Hi All, slightly confused by this. I'm checking it in as a product update into ePO, which when you go through the process looks like it will overwrite our 8.8 product, but you deploy it as a superdat? I need to make sure I know how to deploy so either as a product update or as a superdat as the way I do it there are two different processes. Plus it will go to over 2000 endpoints so I want to test it first. How have others here deployed it via ePO server?
Check my manual step by step i made in above posting. You have to check it IN as "PRODUCT Update" not as Superdat. Then Check the Registry key i mentioned on the Mcafee or my site.
Would be really good if there was a proper step by step guide to fixing this. The KB says check in package (refer to seperate documentation), then - Use an Agent Update task to deploy the hotfix to the affected client systems. Do you mean client task?
There are lots of conflicting opinions about what seems to be working to fix this.
I have +50 clients reporting 0.000 and failing eicar test so I'm pretty anxious to get them sorted. I've checked in the hotfix and done an update and a wake up agent, but still reporting clients with the issue.
I hate to say this but what has happened to the quality control? This isn't the first time I've come into work and had to put aside everything to fix a 'mcafee' problem.
There is a PDF for the GERMAN EPO posted two posting ahead of your posting just because of that. The English MENU looks almost the same and should be possible to follow. 😉
I am trying to understand the current situation and currently have a call open with McAfee support. So far I have :
- All because the machine is not displaying 0.0000 as a DAT doesn't mean it does not have the issue.
-The OAS can still be running and look ok but is not loading the DATs, no way of reporting on this.
- I have updated to 6809 as per the SNS Sunday evening but I still have to apply the hotfix to ALL VSE 8.8 machines. Being on 6809 doesn't mean you have resolved the issue.
- A smaller hotfix is to be released but currently no ETA. A reboot may or may not be required.
- There is no way of showing which 8.8 machines are affected and which ones are not.
I work in a very tightly controlled environment and rolling out a 100mb hotfix that MAY require a reboot ASAP is not goign to happen.
Has anyone found a way of indentifying which machines are affected? Via ePO or third party tool ?
What's the situation regarding rebooting? This has predominantly affected our servers and rebooting them isn't an option.
Will 6810 fix the issue when released or does everyone on VSE 8.8 have to apply the hotfix?
we are also affected by a large number of clients. There are still some questions left.
Check for any of the following items to verify that the installation was successful:
How do I see this in ePO? We looked under the client(s) but in ePO they all say Hotfix 1. The only notice is in the registry, there is the Hotfix_793640 entry.
Also have the vscan.bof problem on one side. How do I get this back running? Framework doesn't communicate back to ePO...
The query below when run from the command prompt of your ePO server ( or SQL if it's seperate) will give you a rudimentary list of machines it's installed on.
osql -E -S localhost\eposerver -d ePO4_<<yourservername>> -Q "select ln.nodename as Hostname, pp.productversion as Version, pp.hotfix as Patch, ps.value as Hotfix from epoleafnode ln join epoproductproperties pp on ln.autoid = pp.parentid join epoproductsettings ps on pp.autoid = ps.parentid where ps.settingname = 'Fixes' and ps.value like '%793640%' order by hostname"
Basically it's from https://kc.mcafee.com/corporate/index?page=content&id=KB67406 but with the correct hotfix value added.
Use this Query to see machines which DO NOT have the update in SQL-Management Studio. Remember that the SQL Express on the EPO
Server has/is an instance. So you may have to connect to it:
Then new query:
SELECT ln.NodeName AS Hostname, pp.ProductVersion AS Version, pp.Hotfix AS Patch, ps.Value AS Hotfix
FROM EPOLeafNode AS ln INNER JOIN
EPOProductProperties AS pp ON ln.AutoID = pp.ParentID INNER JOIN
EPOProductSettings AS ps ON pp.AutoID = ps.ParentID
WHERE (ps.SettingName = 'Fixes') AND (ps.Value NOT LIKE '%793640%')
ORDER BY hostname