cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 46

Re: VSE 8.8 patch5 bugs


Troja wrote:



Hmmm,


i tested with HF929019, no Access Protection any more.


Cheers


REGISTERED - VirusScan Enterprise 8.8 Patch 4 Hotfix 929019 Known Issues

Technical Articles ID:  KB83215

Reference NumberRelated ArticleIssue Description
1031673KB83808Access Protection rules are disabled (not being enforced) because of an invalid character in the rule policy

Should you find you saw this behavior for a different reason, I suggest engaging Support.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Highlighted

Re: VSE 8.8 patch5 bugs

We have no invalid characters , we tried with 1 file in the exclusions. Nothing exotic.

the same goes for the mass mailing rule in access protection . New exceptions are not accepted.

the rules aren't disabled in our case but are just no longer usable because they don't see the exceptions

Highlighted

Re: VSE 8.8 patch5 bugs

Resellers are sending mailings to their customers stating not to use P5  , but on the the McAfee download website it is still there... 

Highlighted

Re: VSE 8.8 patch5 bugs

I'm not sure if it's exactly the same issue but this may be worth a read. McAfee KnowledgeBase - VirusScan Enterprise 8.8 could block McAfee processes after installing or upd...

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 15 of 46

Re: VSE 8.8 patch5 bugs

hi ,

OMG, i have not seen this. Thanks for the info! 🙂

Lets try if Patch 5 resolves this...

Cheers

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 16 of 46

Re: VSE 8.8 patch5 bugs


Troja wrote:



hi wwarren,


OMG, i have not seen this. Thanks for the info! :-)


Lets try if Patch 5 resolves this...


Cheers


Yes, that particular issue I referred to has been confirmed solved with Patch 5.

But as we are seeing in other related conversations, there are yet other issues introduced or catalyzed by Patch 5 we still need to better understand (and we're working on it still).

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Highlighted

Re: VSE 8.8 patch5 bugs

I still see Patch 5 on the download site... Isn't it time to revoke this ? Or at least come up with a fix ?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 18 of 46

Re: VSE 8.8 patch5 bugs


paradroid wrote:



I still see Patch 5 on the download site... Isn't it time to revoke this ? Or at least come up with a fix ?


No, it's not.

This isn't the place if you were looking for any kind of official response to that first question. However, if you're open to a candid response to the candid question, then allow me...

The issue reported is of Access Protection exclusions not working, meaning we're talking about the "Processes to exclude" portion of an AP rule.

In our own testing of the feature pre-release we saw no such issue; had we done so we would've investigated prior to releasing the patch (reason #1 why we experience schedule delays). But that fact tells us, with respect to your own experience, that there is something more to this issue than simply having an exclusion.

This alone is reason to _not_ pull the patch, because you'd be affecting all customers based on the unconfirmed report of one. I open myself to 2 possible lashings there in saying it's unconfirmed and that there is one report only. So let me tackle those real quick -

  • It's unconfirmed at this time, meaning, the behavior is still being investigated. This investigation work must conclude so we can assign the appropriate disposition of this behavior being a confirmed bug or why it's not a bug. The downside of anything being investigated is that it takes time to investigate, requiring the patience of those waiting for results. And sometimes that is a lot to ask but sadly a lack of patience does not hasten the investigation process, it only makes the process more unpleasant for everyone . We experience this ourselves when trying to hit release dates, so "Isn't it time" and "at least [do something]" are familiar expressions.
  • It is one report at this time, being a measure of the number of customer escalations we have received to date for this behavior.  Surely there are more customers than yourself who has experienced this right? Yes, I'm sure.  But we have no data to tell us how many customers would see the same behavior or who do see the same behavior. When the investigation concludes we'll have a better idea of the potential scope of impact.

What do we know is that 1 report (or even 10 for that matter) for a behavior that isn't immediately apparent is not sufficient cause to make a judgment call that affects everybody; so the patch is not being revoked.

