McAfee | VIRUSSCAN 5.1 | System information | McAfee VIRUSSCAN 5.1 System information

Release Notes
McAfee ePolicy Orchestrator 5.1.1 Software
Contents
About this release
New features and enhancements
Resolved issues
Installation instructions
Known issues
Find product documentation
About this release
This document contains important information about the current release. We strongly recommend that
you read the entire document.
We do not support the automatic upgrade of a pre-release software version. To upgrade to a production
release of the software, you must first uninstall the existing version.
Release build — 5.1.1
®
®
™
This release is a supported upgrade from these McAfee ePolicy Orchestrator (McAfee ePO ) releases:
•
McAfee ePO 4.5 Patch 7
•
McAfee ePO 4.6.8
•
McAfee ePO 4.6.4
•
McAfee ePO 5.0.0
•
McAfee ePO 4.6.6
•
McAfee ePO 5.0.1
•
McAfee ePO 4.6.7
•
McAfee ePO 5.1.0
Purpose
This release of McAfee ePO fixes issues and provides support for features in upcoming managed
product releases.
Rating
Mandatory — McAfee requires this release for all environments. This update must be applied
immediately to avoid a potential security breach, and to maintain a viable and supported product.
For more information about patch ratings, see McAfee KnowledgeBase article KB51560.
Upgraded components
This release provides upgrades to these components.
1
Component
Version
Apache
2.2.26
Apache Tomcat
7.0.53
Java Runtime
1.7.0_u55
OpenSSL
1.0.1h
RSA Crypto-J
6.1.1.0.2
RSA SSL-J
6.1.1
TLS
1.2.0
New features and enhancements
The release of the product includes these new features and enhancements.
•
Multi-product queries — One query displays the number of systems using McAfee products; for
example, McAfee Host Intrusion Prevention, McAfee VirusScan Enterprise, and McAfee Agent. A
query tells you which versions of a specific product are installed, as well as the number of systems
without any McAfee products installed.
®
®
®
®
•
Single .zip file extensions (bundle support) — This release reduces the number of packages
you must install for your security products.
•
Policies in simplified configuration — From the Getting Started dashboard, click Start Deployment
to open the Edit Product Deployment page and add policies to the Product Deployment workflow.
•
Automatic product updates — To update your security products automatically, select Auto Update.
This feature also automatically deploys the hotfixes and patches for your product.
®
This feature requires McAfee Agent 5.0.0 installed on your client system.
Resolved issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases,
see the Release Notes for the specific release.
McAfee doesn't disclose the nature of security-related issues and their resolutions.
Agent-server communication
2
•
Agent-server communication no longer generates a "Failed to generate agent policy — not building
server.xml" message in the server log. (932584)
•
Tag criteria is correctly evaluated using agent-server communication. (949538)
•
Previously, a "Query Timeout expired" error occurred on Apache, which affected McAfee ePO
performance during the agent-server communication interval (ASCI). This release resolves this
issue. (836329)
•
Agents deployed through the Agent Deployment URL functionality on McAfee ePO 5.0.0 and 5.0.1
can communicate with the McAfee ePO server. (926422, 925590)
Authentication
•
When an Audit Log entry is created, it now contains the requested URL and the authenticated
user's name. (953097)
•
When you try to remove an issue without the required permissions, the McAfee ePO console no
longer stalls or displays the error "Please Wait." (928684)
•
The Certificate Revoked List (CRL) field now uploads only files that are valid and signed using
certificate-based authentication. (793794)
•
Previously, Client Certificate Authentication stopped working after uploading a CRL file with a
signature that could not be verified. Now, you are prevented from uploading a CRL file that
contains a signature that can't be verified. (793791)
•
Sensitive data output parameters are now consistently enforced across all local McAfee ePO log
files. (944048)
Automatic Response
•
In the System command drop-down list, the register LDAP synchronization option is "Register with
LDAP sync" instead of the string: com.mcafee.epo.policy.ui.command.RegisterLdapSyncCommand.
