Mcafee Virusscan enterprise 8.7i patch 1

Release Notes for McAfee®VirusScan®Enterprise 8.7i

Patch 1

Thank you for using McAfee VirusScan Enterprise software version 8.7i Patch 1. This document contains important

information about this release. We strongly recommend that you read the entire document.

Contents

zPurpose

zRating

zImprovements

zKnown issues

zResolved issues

{Patch 1 resolved issues

zInstallation instructions

{Verifying installation

{Removing the patch

zLicense attributions

About this release

zPatch Release: 04-24-2009

This release was developed for use with:

zVirusScan Enterprise: 8.7i

zVirus Definitions (DAT): 5575.0000

zScan Engine: 5.3.00

Make sure you have installed the correct version of the product(s) in this list before using this release.

*This document makes references to the following products as VirusScan Modules:

zMcAfee®VirusScan®Enterprise for Offline Virtual Images 1.0

zMcAfee®VirusScan®Enterprise for use with SAP NetWeaver®platform 1.0

zMcAfee®VirusScan®Enterprise for Storage 1.0

Purpose

This document supplements the product Release Notes in the release package and details fixes included in

VirusScan Enterprise 8.7i Patch 1.

This Patch contains a variety of improvements. McAfee has spent a significant amount of time finding, fixing, and

testing the fixes in this release. Please review the Known and Resolved Issues lists for additional information on the

individual issues. Refer to online KnowledgeBase article KB65381 at http://knowledge.mcafee.com for the most

current information regarding this release.

Rating

McAfee recommends this release for all environments. Patch 1 is considered a Manditory Release. See McAfee

Support KnowledgeBase article KB51560 for information on ratings.

Improvements

Improvements made with this release of the software are described below:

1. The VirusScan Reports extension now has updated queries to show the status of Artemis settings for the on-

access, on-demand, and email scanners.

NOTE: The Artemis status requires VirusScan Enterprise 8.5i

Patch 8 or VirusScan Enterprise 8.7i Patch 1 to

be installed on the client systems, in order to correctly populate the reports. Refer to McAfee Support

KnowledgeBase article KB53732 for further information on Artemis functionality.

2. On-Access Scanner’s Artemis level setting is now modifiable via the properties UI, and the equivalent

VirusScan 8.7i NAP and Extension included in the patch package.

NOTE: Because this setting is new with this release of the VirusScan 8.7i NAP and extension, there is no

preserved setting upon check-in of the management package. The ePolicy Orchestrator administrator will

need to update that setting in the policies to match the current Artemis policy.

3. Several modifications have been made to the way VirusScan Enterprise interacts with the operating system

on startup, suspend, and shutdown. These modifications resolve and improve performance issues.

4. Current DAT files are compressed to conserve network bandwidth. Now, changes have been made to

decompress the DATs during the AutoUpdate process and leave them in that state, so that scanners do not

have to decompress them during initialization of the scan.

5. The on-demand scanner now uses Windows Priority Control setting for the scan process. This lets the

operating system set the amount of CPU time that the on-demand scanner receives at any point in the scan

process. The System Utilization setting in the On-Demand Scan Properties maps to Windows Priority Control

as:

6. The on-access, on-demand, email, and script scanners now use a runtime copy of the DATs. This change

has reduced the memory consumption of affected scanners by having the DATs in a readily available state

for the scan engine to load.

NOTE: In some scenarios, the runtime DATs are not available. See item #1 under Known Issues. Refer to

McAfee Support KnowledgeBase article KB65459 for further information on runtime DATs.

7. VirusScan Enterprise functions that request the current version of DATs no longer need to initialize the scan

engine to do so. This prevents excessive

CPU spikes during ePolicy Orchestrator properties collection, as well

as other areas that poll the DATs.

8. The on-access scanner memory scan function (Processes on enable) has been

modified significantly to make

it more comprehensive.

NOTE: The improved functionality can cause a performance impact to the system. See item #2 under

Known Issues.

