Release Notes for McAfee® VirusScan® Enterprise 8.8 - Beta 1

Performance improvements

The VirusScan Enterprise 8.8 software release caches previously scanned files in a common location where the software always checks before scanning files. This cache reduces duplicate file scanning and improves performance.

Windows Office 2010 support

This release provides support for all Windows Office 2010 applications. Specifically adding on-access scanning of Microsoft Outlook 2010 email and attachment files.

ScriptScan exclusion support

ScriptScan exclusion allows you to add the URLs of trusted scripts from known safe websites as white lists for VirusScan Enterprise 8.8. These ScriptScan exclusions reduce scanning and improve performance. This user interface feature is available in ePolicy Orchestrator 4.0, and greater, plus the VirusScan Console. Previously these excluded URLs required manual registry editing.

Installation

• Issue
  The following error appears during the VirusScan Enterprise 8.8 software installation if UNC shares are included in the environment PATH:

   McAfee VirusScan Enterprise services will not start if UNC shares are included in the environment PATH.

  For example, the following environment PATH causes the failure because \\filehost\bin (\\hostname\share) is included:

  PATH=c:\windows\system32;\\filehost\bin;c:\tools\bin

  The following environment PATH works correctly:

  PATH=c:\windows\system32;c:\windows;c:\tools\bin

  (577342)

• Issue

  If McAfee Host Intrusion Prevention 8.0 is installed on the system, disable Intrusion Prevention Signature (IPS) 1002 before installing VirusScan Enterprise 8.8. (579612)

• Issue

  There is a know issue when upgrading from VirusScan Enterprise 8.7i to VirusScan Enterprise 8.8 when Microsoft Outlook is open during the upgrade. McAfee recommends you close Microsoft Outlook before installation of VirusScan Enterprise 8.8. (611045)

Migrating policies and events in ePolicy Orchestrator

• Issue

  The Policy Migration tool (ePOPolicyMigration.exe) upgrades VirusScan Enterprise polices and tasks from an earlier version of VirusScan Enterprise. This tool runs only one time per server. If you have both the VirusScan Enterprise 8.5 extension and the 8.7 extension installed on the same server, you must choose whether to upgrade policies and tasks from VirusScan Enterprise 8.5 or 8.7. You cannot upgrade both.

  Choose only one of these upgrade scenarios:

  • When upgrading VirusScan Enterprise 8.7 policies and tasks in ePolicy Orchestrator, first check in the extension, then execute the Policy Migration tool on the server.
  • When upgrading VirusScan Enterprise 8.5 policies and tasks, use the command-line option with the force switch as follows: ePOPolicyMigration.exe /force85
  NOTE: You can upgrade more than one version of the VirusScan Enterprise software to a later version in ePolicy Orchestrator, but you can upgrade only one version of VirusScan Enterprise policies and tasks to a later version.

  (403044)
• Issue

  The ePolicy Orchestrator Migration tool might fail to migrate the existing policies and tasks from an ePolicy Orchestrator Server that uses Windows NT authentication for ePolicy Orchestrator access. In some cases the ePolicy Orchestrator Migration tool needs to pass the SQL administrator password as a parameter for the ePolicy Orchestrator Migration tool.

  Workaround: When you run the ePOPolicyMigration.exe command from the command line, add the /PASSWORD switch and the SQL administrator password. For example, type: [path]\epopolicymigration.exe /password=sql_admin_password

  See the Migrating the ePolicy Orchestrator policies section of the McAfee VirusScan Enterprise 8.8.0 Installation Guide. It describes how to use the ePolicy Orchestrator /PASSWORD switch in the command line. (611047)

• Issue

  When you use the ePolicy Orchestrator Migration tool it fails and displays the following incorrect error message:

  "The most recent version of VirusScan Enterprise extension is not checked in. It must be checked in before running the migration tool."

  If the VirusScan Enterprise 8.8 extension is already checked in then this error is actually caused by bad password access to ePolicy Orchestrator. See the Migrating the ePolicy Orchestrator policies section of the McAfee VirusScan Enterprise 8.8.0 Installation Guide. It describes how to use the ePolicy Orchestrator /PASSWORD switch in the command line. (611046)

Supported platforms and products

• This version of VirusScan Enterprise supports Lotus Notes version 7.0x, and 8.0x through 8.5.1. See the VirusScan Enterprise 8.8 Installation Guide for information about supported operating systems.

Compatibility with other products

• Issue
  After installing VirusScan Enterprise 8.8 to a system where McAfee NAC 3.0 is installed, an infrequent failure might occur, preventing identification of McAfee services. You might see these symptoms:

  • A specified driver is invalid message is logged if you perform an update task before restarting.
  • A driver failed to load message is logged for one or both products.
  • The local system application event log contains event ID 5004.

  Workaround: Uninstall the failed product, restart the system, then reinstall the product.