(918671)
•
The Event ID filter now accepts more than two Automatic Response IDs. (965650)
•
When editing an Automatic Response, the Defined At field is no longer blank. (937427)
Charts and graphs
•
Removing chart points no longer causes the chart to appear blank. (953433)
•
The dashboard Ticket: By Due Date graph now displays the correct information. (931452)
•
Previously, creating a Single-Line Chart with Threat Events that used "hour" as the time unit
generated a chart without lines to connect the data points. Now when a chart is generated, it
includes lines that connect the data points. (848277)
•
The Stacked Bar Chart no longer displays the legend tool tips in reverse order. (935716)
•
When creating the Boolean Pie Chart query with Show Others selected, drilling down to other
categories in the query result now produces the correct count. (928234)
•
Graph lines for line chart queries are now continuous for result sets that do not include data for
particular values within a range. (948285)
•
Y-axis labels for bar charts extend to two decimal places to avoid repeated values. (950003)
•
Query axis labels no longer display fractional values. (950026)
•
Creating a Grouped Bar Chart query no longer produces a null value, and you can see the query
result. (917581)
•
The Boolean Pie Chart column header now correctly displays Sum of Host Web ID or Number of
Host Web. (928167)
•
Table queries took longer to display results than in previous versions. Updating the SQL query used
to retrieve paginated data from the SQL Server database resolves this issue. (939766)
•
Adding or removing columns from a query in the Query wizard now correctly updates the Order By
list. (950000)
•
Bubble charts accurately display Web Hosts query data. (928207)
3
Dashboards
•
Previously, the Summary page was overwritten by a custom dashboard. Now, the Summary page
can't be edited, so the page can't be overwritten. (954906)
•
You can no longer change a default dashboard. (921872)
Deployment
•
Server tasks, such as the Agent Deployment server task, correctly expire when the McAfee ePO
server cannot reach the client system. For more information, see McAfee KnowledgeBase article
KB79875. (929939)
•
This release properly saves NT Domain or Active Directory synchronization tasks that specify a
non-Windows version of the McAfee Agent for deployment. (933560)
Installation
•
The Agent Handler now correctly installs on Microsoft Windows Server 2012 R2. (938494)
•
McAfee ePO installation is no longer blocked on Microsoft Windows Server 2012 R2 and Microsoft
Windows 8.1. (939815)
•
The cluster node installer now adds all necessary Java options to the registry. (963358)
•
The Installation path field of the New Systems page now displays a valid McAfee Agent path.
(967135)
•
The cluster node installer now adds all necessary Apache options to the registry for secondary
nodes. (966547)
LDAP
•
Previously, if you had a registered server with policy assignment rules assigned to grandchild
domain users and you enabled the McAfee ePO Chase Referral option, the grandchild domain users did
not appear on the LDAP server. Now, grandchild domain users appear when Chase Referral is enabled
for the registered server and policy assignment rules are assigned to grandchild users. (926418)
•
Unreadable log messages no longer appear when running the LDAPSync server task. (915424)
•
The non-query method "LdapConnection.getNode" now returns the correct information after
running an LdapQuery that produces more than one page of results. (835476)
McAfee Agent
4
•
Previously, custom fields intended for use by the McAfee Agent could be edited by the user. These
user edits were overwritten by properties sent from the McAfee Agent during a full-properties
agent-server secure communication. Now, these fields can be seen, but not edited, from the
McAfee ePO console. (931954)
•
McAfee ePO now manages McAfee Agent in VDI mode. (943620)
•
Previously, FramePkg.exe created a different default McAfee Agent installation path. Now, whether
the McAfee Agent is deployed from McAfee ePO or locally installed, the paths are the same.
(943665)
•
The Run Client Now option is correctly identified as unavailable for McAfee Agent version 4.8.0 on
non-Windows systems. (967676)
Server tasks
•
The Active Directory Sync Computers server task now correctly completes from the McAfee ePO
console. (936379)
•
In some cases, the server task queue engine gets into an invalid state, preventing scheduled server
tasks from running, even though manual server tasks run as expected. This release implements
additional fail-safe measures to improve the resiliency of the task queue engine. (963754)
•
A Server Task Log purge no longer produces an error if the purge runs as a task is ending.