We also know it is a behavior that does need investigating, it needs to be understood with all its nuances (and mitigating factors if it is a bug) because it is impacting at least 1 customer. This is in progress. And as stated earlier, we'll update our Known Issues KB article if there's a bug here. We might need to update the article even if it's not a bug. We'll see.

What we might learn from this is that our testing should be expanded to include your scenario - I'm sure management types will clue in on that one.

Something I've learned from this is that Access Protection continues to be one of the least understood features of VirusScan Enterprise - because you sought to downgrade the software over this issue, rather than disabling a single AP rule and wait for the behavior to be researched; that's like finding out you have a tooth cavity and opting for a complete set of false dentures to fix it, then asking for the cavity to be looked at. Total overkill! But maybe it's because you found yourself in a desperate situation, which I think you alluded to earlier that had you been the one in control there would have been more testing done beforehand, but immediate action had to be taken instead of spending time looking for a workaround. That all  makes sense to me.  Even so, it still tells me that this Access Protection feature is not well understood because the knee-jerk response was to downgrade instead of looking at the Access Protection log file, or the Events coming in from ePO, telling you which rule was being violated... which would let you know the simple option was to disable that rule. (So, for everyone who's reading this: Please read my Blogs )

And I haven't forgotten your comment about this being reported months ago. I still think folks are going to be kicking themselves for that if this is confirmed to be a bug. I have some input there for when that comes up as an internal discussion, believe me.

And to your final question, a fix cannot be had until a) a bug has been found, and b) a fix is deemed plausible, and then c) a fix is deemed necessary. For customer-impacting issues if (b) is possible then (c) is a given; the question then becomes "when".

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Highlighted

Re: VSE 8.8 patch5 bugs

The behaviour is confirmed , I even told you guys exactly how to reproduce it.  Using 1 PC , no ePO needed.  It literally takes 5 minutes.

McAfee Benelux confirmed it but they also don't seem to get through.

We can NOT disable the AP rule because most of our protection depends on that rule, so yes , we downgrade. It has nothing to do with not understanding the AP. This rule is the only way we can prevent the users to install random software as they have no other restrictions on their PC.

If they don't understand the problem by now over there, I think we better look out to migrate to another vendor for our security. I'm done trying to explain this simple to reproduce bug.

I am a McAfee admin since 1993   and over these years I encountered a couple of problems/bugs which were handled/solved when we contacted McAfee. Since Intel took over it seems we first have to get through 3 layers of Indian callcenters, obnoxious americans and service departments that doesn't seem to know how to install their own product...

And if you dare to say that a bug cannot be found, I think it is time I expand this to the social media where this gets more visibility . Maybe that's something that wakes them up in the ivory tower over there.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 20 of 46

Re: VSE 8.8 patch5 bugs

I confirm with ,

McAfee support often depends on the service technician who has the ticket. We are Elite Partner and we are SIA Partner. Really often, if we open a service case, Gold Support does not understand the problem. I really understand .

Actually several Customers tested Patch 5. This Patch is NOT USEABLE!!

- Upgraded some systems in our LAB. After upgrading a system from Path 4 to Patch 5 the system is not working any more.

- If there are several McAfee Products installed on the endpoint, Patch 5 damages the system.

- Some customers expect error messages with Patch 5 and Winword. After Patch 5 installation they are not able to store directly on a UNC share (explorer process crashes)

- At the moment we have absolutely NO customer where Patch 5 works without troubles.

I have one environment where Patch 5 works fine. This is a new windows installation where only VSE P5 is installed. Any upgrade procedure failed.

I´m also working with McAfee Products since 1998. And it really sucks when anyone tell you how a McAfee product (VSE has not changed the last years)  works, giving you the feeling not knowing how to enable access protection.

Therefore i fully agree with paradriod. From a McAfee Partner perspective we are informed our customers not to use Patch 5.

Cheers

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community