Release Notes for McAfee(R) ePolicy Orchestrator(R) Version 3.5 Patch 6 Copyright (C) 2006 McAfee, Inc. All Rights Reserved ========================================================== This Patch is build number: 3.5.0.720. This release was developed and tested with: - ePolicy Orchestrator: 3.5 Make sure you have installed this version before using this release. ========================================================== Thank you for using ePolicy Orchestrator(R) software. This file contains important information regarding this release. We strongly recommend that you read the entire document. The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. McAfee, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. Patch files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the Patch. Patch files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of Patch files. Patch files are not a substitute or replacement for product Service Packs which may be released by McAfee, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from McAfee, Inc. Further, posting of McAfee Patch files to publicly available Internet sites is prohibited. McAfee, Inc. reserves the right to refuse distribution of Patch files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee Patch files should be directed to McAfee Technical Support. __________________________________________________________ WHAT'S IN THIS FILE - About This Release - Purpose - Resolved Issues - Previously Resolved Issues - Installation - Installation Requirements - Installation Steps - Removing This Release - Contact Information - Copyright & Trademark Attributions - License & Patent Information __________________________________________________________ ABOUT THIS RELEASE IMPORTANT: To maintain full functionality, installing this Patch is required on ePolicy Orchestrator servers and all ePolicy Orchestrator remote consoles. Applying this Patch does not automatically update existing Rogue System Sensors. To update deployed sensors, you must uninstall all sensors from target systems and redeploy them. For details on uninstalling and redeploying Rogue System Sensors, refer to your product documentation. Please refer to "Resolved Issues" in this file for information about Rogue System Sensor fixes. PURPOSE This Patch replaces server and console files in ePolicy Orchestrator to resolve the issues listed below. The fixes in ePolicy Orchestrator Patch releases are cumulative. See "Previously Resolved Issues" for fixes in earlier Patch versions. RESOLVED ISSUES 1. ISSUE: A successful exploit of a reported security vulnerability could allow an attacker to remotely execute arbitrary code on the ePolicy Orchestrator server. The attack would require network access to the ePolicy Orchestrator server system and reverse engineering of the proprietary communications protocol. RESOLUTION: This vulnerability has been resolved in this release. NOTE: This vulnerability was discovered by Mati Aharoni and Moti Joseph. PREVIOUSLY RESOLVED ISSUES (ePolicy Orchestrator 3.5 Patch 5) 1. ISSUE: McAfee VirusScan 8.0i 2402 Update Failed events are being processed as properties, resulting in failed engine upgrades being reported as successful even when an error is returned. RESOLUTION: 2402 Update Failed events from VirusScan 8.0i are processed properly and do not incorrectly report as successful when there are errors. 2. ISSUE: After installing Microsoft Windows 2003 SP1, when you click on the ePolicy Orchestrator Agent policy configuration page, an Internet Explorer script error occurs. RESOLUTION: When clicking on the ePolicy Orchestrator Agent policy configuration page, a script error no longer occurs. 3. ISSUE: Client systems may try to update from the wrong repository branch because the update policy does not explicitly define which branch to use. RESOLUTION: Client systems update from the correct branch, as explicitly defined by the update policy. 4. ISSUE: When running the Top 10 Infections report with a date filter set, some systems may be missing detailed infection information when you drill down on a system. RESOLUTION: When running the Top 10 Infections report with a date filter set, the detailed infection information is present when you drill down on a computer. 5. ISSUE: Symantec AntiVirus events are not sent to the ePolicy Orchestrator server because the location of the event files has been changed. RESOLUTION: The Symantec AntiVirus 9.0 NAP file and plug-in recognize the new location of the Symantec AntiVirus events, and the events are uploaded to the ePolicy Orchestrator server. 6. ISSUE: Results from the Computer by OS Type query and the OS Summary query do not match. RESOLUTION: Results from the OS Summary query now match the results of the Computer by OS Type query. 7. ISSUE: In the Update History Subreport, any product update events that result from an update task launched by a managed product are listed by the Event IDs instead of meaningful event descriptions. RESOLUTION: In the Update History Subreport, product update events that result from an update task launched by a managed product are now listed by meaningful event descriptions. 8. ISSUE: Policy export does not work properly when saved as a template and the "Only export custom policies" option is selected. RESOLUTION: Custom policies can now be properly exported and saved as a template. 9. ISSUE: Large events forwarded from System Compliance Profiler are processed too slowly by Event Parser, causing a backlog of events waiting to be processed. RESOLUTION: Changes have been made to significantly improve the performance of System Compliance Profiler event processing. 