ePolicy Orchestrator (ePO) Hotfix 960279-2 is now available. This release is a re-post of ePO Hotfix 960279, and addresses an installation issue for 5.x customers who migrated directly from ePO 4.x installations on Windows 32-bit, or had been installed to a custom location under the 64-bit Windows C:Program Files… directory.
To download Hotfix 960279-2, go to the McAfee downloads site below and look for ePOHF960279-2.zip:
Continue reading “ePolicy Orchestrator (ePO) Hotfix 960279-2”
McAfee has released 2 new versions yesterday. ePolicy Orchestrator 5.0 and McAfee Agent 4.8 have been released.
ePolicy Orchestrator 5.0:Use the Upgrade Compatibility Utility to migrate your server configuration from previous ePolicy Orchestrator versions on unsupported server operating systems to a supported operating system. At the same time, identify and prevent incompatible product extensions from running in your ePolicy Orchestrator 5.0 environment.
Help improve McAfee products by periodically collecting data on ePolicy Orchestrator managed systems. Continue reading “McAfee ePolicy Orchestrator 5.0 and McAfee Agent 4.8 released”
W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.
The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.
Mitigation
McAfee has released an Extra.DAT to detect and clean this threat. A new version of Stinger will be available later. McAfee will send another SNS notice when the Stinger is available.
To download the Extra.DAT and Stinger (when available), see KB76807:
https://kc.mcafee.com/corporate/index?page=content&id=KB76807
For more information on McAfee product coverage and mitigation for this threat, see PD24169 – Threat Advisory: W32/Autorun.worm.aaeb:
https://kc.mcafee.com/corporate/index?page=content&id=PD24169
*** UPDATE 21:35 ***
Download the latest stinger tool which can detect and remove this worm here:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/76000/KB76807/en_US/stinger.zip
How to install an extra.dat file:
To apply the ExtraDAT locally:
VirusScan Enterprise 8.8 Patch 2 is now available. This release includes new features, fixes, and enhancements including:
To download Patch 2, go to the McAfee downloads site. A valid license agreement number is required to download this patch.
You can view the Release Notes here.
McAfee is issuing Emergency DAT Release 6809 due to Consumer issues with DAT 6807 as some Consumer customers may experience a loss of network connectivity after a recent update.
Enterprise customer are not impacted. McAfee DAT number sequencing requires 6809 to be sent to BOTH consumer and enterprise customers.
More information is available on the Consumer Service Portal at http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS101446 .
Update August 20th:
McAfee has identified an issue with DAT 6807 and 6808 that is causing intermittent issues with VirusScan Enterprise 8.8.x. Specifically, these DATs can affect McShield.exe and cause issues with the on-access scanner.
If you have NOT deployed DAT 6807 or 6808, go directly to DAT 6809 or greater.
IF you HAVE deployed DAT 6807 or 6808, please go to McAfee KnowledgeBase KB76004 to review the steps to determine if endpoints in your environment are affected.
McAfee is investigating this issue and working on a superDAT remediation. Please go to KB76004 for continuing updates.
Update August 21st. More information about symptoms using 6807 and 6808 DAT files:
McAfee has identified an issue with DAT 6807 and 6808 that is causing intermittent issues with VirusScan Enterprise (VSE) 8.8.x. Specifically, these DATs can affect McShield.exe and may cause issues with the On-Access Scanner.
The following symptoms can also help to determine if you are affected by this issue:
• The On-Access Scanner (McShield.exe) will appear to be working. The process is running and visible in the Windows Task Manager.
• Process Explorer shows no file handle open to the MfeRuntime*.DAT file.
• DAT updates after 6807 appear to happen successfully. The DATs are copied into place, but are not loaded by McShield.exe.
• The registry values for the DAT versions are out of sync:
– The DAT version in the following location will be older (either 6807 or 6808): HKLMSoftwareMcAfeeAVEngineAvDATVersion
– The DAT version in the following location will show the latest update: HKLMSoftwareNetwork AssociatesePolicy OrchestratorApplication PluginsViruscan8800DATVersion
• In the ePolicy Orchestrator (ePO) console, the system properties for computers with this issue will report the DAT/Engine versions as follows:
– DAT Date 0/0/0
– DAT Version 0.0000
– Engine Version 0.0000
McAfee has released a new DAT version: 6809.
If you have NOT deployed DAT 6807 or 6808, go directly to DAT 6809 or later.
If you are updated to version 6807 or 6808, updating to 6809 will NOT solve these problems.
Update 3 August 22nd 2012
McAfee has released VSE 8.8 Hotfix 793640 to remediate the issue issue with DAT 6807 and 6808 that is causing intermittent issues with VirusScan Enterprise (VSE) 8.8.x. This is aMANDATORY HOTFIX. The hotfix contains the full DAT 6809 package.
You can download the hotfix from the following location:http://download.nai.com/products/hotfix/VSE88HF793640.Zip
This hotfix is approximately 100Mb in size and deployment can cause high bandwidth usage in large environments.
