Thank You For Using VirusScan Enterprise software. This Document Contains Important Information About This Release. We Strongly Recommend That You Read The Entire Document.
The beta license for this product expires on October 31, 2008.
The ePolicy Orchestrator extension for this release has been changed from supporting VirusScan Enterprise versions 8.5i and 8.7i to supporting only VirusScan Enterprise 8.7i. To place the Beta 3 version of VirusScan Enterprise 8.7i under ePO management, download the extension from the McAfee Beta web site and install it in the ePO repository.
We have incorporated some significant architectural changes in the anti-virus scanning engine and the manner in which the VirusScan Enterprise core components work with the engine. While we ensure that these changes don’t impact the overall stability of the release, we urge our customers to download this beta version, test all features in environments that are similar to their production environments and provide us feedback to help us further improve the stability and quality of the release.
We strongly recommend that customers test all features and functionality of this release in both desktop and server environments, especially where you have multiple security point products and/or applications running to ensure compatibility and optimal performance in real world environments. It is important for us to ensure that these architectural and feature changes do not have any adverse impact on standard as well as advanced features of VirusScan Enterprise. Customer feedback from testing in a varied set of environments will be instrumental in achieving this release goal.
See the New Features section for a detailed list of new features in this product release.
New and updated features in the current release of the software :
This release provides support for Windows Server 2008 (Longhorn).
Better rootkit detection and cleaning without system reboot — Safe memory patching, better IRP repair support at the system core and ability to read locked files at the kernal level have enabled us to provide better detection and the ability to clean them without having to reboot the system.
On-access scan performance improvements during system startup — Added boot cache process that should improve on-access scan performance during system startup.
Greater self-protection — Enhanced ability to protect against a wider range of mal-processes that can terminate McAfee processes provides greater VirusScan Enterprise self-protection and product stability.
This feature, shown in the product user interface and ePolicy Orchestrator as Heuristic network check for suspicious files, provides customers using VirusScan Enterprise 8.7i with the real-time detections for malware. Using sensitivity levels that can be configured based on your risk tolerance, the real-time threat protection feature looks for suspicious files on your endpoints that are running VirusScan Enterprise 8.7i. When VirusScan Enterprise 8.7i with this feature enabled detects a suspicious program, it sends a DNS request containing a fingerprint of the suspicious file to McAfee Avert Labs which then communicates the appropriate action back to VirusScan Enterprise 8.7i. The real-time defense feature also provides protection for classes of malware for which signatures may not be available. This protection is in addition to the world-class DAT-based detection VirusScan Enterprise has always provided. There is no additional client software or any change in user experience. In this release, this optional feature is available only for On-Demand Scans and Email Scanning and is disabled by default. You must select a sensitivity level to enable the feature. We encourage you to try out this feature and provide us valuable feedback so that we can continue to enhance our industry leading malware protection capabilities.
Improved local control of on-demand scans by setting scan deferral options. These options allow you to defer scans when using battery power or during presentations and allow end users to delay scheduled on-demand scans. Scans may be deferred between one and twenty-four hours or forever.
Enhanced system throttling now includes registry and memory scanning in addition to file scanning.
The ability to specify buffer overflow exclusions by API was removed from VirusScan Enterprise 8.5i, but has been reinstated for the VirusScan Enterprise 8.7i release. The API exclusion name is case-sensitive.
When this option is selected, the on-access scanner scans processes that are already running when the McShield service becomes enabled. This means that when the McShield service starts, the scanner scans any process that is already running and any process as the process is launched.
Known issues in this release of the software are described below:
Issue
The preliminary versions of the product release notes, and guides are available for download from the McAfee beta website under the VirusScan Enterprise product “Documentation” tab. Final versions of the product documentation will be available for final product release.
To view the latest version of the online help in ePolicy Orchestrator download the help_epo_110.zip extension from the McAfee beta web site and add it to the ePolicy Orchestrator repository.
From the VirusScan Console, select Tools | Edit AutoUpdate Repository List.
Add betaupdate.mcafee.com/ to the repository list.
Move the item to the top of the list.
Issue
The 64-bit version of Panda Antivirus 2008 is not removed during the VirusScan Enterprise installation. During the VirusScan Enterprise stand-alone product installation, the user is notified to manually remove the product. During silent installation, such as deployment via ePolicy Orchestrator, the VirusScan Enterprise installation fails with no notification. In either case, the user must manually uninstall the 64-bit version of Panda Antivirus 2008, then reinstall VirusScan Enterprise.