10. ISSUE: When performing a "pull now" task from a remote console and global updating is enabled, the date/time information in the SITESTAT.XML file located on the ePolicy Orchestrator server is out-of-date. RESOLUTION: The SITESTAT.XML has the proper date/time information when a "pull now" task is performed from a remote console. 11. ISSUE: Replication tasks fail intermittently, often hanging or ending with an exception error: "Caught unknown exception when replicating to site." RESOLUTION: The code involved in replication now has improved error handling. 12. ISSUE: NAREPL32.EXE causes high CPU usage during replication tasks. RESOLUTION: Optimizations have been made to the replication process to reduce high CPU utilization by NAREPL32.EXE. 13. ISSUE: For any client system with 4 GB RAM or more, ePolicy Orchestrator reports an incorrect amount of total physical memory. RESOLUTION: ePolicy Orchestrator now reports the correct amount of total physical memory on client systems. 14. ISSUE: The error: "Failed to process XML file" is logged in EVENTPARSER.LOG, even when the event is eventually processed. RESOLUTION: The log message is now changed to a more informational message: "Failed to process XML file…, PKG file will be reprocessed for embedded XML." 15. ISSUE: The Repository Branch Update Selection policy, found on the Updates tab of the ePolicy Orchestrator Agent policy configuration page, does not reset when reset policy inheritance is selected. RESOLUTION: Repository Branch Update Selection policy resets properly when reset policy inheritance is selected. 16. ISSUE: The delay missed task option allows a maximum delay of five minutes when configuring the task from the ePolicy Orchestrator console. RESOLUTION: The delay missed task option now allows up to a 99-minute delay when configured from the ePolicy Orchestrator console. 17. ISSUE: Push agent installation fails when initiated from the Rogue System Detection agent deployment GUI and the SERVER.INI contains a \u in the file. RESOLUTION: Push agent installation no longer fails when initiated from the Rogue System Detection agent deployment GUI, even if the SERVER.INI contains a \u in the file. 18. ISSUE: McAfee VirusScan for NetApp is not included in the product list under Notifications, so you cannot configure Notification rules for the product. RESOLUTION: VirusScan for NetApp is now added to the list of products for which Notification rules can be configured. 19. ISSUE: Push installation of Common Management Agent fails on systems running Microsoft Windows 2000 if the ePolicy Orchestrator server is running Microsoft Windows 2003 SP1. RESOLUTION: Push installation of Common Management Agent no longer fails on systems running Microsoft Windows 2000 if the ePolicy Orchestrator server is running Microsoft Windows 2003 SP1. 20. ISSUE: The Count of All Connecting Computers query includes nodes that are marked for deletion. RESOLUTION: The Count of All Connecting Computers query no longer includes the nodes marked for deletion. 21. ISSUE: When the McAfee ePolicy Orchestrator 3.5.0 Discovery & Notification service is active, the Microsoft SQL Server process continuously exhibits high CPU utilization. RESOLUTION: Changes have been made to dramatically reduce the amount of CPU utilization by the Microsoft SQL Server process when the McAfee ePolicy Orchestrator 3.5.0 Discovery and Notification service is active. 22. ISSUE: Notifications received from McAfee VirusScan PDA are not properly categorized as VirusScan PDA events. RESOLUTION: Notifications now properly recognize VirusScan PDA events. 23. ISSUE: Rogue System Detection adds 32-bit subnets into the Networks table from agent ASCI, making the Subnets tab difficult to use. RESOLUTION: Rogue System Detection no longer imports 32-bit subnets reported by managed agents. 24. ISSUE: McAfee Desktop Firewall 8.5 events cannot be deleted from the ePolicy Orchestrator database by using the Events removal interface. RESOLUTION: Desktop Firewall 8.5 events can now be deleted by using the ePolicy Orchestrator Events removal interface. 25. ISSUE: When exporting reports in Microsoft Excel (MS-Excel 97-2000 Data only) format, CRXF_XLS.DLL crashes MMC.EXE and the following error appears in the Application Event Log: "Event ID 1000- faulting application mmc.exe, version 5.2.3790.1920, faulting module crxf_xls.dll, version 8.6.1.614, fault address 0x00036d50." RESOLUTION: Exporting reports in Microsoft Excel (MS-Excel 97-2000 Data only) format no longer crashes MMC.EXE. 26. ISSUE: SERVER.LOG shows the following error message even though events are eventually processed: "Unable to write event package… error 2." RESOLUTION: The log message has been modified and now indicates the reason the event package cannot be written. PREVIOUSLY RESOLVED ISSUES (ePolicy Orchestrator 3.5 Patch 4) 1. ISSUE: In certain circumstances, the ePolicy Orchestrator console freezes when you click on the Users tab. RESOLUTION: The console no longer freezes when you click on the Users tab. 2. ISSUE: When performing a removal of events from the ePolicy Orchestrator console, the console responds with the following error: "The event removal failed due to database error timeout expired." RESOLUTION: The event removal algorithm now removes events in segments, avoiding a query timeout for large databases. 3. ISSUE: Changes to the Selective Updating list for the Agent Update task are not saved if made from a remote console. RESOLUTION: Changes made to the Selective Updating list from a remote console are saved. 