifies the ePolicy Orchestrator server has a “Master Agent to Server Communication Key” before it starts the upgrade.

  1. Issue: An updated version of the Host Intrusion Prevention 7.0 extension is available. (Reference: 422819)

Resolution: Version 7.0.1.133 of the Host Intrusion Prevention 7.0 extension is installed during the ePolicy Orchestrator 4.0 upgrade.

  1. Issue: The “delayload.log” file could grow without limit in the root (C:\) of the ePolicy Orchestrator server. (Reference: 425738)

Resolution: The “delayload.log” file is no longer used.

Note: The ePolicy Orchestrator 4.0 upgrade process does not remove existing “delayload.log” files.

  1. Issue: Event queries could not be chained to ePolicy Orchestrator server task actions. (Reference: 427217)

Resolution: Event queries can now be chained to ePolicy Orchestrator server task actions.

  1. Issue: Server tasks could not run an event query that was chained to these actions: apply, clear, or exclude tag actions. (Reference: 427708)

Resolution: Server tasks can now run an event query chained to these actions: apply, clear, or exclude tag actions.

  1. Issue: The “View Logs” button could fail to display the correct installation log files after an ePolicy Orchestrator 4.0 upgrade failure. (Reference: 429819)

Resolution: The “View Logs” button now displays the main installation log files after an ePolicy Orchestrator 4.0 upgrade failure.

  1. Issue: An initial ePolicy Orchestrator 4.0 installation, on a system with a local MSDE database and the UDP port disabled, could result in incorrect ePolicy Orchestrator service dependencies. (Reference: 430390)

Resolution: The ePolicy Orchestrator 4.0 upgrade repairs the ePolicy Orchestrator service dependencies for systems installed with a local MSDE database and the UDP port disabled.

  1. Issue: Miscellaneous language translation and localization issues were reported. (Reference: 429847, 430581)

Resolution: The reported language translation and localization issues were addressed.

  1. Issue: An updated version of the ePolicy Orchestrator Help extension is available. (Reference: 433198) 

Resolution: Version 1.0.6 of the ePolicy Orchestrator Help extension is now installed during the ePolicy Orchestrator 4.0 upgrade.

  1. Issue: Inconsistent event times would appear in the Server Task Log. (Reference: 417725) 

Resolution: The problem of inconsistent event times appearing in the Server Task Log after applying patches has been fixed.

  1. Issue: Console logons using NT authentication, worked only when the ePolicy Orchestrator console was located in a domain where a two-way trust existed between the console and ePolicy Orchestrator server domains. (Reference: 395894) 

Resolution: Authentication support for multiple domain controllers has been added to the product. (For more information see KB article: 616709)

  1. Issue: The date formats are incorrect for the English (United Kingdom) locale. (Reference: 362588) 

Resolution: A new choice of English (United Kingdom) has been added to the Language drop-down list of the ePolicy Orchestrator Logon screen. 

  1. Issue: When installing managed product extensions on ePolicy Orchestrator, the installation could fail with the message: “ERROR: java.lang.OutOfMemoryError: PermGen space.” (Reference: 407724) 

Resolution: The PermGen Memory allocation size has been increased to 128 MB on clean installations and upgrades. (For more information see KB article: 615843)

  1. Issue: There was a performance bottleneck when processing a large number of unrelated dashboard requests. (Reference: 407724) 

Resolution: Performance has been improved to allow many users to view the dashboard.

  1. Issue: Dashboard related caching is not functioning correctly, which caused the user to see stale data. (Reference: 411646) 

Resolution: Dashboard caching has been fixed so the user views the most current data. 

  1. Issue: An unexpected error occurred while creating a query using a Grouped Bar Chart with Boolean types of data. (Reference: 415069)

Resolution: Grouped Bar Charts now correctly display data when using any of the supported data types.

  1. Issue: Drilling down into a chart, a user could see an unexpected error page if there was a null value in the returned time field. (Reference: 413954, 419692) 

Resolution: Chart drill-down now works as expected and no longer returns an error when drilling down into null time-based reports.

  1. Issue: Some international characters caused problems in the server log details page. (Reference: 411088) 

Resolution: Log entries are now correctly formatted prior to being written to the server task log.