9. When a web browser opens a site that is script-intensive, scanning the scripts adds to the delay of loading

the page. This Patch contains new functionality for ScriptScan whitelisting. If the web site is a trusted

Intranet and/or frequently visited, the new implementation now allows for the

exclusion of that the site from

script scanning.

NOTE: Refer to McAfee Support KnowledgeBase article KB65382 for further information.

10. The installation packages for patches and reposts have been upgraded so that the installation log name,

created in the McAfeeLogs folder, has a dynamically generated name based on the current date and time of

the installation. This helps save logs that might have been overwritten with the previous “backup previous

log only” method.

Known issues

Known issues in this release of the software are described below:

Utilization Priority

10% Low

20%-50% Below Normal

60%-100% Normal

1. Issue: In some situations, the product switches over to using the normal copy of the DAT files, instead of

the runtime DATs:

{If the McAfee AntiSpyware Enterprise module is installed after VirusScan

Enterprise 8.7i Patch 1 is on

the system, some of the new registry settings, which are new for the runtime functionality, were

changed back. This resolves itself with a restart of the McTaskManager service or with a reboot.

{If one of the scanners is busy on a large file when the AutoUpdate process posts the revised copy of

the DATs, the process of refreshing the runtime copy of the DATs times out. All scanners use the

normal DATs until the next successful update.

{The VirusScan Modules* will not use the runtime DAT functionality until they received their next

Patch.

2. Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged

systems may see a performance impact at startup and after a successful AutoUpdate of the engine or DATs.

Currently the Process on enable option is enabled by default on the shipping version of VirusScan Enterprise

8.7i. McAfee recommends that in a managed environment, disable this option prior to deployment of the

Patch, until the impact of memory scanning can be determined for your environment. It is not possible to

maintain both the more comprehensive scanning that comes with Patch 1 and later, and the former level of

scanning. Therefore, only the more comprehensive scan is used.

NOTE FOR CURRENT AND NEW USERS:

{The Patch installation does not modify current settings to disable the Process on enable option.

{The VirusScan 8.7i NAP and extension that are included with the Patch do change the McAfee Default

policy, but do not modify the My Default policy,

or any custom policy settings that were made prior to

the checkin of the new NAP/extension.

{The VirusScan Enterprise 8.7i Repost with Patch now installs with the Process on enable option

disabled, unless the Maximum Security option is selected during the installation.

3. Issue: VirusScan 8.7i Patch 1 introduced an issue with Microsoft Outlook where keyboard entries made

during the delivery of an email were lost.

NOTE: This issue is resolved by HotFix VSE85HF464768, included with this release. Refer to "Additional

Steps for HotFix 464768" for installation instructions.

4. Issue: The Access Protection rule "Prevent termination of McAfee processes" was improperly disabled, on

32-bit systems, even when the managed policy specified otherwise.

NOTE: This issue has been resolved in the fully released version of the Patch. HotFix VSE85HF464768,

included with this release, resolves the issue for customers who installed Patch 1 during the managed

release cycle. Refer to "Additional Steps for HotFix 464768" for installation instructions.

5. Issue: The Patch installer included an MSI deferred action to resolve an issue found when attempting to

uninstall the Patch on some newer operating systems. The deferred.mfe file updated the cached MSI of the

currently installed VirusScan 8.7i product. If the Patch is included in a McAfee Installation Designer

customized package, the deferred.mfe file was not

included, and therefore the Patch might not be able to be

uninstalled in some newer operating systems.

6. Issue: If you installed this release interactively and cancelled the installation on a system where a previous

Patch was installed, after the rollback was complete, the previous Patch might no longer reported to ePolicy

Orchestrator or appeared in the About VirusScan Enterprise window.

7. Issue: Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch “/L” did

not log to the specified path. A log file capturing full data was logged to the folder “McAfeeLogs” under the

Temp folder.

8. Issue: If Host Intrusion Prevention 6.x or later was installed and disabled prior to installing VirusScan

Enterprise, it was necessary to re-enable Host Intrusion Prevention and disable it again, in order for

VirusScan Buffer Overflow Protection to be properly enabled.