4. ISSUE: When making a change to the selections of Engine and DAT under the Global Update list, the changes are not saved. RESOLUTION: The changes made to the Engine and DAT configuration under Global Updating are now saved properly. 5. ISSUE: Users can move past the initial Notifications rule creation page without providing a rule name, causing an Internal Server error. RESOLUTION: Users can no longer move past the initial Notifications rule creation page without providing a rule name. 6. ISSUE: The DAT and Engine reports show only the most recent DAT and Engine versions for non-McAfee products, regardless of the values you select for the report to show. RESOLUTION: The DAT/Definition Deployment Summary, DAT Engine Coverage, and Engine Deployment Summary reports now report the correct results based on the selections made by the user when running the report. 7. ISSUE: In Notifications, entering a command-line name that contains a single quote causes an Internal Server error. RESOLUTION: Entering a command-line name that contains a single quote no longer causes an Internal Server error. 8. ISSUE: Task compilation is slow, which can lead to performance issues on the ePolicy Orchestrator server. RESOLUTION: Changes have been made to the code to speed up the compilation of tasks that are sent to the agent during each agent communication session. These optimizations will enhance server performance. 9. ISSUE: The Agent Update task fails to install Extra.dat correctly for GroupShield Exchange. RESOLUTION: The Agent Update task now installs Extra.dat correctly for GroupShield Exchange. 10. ISSUE: When performing a Directory search, Site Admins do not see machines located in the Global Lost&Found. RESOLUTION: Global Lost&Found entries are now viewable by Site Admins from a Directory search. 11. ISSUE: In some cases, installation of GroupShield Exchange reports can cause policy compilation errors, resulting in not being able to enforce policies for GroupShield Exchange. RESOLUTION: Installation of GroupShield Exchange reports no longer causes GroupShield Exchange policy compilation errors. 12. ISSUE: McAfee Desktop Firewall 8.5 events do not trigger any notifications. RESOLUTION: Notifications are now sent for McAfee Desktop Firewall 8.5. 13. ISSUE: When renaming groups in an ePolicy Orchestrator Directory containing over 1000 groups, response is slow. RESOLUTION: The group rename algorithm is now optimized for performance for installations with a large number of groups. 14. ISSUE: No email is generated when the "prevent mass mailing worms from sending mail" rule is triggered in McAfee VirusScan Enterprise and the Notifications category is set to "Access Protection Rule Violation detected and blocked." RESOLUTION: An email is generated when the "prevent mass mailing worms from sending mail" rule is triggered in McAfee VirusScan Enterprise and the Notifications category is set to "Access Protection Rule Violation detected and blocked." 15. ISSUE: Reports cannot be run when logged in from a remote console installed on a Microsoft Windows XP system. RESOLUTION: Reports now run normally when logged in from a remote console installed on a Windows XP system. 16. ISSUE: Rogue System Detection reports fail with the error: "Error detected by database DLL." RESOLUTION: All Rogue System Detection stored procedures and views are now created with DBO permissions, allowing the reports to run without error. 17. ISSUE: Rogue System Detection reports do not accurately report the information found in the Rogue System Detection console. RESOLUTION: Rogue Type and Sensor Coverage reports now categorize rogue systems in the same manner as the Rogue System Detection console. PREVIOUSLY RESOLVED ISSUES (ePolicy Orchestrator 3.5 Patch 3) 1. ISSUE: Spyware infections that are cleaned show as "Unresolved Infections" in the "Compliance Issues" report. RESOLUTION: Spyware infections that are cleaned no longer appear as "Unresolved Infections" in the "Compliance Issues" report. 2. ISSUE: Incomplete compiled.xml causes policy enforcement issues. RESOLUTION: When a managed product is removed from ePolicy Orchestrator, tasks and policies associated with that product are cleanly removed to prevent policy compilation problems. 3. ISSUE: Notifications is unable to parse XML event files that contain non-US characters, such as ë, causing errors such as "java.io.UTFDataFormatException: Invalid byte 2 of 3-byte UTF-8 sequence" to appear in the notifications.log file. RESOLUTION: Notifications can now handle XML event files containing non-US characters. 4. ISSUE: Error 7031 appears in the System Event log during scheduled replications: "The McAfee ePolicy Orchestrator Server service terminated unexpectedly." RESOLUTION: SrvEventInf.dll was revised to allow concurrent access from multiple threads simultaneously so that this error no longer occurs. 5. ISSUE: The ePO Audit Processing SQL job runs with errors and no audit log is generated. RESOLUTION: The ePO Audit Processing SQL job now runs without errors. 6. ISSUE: Computers with identical MAC addresses overwrite each other in the ePolicy Orchestrator database. This can occur if the systems are connecting to the ePolicy Orchestrator server using network load balancing or through a virtual private network. RESOLUTION: MAC address included in the search algorithm for finding a match in the ePolicy Orchestrator Directory can now be disabled by a registry setting. This registry key needs to be manually created on the ePolicy Orchestrator server. Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Options String Value: DisableMACSearch Set "DisableMACSearch" to "1" to disable the MAC search. The following services must be restarted in order to begin using the new value set by this registry key: - McAfee ePolicy Orchestrator 3.5.0 Event Parser - McAfee ePolicy Orchestrator 3.5.0 Server If this "DisableMACSearch" setting is not present, the default value is "0" which means that the MAC search will be activated. 7. ISSUE: When trying to send the ePolicy Orchestrator agent to a rogue system, the following error is displayed: "java.io.IOException: Failed to authenticate with ePO server!" RESOLUTION: A change was made so that the agent push is no longer looking for a hard-coded user name that might not exist, therefore allowing the push to occur successfully. 8. ISSUE: Older versions of ePolicy Orchestrator did not uniformly set stored procedure permissions. RESOLUTION: The permissions of the stored procedures have been reset to match those of a fresh installation of the current version of ePolicy Orchestrator. 9. ISSUE: The report "Content Filter Report by Rule" shows the count for a content filter as ##### because the number of events is greater than 99999. RESOLUTION: The display field within the WebShield RPT files is now large enough to display a number that is larger than five digits. 10. ISSUE: Policies are not compiled properly if a site or group named "Directory" exists in the ePolicy Orchestrator Directory. RESOLUTION: Policies are compiled successfully even when a site or group within the ePolicy Orchestrator Directory is named "Directory." 11. ISSUE: Notifications including any substitution variable that contains special characters, such as $, ., {, }, [, ], ^, \ are not sent. RESOLUTION: Notifications are now sent properly when the event includes a special character. 12. ISSUE: Login to reporting on a remote console fails when the ePolicy Orchestrator database is configured to use NT authentication with a user who does not have administrator rights on the remote console system. RESOLUTION: Impersonation issue is resolved so that the database user is not used for all remote console operations, but just for database access, and login is now successful. 13. ISSUE: When making changes to an ePolicy Orchestrator Directory containing over 1000 groups, response is slow. RESOLUTION: The speed of adding and deleting sites or groups in a Directory that contains more than 1000 groups has been significantly increased. 14. ISSUE: The ePolicy Orchestrator console closes unexpectedly when trying to check in an extra.dat file that contains a very large number of virus definitions. RESOLUTION: Extra.dat files containing a large number of virus definitions can now be checked in successfully. 15. ISSUE: Notifications are not sent if XML events contain any white space or trailing null characters at the end of the file, resulting in the error: "JDOMParseException:… Content is not allowed in trailing section." RESOLUTION: Notifications are sent properly even if XML events contain white space or trailing null characters at the end of the file. 16. ISSUE: Under certain circumstances, Rogue System Detection appears to stop working because the mail client was blocking due to waiting for a response from the mail server. Restarting the McAfee ePolicy Orchestrator 3.5.0 Discovery & Notification services temporarily resolves the issue. RESOLUTION: A socket timeout was added to the mail client so that the blocked state is avoided. 17. ISSUE: When GroupShield Exchange sends an event where the action was "Allow Through," ePolicy Orchestrator reports the action as "Cleaned." RESOLUTION: The events reported by GroupShield Exchange should now display the action as "Warning" instead of "Cleaned" when the action was "Allow Through." 18. ISSUE: When running the "DAT/Definition Deployment Summary" report, there might be a delay before the "Current Protection Standards" dialog box is displayed. RESOLUTION: Changes were made to the stored procedure used by the DAT/Definition Deployment Summary report that dramatically improves the performance of this report. 19. ISSUE: A debug log statement indicating the number of computers found in an Active Directory Import was malformed, causing an exception error when the log level is set to 8. RESOLUTION: The debug log statement has been fixed, so the number of computers found in an Active Directory Import now appears in the log when the log level is set to 8. 20. ISSUE: When the "DAT/Definition Deployment Summary" or "DAT Engine Coverage" reports are run, the "Current Protection Standards" dialog box displays no DAT or engine information. RESOLUTION: The "Current Protection Standards" dialog box displays the appropriate DAT and engine information. 21. ISSUE: When running the "Action Summary" report, event IDs such as 1036 and 1037, appear as the "Action." RESOLUTION: The appropriate action name appears in place of the event IDs when the "Action Summary" report is run. PREVIOUSLY RESOLVED ISSUES (ePolicy Orchestrator 3.5 Patch 2) 1. ISSUE: Replication tasks fail intermittently, often hanging or ending with an exception error such as the following: "Stack Exception c0000005 address 77f5d61b." RESOLUTION: The code involved in replication now has improved error handling. 