(947532)
•
Updating the Software Product list using a server task no longer displays the error "Failed to send
http request. Error=12175." (928324)
•
When filtering server tasks using the Quick find search filter, the item count at the bottom of the
Server Tasks page produced incorrect results. The item count for filtered server tasks is now
correct. (945283)
SQL Server
•
You can now successfully access the core/config page when authenticating to the SQL Server.
(958122)
•
This version of McAfee ePO uses a filtered unique index instead of a trigger, preventing SQL Server
deadlock warnings. (945381)
•
Previously, high disk input/output (I/O) occurred when purging the Audit Log, causing problems for
other applications that interact with the same SQL Server that McAfee ePO uses. This release fixes
this issue. (956199)
System Tree
•
The Potential Affected Systems shown when editing a client task displayed the value zero for tasks
assigned to the My Organization group. The field now displays the correct value for that group.
(947619)
•
You can now delete a subgroup from the System Tree without waiting or having to log off and back
on to McAfee ePO. (952589)
•
Systems are no longer deleted and added back to the System Tree when using a flat list as an
Active Directory synchronization option. (945330)
•
Previously, the System Tree drill-down details for certain fields sometimes contained English
content when localized strings were available. Now, when localized strings are available, they are
correctly used in those fields. (926924)
•
The System Tree groups can now be sorted using the Sort-groups-by setting. (933950)
•
Previously, if subgroup IP address sorting rules contained many conflicts, the subgroup was
excluded from a subsequent IP address conflict recheck to prevent performance degradation on the
McAfee ePO server. Now, the conflict limit is increased and logging for those conflicts is improved.
(928326)
•
There was limited access to the System Tree page due to the JavaScript error: "Uncaught
TypeError: Cannot call method 'getAttribute' of null." The JavaScript error no longer appears and
you can access the System Tree page as expected. (945935)
•
The System Tree was not visible after an upgrade to McAfee ePO 5.1.0. After McAfee ePO 5.1.1
installation, the System Tree is visible again. (929879)
•
In the System Tree, you can now select the checkbox in the "Do not show me this dialog again"
warning. (959067)
5
•
The OS platform field no longer defaults to Server if it does not match the string Workstation,
which was affecting how systems display in the System Tree or tag-based policies. (692169)
•
Previously, if you tried to remove a subgroup from the System Tree without first selecting the
Remove agent from all systems checkbox, you wouldn't be able to click OK. Now, the button is active, and
you can remove subgroups as needed. (965434)
•
After a system was moved to a different group in the System Tree, the sorting status was disabled.
This release fixes this issue. (968103)
•
When you select the Wake Up Agent action from the System Tree page, you no longer receive a
"Webpage Expired" message. (959959, 974995)
Upgrades
•
A query with the Managed State property filter didn't migrate during McAfee Application Control
extension installation. Now, the query correctly functions after installing the extension. (926507)
•
After you installed a McAfee application extension, McAfee ePO 5.0.0 event processes took longer
than they did in earlier versions of the software. The processing rates for McAfee ePO 5.1.1 is
comparable to the processing rates of pre-5.0.0 versions. (923092)
•
A file locking issue prevented the McAfee Endpoint Encryption for PC extensions from correctly
uninstalling. Now, the file locking issue is resolved. (927920)
•
After upgrading to McAfee ePO 5.1.0, agent-server communication failed and produced the error
"Failed to generate agent policy—not building server.xml." This error no longer appears and
agent-server communication is successful after upgrading. (938776)
•
After upgrading from McAfee ePO 4.x to 5.1.1, Threat Event details can now be viewed by
non-global admin users. (947968)
•
When upgrading from McAfee ePO 4.6.6, Endpoint Encryption and other shared empty query
groups are now automatically deleted. (925143)
•
Upgrading no longer fails or produces the error "Ciphertext is too large in received TLS record"
when running core.get -status. (943592)
•
Apache no longer produces an error, and successfully starts after installing or upgrading McAfee
ePO. (921453)
•
When using the migration utility to migrate from McAfee ePO 4.6.x to McAfee ePO 5.x, the upgrade
sometimes failed when attempting to validate McAfee ePO credentials and produced the error "Set
up cannot connect to the EPO server with the credentials provided." This was due to the file path
discrepancies between 32- and 64-bit systems. The upgrade now succeeds and this error no longer
occurs. (924595)
®
®
Miscellaneous
6
•
SuperAgent repository enablement is no longer missing in the Manifest Based Policy path.