9. Issue: Uninstalling VirusScan Enterprise Patches is possible for computers running Windows Installer v3.x

or later. This technology is not fully integrated for Windows 2000 operating systems, so there is no option to

remove the Patch in Add/Remove programs. See instructions under Removing the Patch for removal via

command-line options.

10. Issue: Patches for VirusScan Enterprise 8.7i can only be uninstalled via Add/Remove programs, not via

ePolicy Orchestrator.

Resolved issues

The resolved issues are divided into subsections per patch, showing when each fix was added to the compilation.

Patch 1 resolved issues:

1. Issue: An unauthenticated remote denial-of-service attack was discovered. (Reference: 470184)

Resolution: The product no longer allows the denial-of-service attack.

2. Issue: Under certain conditions, the Lotus Notes scanner of VirusScan Enterprise can mistakenly deny

access to the Lotus Notes internal processes, if a note was being accessed more than once. (Reference:

438541)

Resolution: The Lotus Notes scanner has been adjusted to better handle re-entrance scanning of the same

note.

3. Issue: Silent installs may fail on hard drives that are designated as dynamic. The on-access scanner service

fails to start, and the installation will roll back. (Reference: 443669)

Resolution: The patch 1 and later install packages will now install to a dynamic disk, silently.

4. Issue: Sporadic crashes were seen on multi-processor systems, with the Lotus Notes scanner file

ncdaemon.exe, during startup and general use of Lotus Notes. (Reference: 442337)

Resolution: The Lotus Notes scanner has been corrected to prevent a race condition where different

scanner threads were starting and stopping out of sequence.

5. Issue: A 8E bugcheck (blue screen) sometimes occurred when

VirusScan Enterprise 8.7i was installed along

with Checkpoint VPN-1 SecureClient. (Reference: 438771)

Resolution: The link driver was updated to avoid probing kernel memory unnecessarily.

NOTE: For this fix to prevent the above issue, the files need to be placed on the system during the

installation of VirusScan Enterprise, before the services start. The repost of VirusScan Enterprise 8.7i with

Patch 1 will be needed to see the resolution.

6. Issue: A flaw in the caching algorithm sometimes caused files in removable media to not be scanned.

(Reference: 443104)

Resolution: The Anti-Virus Filter driver was updated to clear the cache of removable media upon attaching

to the system.

7. Issue: The on-access scanner contained a flaw in the scan on close logic. This could cause a file to be

queued up for scanning a second time. (Reference: 434475)

Resolution: The Anti-Virus Filter driver no longer queues these unnecessary scan requests.

8. Issue: During an upgrade from a customized VirusScan Enterprise 8.5i to VirusScan Enterprise 8.7i, An

issue sometimes occurred where the configuration tool did not properly backup and restore the registry

information. The installation was left in a state where some of the product information still showed as the

older version. (Reference: 443019)

Resolution: The McAfee Installation Designer configuration applicator has been changed to be more

comprehensive in backing up and in version checking during the upgrade, in order to prevent failures by

other McAfee product installations that require version 8.7i.

NOTE: For this fix to prevent the above issue, the files need to be placed on the system during the

installation of VirusScan Enterprise, before the services start. The repost of VirusScan Enterprise 8.7i with

Patch 1 will be needed to see the resolution.

9. Issue: On Microsoft Windows Vista SP1 or 2008 server, sharing violations could occur when working with

remote files while network drive scanning was enabled. This resulted in being denied access to files, or being

unable to modify or save a file. (Reference: 447282)

Resolution: The Anti-Virus Filter driver has been updated to better handle potential sharing violations that

could occur and avoid conflicts.

10. Issue: Prolonged use of the VirusScan Console was causing delays in loading subsequent loading of the

Console window. (Reference: 456831)

Resolution: The VirusScan Console plug-in was corrected to properly clean up the .tmp files it creates at

load time.

11. Issue: Access Protection rules were being triggered during creation of a VirusScan customized installation

package via McAfee Installation Designer. This could lead to a crash of the McAfee Installation Designer tool.