2. ISSUE: The following error appears in the Application Event Log: "Event ID 1004- faulting application NaRepl32.Exe, version 1.5.0.467, faulting module ntdll.dll, version 5.2.3790.0, fault address 0x0001d61b." RESOLUTION: Several changes were made to the code involved in replication. This error no longer appears in the Application Event Log. 3. ISSUE: In rare circumstances, a -1207 error is displayed in the agent log when enforcing policies. This error is due to an incomplete removal of the product .NAP file. RESOLUTION: A software table insert trigger removes any ghost product entries when a new product .NAP file is installed. 4. ISSUE: When Regional settings are set to French (Canada), the text in several reports does not display correctly. RESOLUTION: Reports now display properly when Regional settings are set to any sublanguage, including French (Canada). 5. ISSUE: Certain events are not processed if the default language of the account used to access SQL is not English; the date/time format causes a conversion error. The following error appears in the eventparser.log: "Error converting data type varchar to datetime." RESOLUTION: Using an international date/time format allows the events to be processed without error. 6. ISSUE: When performing a directory search for inactive agents, four-digit numbers are returned as the location. RESOLUTION: Directory search queries now look up the location information directly from a table, instead of calling a separate stored procedure for each computer. This is much faster and avoids the contention problems that caused the numbers to appear. 7. ISSUE: The VirusScan 8.0i Top 10 Access Protection Report does not allow you to select the Rule Name when choosing the option to set a data filter. RESOLUTION: The Access Protection Report now allows the Rule Name filter to be selected. 8. ISSUE: Exporting to certain report formats does not export all data from subreports. RESOLUTION: All data from subreports are now exported properly. 9. ISSUE: The Event Parser log shows repeated error codes, for example: "AlertER - Failed to read the log level information from the registry." RESOLUTION: These messages provide information about the startup configuration and are not actual errors. The wording has been changed to more appropriate messages. 10. ISSUE: Default "Virus detected and not removed" notification contains incorrect value for "Actual Threat or Rule names" when triggered by an on-demand scan. RESOLUTION: The event that triggers this notification has been reclassified so that the appropriate information is sent. 11. ISSUE: When you run the ePolicy Orchestrator remote console and you are logged in as a non-administrative user on a Terminal Server, the console stops responding after 15 minutes of inactivity. RESOLUTION: Site Manager no longer requires the logged-on user to have local administrator rights; therefore, the restriction of access is not enforced and the timeout is avoided. 12. ISSUE: Message: "Failed to get MAC address from SPIPE package" appears in the server.log. RESOLUTION: This message is only an informational message and not an actual error. The wording of the message is now changed to "Optional MAC address not found in SPIPE" to clarify that this is not an error when it does occur. 13. ISSUE: High CPU utilization by NAIMSERV.EXE ended in crashes due to a malfunction in the task-policy caching mechanism that caused multiple threads to continually refresh the cache. RESOLUTION: The code involved in the caching of tasks has been changed so that NAIMSERV.EXE does not crash. 14. ISSUE: Only one PDA device is allowed to exist in the ePolicy Orchestrator Directory tree. RESOLUTION: Multiple PDA devices are now allowed to exist in the Directory. 15. ISSUE: After performing a database merge using AVIDB_MERGE_TOOL.EXE, the Action Summary Report shows incorrect data because unicode sql script files are not loading properly; this is due to invalid characters that are read into the buffer. RESOLUTION: The invalid characters are now removed, allowing the unicode script files to load properly. 16. ISSUE: A machine name in a double-byte language, such as Japanese, does not display properly in Rogue System Detection. RESOLUTION: Most systems with double-byte characters in the machine name now display correctly in Rogue System Detection. 17. ISSUE: The Rogue System Sensor Deployment Task allows you to select both "Force install" and "Force uninstall" at the same time. RESOLUTION: The checkboxes for these options now behave like radio buttons; only one option can be selected at any one time. 18. ISSUE: Rogue System Detection allows a machine that is already managed to be re-added to the ePolicy Orchestrator Directory, causing the following error message: "manualactionbean_missing_selection_add_to_epo." RESOLUTION: The option to add a machine that is already managed is no longer available in Rogue System Detection. 19. ISSUE: Machines that have the Rogue System Sensor deployed periodically receive the following error in the System Event log: "RSSensor.exe- Application error: The instruction at "0x004d4d7b" referenced memory at "0x00000004." RESOLUTION: Modifications have been made to the code in RSSensor.exe so that this crash no longer occurs. 20. ISSUE: If the ePolicy Orchestrator database name contains a space, the following error is displayed when clicking on Rogue System Detection or Notifications: "HTTP error 500- Server error: Initialization error details- Failed to initialize the alerting database." RESOLUTION: Rogue System Detection and Notifications now display correctly, even if the ePolicy Orchestrator database contains a space in the name. 21. ISSUE: Rogue System Detection and Notifications fail to load with "HTTP error 500- Server error: Initialization error details- Failed to initialize the alerting database" if the user account specified in CfgNaiMs.exe contains a space. This account is used by ePolicy Orchestrator to administer the ePolicy Orchestrator database. RESOLUTION: Rogue System Detection and Notifications now display correctly, even if the account used to access the database contains a space. 