McAfee recommends this release for all environments. Patch 3 is considered a High Priority Release. See McAfee Support
KnowledgeBase article KB51560 for information on ratings.
This release of the software includes the following improvements.
1. Changes were made to the service startup sequence to have less impact on the system during startup.
Patch 3 resolved issues:
1. Issue: Users would see Windows Security Center notification pop-ups at regular intervals, stating that VirusScan was disabled.
Resolution: The VirusScan Enterprise Windows Security Center reporting tool now only updates its status when the state of
VirusScan changes, rather than at regular intervals.
2. Issue: The On-Access Scanner service failed to start after running Chkdsk at startup. (Reference: 450357)
Resolution: The Anti-Virus Filter driver no longer treats the disks as having been dismounted after the Chkdsk procedure is
3. Issue: Some VBScript types were not being properly scanned on Windows 2008 R2. (Reference: 505001)
Resolution: The ScriptScan application has been updated to account for changes in the Windows 2008 R2 platform.
4. Issue: A 3B bugcheck (blue screen) could occur immediately after an unexpected device-removal. (Reference: 519656)
Resolution: The Link driver has been revised to cease processing outstanding IO requests immediately upon being notified that
device removal has occurred.
5. Issue: When an Access Protection warning existed in McAfee Security Status window, the warning status clear function caused a
crash. (Reference: 517265)
Resolution: The VirusScan tray files now have updated logic to handle the Access Protection messages in the McAfee Security
6. Issue: When an On-Demand Scan task was created manually via console, but had not yet run, the task started up at the next
reboot. (Reference: 521200)
Resolution: The VirusScan task manager service prevented an uninitialized variable, which caused the task to indicate that a
scan was in progress.
7. Issue: On-Demand Scan tasks on Windows 2008 failed to authenticate to network shares with specified credentials. (Reference:
Resolution: The On-Demand Scanner now requests the necessary elevated privileges to authenticate on Windows 2008.
8. Issue: The On-Demand Scanner /LOG switch logged only part of the data from the scan in the specified location, while the rest
of the information was still recorded in the default location. (Reference: 525694)
Resolution: When Scan32.exe is executed via command line, it now reads from the default settings and overwrites, but does
not save, the setting based on what is specified with the command-line switches.
9. Issue: With VirusScan installed alongside the McAfee Agent 4.5 in an unmanaged environment, the VirusScan legacy tray icon
did not load. (Reference: 523823)
Resolution: The VirusScan Statistics tray icon now properly queries the McAfee Agent for version and managed/unmanaged
state before deciding to load itself.
10. Issue: Removing the current Patch from the system did not replace the Patch_ registry data from the previous Patch.
Resolution: The Microsoft Patch (MSP) installer now reverts the Patch_ registry information to the previous version.
11. Issue: If VirusScan was set to show its tray settings with minimal options, the McAfee Agent 4.5 tray icon did not display an
item under Managed Products. (Reference: 528792)
Resolution: The VirusScan Statistics tray plug-in now uses the legacy Help/About as a menu option when VirusScan is set to
Show the system tray icon with minimal menu options.
12. Issue: When a specific scan task had both Defer scan when using battery power and User may defer scheduled scans options
set, the user was still prompted to defer the scan when on battery power. (Reference: 537126)
Resolution: The On-Demand Scan plug-in was changed so that the property option, User may defer scheduled scans, is not
encountered first, so it doesn’t override the other selections.
13. Issue: The user dialog box for the scan task option, User may defer scheduled scans, did not appear when VirusScan 8.7i was
managed by the McAfee Agent 4.5. (Reference: 534348)
Resolution: The VirusScan Statistics tray plug-in was updated to include this same functionality from the VirusScan Statistics
legacy tray icon.
14. Issue: Using the %ProgramFiles% variable to exclude folders and files did not translate all possibilities across 64-bit and 32-bit
operating systems. To ensure you exclude any possible “Program files” location (including “Program Files (x86)”), you had to
enter the exclusions two ways: 1) “%programfiles%” 2) “%programfiles(x86)%” (Reference: 491796)
Resolution: The Access Protection Filter API now always translates the %ProgramFiles% variable into all lowercase to prevent
the operating system from misinterpreting the intended location.
15. Issue: Some access protection policies were enforced by ePolicy Orchestrator when the Access Protection feature was not
installed to the system. (Reference: 503635)
Resolution: The VirusScan Management Plug-in now recognizes when the Access Protection feature is installed or not and
enforces policies accordingly.
16. Issue: The Task name entry for the default "Full Scan" used the translation string name instead of the translated name.
Resolution: The Announcer library now uses the proper translation name instead of the string.
17. Issue: The Network Port Access Protection Rule window under the user-defined access protection policies did not always display
an OK or Cancel button. (Reference: 517382)
Resolution: The VirusScan 8.7i extension has been updated to properly display the buttons.
18. Issue: The threat event 1119 event showed an incorrect Engine and DAT version when an update failed or was cancelled.
Resolution: The AutoUpdate application now reports the proper information for the event.
19. Issue: The process name involved in a Buffer Overflow detection did not show in the ePolicy Orchestrator query "Top 10 Buffer
Overflows Detected". (Reference: 459789)
Resolution: VirusScan Reports extension was corrected to display the information under the proper column name.
20. Issue: The query "Number of Detections by Tag" did not execute properly on ePolicy Orchestrator 4.5. (Reference: 460304)
Resolution: The VirusScan Reports extension now uses the proper column validation.
21. Issue: The Access Protection and Buffer Overflow rule file that was contained in the VirusScan extension introduced an
incorrectly defined variable that prevented the McAfee Agent from calling back to the ePolicy Orchestrator server if custom
policies were made to the rules. (Reference: 530900)
Resolution: The VirusScan Extension has been updated to include a revised Access Protection and Buffer Overflow rule that does
not have this variable.