(Reference: 435728)

Resolution: The VirusScan Email Scan library appropriately handles the new Sensitivity level setting when

it is displayed in the McAfee Installation Designer window.

12. Issue: Certain detections with multiple infections or clean actions were logging the action two times. One

entry was made during the middle of the process, and the other during the final resolution. (Reference:

404787)

Resolution: The Common Shell scanner has been updated to report only the final resolution of the

detection.

13. Issue: A 8E bugcheck (blue screen) might occur during the “Memory for Rootkits” portion of an on-demand

scan. (Reference: 445490)

Resolution: The code analysis driver now uses a more robust method of querying the system for driver

object data.

14. Issue: Access Protection block rules that were created for USB devices sometimes did not handle removing

and reinserting the device multiple times. (Reference: 457415)

Resolution: The Access Protection, Anti-Virus Filter, and Link drivers have been updated to better handle

reinserting the device.

15. Issue: The on-access scanner was not properly utilizing the Scan files opened for Backup option.

(Reference: 457416)

Resolution: The Anti-Virus Filter driver has been rectified to properly interpret the flag being sent from the

on-access scanner.

16. Issue: In an ePolicy Orchestrator managed environment, the agent’s Collect and Send Properties function

could cause the McAfee Product Manager service to spike its CPU utilization for extended periods of time.

(Reference: 457421)

Resolution: The VirusScan Management Plug-in has been updated to call for the scan engine and DAT files

via a new API call, rather than initializing the engine to retrieve the information. This lessens the CPU time

involved during the agent Collect and Send Properties function.

17. Issue: With certain Access Protection rules enabled, VirusScan Enterprise was failing to return information

to the Checkpoint SecureClient software. (Reference: 444667)

Resolution: The binaries for Checkpoint integration have been updated to properly request information

from VirusScan Enterprise.

18. Issue: Attempting to start an on-demand scan via the VirusScan tray icon could result in an error on

Microsoft Windows Vista. (Reference: 446950)

Resolution: The VirusScan tray icon correctly calls the on-demand scanner on User Access Controlled

operating systems.

19. Issue: Creating a McAfee Installation Designer change package for VirusScan Enterprise and the

AntiSpyware Enterprise Module, sometimes failed to upgrade the evaluations to licensed versions, for both

products. (Reference: 437509)

Resolution: McAfee Installation Designer configuration applicator upgrades the licenses of VirusScan

Enterprise and the AntiSpyware Enterprise Module when they are both evaluations.

20. Issue: The VirusScan Console On-Delivery Email Scanner entry was not worded correctly in German.

(Reference: 438931)

Resolution: The VirusScan Resource file updates the displayed text to the correct wording in German.

21. Issue: One of the ScriptScan “McLogEvent” entries was always recorded in English. (Reference: 431071)

Resolution: The Announcer library was updated to remove the extra notification.

22. Issue: In some cases, VirusScan Enterprise was not properly displaying Patch information about itself and

currently installed VirusScan Modules*. (Reference: 456826)

Resolution: The VirusScan Management Plug-in has been updated to gather the current information about

Patch levels of its installed VirusScan Modules*.

23. Issue: When there were HotFixes or Patches available for the VirusScan Modules*, they were not being

downloaded to the clients. (Reference: 445494)

Resolution: The AutoUpdate binary was modified to check for the existence of the VirusScan Module*

licenses when deciding which HotFixes or Patches to install.

24. Issue: Script errors were seen when attempting to view the Japanese text, of the product description

window, in ePolicy Orchestrator 3.6.x. (Reference: 434203)

Resolution: The VirusScan 8.7i NAP file has been updated to display the Japanese page in its proper

Unicode format (UTF-8).

25. Issue: The alert options for Network Appliance Filer and ICAP scanners were visible on the workstation

ePolicy Orchestrator policies. (Reference: 448361)

Resolution: The VirusScan 8.7i NAP and extension have been updated to remove the alert options for alert

options for Network Appliance Filer and ICAP scanners, from the workstation policy, as those scanners are

server specific.