22. ISSUE: The "Push ePO Agent" Automatic Response in Rogue System Detection does not activate the OK button when non-US English characters, such as Å,Ä,Ö,å,ä,or ö, are used in the username or password. RESOLUTION: Non-US English characters now activate the OK button when used in the username and password of the "Push ePO Agent" Automatic Response in Rogue System Detection. 23. ISSUE: Inactive agents show up multiple times in Rogue System Detection reports. RESOLUTION: Inactive agents no longer show up multiple times in these reports. 24. ISSUE: When running the "Rogues Detected by Subnet" report, the same machines are reported multiple times, based on the number of sensors installed on the subnet. RESOLUTION: The report has been redesigned to no longer show duplicate computer entries that are due to more than one sensor on a subnet. 25. ISSUE: Machines marked as Rogue System Exceptions still show as rogue machines in the reports. RESOLUTION: Rogue System Detection reports now exclude machines that are marked as Exceptions. 26. ISSUE: When accessing Rogue System Detection, the message "Reconnecting" is displayed. This is caused when the ePolicy Orchestrator console login contains any of the following characters: &, +, or %. RESOLUTION: The characters &, +, or % are now allowed, and the Rogue System Detection page loads properly. 27. ISSUE: When the Rogue System Sensor policy is set to inherit at the Directory level, the sensor-to-server communication port changes to 8445. RESOLUTION: The sensor-to-server communication port no longer changes to 8445 when the policy is set to inherit at the Directory level. PREVIOUSLY RESOLVED ISSUES (ePolicy Orchestrator 3.5 Patch 1) 1. ISSUE: E-mail notifications sent by Rogue System Detection are missing the UTF-8 identifiers in the e-mail headers, which causes problems when viewing e-mail messages that contain high-order characters, such as Japanese characters. RESOLUTION: The proper identifiers have been added; now e-mail messages from Rogue System Detection that contain high-order characters are properly displayed. 2. ISSUE: Replication to distributed repositories residing on Novell NetWare FTP servers completes with partial failure due to files being locked at the time of download. RESOLUTION: Files are no longer held in a locked state, allowing replication to complete successfully. 3. ISSUE: When scheduling a replication task to start at a time between 00:01 and 00:59 from a non-English console, the start time switches to the current system time. RESOLUTION: Selecting a replication task start time between 00:01 and 00:59 on a non-English console is now allowed. 4. ISSUE: In certain circumstances, after checking in a Patch, Hotfix or update for a product managed by ePolicy Orchestrator, that product is not listed in the Selective Updating list. RESOLUTION: Once a Patch, Hotfix or update for an ePolicy Orchestrator managed product is checked in, that product appears in the Selective Updating list. 5. ISSUE: When creating a SuperAgent repository on a non-English version of ePolicy Orchestrator, the SuperAgent repository is not added to the sitelist.xml file. RESOLUTION: SuperAgent repositories are now added to the sitelist.xml file for all language versions of ePolicy Orchestrator. 6. ISSUE: If the Server Task log grows too large, clicking the "Server Task" tab to view the log may cause the console to appear to hang. RESOLUTION: A change in how the task log is handled allows the "Server Task" tab to be displayed without causing the console to hang. 7. ISSUE: Information on tasks associated with client computers may not be accurate in reports. RESOLUTION: Reports list the correct tasks associated with each client computer. 8. ISSUE: Running the Compliance Issues Report fails with the error: "Error detected by database DLL" due to the columns of the temp tables not being able to handle the size of the data. RESOLUTION: The size of the columns in the temp tables is adjusted to match the size of the source data so that the Compliance Issues Report now runs successfully. 9. ISSUE: The Rogue System Detection window displays an "Internal Server Error" page when the Rogue System Detection object is selected on non-English SQL installations; the date/time format causes a conversion error. RESOLUTION: Using an international date/time format allows the Rogue System Detection window to display without the error. 10. ISSUE: Replication to FTP repositories is slow if a proxy is used. RESOLUTION: Changes have been made to improve the speed of replication to FTP repositories when a proxy is used. 11. ISSUE: When running Infection Reports, the error "No data found for this report" displays, due to old temp tables not having been deleted. RESOLUTION: The temp tables are now properly removed, allowing the Infection Reports to run successfully. 12. ISSUE: The ver.js file in the Common Management Agent NAP file reads 3.1.2.163 instead of 3.5.0.163, which causes the incorrect version to be displayed when it is selected in the ePolicy Orchestrator console. RESOLUTION: The Common Management Agent NAP file has been corrected to display the correct version. 