6 Replies Latest reply on Nov 20, 2009 12:47 PM by wwarren

    Hotfix HF472021 for VSE 8.5i released

    PhilR
      https://mysupport.mcafee.com/eservice/Article.aspx?id=KB66032

      "HotFix Version: HF472021

      Product: VirusScan Enterprise 8.5i

      Timestamp: 11 June 2009

      Files affected:
      MFEHIDK.SYS 13.3.0.179
      mfetdik.sys 13.3.0.179
      SCRIPTCL.DLL 13.3.2.140
      SCRIPTSN.DLL 13.3.2.140
      SHSTAT.EXE 8.5.0.939
      VSTSKMGR.EXE 8.5.0.939

      IMPROVEMENTS

      1. When a web browser opens a site that is
      script-intensive, scanning the scripts adds to
      the delay of loading the page. This Patch
      contains new functionality for ScriptScan
      whitelisting. If the web site is a trusted
      Intranet and/or frequently visited, the new
      implementation now allows for the exclusion of
      that site from script scanning.

      NOTE: Refer to McAfee Support KnowledgeBase
      article KB65382 for further information.


      RESOLVED ISSUES

      1. Issue:
      On Microsoft Windows Vista SP1 or 2008 server,
      sharing violations could occur when working
      with remote files while network drive scanning
      was enabled. This resulted in being denied
      access to files, or being unable to modify or
      save a file.

      Resolution:
      The Anti-Virus Filter driver has been updated
      to better handle potential sharing violations
      that could occur and avoid conflicts.

      2. Issue:
      The ability to clean files, detected on network
      drives by the on-access scanner, could
      encounter sharing violations causing the clean
      to fail. When this happens, the scanner would
      use the secondary action (delete by default).

      Resolution:
      The Anti-Virus Filter driver has been updated
      to work around some of the inherent limitations
      of network scanning that will cause this
      issue.

      3. Issue:
      When a non-administrator account logs into a
      system, high CPU utilization could occur with
      the ShStat.exe process.

      Resolution:
      The VirusScan statistics process will better
      handle its loading logic to avoid looping
      issues that could lead to excess CPU
      utilization.

      4. Issue:
      In some cases, the McTaskManager service was
      using excessive amount of CPU time.

      Resolution:
      The McTaskManager service will now delay for a
      short time when retrieving errors and
      communicating to Windows System Monitor.

      5. Issue:
      An unauthenticated remote denial-of-service
      attack was discovered.

      Resolution:
      The product no longer allows the
      denial-of-service attack.

      6. Issue:
      A Bugcheck (blue screen) sometimes occurred
      when VirusScan Enterprise 8.5i was installed
      along with Quest Downtime server.

      Resolution:
      The mini-firewall driver will better handle
      situations where a process terminates while
      data was still being received on the processes
      behalf.

      7. Issue:
      Security Center or Outlook Trust center would
      show that Antivirus software was out of date,
      even when using current DAT files. For the
      latter, a reboot would correct the issue.

      Resolution:
      The McTaskManager Service has been updated
      to keep the Microsoft Security Center informed
      of DAT version.

      Notes:
      1. This HotFix requires VirusScan Enterprise 8.5i
      Patch 8, in order to install to the system.
      2. This HotFix cannot be installed on Windows NT
      4.0 (any edition).
      3. A reboot will be needed in order to load the
      updated binary into memory. The package
      install does not force the reboot.
      4. This HotFix cannot be installed using McAfee
      Installation Designer package. Patch 8 is
      requirement for the HotFix to install, and the
      customized installer executes the HotFix before
      the Patch.
      5. An administrator can install this release by
      executing VSE85HF472021.EXE locally on an
      individual system, or by adding the package to
      the ePolicy Orchestrator or Protection Pilot
      repository for deployment via an agent update."

      We experienced this very problem (Issue 1) last week on a Windows 2008 terminal server.

      Phil