Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 7

VirusScan 8.5i Patch 7 Available

for download from

Release Notes for McAfee(R) VirusScan(R) Enterprise
Version 8.5i
Patch 7
Copyright (C) 2008 McAfee, Inc.
All Rights Reserved

Patch Release: October 6, 2008
This release was developed and tested with:
- VirusScan Enterprise:8.5i
- DAT Version: 5382, September 11, 2008
- Engine Version: 5.3.00
1. The on-demand scanner has been updated to better
use the System Utilization setting throughout the
entire scanning process.
Refer to McAfee Support Knowledgebase article
9197288 for further information.
2. This Patch contains a new Buffer Overflow and
Access Protection DAT (version 378), which adds an
Access Protection category for Virtual Machine
Protection. These rules provide access protection
functionality for virtual machines.
To manage the new Virtual Machine Protection
category with ePolicy Orchestrator 3.x or
ProtectionPilot, you must use the latest NAP file,
included in this Patch package, or VirusScan 8.5i
Repost Patch 5.
For ePolicy Orchestrator 4.x users, the Extension
update also contains the updated rule file. The
updated Extension package is available on the web
product download area under the Patches category.
The resolved issues are divided into subsections per
patch, showing when each fix was added to the
When installing a VirusScan Enterprise 8.5i patch,
the existing On-Access Scanner service might fail
to unload. This leads to two instances of the
service, with one consuming a high amount of CPU
The On-Access Scanner service had been updated to
avoid a runaway thread scenario that caused the
service, being replaced, to not stop.
To avoid this issue while installing Patch 7 or
later, install HF427887 first. Refer to McAfee
Support KnowledgeBase article 616344 for further
Changes to the VirusScan Enterprise core subsystem
disabled performance optimization for handling
frequent write actions to INI and LOG files.
The Anti-Virus Filter Driver was corrected to
ensure that scanning of specified file extensions
is optimized, as in previous versions.
A three-party deadlock occurred, causing the
On-Access Scanner to become blocked until it times
out. This causes the scanner service to time out
and eventually self-terminate.
The Common Shell scanner has been updated to
prevent the On-Access Scanner from becoming blocked
while the security libraries are loaded by the
The extended reports NAP contained some ePolicy
Orchestrator stored procedures that were needed to
add support for the VirusScan product line. The
ePolicy Orchestrator patches have since made new
modifications to the same stored procedures.
Therefore, when the VirusScan extended reports NAP
is checked in after the new ePolicy Orchestrator
modified procedures are in place, they are
overwritten and the newer functionality is lost.
The VirusScan extended reports NAP has been revised
to no longer replace the ePolicy Orchestrator
stored procedures.
If the Lotus Notes client is running during the
uninstall of VirusScan Enterprise 8.5i, the Lotus
Notes Scanner entries might not be properly removed
from the NOTES.INI file. This can cause the Lotus
Notes client to crash on subsequent starts.
The Lotus Notes Scanner module has been corrected
to remove its entries in the NOTES.INI file for all
The VirusScan Enterprise Patch installer did not
correctly preserve the MIDFileTime registry value.
This caused the McAfee Installation Designer (MID)
.CAB files to be re-applied at the time of
The Patch installer has been updated to correctly
preserve the binary value of MIDFileTime.
Changes made in Microsoft Vista SP1 and later, in
how the operating system opens/views network files,
caused delays in opening new network paths, with
the On-Access Scanner’s Network Scanning feature
The link driver has been modified to use a
different method of accessing the network resources
that avoids the delays imposed by the operating
system change.
A 7E bugcheck (blue screen) might occur if an
application shut down immediately after sending
data over the network.
The link driver has been revised to better handle
data that is transmitted by applications after the
driver has stopped.
When the VirusScan NAP is checked in, it runs a
script that enables anti-spyware settings in
policies and tasks, if the AntiSpyware 8.5 module
NAP is in the ePolicy Orchestrator repository. The
intended purpose of the script is similar to the
local AntiSpyware module installer, which enables
its settings when installed on a local system.
The VirusScan NAP has been updated so that the
script is disabled during check-in of the VirusScan
NAP package. This prevents the anti-spyware
settings from being enabled when updating the
VirusScan NAP.
The McAfee AntiSpyware 8.5 module NAP has the same
script in it. This means that if the McAfee
AntiSpyware 8.5 module NAP is installed after the
VirusScan NAP, the anti-spyware settings are still
10. ISSUE:
Servers that deal with many file writes were
becoming unresponsive.
The anti-virus filter driver was revised to
correctly filter and dispatch scans on write.
6 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

RE: VirusScan 8.5i Patch 7 Available

Been out for a few days (since 10/11/08) Already running this partly in production in one area.
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 7

RE: VirusScan 8.5i Patch 7 Available

Did you push out that hotfix 427887 before deploying Patch 7? If so, did you have any issues with the hotfix? When I tested this hotfix it seemed to make my 3 test systems unresponsive for about 20 seconds. This will a pain for users to experience.
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

RE: VirusScan 8.5i Patch 7 Available

I did have 1 issue with the hotfix yes:

I have one server running VSE8.5 MA 4.0 and patch 6 (partly now 7) and this took the hotfix with no issue, but on one of the other setups which is more mission critical Im running VSE 8.5 MA 3.6 and VSE patch 4, when I applied the hotfix to the patch 4 machines it was all good except when I had a few older machines reconnect who didnt have patch 4 yet, the hotfix applied before patch 4, then patch 4 failed to apply.

From then on both those machines generated fail events for mcshield every few minutes as it started and stopped with a visible screen error, patched them both to patch 7 and it went away.
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 7

irpstacksize has been modified

I'm not sure if you have applied this patch to your file server, but better to test it out first before you apply as i encountered error shown below in event viewer right after the patch 7 had been applied and users were unable to view one of the shared drive in file server.

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2011
Date: 11/12/2008
Time: 5:07:47 PM
User: N/A
Computer: SVR1
The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

For more information, see Help and Support Center at
0000: 00 00 00 00 01 00 50 00 ......P.
0008: 00 00 00 00 db 07 00 c0 ......
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Our server is running windows server 2003 standard with service pack 1. I'm not sure will it affect other version of servers but we manage to solve this by modifying IRPStackSize in registry.:rolleyes:
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 7

RE: irpstacksize has been modified

Apologies for if I should know this already but...

- if I have VSE 8.5 Patch 5, what is the correct procedure for updating to Patch 7?

Hotfix then Patch 7? I tried this yesterday on a spare machine and I got the 2 x Mcshield.exe process thing, and Mcshield.exe kept crashing until the box was rebooted.
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 7

Help needed with Mcaffee Enterprise 8.5.0i

Have Mcaffee enterprise installed on Vista 32 bit and it was running fine until last nite. It shows in the toolbar as being disabled and I have one patch installed. When I go to the control panel settings and try to turn it on.. it doesn't work. Can anyone tell me how I can get this running again so that I may safely surf the internet. It has been one of the allowed programs in my Windows firewall.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community