Enrolling the hotfix is possible by:
Standalone installation
ePolicy Orchestrator check-in and deployment
Third party deployment
You can distribute the hotfix with any third party deployment solution that provides Administrator or local system credentials. To ensure that the installation runs silently, add the /SILENT switch (VSEHF793640.exe /SILENT)
Verifying that the hotfix is successfully installed
The hotfix does not force a reboot. Reboot all client systems at your earliest convenience to validate that the fix is successfully installed.
Check for any of the following items to verify that the installation was successful:
Mcafee has cancelled the DAT update version 6810 this Monday to ensure that users have no impact when the Hotfix is provided. The latest version of the DAT on your system after implementation will be 6809.
For more information, check the McAfee knowledgebase: https://kc.mcafee.com/corporate/index?page=content&id=KB76004.
McAfee has released VirusScan Enterprise Mandatory Security Hotfix 793781 — a second smaller hotfix to resolve the previously reported issue with DAT versions 6807 and 6808. This hotfix is approximately 2Mb and can be run locally or distributed via ePolicy Orchestrator and other third-party deployment tools.
Hotfix 793781 makes the same changes to VirusScan Enterprise as Hotfix 793640 (100Mb), but does NOT contain the full DAT file. After you deploy the hotfix, affected systems MUST receive a full DAT update.
For instructions on how to download and deploy this mandatory hotfix, see KB76004:
https://kc.mcafee.com/corporate/index?page=content&id=KB76004.
McAfee Agent 4.6 Patch 2 Windows has been temporarily removed from the McAfee Downloads site due to an issue related to Microsoft Security Update KB2718523.
McAfee Engineering is investigating this issue and will post a fixed build as soon as possible.
For more information, see article KB75956:
https://kc.mcafee.com/corporate/index?page=content&id=KB75956.
McAfee is aware of a particularly malicious file infector that blue-screens endpoints and is difficult to detect. While this malware seems to be a targeted attack, McAfee strongly recommends that all customers increase their protection by applying the Emergency DAT Release which includes a generic detection for the dropper which starts the infection.
McAfee has provided an extra.DAT and Stinger ZIP files for W32/DistTrack for detection and removal. See McAfee KnowledgeBase article KB75963 (https://kc.mcafee.com/corporate/index?page=content&id=KB75963).
McAfee Global Threat Intelligence (GTI) will detect the known W32/DistTrack droppers when set to ‘Medium’. See “How to enable Global Threat Intelligence Technology in your McAfee product (KB70130)” (https://kc.mcafee.com/corporate/index?page=content&id=KB70130).
NOTE: The following McAfee products currently employ McAfee DAT files:
AntiSpyware Enterprise
Anti-Virus Scanning Engine
Email and Web Security Appliance Software
GroupShield for Exchange
LinuxShield
PortalShield
SaaS Endpoint Protection
Security for Lotus Domino
Security for Mac
Security Service for Exchange
Security for SharePoint
SuperDAT Manager
VirusScan Command Line Scanner
VirusScan Enterprise
VirusScan Enterprise for Linux
VirusScan Enterprise for Offline Virtual Images
VirusScan Enterprise for SAP
VirusScan for Mac
VirusScan for UNIX
Hi guys,
McAfee Agent 4.6 Patch 1 Windows and Extension are now available from the McAfee ServicePortal (https://mysupport.mcafee.com) and McAfee Downloads site (http://mcafee.com/us/downloads).
You can only download these files with an authorized and valid McAfee Grant number.
Greetz,
Jack
Hi guys,
Patch 1 for VirusScan Enterprise 8.8 is now available from the locations below:
Patch 1 is considered a Mandatory release. For information on ratings, see KnowledgeBase article KB51560: https://kc.mcafee.com/corporate/index?page=content&id=KB51560
Customers with McAfee Application Control or Solidcore version 5.1.2 should be aware of the issue and resolution described in KnowledgeBase article KB73274:
https://kc.mcafee.com/corporate/index?page=content&id=KB73274
Documentation:
Hi guys,
Just got word from McAfee about the following:
“NetApp ONTAP 7.3.6 and 8.0.2 introduced an option to handle idle RPC sessions and in particular idle RPC sessions by file ID. Generally, this new strategy behaves when a particular FID associated with an RPC connection does not have any activity for more than 20 minutes (by default), Data ONTAP disconnects the connection, considering it idle. This change was added to address a memory leak that was experienced by applications that were opening (many) RPC connections and never closing them out. This lack of closing out of connections creates the NetApp memory leak.
Because McAfee VSES uses the same infrastructure for keep-alive probes the disconnect/idle setting may cause performance issues when reading/writing large files to the filer(s).
IMPORTANT:
If you are experiencing VSE for Storage RPC Timeout disconnects with filers running 7.3.6 or 8.0.2 then current workaround steps are:
Monitor for the behavior to re-appear.
McAfee also recommends installing the latest hotfixes:
To access the above VSE for Storage hotfixes, contact McAfee Customer Support.
If you encounter VSE for Storage RPC Timeout disconnects with filers running 7.3.6 or 8.0.2, see “ONTAP RPC connections” when querying NetApp Knowledge Base Database or when opening a case with NetApp.”