Issue
If you install VirusScan Enterprise 8.7i on a system where the VirusScan for NetApp 7.1 Console is running, the VirusScan for NetApp 7.1 Console is disabled. This is because VirusScan Enterprise for Storage will be released shortly and it is a replacement for VirusScan for NetApp 7.1. We do not recommend installing VirusScan Enterprise 8.7i on a system where the VirusScan for NetApp 7.1 Console is running.
Issue
The Policy Migration tool (ePOPolicyMigration.exe) is used to upgrade ePolicy Orchestrator managed versions of VirusScan Enterprise polices and tasks from an earlier version of VirusScan Enterprise to a later version. The Policy Migration tool only runs one time per server. If you have both the VirusScan Enterprise 8.0i .NAP file and the 8.5i .NAP or extension installed on the same server, you must choose whether to upgrade the VirusScan Enterprise 8.0i policies and tasks or upgrade the 8.5i policies and tasks. You cannot upgrade both. For example, if you use the migration tool to upgrade the VirusScan Enterprise 8.0i policies and tasks to VirusScan Enterprise 8.7i, then you cannot upgrade the VirusScan Enterprise 8.5i polices and tasks to VirusScan Enterprise 8.7i and vice-versa.
You can upgrade more than one version of the VirusScan Enterprise software to a later version in ePolicy Orchestrator, but you can only upgrade one version of the VirusScan Enterprise policies and tasks to a later version.
Choose only one of these options:
When upgrading VirusScan Enterprise 8.5i policies and tasks in ePolicy Orchestrator 3.6.1, first check in the .NAP file, then execute the Policy Migration tool on the server.
When upgrading VirusScan Enterprise 8.5i policies and tasks in ePolicy Orchestrator 4.0, first check in the extension, then execute the Policy Migration tool on the server.
- When upgrading VirusScan Enterprise 8.0i policies and tasks, use the command-line option with the force switch as follows: ePOPolicyMigration.exe /force80
Issue
When using ePOPolicyMigration.exe to migrate VirusScan Enterprise policies from an older version of the product to a newer version of the product, the tool does not migrate the status of some Access Protection Policies. Refer to McAfee Support KnowledgeBase article 616156 for more information on this issue.
Issue
Unable to start McShield after using custom installation to install VirusScan Enterprise with the on-access scanner disabled. If you deselect the Enable On-Access Scanner at the end of installation option during a custom installation, then attempt to enable the on-access scanner from the VirusScan Console, McShield does not start. You must enable the on-access scanner twice to change the McShield service from Stopped to Started. The first attempt to enable the on-access scanner changes the McShield service to Paused and the second attempt changes the service to Started. This issue is expected to be fixed for the final release of the product.
This version of VirusScan Enterprise supports Lotus Notes version 6.0x, 6.5, and 7.0x.
Refer to the Installation Guide for information about supported operating systems.
Issue
Sometimes when VirusScan Enterprise 8.7i is installed on a system that is also protected by McAfee Network Access Control (MNAC), a DAT compliance issue might occur if the DAT version included in VirusScan Enterprise 8.7i is older than the age configured in the MNAC policy. If the DAT version exceeds this age, MNAC quarantines the system until remediation steps are taken by the administrator or user. In most cases, remediation requires a restart.
Both products are working as expected. There are two options to address this issue:
Issue
The local system application event log contains event ID 5004.
To resolve this issue, uninstall the failed product, restart the system, then reinstall the product.
Issue
NVIDIA® drivers may cause performance issues or system response failure. VirusScan Enterprise 8.7i may run at 100% CPU or cause the system to fail to respond when running on specified NVidia drivers. See Knowledge Base articles 614212 and 65066 for more information.
Issue
When taking action on threatened items detected on an EMC filer, the Deny access action option is not recommended. Only the Clean and Delete action options are recommended. This is because the implementation of the anti-virus protection between VirusScan Enterprise and EMC requires that a clean or delete action be taken to protect detected threats. Deny access does not take any action and allows the detected item to be accessed again.