26. Issue: Some ePolicy Orchestrator operational events were not being

generated for the VirusScan Modules*.

(Reference: 434423)

Resolution: The VirusScan Reports extension updates the current VirusScan Enterprise Event IDs (1329 –

1339) to be used for the VirusScan Modules*.

27. Issue: The on-demand scan log file validation checked for invalid file characters, including the "<" and ">"

characters. (Reference: 433776)

Resolution: The VirusScan 8.7i extension validation for the path name of the on-demand scanner log file

now allows the "<" and ">" characters, which are needed for ePolicy Orchestrator macro variables.

28. Issue: The alert options for the VirusScan Modules* would not gray out when inheritance was enforced on

the parent policy. (Reference: 434231)

Resolution: The VirusScan 8.7i NAP now properly enforces inheritance on the VirusScan Module alert

options.

29. Issue: Events generated by the VirusScan Enterprise for Offline Virtual Images 1.0 software were not being

generated in ePO reports. (Reference: 439832)

Resolution: The McAfee Announcer library changed properties of the events to support current reporting in

ePolicy Orchestrator 3.6.1.

30. Issue: Scanning events generated by VirusScan Enterprise 8.7i were not populating the Task Name with

proper information. (Reference: 453515)

Resolution: The McAfee Announcer library now populates the Task Name with the scanner that generated

the event.

31. Issue: The Access Protection includes and exclude fields permitted a limited number of characters in the

extension interface. (Reference: 457418/457419)

Resolution: The VirusScan 8.7i extension updates the maximum limit of the include and exclude fields, to

be consistent with the point-product interface.

32. Issue: Scanner exclusions that were entered in ePolicy Orchestrator with a preceding blank space did not

show up correctly when they were enforced on the client. (Reference: 457420)

Resolution: The VirusScan 8.5i extension has been updated to strip any preceding blank spaces from

exclusions when they are entered in ePolicy Orchestrator.

33. Issue: VirusScan Enterprise added some new events that were not

included in the default event filter, which

was provided by ePolicy Orchestrator. (Reference: 462927)

Resolution: The VirusScan Reports extension updates the current list to allow filtering of these events.

Patch Inventory

This release consists of a package called VSE87P1.zip, which contains the following files:

Filename Description

DEFERRED.MFE MSI deferred action file

PKGCATALOG.Z Package catalog file

PATCH1.HTM This text file

VSE870DET.MCS ePolicy Orchestrator detection script for VirusScan Enterprise

The following files are new with this patch release:

