The issue only applies to rules that are designed to block the EXECUTE action.
In your pic you show the prevent mass mailing rule which doesn't require running any programs, so it's not affected.
I think the KB needs modified to say which default AP rules are affected by this.
Because reading the Mitigating Factors:
The rule must be enabled to BLOCK; the issue does not occur for Report-only configurations.
The rule must also contain Processes to Exclude.
Reading the above leads me to believe that this would affect the Default AP Rules as some some of them are set to Block and have Processes to Exclude as well.
But they're not designed to block the Execute action.
I'll update the article with the specific rules that can be affected. That's good feedback.
They better reissue Patch 4 so we can downgrade ..... It's been almost 2 months now , our management asked me to look into other vendors because there is no more trust in the service capabilities of McAfee. We have around 11000 pc's.
something i don't understand if you have this issue.
Rolling back to patch 4 is very easy with client task from your epo. One uninstall task for the p5, in the middle perhaps a cmd execute task for cleaning some files, and then another task for installing P4. no trouble and totally automatic.
i'm managing around 10.000 computers from my ePO's and this patch 5 is still in alpha test on only 50 computers. Best procedure is testing, testing and again testing before such an upgrade. It's a kernel patch so it is necessary to be very careful.
If you read carefully , you see that we use p5 to clean up the TIE hotfix that someone accidentally sent to 6000 PC's.
The TIE hotfix cannot be uninstalled, therefore we have to install P5 first and that one can be uninstalled.
ok sorry for missunderstood
but the solution could be the same i did it a few years ago for almost the same reason. Deleting an incorrect update with 8.7 version
i pushed the 8.8 to update BUT with a desactivated Policy by the way of a server task immediatly next, a delete operation then installed again the 8.7 version with a correct policy. Perhaps the same mecanism could be use in such a case.
(sorry for my English)
The hotfix uses a very old installer that stops services, copies files and starts services. The version number goes to v1263 , so the windows installer does not recognise the files as being v1247 and leaves them there if you try an uninstall of VSE . Therefore we have to use P5 to go higher in version (v1385). (ps : P5 wasn't released when the hotfix was rolled out)
Because P5 also has the bug , we uninstall P5 and reinstall P4