6 Replies Latest reply on Nov 13, 2008 3:30 AM by david.noble

    VirusScan 8.5i Patch 7 Available

    psolinski
      for download from mysupport.mcafee.com

      Release Notes for McAfee(R) VirusScan(R) Enterprise
      Version 8.5i
      Patch 7
      Copyright (C) 2008 McAfee, Inc.
      All Rights Reserved

      ==========================================================
      Patch Release: October 6, 2008
      This release was developed and tested with:
      - VirusScan Enterprise:8.5i
      - DAT Version: 5382, September 11, 2008
      - Engine Version: 5.3.00
      __________________________________________________________
      IMPROVEMENTS
      1. The on-demand scanner has been updated to better
      use the System Utilization setting throughout the
      entire scanning process.
      Refer to McAfee Support Knowledgebase article
      9197288 for further information.
      2. This Patch contains a new Buffer Overflow and
      Access Protection DAT (version 378), which adds an
      Access Protection category for Virtual Machine
      Protection. These rules provide access protection
      functionality for virtual machines.
      NOTE:
      To manage the new Virtual Machine Protection
      category with ePolicy Orchestrator 3.x or
      ProtectionPilot, you must use the latest NAP file,
      included in this Patch package, or VirusScan 8.5i
      Repost Patch 5.
      For ePolicy Orchestrator 4.x users, the Extension
      update also contains the updated rule file. The
      updated Extension package is available on the web
      product download area under the Patches category.
      __________________________________________________________
      RESOLVED ISSUES
      The resolved issues are divided into subsections per
      patch, showing when each fix was added to the
      compilation.
      PATCH 7 RESOLVED ISSUES
      1. ISSUE:
      When installing a VirusScan Enterprise 8.5i patch,
      the existing On-Access Scanner service might fail
      to unload. This leads to two instances of the
      service, with one consuming a high amount of CPU
      usage.
      RESOLUTION:
      The On-Access Scanner service had been updated to
      avoid a runaway thread scenario that caused the
      service, being replaced, to not stop.
      NOTE:
      To avoid this issue while installing Patch 7 or
      later, install HF427887 first. Refer to McAfee
      Support KnowledgeBase article 616344 for further
      information.
      2. ISSUE:
      Changes to the VirusScan Enterprise core subsystem
      disabled performance optimization for handling
      frequent write actions to INI and LOG files.
      RESOLUTION:
      The Anti-Virus Filter Driver was corrected to
      ensure that scanning of specified file extensions
      is optimized, as in previous versions.
      3. ISSUE:
      A three-party deadlock occurred, causing the
      On-Access Scanner to become blocked until it times
      out. This causes the scanner service to time out
      and eventually self-terminate.
      RESOLUTION:
      The Common Shell scanner has been updated to
      prevent the On-Access Scanner from becoming blocked
      while the security libraries are loaded by the
      system.
      4. ISSUE:
      The extended reports NAP contained some ePolicy
      Orchestrator stored procedures that were needed to
      add support for the VirusScan product line. The
      ePolicy Orchestrator patches have since made new
      modifications to the same stored procedures.
      Therefore, when the VirusScan extended reports NAP
      is checked in after the new ePolicy Orchestrator
      modified procedures are in place, they are
      overwritten and the newer functionality is lost.
      RESOLUTION:
      The VirusScan extended reports NAP has been revised
      to no longer replace the ePolicy Orchestrator
      stored procedures.
      5. ISSUE:
      If the Lotus Notes client is running during the
      uninstall of VirusScan Enterprise 8.5i, the Lotus
      Notes Scanner entries might not be properly removed
      from the NOTES.INI file. This can cause the Lotus
      Notes client to crash on subsequent starts.
      RESOLUTION:
      The Lotus Notes Scanner module has been corrected
      to remove its entries in the NOTES.INI file for all
      scenarios.
      6. ISSUE:
      The VirusScan Enterprise Patch installer did not
      correctly preserve the MIDFileTime registry value.
      This caused the McAfee Installation Designer (MID)
      .CAB files to be re-applied at the time of
      installation.
      RESOLUTION:
      The Patch installer has been updated to correctly
      preserve the binary value of MIDFileTime.
      7. ISSUE:
      Changes made in Microsoft Vista SP1 and later, in
      how the operating system opens/views network files,
      caused delays in opening new network paths, with
      the On-Access Scanner’s Network Scanning feature
      enabled.
      RESOLUTION:
      The link driver has been modified to use a
      different method of accessing the network resources
      that avoids the delays imposed by the operating
      system change.
      8. ISSUE:
      A 7E bugcheck (blue screen) might occur if an
      application shut down immediately after sending
      data over the network.
      RESOLUTION:
      The link driver has been revised to better handle
      data that is transmitted by applications after the
      driver has stopped.
      9. ISSUE:
      When the VirusScan NAP is checked in, it runs a
      script that enables anti-spyware settings in
      policies and tasks, if the AntiSpyware 8.5 module
      NAP is in the ePolicy Orchestrator repository. The
      intended purpose of the script is similar to the
      local AntiSpyware module installer, which enables
      its settings when installed on a local system.
      RESOLUTION:
      The VirusScan NAP has been updated so that the
      script is disabled during check-in of the VirusScan
      NAP package. This prevents the anti-spyware
      settings from being enabled when updating the
      VirusScan NAP.
      NOTE:
      The McAfee AntiSpyware 8.5 module NAP has the same
      script in it. This means that if the McAfee
      AntiSpyware 8.5 module NAP is installed after the
      VirusScan NAP, the anti-spyware settings are still
      enabled.
      10. ISSUE:
      Servers that deal with many file writes were
      becoming unresponsive.
      RESOLUTION:
      The anti-virus filter driver was revised to
      correctly filter and dispatch scans on write.
        • 1. RE: VirusScan 8.5i Patch 7 Available
          tonyb99
          Been out for a few days (since 10/11/08) Already running this partly in production in one area.
          • 2. RE: VirusScan 8.5i Patch 7 Available
            twenden