SETUP.EXE Installer for this release

SETUP.INI Initialization file for SETUP.EXE

PATCH1.MSP Microsoft Installer Patch file

VSE870.NAP ePolicy Orchestrator 3.6.x NAP for VirusScan Enterprise

VIRUSCAN8700.ZIP ePolicy Orchestrator 4.x extension for VirusScan Enterprise

VIRUSCANREPORTS.ZIP ePolicy Orchestrator 4.x Reports for VirusScan Enterprise

Filename Version

LOGPARSER.EXE 1.2.0.136

MIDUTIL.DLL 8.7.0.133

EMCFGCPL.DLL 8.7.0.659

FTCFG.DLL 8.7.0.659

NCDAEMON.EXE 8.7.0.659

NCEXTMGR.EXE 8.7.0.659

NCINSTALL.EXE 8.7.0.659

NCMENU.EXE 8.7.0.659

NCSCAN.EXE 8.7.0.659

NCTRACE.EXE 8.7.0.659

QUARCPL.DLL 8.7.0.659

SCAN32.EXE 8.7.0.659

SCAN64.EXE 8.7.0.659

SCNCFG32.EXE 8.7.0.659

MCUPDATE.EXE 8.7.0.659

NAIANN.DLL 8.7.0.659

SHCFG32.EXE 8.7.0.659

SHSTAT.EXE 8.7.0.659

SHUTIL.DLL 8.7.0.659

VSODSCPL.DLL 8.7.0.659

VSPLUGIN.DLL 8.7.0.659

VSTSKMGR.EXE 8.7.0.659

VSUPDATE.DLL 8.7.0.659

VSUPDCPL.DLL 8.7.0.659

ADSLOKUU.DLL 14.1.0.496

CSSCAN.EXE 14.1.0.496

ENGINESERVER.EXE 14.1.0.496

ENTVUTIL.EXE 14.1.0.496

FTL.DLL 14.1.0.496

LOCKDOWN.DLL 14.1.0.496

MCSHIELD.DLL 14.1.0.496

MCSHIELD.EXE 14.1.0.496

MCSHIELDPERFDATA.DLL 14.1.0.496

MCVSSNMP.DLL 14.1.0.496

MFEANN.EXE 14.1.0.496

MYTILUS3.DLL 14.1.0.496

MYTILUS3_SERVER.DLL 14.1.0.496

MYTILUS3_SERVER_PROCESS.EXE 14.1.0.496

Installation Instructions

zTo use this release, you must have VirusScan Enterprise 8.7i software installed on the computer you intend

to update with this release.

zThis release does not work with earlier versions of VirusScan software.

zA reboot is needed to fully load the system drivers into memory. The package installation does not force the

reboot.

Installation steps:

1. Extract the Patch files from VSE87P1.zip to a temporary folder on your hard drive.

2. Double-click the file SETUP.EXE inside the temporary folder created in Step 1.

3. Follow the instructions of the installation wizard.

Installation steps via ePolicy Orchestrator 3.6.x

1. On the computer where the ePolicy Orchestrator 3.x console resides,

extract the Patch files and folders from

VSE87P1.zip to a temporary folder on your hard drive.

2. Open the ePolicy Orchestrator 3.x console and add the package from the temporary folder created in Step 1

to your repository.

NOTE: Refer to Checking in Package in the ePolicy Orchestrator 3.x online Help, or Checking in

PKGCATALOG.Z product packages to the master repository in the ePolicy Orchestrator 3.6 online Help, for

instructions on adding a package to the repository. The package type for this Patch is “Products or Updates.”

3. The next time an agent update task runs, the VirusScan Enterprise client automatically downloads and

installs the Patch.

4. In the ePolicy Orchestrator console, add the VSE870.NAP file using the Check in NAP wizard.

NOTE: There is no new VSE870Reports.NAP with this Patch.

MYTILUS3_WORKER.DLL 14.1.0.496

NAEVENT.DLL 14.1.0.496

NAIEVENT.DLL 14.1.0.496

OTLKSCAN.DLL 14.1.0.496

OTLKUI.DLL 14.1.0.496

SCRIPTFF.DLL 14.1.0.496

SCRIPTSN.DLL 14.1.0.496

MFEAPFA.DLL 14.1.0.551

MFEAPFK.SYS 14.1.0.551

MFEAVFA.DLL 14.1.0.551

MFEAVFK.SYS 14.1.0.551

MFEBOPK.SYS 14.1.0.551

MFEHIDA.DLL 14.1.0.551

MFEHIDIN.EXE 14.1.0.551

MFEHIDK.SYS 14.1.0.551

MFERKDA.DLL 14.1.0.551

MFERKDET.SYS 14.1.0.551

MFETDIK.SYS 14.1.0.551

MFEVTPA.DLL 14.1.0.551

MFEVTPS.EXE 14.1.0.551

VSCAN.BOF 399

STRINGS.BIN N/A

VSEVNTUI.DLL N/A

VIRUSCAN8700.ZIP 8.7.0.151

VIRUSCANREPORTS.ZIP 1.1.0.137

Installation steps via ePolicy Orchestrator 4.x

1. On the computer where the ePolicy Orchestrator 4.x console resides, place the Patch archive VSE87P1.zip in

a temporary folder on your hard drive.

2. Open the ePolicy Orchestrator 4.x console and add the VSE87P1.zip package from the temporary folder

created in Step 1 to your repository.

NOTE: Refer to Checking in Packages Manually in the ePolicy Orchestrator 4.x online Help, for instructions

on adding a package to the repository. The package type for this Patch is “Products or Updates (.ZIP).”

