McAfee ePolicy Orchestrator Patch 7 released

mcafeeMcAfee ePolicy Orchestrator (ePO) 4.5 Patch 7 is now available. This release includes new features, fixes, and enhancements including:

  • All fixes included in previous ePO 4.5 patch releases
  • Java Runtime Environment updated to 1.6.0_37
  • Apache version updated to 2.2.22
  • Patch addresses vulnerabilities listed in SB10041 and      SB10042

This patch is rated Mandatory because it resolves product vulnerabilities.

To download ePO 4.5 Patch 7, go to the McAfee downloads site at:

For a full list of changes, see the Release Notes in PD24495:

McAfee ePolicy Orchestrator 5.0 and McAfee Agent 4.8 released

McAfee has released 2 new versions yesterday. ePolicy Orchestrator 5.0 and McAfee Agent 4.8 have been released.

McAfee-IconePolicy Orchestrator 5.0:

What’s new in this version:

  • Upgrade Compatibility Utility

Use the Upgrade Compatibility Utility to migrate your server configuration from previous ePolicy Orchestrator versions on unsupported server operating systems to a supported operating system. At the same time, identify and prevent incompatible product extensions from running in your ePolicy Orchestrator 5.0 environment.

  • McAfee Product Improvement Program

Help improve McAfee products by periodically collecting data on ePolicy Orchestrator managed systems. Continue reading “McAfee ePolicy Orchestrator 5.0 and McAfee Agent 4.8 released”

McAfee VSE8.8 patch 2 and Patch3 differences

The Patch 3 package will contain files for both Patch 2 and Patch 3.

Patch 2 files are intended for operating systems prior to Windows 8 / Server 2012.

Patch 3 files are intended for Windows 8 / Server 2012 only.

When the package is added to an ePO repository for distribution via the deployment task, a detection script ensures only the appropriate files are downloaded for that operating system. Operating systems prior to Windows 8 will download and install the Patch 2 files, and Windows 8 / Server 2012 systems will only download and install the Patch 3 files. Continue reading “McAfee VSE8.8 patch 2 and Patch3 differences”

McAfee Agent 4.6 Patch 3 released

McAfee Agent 4.6 Patch 3 is now fully available through ePO Software Manager, McAfee service portal, and McAfee Downloads site.

To download McAfee Agent 4.6 Patch 3, go to the McAfee downloads site at:

For a full list of changes, see the Release Notes in PD24187:

VirusScan Enterprise 8.8 Patch 1, 2, and 3 Hotfix 820636

  • The hotfix and Release Notes are attached to this article.
  • This release was developed for use with:
    • VirusScan Enterprise 8.8.0 Patch 1
    • VirusScan Enterprise 8.8.0 Patch 2
    • VirusScan Enterprise 8.8.0 Patch 3
  • Rating. McAfee recommends this release for all environments. This release is considered a High Priority rating. For information on ratings, see KB51560. Failure to apply a High Priority update may result in potential business impact.
  • This hotfix will be included in VSE 8.8 Patch 4 (release schedule still to be determined). This article will be updated when this is posted to the McAfee Downloads site.
  • In addition to the state of the service, you can leverage two registry values to qualify the state of scanning. If required, contact McAfee Technical Support, to obtain the registry values.

Issue resolved by VSE 8.8 Hotfix 820636

Reference Number Related Article Resolved Issue Description
820636             823110 Issue: Client system properties in ePolicy Orchestrator report that On Access Scanner was running even when certain conditions on client system prevent scanning. Resolution: During system property collection, the VirusScan plugin to the McAfee Agent queries On Access Scanner services and registry to report status with increased accuracy.

For more information and to download the patch click here.

New McAfee ePolicy Orchestrator 5.0 beta installation

McAfee has released a beta for it’s new version of ePolicy Orchestrator management solution.

This post will describe the installation of the ePolicy Orchestrator server.

First of all download the software here (downloadable after registring as a beta tester).

Hardware specs Continue reading “New McAfee ePolicy Orchestrator 5.0 beta installation”

McAfee Agent 4.6.0 Patch 3 is now available

McAfee has released the third patch for its agent 4.6.0.

This release includes new features, fixes, and enhancements including:

  • Support for Windows and Non Windows Builds
  • Updated McAfee Agent Extension
  • Platform Support for Solaris 11 (Sparc), Scientific Linux 5.7 and 6, and Debian 5.1 and 6.0.4
  • Resolved issues as listed in PD24187

To download McAfee Agent 4.6 Patch 3, go to the McAfee downloads site at:

For a full list of changes, see the Release Notes in PD24187:

ePolicy Orchestrator 5.0 beta available for download from Dec 12th 2012

ePolicy Orchestrator 5.0 (Beta) is available as of  December 12th 2012. McAfee has sent a second email out that the download is available as of this date.

This release includes new features and enhancements, including the following:

 ePO 5.0

  • Disaster Recovery, including cold standby/global failover support
  • Simplified product deployment workflow
  • Improved navigation to the most commonly used ePO areas and features
  • Policy Comparison, to review differences between policies or tasks side-by-side


  • URL-based Agent Deployment – additional method for deploying agents eases remote deployments
  • McAfee Smart Install – small ePO and network aware install manages the Agent installation and configuration
  • Hierarchical SuperAgents– SA can now update from known repositories, including other SA
  • Agent Relay – based on McAfee Internet Independent Update technology, Agent Relays enable systems with limited network access to share a connection to ePO
  • Enhanced Virtualization Support – new installation options and property settings enable better management of virtual environments

To download ePO 5.0 (Beta), go to the McAfee Downloads site at

McAfee alert on W32/autorun.worm.aaeb-h worm [updated 28/11/12 @21:35 GMT+1]

W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.

The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

McAfee has released an Extra.DAT to detect and clean this threat. A new version of Stinger will be available later. McAfee will send another SNS notice when the Stinger is available.

To download the Extra.DAT and Stinger (when available), see KB76807:

For more information on McAfee product coverage and mitigation for this threat, see PD24169 – Threat Advisory: W32/Autorun.worm.aaeb:

*** UPDATE 21:35 ***

Download the latest stinger tool which can detect and remove this worm here:

How to install an extra.dat file:

To apply the ExtraDAT locally:

  1. Click Start, Run, type services.msc, and click OK.
  2. Right-click the McAfee McShield service and select Stop.
  3. Copy the ExtraDAT file to the following location:
    32-bit installations     <installation drive>Program FilesCommon FilesMcAfeeEngine     64-bit installations     <installation drive>Program Files (x86)Common FilesMcAfeeEngine
  4. In the Services window, right-click McAfee McShield and select Start.
    The new detections in ExtraDAT will take effect after the McShield service has started.

How to install McAfee ePolicy Orchestrator 4.6.4

It has been a while since I posted a how-to guide. In this post I will show you how-to install McAfee ePolicy Orchestrator 4.6.4.

To download ePolicy Orchestrator 4.6.4, go to the McAfee downloads site at:  Be aware that a valid NAI grant number is necessary for download.

After you downloaded the installation files you can unzip it to any location of your choosing.

Note 1. In this post I installed ePolicy Orchestrator on a test machine with a local SQL express version installed. In a production environment it is highly recommended to install a full SQL (2005 or higher) version on a seperate server.

Continue reading “How to install McAfee ePolicy Orchestrator 4.6.4”