External mail :"McAfee" <email@example.com> 2012-08-20 00:26 (German time)
Subject: McAfee SNS Notice: *IMPORTANT* DAT 6807/6808 Causing Issues with VSE 8.8.x
McAfee has identified an issue with DAT 6807 and 6808 that is causing intermittent issues with VirusScan Enterprise 8.8.x. Specifically, these DATs can affect McShield.exe and cause issues with the on-access scanner.
If you have NOT deployed DAT 6807 or 6808, go directly to DAT 6809 or greater.
IF you HAVE deployed DAT 6807 or 6808, please go to McAfee KnowledgeBase KB76004 (https://kc.mcafee.com/corporate/index?page=content&id=KB76004) to review the steps to determine if endpoints in your environment are affected.
McAfee is investigating this issue and working on a superDAT remediation. Please go KB76004 for continuing updates.
McAfee Support Notification Service (SNS) provides valuable information to help you maximize the functionality and protection capabilities of your McAfee products.
To securely manage your SNS email preferences, go to https://sns.snssecure.mcafee.com/content/signup_login
For Technical Support issues, contact your Support Account Manager (SAM), or go to https://mysupport.mcafee.com
For McAfee online communities, go to https://community.mcafee.com
McAfee, Inc. | 2821 Mission College Blvd. | Santa Clara, CA | 95054 | 888.847.8766 | www.mcafee.com
2012 © McAfee, Inc. All rights reserved.
On Monday morning, when I checked my ePO Dashboard, I noticed that there were a lot of 0.0000 DAT versions. Figured something was up. Then Googled. Took about 15 minutes from the time I sat down, until the time I found out. I'd recommend using Dashboards or daily DAT report. Makes it easy to see these issues and lets you know if you have systems that are not updating, so you can investigate.
I connected to a server and was wondering why VSE is disabled, then remembered that I just saw that mail above from SNS and the stress began. Now it continues with checking for clients that did not receive the hotfix.
Has anyone see this scenario when installing the HF793781. This is the one that zeros out the bad DAT and resorts it back to 1111. We decided to test this manually on a system that in ePO showed DAT 6808. After installing the hotfix, I right clicked the ePO agent and selected Update Security. It would not connect to the ePO server. Had to do a reboot of the computer for the ePO agent to connect and update the DAT. Is that normal behaviour? We have no way of remotely rebooting computers if we deploy the hotfix via ePO.
Well the reporter tool seems to have finished deploying to my entire network and it looks like I only have 1 machine I have to go hunt down. Very glad they released this extra tool.Message was edited by: brentil on 8/24/12 2:56:07 PM GMT-05:00