• Issue

  NVIDIA^® drivers might cause performance issues or system response failure. VirusScan Enterprise 8.8 might run at 100% CPU or cause the system to fail to respond when running on specified NVIDIA drivers. See KnowledgeBase articles KB614212 and KB65066 for more information about this issue. (388060)

Updating

• Issue

  Failure to access the repository is not logged in the VirusScan Enterprise 8.8 update log, but the failure is logged in the McAfee Agent log. The default location of the McAfee Agent log is: <drive>:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\mcscript.log. (384749)

• Issue

  Silent update tasks performed from the command line still display the progress dialog box. The installation successfully completes, but the Update in progress dialog box appears when you run setup.exe /q RUNAUTOUPDATESILENTLY=TRUE from the command line. (399265)

• Issue

  Importing the Sitelist.xml file from the command line might fail. When you run setup.exe CMASOURCEDIR="<drive>:\Documents and Settings\<username>\Desktop\ from the command line to install the product and import the Sitelist.xml file from the Desktop, the installation successfully completes, but fails to import the Sitelist.xml file.

  To resolve this issue, use a Sitelist.xml file that was created by ePolicy Orchestrator agent 4.0. If the McAfee Agent 4.0 installation upgraded a previous installation of ePolicy Orchestrator agent 3.6.1, then it will produce a correct Sitelist.xml that can be imported by VirusScan Enterprise 8.8. (419467)

Remote console

• Issue

  When using the Remote Console feature to connect to Windows Vista systems, or later, you are unable to open Access Protection, Buffer Overflow, and Quarantine Manager dialog boxes for the remote systems and no error appears. This is because the Windows Vista, and later, systems do not automatically start the Remote Registry service and the Remote Console feature uses the Remote Registry service.

  Workaround: Before starting the Remote Console feature, you must manually start the Remote Registry service on the remote system using the following:
  • Click Start | Run and type services.msc. The Services dialog box appears.
  • Right-click Remote Registry in the Services (Local) | Name column and click Start.
  (581439)
• Issue

  When using the remote console feature to open Access Protection properties on a system with Windows Server 2008, it might take several minute to open the connection. (392825)

Miscellaneous

• Issue
  The Windows Security Center does not display the VirusScan Enterprise 8.8 status correctly. For example, from the Control Panel if you open the Windows Action Center display the following might appear as turned off:

  • McAfee VirusScan Enterprise
  • McAfee VirusScan Enterprise Antispyware Module

  Workaround: Modify the registry values using the following process:

  1. In the Windows Run window, type regedit to display the Registry Editor.
  2. Depending on your system, navigate to the following registry and change the REG_DWORD value to 1:
     • 32-bit systems — Change registry:

       HKLM\SOFTWARE\McAfee\DesktopProtection, value to the following:

       Name: bUseWscAVExe, Type: REG_DWORD, Data: 1

     • 64-bit systems — Change registry:

       HKLM\SOFTWARE\Wow6432Node\McAfee\DesktopProtection, value to the following:

       Name: bUseWscAVExe, Type: REG_DWORD, Data: 1

  3. Click OK and close the Registry Editor.

  (592672)

• Issue

  When you configure a drive to exclude from on-access scanning, use a UNC path, not a mapped network drive. For example, if you type Z:, for the mapped network drive in the Set Exclusions dialog box, the files in the mapped drive are not excluded from on-access scanning. (546966)

• Issue
  Using extended character set characters when adding Default + additional file types to scan works differently than you expect when configuring either On-Delivery Email Scan Properties or Outlook On-Demand Scan. For example, if you add the file type Ãbà to the User-specified additional file types to scan, you expect the "xxxxx.ÃbÃ" to be scanned. But, both of the following files are scanned:

  • xxxxx.ÃbÃ
  • yyyyy.Ãbc
  This is expected behavior when using the extended character set characters.

  NOTE: This only occurs on some Windows 64-bit systems using Windows Outlook 2010 x64 Professional Edition.

  To scan only the file type ÃbÃ, configure an exclusion using the wildcard characters ? or *. For example, configure an exclusion using Ãb? or Ã*.

  (586207)

• Issue

  Windows Action Center shows VirusScan Enterprise and the AntiSpyware Enterprise Module are turned off even when they are actually turned on. This will be addressed prior to release of VirusScan Enterprise 8.8. (592672)

• Issue

  The VirusScan Console crashes when you add a UNC file share requiring credentials and using Tools | Import AutoUpdate Repository List to add to the site list.

  This should be fixed in the next release of the McAfee Agent 4.5. (591137)

• Issue

  If you select Tools | Edit AutoUpdate Repository List, from the VirusScan Console, it triggers an invalid access error. This error causes the console process to crash.

  This should be fixed in the next release of McAfee Agent 4.5. (559521)

• Issue
  The McAfee email scanner for Lotus Notes does not use the Quarantine Manager to quarantine detected threats. Consequently, if you configured the email scanner first action to Clean attachments or Delete attachments, the original version of the detected threat is no longer available for recovery, or restoration after the clean or delete action is taken on the detection. If you want the original version of the detected threat to be available after the action is taken on the detection, McAfee recommends you set the first action to Move attachments to a folder and specify a quarantine folder. When this move action is enabled, the original detected threat is moved to the specified quarantine folder with the .MCM extension appended to the detection.

  NOTE: If you enable the Move attachments to a folder option on client systems you should always have the on-access scanner enabled so those files may not inadvertently be accessed by a user.

  (430862)
• Issue

  When running VirusScan Enterprise 8.8 on a system with Microsoft Windows Server 2008, the on-access scanner might fail to delete a detected file from a network shared folder. The on-access scanner’s ability to delete a detected file is not guaranteed on network file systems. In this case, if the detected file is not deleted, the file content is removed and the remaining file size is zero. (431158)