(932867)
•
The option to Show Client Events now displays only that particular managed system's client events.
(922512)
•
McAfee ePO now preserves all information (IP address, FQDN, host name) taken from text files
during the import process. (940196)
•
The NT Domain Credentials dialog box no longer allows invalid characters when you enter a
domain, user name, or password. A warning now appears if you enter an invalid character.
(952599)
•
Previously, in certain cases, the Master Repository was blank. This issue is resolved and you can
now see the contents of the Master Repository. (928064)
•
Disaster Recovery failed in McAfee ePO 5.0.1 and later because there was a hardcoded "5.0" in the
path to the Disaster Recovery files. Disaster Recovery no longer fails. (939098)
•
Help now appears for the Edit Scheduler Tasks page. (916805)
•
Query filters now display systems with blank properties. (938992)
•
The Policy Catalog page no longer takes 3–5 minutes to load if policies have multiple owners.
(945716)
•
This release fixes policy sharing with earlier McAfee ePO servers. (943227)
•
Initial logon to the McAfee ePO console now succeeds for an account that uses the auto-creation
server setting. (938431)
•
All Help pages now summarize the fields, columns, and buttons for the interface page. (899185)
•
This release provides descriptions for the pre-configured client tasks that are provided by managed
products. (962361)
•
The System Properties tab now displays units in the Used Disk Space column. (966239)
•
This release replaces all OpenSSL and Apache files used by McAfee ePO that were affected by the
Heartbleed vulnerability. For more information, see McAfee Security Bulletin: SB10071. For those
customers who feel that they might have been compromised by the Heartbleed vulnerability, we
recommend changing the SQL database password and deploying new agent-server communication
keys. Details on these steps and any additional remediation instructions are available in McAfee
KnowledgeBase article: KB81674.
•
The Oracle Java security updates included in previous versions of McAfee ePO are obsolete. This
release includes Oracle Java security update 55 and was updated April 15th, 2014. Multiple
vulnerabilities in Java are now resolved. For more information, see McAfee Security Bulletin:
SB10072.
•
After you exported a server key using Internet Explorer 11, the imported key did not show the
correct key name. Now, the imported key name is the same name as the original server key.
(968100)
•
The Audit Log message for a duplicate client task now provides a clearer message: "Successfully
duplicated client task "[client task name]" to "[client task name]_dup." (968005)
•
Customizing the Properties for an unmanaged asset on the System Information page no longer
produces an error. (886820)
•
McAfee ePO now supports GUID regeneration with McAfee Enterprise Mobility Management
(McAfee EMM ). (956473)
®
™
•
Entering invalid characters when editing a client task now produces an error message. (968666)
•
You can now browse the Active Directory if you select the Use Domain option. (968095)
•
Previously, after multiple processes were launched from the Synchronization Settings page, NT
domain group details were not correctly retained, and the Synchronize Now and Compare and
Update options became unavailable. Now, NT domain information is correctly retained, and these
options remain available. (968039)
7
•
Capitalization changes to policy settings are now correctly saved to the database. (956467)
•
This release addresses CVE-2014-0224. An attacker using a carefully crafted handshake could force
the use of weak keying material in OpenSSL SSL/TLS clients and servers. This could be exploited
by a man-in-the-middle (MITM) attack where the attacker could decrypt and modify traffic from the
attacked client and server. This release replaces all OpenSSL files used by McAfee ePO that were
affected by this vulnerability. For more information, see McAfee Security Bulletin: SB10075.
(973112)
Installation instructions
For information about installing or upgrading ePolicy Orchestrator software, see the McAfee ePolicy
Orchestrator Installation Guide.
Before proceeding with the upgrade process, see McAfee KnowledgeBase article KB76739 for important
steps to take before this upgrade.
Known issues
For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB80075.
Find product documentation
After a product is released, information about the product is entered into the McAfee online Knowledge
Center.
Task
1
Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.
2
Enter a product name, select a version, then click Search to display a list of documents.
Copyright © 2014 McAfee, Inc. Do not copy without permission.
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and
other countries. Other names and brands may be claimed as the property of others.
Download PDF