  1. Issue: Some valid characters caused problems when user names or passwords were typed in the ePO installer. (Reference: 395890)
Resolution: The installer now accepts all valid characters for ePolicy Orchestrator user names and passwords, including all NT authentication-allowed characters.
Posted: Dec 17 2008, 12:06 PM by aberges | with no comments
Filed under: ,
McAfee Rogue System Detection 2.0 Patch 1 Released

Download

Resolved issues

Issues that are resolved in this release are listed below.

  1. Issue: Selecting the “Next Page” while viewing “Managed Machines” caused this message to be displayed: “An Unknown Error has Occurred.” (Reference: 427453)

    Resolution: Now when you view a subnet containing more than a single page of system information and you select “Next Page,” the requested information is properly displayed.

  2. Issue: The columns on the “Managed Systems for Subnet” page did not sort when selected.   (Reference: 430417)

    Resolution: Now when you select a column on the “Managed Systems for Subnet” page, the page is properly sorted.

  3. Issue: Although the Rogue System Detection Sensor deployment task would run, the Rogue System Detection Sensor was not updated. (Reference: 415191)

    Resolution: The Rogue System Detection Sensor deployment task now supports build-to-build upgrades.

  4. Issue: The “Detected Systems Details” page displayed the “Last Detected IP Address” with NULL IP addresses as “unknown error.” (Reference: 431047)

    Resolution: The “Last Detected IP Address” on the “Detected Systems Details” page now displays NULL IP addresses as “blank.”

  5. Issue: Rogue System Detection only allowed domain names of up to 16 characters in length. (Reference: 431049)

    Resolution: Rogue System Detection now allows domain names of up to 255 characters in length.

  6. Issue: The Rogue System Detection Sensor Service was incorrectly described in the “Services” pane of the “Computer Management” window. (Reference: 423608)

    Resolution: The Rogue System Detection Sensor Service is now described as “Performs broadcast and DHCP detection.”

Posted: Dec 17 2008, 12:04 PM by aberges | with no comments
Filed under: , ,
McAfee Host Intrusion Prevention Server 7.0.1 Extension Released

Download

New features

New and updated features in the current release of the software are described below:

7.0.1

  • Management of version 6.1 clients from ePolicy Orchestrator 4.0 patch 1 when the 6.1 extension is installed.
  • Migration of version 6.x policies to version 7.0 by running a server task from ePolicy Orchestrator 4.0.
Posted: Dec 17 2008, 12:00 PM by aberges | with no comments
Filed under: , ,
McAfee Host Intrusion Prevention Version 7.0.0 Patch 3 Released

Download

McAfee KB

New Resolved Issues

Host IPS 7.0 Patch 3 resolves a number of stability issues seen on high availability servers, domain controllers, and backup servers.  In addition, the following customer issues were also resolved:

Issue: Tivoli does not function when using Check Point VPN-1 Client when Connection Aware Group firewall rules are applied. (Reference: 425392)

Resolution: Connection Aware Group matching failed with inbound traffic with some IPSec VPNs. The Connection Aware Group matching logic was extended to handle IPSec VPN re-routing of inbound traffic to the physical adapter’s NDIS miniport instance.

Issue: Unable to connect to HTTPS server when a client is connected with T3G wireless network connection. (Reference: 414155)

Resolution: Unsolicited inbound traffic was not being matched by the Connection Aware Group.  The Host IPS Firewall will now use the IP address, instead of the MAC address, when matching traffic for Connection Aware Groups.

Issue: The Host IPS client does not block all SQL injections on a single IIS 6 server hosting multiple sites. (Reference: 419431)

Resolution: The ISAPI filter stub tracked the engine status using a single value even when multiple instances of the stub were loaded. Each ISAPI filter stub instance now tracks its respective engine status.

Issue: System stops responding or ‘hangs’ at shutdown because of incompatibility with NetMotion VPN. (Reference: 426645)

Resolution: In certain circumstances, a specific Windows API used during shutdown caused the system to stop responding. This API is no longer used during shutdown.

Issue: TCP traffic is blocked when firewall rules use short path names. (Reference: 414249)

Resolution: The firewall drivers, which failed to convert a short path name to a long form, now obtain a long form of a short path name before matching the rules.

Posted: Dec 17 2008, 11:59 AM by aberges | with no comments
Filed under: , ,