After some time on NSM 126.96.36.199, I found the one more issue.
After upgrade from 8.3 there is no UDS signatures displayed in the Custom Attacks view. The signatures are included in IPS policies and are matched OK but when I open Custom Attacks view to display all UDS (McAfee/Snort), the list is empty. When close such view, NSM asks about discard changes.
So UDS are in the system, but the list can not display them.
Anyone also see this behavior ?
After a couple weeks on 9.2, I can say, wait before upgrading... Too many unresolved issues. I have reported one confirmed BUG and 1 unconfirmed being seen by developers.
I regret having made the jump, should have stayed in 9.1
The official BUG is my secondary NSM server randomly spiking to 100% CPU utilization by process Java.exe and remaining there until the NSM services are manually stopped. This is not affecting my primary, so all that is lost in the redundancy/High Availability.
The Not-yet-considered-bug is my primary NSM server's dashboards showing either blank or outfated inforamtion. It is believed to be a problem with the Solr database. Still being investigated by Support.
Luckily, none of these prevent the IPS sensors from doing their jobs, so security is not impaired in my environment.
Just to wrap this up, Mcafee Support is strongly recommending customers to stay on Main Release 9.1 unless strictly necessary for one of the new features released on 9.2
Both my issues are official bugs now.
I wish I had known earlier about this recommendation, but since I so not want to downgrade all my infrastructure all over again, im going to have to hang on to it.