Release Notes for McAfee(R) VirusScan(R) Enterprise
Version 8.5i
Patch 6
Copyright (C) 2008 McAfee, Inc.
All Rights Reserved
==========================================================
Patch Release: May 22 2008
This release was developed and tested with:
- VirusScan Enterprise: 8.5i
- DAT Version: 5288, May 5 2008
- Engine Version: 5.2.00
Make sure you have installed these versions, or
later, before using this release.
==========================================================
Thank you for using VirusScan(R) Enterprise
software. This file contains important information
regarding this release. We strongly recommend that
you read the entire document.
The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
McAfee, Inc. assumes no liability for damages
incurred either directly or indirectly as a result
of the use of these files, including but not limited
to the loss or damage of data or systems, loss of
business or revenue, or incidental damages arising
from their use. You are responsible for reading and
following all instructions for preparation,
configuration, and installation of Patch files.
Patch files are not a substitute or replacement for
product Service Packs which may be released by
McAfee, Inc. It is a violation of your software
license agreement to distribute or share these files
with any other person or entity without written
permission from McAfee, Inc. Further, posting of
McAfee Patch files to publicly available Internet
sites is prohibited. McAfee, Inc. reserves the right
to refuse distribution of Patch files to any company
or person guilty of unlawful distribution of McAfee
software products. Questions or issues with McAfee
Patch files should be directed to McAfee Technical
Support.
__________________________________________________________
WHAT'S IN THIS FILE
- About This Release
- Purpose
- Patch 6 Resolved Issues
- Patch 5 Resolved Issues
- Patch 4 Resolved Issues
- Patch 3 Resolved Issues
- Patch 2 Resolved Issues
- Patch 1 Resolved Issues
- Known Issues
- Files Included With This Release
- Installation
- Installation Requirements
- Installation Steps
- Installation Steps via ePolicy Orchestrator
- HotFix/Patch Reporting
- Verifying the Installation
- Removing the Patch
- Contact Information
- Copyright & Trademark Attributions
- License Information
__________________________________________________________
ABOUT THIS RELEASE
PURPOSE
This release contains updated binaries in a single
Microsoft Patch installer to address all items
listed in "Resolved Issues" below.
For the most update-to-date copy of this Readme
information, refer to McAfee Support KnowledgeBase
article 615747.
__________________________________________________________
IMPROVEMENTS
1. The on-demand scanner has been updated to better
use the System Utilization setting throughout
the entire scanning process.
Refer to McAfee Support Knowledgebase article
9197288 for further information.
2. This Patch contains a new Buffer Overflow and
Access Protection DAT (version 378) which adds
an Access Protection category for Virtual
Machine Protection. These rules provide access
protection functionality for virtual machines.
NOTE:
In order to manage the new Virtual Machine
Protection category with ePolicy Orchestrator
3.x or Protection Pilot, you will need to use
the latest NAP file, included in this Patch
package, or VirusScan 8.5i Repost Patch 5.
For ePolicy Orchestrator 4.x users, the
Extension update also contains the updated rule
file. The updated Extension package is available
on the web product download area under the
Patches category.
__________________________________________________________
RESOLVED ISSUES
The resolved issues are divided into subsections per
patch, showing when each fix was added to the
compilation.
PATCH 6 RESOLVED ISSUES
1. ISSUE:
The VirusScan Enterprise management plug-in
writes all settings to the registry on every
policy enforcement. McShield service monitors
the registry and reloads whenever the settings
are written, generating frequent pause events in
the Windows System log.
RESOLUTION:
The VirusScan Enterprise management plug-in has
been updated to only write to the registry if it
sees that it is different from the current
policy. This will prevent McShield from
generating events on policy enforcement, unless
that policy has changed.
This is an addendum to the original solution in
Patch 5, where the fix did not work when the
preferred language was set to something other
then automatic.
2. ISSUE:
A compatibility issue has been seen with
VirusScan�s port blocking feature, and Veritas
backup applications. This was causing the
backup software services to stop running.
RESOLUTION:
The VirusScan Anti-Virus Mini-Firewall Driver
has been updated to correct the compatibility
issue.
3. ISSUE:
A race condition in the On-Access Scanner
service can cause high CPU utilization with high
performance systems.
RESOLUTION:
The On-Access Scanner service has been updated
to remedy multi-threading synchronization issues
and remove occurrences of runaway threads.
4. ISSUE:
The On-Access Scanner service sometimes crashes
during a system shutdown or during installation
of a Patch/HotFix.
RESOLUTION:
The On-Access Scanner service has been repaired
to correct a race condition in which a
critical-section synchronization object is
deleted before another thread has entered.
5. ISSUE:
A deadlock could occur on high end servers
caused by a race condition in VirusScan�s link
driver.
RESOLUTION:
The link driver has been changed to properly
handle the release of system objects, while
holding a lock on resources.
6. ISSUE:
Port blocking fails on Microsoft Windows Vista
Service Pack 1.
RESOLUTION:
The McAfee Driver Installer has been update to
handle the changes in network stack load order.
7. ISSUE:
The On-Demand Scanner system utilization changes
that were put in patch 5 changed the memory
scanning function. This caused the process
scanning to only scan the first process ID.
RESOLUTION:
The change has been reversed so that all
processes are scanning irrespective of process
ID.
8. ISSUE:
When applied to a client installation that was
customized by McAfee Installation Designer
(MID), the patch installer deletes the
MidFileTime registry value. This caused MID
.CAB files to be re-applied to the system.
RESOLUTION:
The patch installer has been updated to no
longer delete the MidFileTime registry value.
9. ISSUE:
A newly created user defined Unwanted Program
Policy, does not take affect immediately if the
file has been scanned by the On-Access Scanner
before the change occurred.
RESOLUTION:
The On-Access Scanner service has been updated
to properly recognize changes to the user
defined detections and clear the cache of files
that have already been scanned so that the new
settings take effect immediately.
10. ISSUE:
A trust relationship exists in McAfee drivers
that can be leveraged by McAfee processes to
avoid triggering access protection rules and
other compatibility symptoms. When the link
driver was updated to newer