13. ISSUE: When performing a directory search, the "move to" function cannot be cancelled. Even if "Cancel" is selected, the computers are moved to the last container to which computers were moved. RESOLUTION: The issue has been corrected and the "move to" function can be cancelled successfully. 14. ISSUE: In certain cases, a problem in caching server tasks could cause NAIMSERV to crash. RESOLUTION: Improvements have been made to the database access code to avoid causing the crash. 15. ISSUE: When scheduling a Norton Antivirus Corporate Edition LiveUpdate agent task in ePolicy Orchestrator, the LiveUpdate task does not initiate on the client systems, even though the agent logs show that the task completed successfully. RESOLUTION: The updated Norton Antivirus plug-in included with this Patch contains a fix so that the LiveUpdate task runs as stated. 16. ISSUE: Merging two ePolicy Orchestrator databases using the AVIDB_MERGE_TOOL.EXE does not complete successfully; this is due to the schema scripts being reloaded with a pre-existing target AVIDB_MERGE database. RESOLUTION: The AVIDB_MERGE utility has been modified to prevent the schema scripts from being run multiple times on a pre-existing AVIDB_MERGE database. 17. ISSUE: In some cases, when ePolicy Orchestrator is uninstalled, the file PSAPI.DLL is removed by the ePolicy Orchestrator uninstaller. RESOLUTION: Logic has been added to the ePolicy Orchestrator installer to increment the PSAPI.DLL entry in the SharedDLL reference count registry key so that the PSAPI.DLL file is not deleted if it is still needed. 18. ISSUE: In certain circumstances, a delay in loading the ePolicy Orchestrator Agent Configuration Policies page occurs. RESOLUTION: The speed with which the ePolicy Orchestrator Agent Configuration Policies page loads is now improved. 19. ISSUE: On rare occasions, the SITEMGR_1000 and EPOSERV_3000 plug-in registry keys are not present in the registry, causing scheduled server tasks to fail to run. RESOLUTION: Logic has been added to the ePolicy Orchestrator installer to create or update the registry keys for the SITEMGR_1000 and EPOSERV_3000 plug-in keys each time the ePolicy Orchestrator installer is run. 20. ISSUE: Incoming events to the ePolicy Orchestrator server may be processed slowly when the server is under a heavy load. RESOLUTION: Additional enhancements have been made to improve event processing performance. 21. ISSUE: When running the report called Virus Type, the following error is received: "Error detected by database.dll." RESOLUTION: A temp table was being created with a fixed text field size that was not large enough to store long virus type values. The temp table can now store virus type values of the correct length. 22. ISSUE: In rare cases, the ePolicy Orchestrator server service crashes and generates an error in the Dr. Watson log. RESOLUTION: Modifications to the code for the area where the issue was discovered have been made to ensure that this particular crash no longer occurs. __________________________________________________________ INSTALLATION INSTALLATION REQUIREMENTS To use this release, you must have ePolicy Orchestrator 3.5 software installed on the computer you intend to update with this release. NOTES: This release does not work with earlier versions of ePolicy Orchestrator software. IMPORTANT: In addition to applying this Patch to the ePolicy Orchestrator server, be sure to apply this Patch to all remote console systems. Using a remote console with a version different than the ePolicy Orchestrator server will produce unknown results. INSTALLATION STEPS WARNING: Close the Windows Services dialog box to avoid installation issues. 1. Create a temporary folder on the hard drive of the ePolicy Orchestrator server. 2. Extract the EPO3506.ZIP file to the temporary folder that you created in Step 1. 3. Back up ePolicy Orchestrator databases. If you are using Microsoft SQL Server as the ePolicy Orchestrator database, see the SQL Server product documentation. If you are using Microsoft Data Engine (MSDE) as the ePolicy Orchestrator database, you can use the Database Backup Utility (DBBAK.EXE) to back up ePolicy Orchestrator MSDE databases on the database server. For instructions, see "Backing up an MSDE database" in the ePolicy Orchestrator 3.5 Product Guide. 4. Log on to the desired computer using an account with local administrator permissions. 5. Close all ePolicy Orchestrator consoles. 6. On the taskbar, click the "Start" button, then select "Run." The "Run" dialog box appears. 7. In "Open," type the path where the Setup program (SETUP.EXE) is located, then click "OK." The "ePolicy Orchestrator 3.5 Patch 6 Setup" wizard appears. 8. Click "Next" to begin the installation. 9. Click "Finish" to complete the installation. 10. For all remote consoles, repeat Steps 4 – 9. REMOVING THIS RELEASE To remove this Patch from your computer, uninstall, then reinstall ePolicy Orchestrator. NOTE: We recommend that you do NOT remove the Patch files once you install them. If you reinstall the ePolicy Orchestrator software, we recommend that you also reinstall the Patch. __________________________________________________________ CONTACT INFORMATION THREAT CENTER: McAfee Avert(R) Labs Homepage http://www.mcafee.com/us/threat_center/default.asp Avert Labs Threat Library http://vil.nai.com/ Avert Labs WebImmune & Submit a Sample (Logon credentials required) https://www.webimmune.net/default.asp Avert Labs DAT Notification Service http://vil.nai.com/vil/signup_DAT_notification.aspx DOWNLOAD SITE Homepage http://www.mcafee.com/us/downloads/ - Product Upgrades (Valid grant number required) - Security Updates (DATs, engine) - HotFix and Patch Releases - For Security Vulnerabilities (Available to the public) - For Products (ServicePortal account and valid grant number required) - Product Evaluation - McAfee Beta Program TECHNICAL SUPPORT Homepage http://www.mcafee.com/us/support KnowledgeBase Search http://knowledge.mcafee.com/ McAfee Technical Support ServicePortal (Logon credentials required) https://mysupport.mcafee.com/eservice_enu/start.swe CUSTOMER SERVICE Web: http://www.mcafee.com/us/support/index.html http://www.mcafee.com/us/about/contact/index.html Phone: +1-888-VIRUS NO or +1-888-847-8766 Monday-Friday, 8 a.m.