Issue
The update task fails the first time after any system restart when running VirusScan Enterprise 8.7i on a system with Microsoft Windows 2000 Professional and Server operating systems. In this scenario, the update task fails the first time after every manual or scheduled system restart and may also be seen when a manual update is performed after the system is left running for days. Subsequent update tasks are successfully performed in either case. If an update task fails in this scenario, start another update task or wait for the next scheduled task to perform.
Issue
McAfee Agent was previously known as ePolicy Orchestrator agent.
Issue
The name of the Dr. Watson like feature in Microsoft Windows Vista and Windows Server 2008 is now called werfault.exe. As this exclusion does not exist in the current access protection rules, these two operating systems may be prevented from documenting a crash including VSE components. The Prevent McAfee services from being stopped rule detects the violation and denies access. Be certain to specify this exclusion prior to testing, or when trying to reproduce a crash on a Windows Vista or Windows Server 2008 system. This issue is expected to be fixed for final release of the product.
Issue
The Extra.DAT version displays as “None” in the activity log. Although the Extra.DAT version does not display in the activity log, detections occur as expected. To view the Extra.DAT version, see the About dialog box or the ePolicy Orchestrator events. This issue is expected to be fixed for the final release of the product.
Issue
When detections occur on 64-bit systems, event notifications may fail. See the activity log and the on-access scanner messages dialog box for information about detections.
Issue
Some customers have reported seeing VirusScan Statistics (VShield) crashing/disappearing from the system tray. Refer to McAfee Support KnowledgeBase article 613892 for more information on this issue.
Resolved issues in this release of the software are described below:
Issue
McShield may crash during an update task if the task is performed while McShield is disabled and there is a DAT change. The crash occurs for all update tasks; manual updates, scheduled updates, and rollback tasks unless the DAT is current on the system and/or McShield is running during the update task.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
The list of basic Buffer Overflow Protection exclusions is cleared when accessing advanced exclusions after specifying basic exclusions. If you first specify basic exclusions, then select the option to specify advanced exclusions, the list of basic exclusions is cleared and the specified exclusions are lost. To prevent this, you must specify all basic and advanced exclusions in one list.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
The Exchange server’s Information Store services crash when the on-delivery email scanner detects volumes of threats. When the Store services fail, mail is not processed for any client attached to the Exchange server. This issue has been seen in less than two hours when a single client has been running on-delivery email scan detections. This issue may also exist in the on-demand email scanner. The issue has not been seen when using the Lotus Notes email scanner. We strongly recommend that the Exchange server used for all email testing be included in the Beta lab environment, and not in a production environment.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
On-delivery email scanning may fail to end the scanning process at the end of the scan. If this occurs, manually stop the Microsoft Outlook client on the system. This issue is rare and may be sample specific.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
On-access scanning session settings are not recorded in the activity log even though the option was selected on the Reports tab.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
When the on-access scanner blocks a connection to a remote computer, the blocked Source IP may not be displayed, and if the Source IP is displayed, the Unblock all connections now option is disabled. When this occurs, the system is protected as follows:
The detection is recorded in the activity log.
The Source IP may or may not be displayed in the on-access scan statistics dialog box.
The share is blocked from the same access by a remote system whether the detection displays in the statistics dialog box or not.
The block cannot be removed because the Unblock all connections now option is disabled.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
The first attempt to access a system with Windows 2000 operating system and VSE from a remote system fails. This issue only occurs on the first attempt to access the system after a system restart. Although the error message indicates there is a problem with the file format or syntax, the issue resolves itself in second and subsequent accesses.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
When you create scheduled tasks in VSE8.5i then upgrade to VSE 8.7i, the created tasks are available, but they do not run as scheduled. To correct this issue, restart the system after the upgrade.
Resolution
This issue was fixed in the Beta 2 release of this product.
Issue
A “Virtual Machine” access protection rule violation occurs when you log in to Windows XP, Service Pack 2 on a VMWare image. The rule that triggers this violation has been set to “Report” by default for this release.
Resolution
This issue was fixed in the Beta 2 release of this product.
The McAfee documentation is designed to provide you with the information you need during each phase of product implementation, from evaluating a new product to maintaining existing ones. Depending on the product, additional documents might be available. After a product is released additional information regarding the product is entered into the online Knowledgebase available on McAfee ServicePortal.
|
Use this task to go to the release notes and other product documentation for McAfee enterprise products.
COPYRIGHT
Copyright © 2008 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.