3. The next time an agent update task runs, the VirusScan Enterprise client automatically downloads and

installs the Patch.

4. From the top menu of the ePolicy Orchestrator console, click "Configuration."

5. From the menu tabs, click Extensions, then click Install Extensions in the lower left of the window.

6. Click Browse and locate the VIRUSCAN8700.zip extension update from the temporary folder created in Step

7. Click OK to begin the extension update.

8. Repeat the checkin process for the VIRUSCANREPORTS.zip reports extension

NOTE: Once the extensions are updated, the version can be verified in the ePolicy Orchestrator Extensions

list (see About this release for version information).

Additional steps for HotFix 464768

1. On the computer where the ePolicy Orchestrator console resides, extract the Patch files and folders from

VSE87P1.zip to a temporary folder on your hard drive.

2. If ePolicy Orchestrator 3.x: Extract the files from

VSE87HF464768.zip package into a subfolder and check

in the PKGCATALOG.Z for the HotFix.

3. If ePolicy Orchestrator 4.x: Add the VSE87HF464768.zip package from the temporary folder created in

Step 1 to your repository.

4. Refer to the HotFix readme HF464768.htm for further details on the HotFix.

HotFix and Patch reporting

There is HotFix/Patch information in the ePolicy Orchestrator properties for each computer. On the ePolicy

Orchestrator Properties tab for each computer, the VirusScan 8.7i General branch displays two entries:

zPatch – Displays the current Patch installed.

zFixes - Displays any number of HotFixes listed in the registry.

A check is involved to verify that the HotFix/Patch matches the entry in the registry to the private build description

of the binary. If the two don’t match, the Patch or HotFix does not appear.

NOTE: Currently there are no reports or compliance checks that use this information.

Verifying Installation:

Always reboot prior to validating that a Patch has been installed successfully.

1. Open the VirusScan Console and select About from the Help menu. The About VirusScan Enterprise window,

Installed Patches, displays “1.”

2. After property information has been collected by ePolicy Orchestrator agents, the client systems show that

Patch 1 is installed as the “Hotfix” version. If the value HotfixVersions appears, it is a temporary value and is

removed after a full property collection from the client.

3. Confirm that the expected files are installed by checking the version number of individual files. File versions

should match the list of files in Patch Inventory, above.

NOTE: Patch releases do not display or report that the Patch is

installed if an error occurred during installation, or i

a file or files did not install correctly.

Removing the Patch

Windows Installer 3.x and later now support the rolling back of Patches. This can be done one of two ways.

zFor Windows XP, Windows 2003, Windows Vista, and Windows 2008 operating systems, the Patch can be

removed manually via Add/Remove Programs if the user has administrative rights to the local system.

zFor all operating systems that support Windows Installer 3.x, a command-line option can be used to remove

the Patch silently.

Example:

C:\WINDOWS\system32\Msiexec.exe /I {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} MSIPATCHREMOVE=

{6D622ACA-CAEF-455E-A108-E2953C0683A0} /q

Considerations:

1. The GUID information used here changes from one Patch to another. Always use the information in the

Release Notes for the Patch that you are removing.

2. Because the Patch is removed via MSIEXEC, the functions inside setup.exe, which normally prevent reboots

from occurring during silent processes, are not executed. In order to prevent a possible automatic reboot

from occurring after a Patch removal, simply add the REBOOT=R parameter to the command-line option

above.

3. Patch removal is an MSI reinstall function. When a Patch is removed, all features affected by the Patch are

reset to installation defaults. Any features not modified by the Patch are left with their current settings.

4. Update VirusScan after removing the Patch to ensure that the latest

versions of the engine and DAT files are

run.