            Did you push out that hotfix 427887 before deploying Patch 7? If so, did you have any issues with the hotfix? When I tested this hotfix it seemed to make my 3 test systems unresponsive for about 20 seconds. This will a pain for users to experience.
            • 3. RE: VirusScan 8.5i Patch 7 Available
              tonyb99
              I did have 1 issue with the hotfix yes:

              I have one server running VSE8.5 MA 4.0 and patch 6 (partly now 7) and this took the hotfix with no issue, but on one of the other setups which is more mission critical Im running VSE 8.5 MA 3.6 and VSE patch 4, when I applied the hotfix to the patch 4 machines it was all good except when I had a few older machines reconnect who didnt have patch 4 yet, the hotfix applied before patch 4, then patch 4 failed to apply.

              From then on both those machines generated fail events for mcshield every few minutes as it started and stopped with a visible screen error, patched them both to patch 7 and it went away.
              • 4. irpstacksize has been modified
                I'm not sure if you have applied this patch to your file server, but better to test it out first before you apply as i encountered error shown below in event viewer right after the patch 7 had been applied and users were unable to view one of the shared drive in file server.

                Event Type: Error
                Event Source: Srv
                Event Category: None
                Event ID: 2011
                Date: 11/12/2008
                Time: 5:07:47 PM
                User: N/A
                Computer: SVR1
                Description:
                The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.

                For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
                Data:
                0000: 00 00 00 00 01 00 50 00 ......P.
                0008: 00 00 00 00 db 07 00 c0 ......
                0010: 00 00 00 00 00 00 00 00 ........
                0018: 00 00 00 00 00 00 00 00 ........
                0020: 00 00 00 00 00 00 00 00 ........


                Our server is running windows server 2003 standard with service pack 1. I'm not sure will it affect other version of servers but we manage to solve this by modifying IRPStackSize in registry.:rolleyes:
                • 5. RE: irpstacksize has been modified
                  Apologies for if I should know this already but...

                  - if I have VSE 8.5 Patch 5, what is the correct procedure for updating to Patch 7?

                  Hotfix then Patch 7? I tried this yesterday on a spare machine and I got the 2 x Mcshield.exe process thing, and Mcshield.exe kept crashing until the box was rebooted.
                  • 6. Help needed with Mcaffee Enterprise 8.5.0i
                    Have Mcaffee enterprise installed on Vista 32 bit and it was running fine until last nite. It shows in the toolbar as being disabled and I have one patch installed. When I go to the control panel settings and try to turn it on.. it doesn't work. Can anyone tell me how I can get this running again so that I may safely surf the internet. It has been one of the allowed programs in my Windows firewall.