-8 p.m., Central Time US, Canada, and Latin America toll-free PROFESSIONAL SERVICES - Enterprise: http://www.mcafee.com/us/enterprise/services/index.html - Small & Medium Business: http://www.mcafee.com/us/smb/services/index.html _____________________________________________________ COPYRIGHT & TRADEMARK ATTRIBUTIONS Copyright (C) 2006 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARKS ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. _____________________________________________________ LICENSE & PATENT INFORMATION LICENSE AGREEMENT NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. LICENSE ATTRIBUTIONS This product includes or may include: * Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). * Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. * Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. * Software written by Douglas W. Sauder. * Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. * International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. * Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. * FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. * Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. * Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. * Software copyrighted by Expat maintainers. * Software copyrighted by The Regents of the University of California, (C) 1996, 1989, 1998-2000. * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas. (C) 1995-2003. * Software copyrighted by Michael A. Chase, (C) 1999-2000. * Software copyrighted by Neil Winton, (C) 1995-1996. * Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. * Software copyrighted by Sean M. Burke, (C) 1999, 2000. * Software copyrighted by Martijn Koster, (C) 1995. * Software copyrighted by Brad Appleton, (C) 1996-1999. * Software copyrighted by Michael G. Schwern, (C) 2001. * Software copyrighted by Graham Barr, (C) 1998. * Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. * Software copyrighted by Frodo Looijaard, (C) 1997. * Software copyrighted by the Python Software Foundation, Copyright (C) 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. * Software copyrighted by Beman Dawes, (C) 1994-1999, 2002. * Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C) 1997-2000 University of Notre Dame. * Software copyrighted by Simone Bordet & Marco Cravero, (C) 2002. * Software copyrighted by Stephen Purcell, (C) 2001. * Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others, (C) 1995-2003. * Software developed by the University of California, Berkeley and its contributors. * Software developed by Ralf S. Engelschall for use in the mod_ssl project (http:// www.modssl.org/). * Software copyrighted by Kevlin Henney, (C) 2000-2002. * Software copyrighted by Peter Dimov and Multi Media Ltd. (C) 2001, 2002. * Software copyrighted by David Abrahams, (C) 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. * Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, (C) 2000. * Software copyrighted by Boost.org, (C) 1999-2002. * Software copyrighted by Nicolai M. Josuttis, (C) 1999. * Software copyrighted by Jeremy Siek, (C) 1999-2001. * Software copyrighted by Daryle Walker, (C) 2001. * Software copyrighted by Chuck Allison and Jeremy Siek, (C) 2001, 2002. * Software copyrighted by Samuel Krempp, (C) 2001. See http://www.boost.org for updates, documentation, and revision history. * Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), (C) 2001, 2002. * Software copyrighted by Cadenza New Zealand Ltd., (C) 2000. * Software copyrighted by Jens Maurer, (C) 2000, 2001. * Software copyrighted by Jaakko Järvi (jaakko.jarvi@cs.utu.fi), (C) 1999, 2000. * Software copyrighted by Ronald Garcia, (C) 2002. * Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, (C) 1999-2001. * Software copyrighted by Stephen Cleary (shammah@voyager.net), (C) 2000. * Software copyrighted by Housemarque Oy , (C) 2001. * Software copyrighted by Paul Moore, (C) 1999. * Software copyrighted by Dr. John Maddock, (C) 1998-2002. * Software copyrighted by Greg Colvin and Beman Dawes, (C) 1998, 1999. * Software copyrighted by Peter Dimov, (C) 2001, 2002. * Software copyrighted by Jeremy Siek and John R. Bandela, (C) 2001. * Software copyrighted by Joerg Walter and Mathias Koch, (C) 2000-2002. * Software copyrighted by Carnegie Mellon University (C) 1989, 1991, 1992. * Software copyrighted by Cambridge Broadband Ltd., (C) 2001-2003. * Software copyrighted by Sparta, Inc., (C) 2003-2004. * Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, (C) 2004. * Software copyrighted by Simon Josefsson, (C) 2003. * Software copyrighted by Thomas Jacob, (C) 2003-2004. * Software copyrighted by Advanced Software Engineering Limited, (C) 2004. * Software copyrighted by Todd C. Miller, (C) 1998. * Software copyrighted by The Regents of the University of California, (C) 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek. PATENTS Protected by US Patents 6,470,384; 6,493,756; 6,496,875; 6,553,377; 6,553,378. V3.1.4