License attributions

This product includes or may include:

Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). |

Cryptographic software written by Eric A. Young and software written by Tim J. Hudson | Some software programs

that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free

Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or

portions thereof, and have access to the source code. The GPL requires that for any software covered under the

GPL, which is distributed to someone in an executable binary format, that the source code also be made available

to those users. For any such software covered under the GPL, the source code is made available on this CD. If any

Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are

broader than the rights granted in this agreement, then such rights shall take precedence over the rights and

Douglas W. Sauder. | Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of

the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. | International

Software copyrighted by Expat

Software copyrighted by Gunnar Ritter. | Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle,

| Software

(http://www.extreme.indiana.edu/). | Software copyrighted by International Business Machines Corporation and

Software developed by Ralf S. Engelschall <[email protected]> for use in the mod_ssl project (http://

Software copyrighted by Peter Dimov

http://www.boost.org/libs/bind/bind.html for documentation. | Software copyrighted by Steve Cleary, Beman

This manual suits for next models

Table of contents

Other McAfee Software manuals

McAfee

McAfee MTP09EMB1RAA - Total Protection 2009 User manual

McAfee

McAfee SAV85E - Active VirusScan - PC Owner's manual

McAfee

McAfee DR SOLOMON S ANTI-VIRUS 8.5 User manual

McAfee

McAfee INTERNET GUARD DOG 3.0 User manual

McAfee

McAfee Agent 4.0 Instruction Manual

McAfee

McAfee NAPCKE-AB-AA - VirusScan For NetApp User manual

McAfee

McAfee MTP08EMB3RUA - Total Protection - PC User manual

McAfee

McAfee VIRUSSCAN HOME EDITION 7.0 User manual

McAfee

McAfee EPOLICY ORCHESTRATOR 4.5 - User manual

McAfee

McAfee MIS09EMB3RAA - Internet Security 2009 User manual

McAfee

McAfee HISCDE-AB-IA - Host Intrusion Prevention User manual

McAfee

McAfee INTERNET SECURITY 2010 User manual

McAfee

McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S... Instruction Manual

McAfee

McAfee TSA00M005PAA - Total Protection Service User manual

McAfee

McAfee TEECDE-AA-AA - Total Protection For Endpoint User manual

McAfee

McAfee TOTAL PROTECTION 2009 User manual

McAfee

McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S... Instruction Manual

McAfee

McAfee PASCDE-AB-IA - Policy Auditor For Servers User manual

McAfee

McAfee MSA09EMB1RAA - Site Advisor Plus 2009 User manual

McAfee

McAfee TSA00M005PAA - Total Protection Service User manual

McAfee

McAfee TSA00M005PAA - Total Protection Service User manual

McAfee

McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC User manual

McAfee

McAfee VIRUSSCAN 5.1 Service manual

McAfee

McAfee EPOLICY ORCHESTRATOR 3.6 - WALKTHROUGH GUIDE User manual

Popular Software manuals by other brands

Red Hat

Red Hat ENTERPRISE LINUX 4 - FOR X86-ITANIUM AND... installation guide

Avaya

Avaya OAISYS NetSuite 4.2 Application notes

Asante

Asante SmartBridge V1.0 user manual

Xerox

Xerox Wide Format 6204 installation guide

SAS

SAS Scalable Performance Data Server 4.5 Administrator's guide

Lucid

Lucid FM2A85X Extreme6 installation guide

Juniper

Juniper JUNOS PUS MOBILE SECURITY SUITE datasheet

GRASS VALLEY

GRASS VALLEY NETCONFIG V2.0.12 instruction manual

Epson

Epson Stylus Pro 9880 ColorBurst Edition - Stylus Pro 9880... Getting started

COMPRO

COMPRO COMPROFM manual

Muratec

Muratec OFFICEBRIDGE ONLINE user guide

Oracle

Oracle Contact Center Anywhere 8.1 installation guide

Avaya

Avaya NULL One-X for RIM Blackberry user guide

HP ProLiant BL420c user guide

PS Audio

PS Audio PowerPlay Programming manual

Brady

Brady LOCKOUT PRO 3.0 Administrator's guide

Avaya

Avaya Interaction Center user guide

Texas Instruments

Texas Instruments TI-83 Plus Silver Edition Guide book

McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S... Instruction Manual

Popular Software manuals by other brands