Just a quick update. We have identified the issue and are currently working on a fix. for those who haven't opened a case with mcafee support can you do that so we can track who is having the issue.
as i get more info (release time frame etc.) i will update this thread.
I have the same problem. Installed Exchange 2010 SP1 a couple of days ago, what a nightmare on its own to install, and after that no transport in Exchange.
What bugs me is that the last post was more than 10 days ago and NAI has not gotten back with a solution yet. Are we paying for software that we cannot use? How does that figure?
Is there an eta on the hotfix release or sollution yet?
We are on track to have the hotfix available later this week, it's going through the final rounds of internal testing. Thank you for your patience with this. Please make sure you call in to support if you've not already got a case open, as the hotfix will be provided to all those with cases open.
Product Manager - McAfee Security for Email Servers (MSES) and McAfee Security for Microsoft SharePoint (MSMS)
I received an e-mail today from McAfee regarding this issue. Of note was the following phrase.
Just for future reference, as per McAfee's public policy regarding compatibility updates, we usually release our patches or compatible versions of our products within 30 days of the RTW release of the Service pack or product. Reason being is that historically with Microsoft there's been major differences between release candidate or beta product and the final version, so we wait to release our compatibility updates until after their product or service pack is fully released.
My public response to this public policy is as follows.
While I understand your policy and the reason for your policy, I do not consider it to be reasonable or responsible in today's 0-day exploit environment.
Specifically, we know that once a patch is released from a vendor and most especially for widely distributed products like Windows and Exchange, malware authors immediately reverse engineer the fixes in order to identify and understand the original vulnerabilities and build exploits for those vulnerabilities as quickly as possible. While 5 years ago it took months and sometimes years for released details on vulnerabilities to produce exploit code in the wild, today it can and regularly does happen in days and even hours.
Once a fix is released for a prime target product like Windows or Exchange, the clock is ticking. The longer you operate without critical security patches, the greater the risk of compromise. With individual patches, I can evaluate discreetly the risk vs the cost. With service packs containing huge quantities of fixes (some of which are never publicly documented at all), the risk can't be properly evaluated.
For McAfee to ask customers NOT to patch their exchange servers for THIRTY days and incur all of the associated risk simply because it's convenient for McAfee is unthinkably irresponsible. In this age of rampant 0-day exploits, leaving a critical system unpatched for 30 days can be disaster.
McAfee is supposed to be in the business of protecting customers from precisely that kind of disaster, not imposing it upon them.
I made the responsible choice by installing the Exchange 2010 SP 1 service pack as quickly as I did, even if it meant suffering thousands of spam e-mails a day for several weeks. I'm not so sure anymore I made the responsible choice with McAfee for my gateway protection. I certainly don't consider McAfee's response on this issue to be responsible.
The only reason this situation is even remotely tolerable is because for the most part we're only talking about spam e-mails, and while spam is tremendously annoying it is otherwise relatively harmless. If McAfee tried to tell customers to wait 30 days for a DAT response to a newly discovered virus, they would be laughed off the face of the planet and go out of business over night.
I just received notice that a hotfix is now available to resolve this issue. At this time I have not tested the hotfix, so I can not confirm yet that the hotfix actually resolves the issue or not.
On a related note, immediately after receiving the hotfix notice, I received another e-mail with the following news story.
Stuff like this scares the crap out of me.
In case McAfee doesn't get it yet, responsible Administrators move quickly on patches because the alternative is unacceptable. We need and expect McAfee to be just as serious about this as we are. That means when Microsoft releases a service pack or critical patch for a product, your product is also ready and won't break.
Yes, we customers understand that sometimes lessons learned from Beta means that the RTM software is different and that this can sometimes surprise you, but that doesn't mean you should avoid the effort entirely of making sure your software is ready when the time comes. For the record, McAfee isn't even saying in this specific case that the Beta and RTM of Exchange SP 1 were different and that is the root cause for the problems. McAfee is saying blanket that since *sometimes* that happens, now they don't even LOOK at the service pack until it comes out and then they discover (at the same time as fast moving customers) that something is horribly wrong.
As I said before, I'm glad this was limited to only spam, but I think in this case that was merely luck. Had it been the antivirus protection that was broken instead, I would have been forced to replace the product on the spot and McAfee would have lost a customer instantly.
I just tried to apply the hotfix, and it does NOT work.
Though it completes without error, here is what I found.
According to the readme, I should find the following files under the Groupshield directory.
CONFIGURE.EXE 7.0 1197.0
CONFIGUREX64.EXE 7.0 1197.0
CSEMAPPER.EXE 7.0 1197.0
GSNOTIFICATION.DLL 7.0 1197.0
GSNOTIFICATIONX64.DLL 7.0 1197.0
MCCOMINTEROPX64.DLL 7.0 1197.0 (found under E2007 Agents)
MCGSETNEFPARSER.DLL 7.0 1197.0
MCTXAGENTX64.DLL 7.0 1197.0 (found under E2007 Agents)
MCUTILX64.DLL 7.0 1197.0
TRANSPORTSCANX64.DLL 7.0 1197.0
After applying the hotfix, I found 7.0.913.0 (old 7.0.2) versions of ALL of these files under a \GroupShield for Exchange\$Backup\HF616318\bin directory. However, the following files were MISSING from the \Groupshield for Exchange\bin directory or the E2007 Agents directory.
MCGSETNEFPARSER.DLL (the TLB was present but the DLL was missing)
When I did a powershell GET-TRANSPORAGENT of course I did not find the appropriate agents added, but without the proper DLL's I wasn't surprised.
Also, while I did find a McTxAgentX64.DLL under E2007 Agents, it was NOT the new version. It is dated 12/18/2009 5:06 PM (local time) with a version of 7.0.913.0. These are the same properties found under $Backup\HF616318\bin.
Its getting odd... now McAfee post the next erros:
The perfmon.exe is not able to run without errors. here is the detailed result, only in german.
Windows kann die 32-Bit-Version der DLL für erweiterbare Leistungsindikatoren "GroupShield für Exchange" in einer 64-Bit-Umgebung nicht öffnen. Wenden Sie sich an den Hersteller der Datei, um eine 64-Bit-Version zu erhalten. Sie können aber auch die 32-Bit-Version der DLL für erweiterbare Leistungsindikatoren öffnen, indem Sie die 32-Bit-Version des Systemmonitors verwenden. Öffnen Sie den Ordner "Windows", öffnen Sie den Ordner "Syswow64", und starten Sie "Perfmon.exe", um dieses Programm zu verwenden.
Today the Hotfix released from McAfee ... and ... please all customers who installed the hotfix may report if the spam engine and AV Engine is working back again? Mine isnt working with that Hotfix ...
Still Have no SPAM and no AV Transport Agent listet!!!!!!!!!!!!!!!!!
Just forgot to run these instructions: To get the agents installed for mcafee you have to run the install-agent.ps1 script from the groupshield for exchange\bin\e2007 agents folder.
now its should work.Nachricht geändert durch fgro on 21.09.10 15:48:00 GMT+01:00
The hot fix only allows the agents to run correctly when sp1 is installed.
if the mcafee agents aren't installed then you need to re-install them by running the instal-agent.ps1 script. this is located in the "..\groupshield for exchange\bin\e2007 agents" folder.
open exchange shell and cd to this folder
type in .\install-agent
run get-transportagent to verify the mcafee agents are installed and enabled.
as long as spam and av scanning are enabled in the gui then groupshield should start scanning.