Release Notes McAfee Application Control 6.1.3 • About this release • New features • Resolved issues • Installation and upgrade instructions • Known issues • Find product documentation ◦ Product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. This McAfee Application Control release is available only for the Windows platform and includes: • Solidcore extension 6.1.3–131 • Solidcore client 6.1.3–353 This release was developed for use with: • McAfee ® ePolicy Orchestrator ® 4.6.0–4.6.8 • McAfee ® ePolicy Orchestrator ® 5.0.0–5.1.0 Purpose This release contains many improvements. We have added support for deployment using third-party software distribution tools, such as Microsoft System Center Configuration Manager (SCCM), and introduced web service Application Programming Interfaces (APIs) for ticket-based enforcement. Also, we have enhanced the feedback (sent to McAfee) on how you are using McAfee ® Global Threat Intelligence™ (McAfee GTI) and Application Control features. In this release, we have also provided visibility into the status of native Windows Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) techniques and made the Inventory Diff feature configurable. We have added support for the following: • Windows 8 (Pro and Enterprise) • Windows 8.1 (Pro and Enterprise) • Windows 8.1 update 1 (Pro and Enterprise) • Windows Embedded 8 Industry (Pro and Enterprise) • Windows Embedded 8.1 Industry (Pro and Enterprise) • Windows 8 and Windows 8.1-based tablets (32-bit only) • Windows 2012 R2 (Server Core, Standard, and Datacenter) We have also fixed issues and thoroughly tested them. For detailed information about enhancements, review New features. For information about the individual issues, review Known issues and Resolved issues. Rating Recommended — McAfee recommends this release for all environments. This update should be applied at the earliest convenience. For more information about patch ratings, see McAfee KnowledgeBase article KB51560. New features This release of the product includes these new features. Support for deployment using third-party software distribution tools You can install, upgrade, and remove the Application Control software using third-party tools, such as SCCM. We have redesigned the Solidcore client installer to automatically detect installed McAfee Agent on the endpoints during installation and upgrade. • If McAfee Agent is installed, the endpoint automatically connects to McAfee ePO after installation or when the upgrade is complete. • If McAfee Agent is installed after installing or upgrading Application Control, use the new InstaConfig.exe utility to connect to McAfee ePO. For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide. Web service APIs for ticket-based enforcement We have added new web service APIs to help you integrate the Solicore extension with various ticketing systems used in your setup. Because preconfigured connectors for BMC Remedy ticketing system are no longer available (End of Life in December 2013), these web service APIs also provide a migration strategy to existing users. These web service APIs are now available: • begin-update • end-update • delete-task A sample connector is shipped with the Solidcore extension to help you integrate the web service APIs in your setup. To review the sample connector, download and save the SampleConnector.zip file from the McAfee Downloads site. For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide. Support for Windows 8, Windows 8.1, and Windows Embedded Application Control is now available on Windows 8 (Pro and Enterprise), Windows 8.1 (Pro and Enterprise), Windows 8.1 update 1 (Pro and Enterprise), Windows Embedded 8 Industry (Pro and Enterprise), and Windows Embedded 8.1 Industry (Pro and Enterprise). We have also added support for Intel-based tablets running 32-bit versions of Windows 8 or Windows 8.1. However, memory-protection techniques in Application Control are unavailable on these platforms. We recommend that you use McAfee VirusScan Enterprise or McAfee Host Intrusion Prevention memory protection to protect your endpoints on these platforms. Also, the ActiveX and script as an updater (SAU) features are not available on these platforms. Support for Windows 2012 R2 Application Control is now available on Windows 2012 R2 (Server Core, Standard, and Datacenter). However, memoryprotection techniques in Application Control are unavailable on this platform. We recommend that you use McAfee VirusScan Enterprise or McAfee Host Intrusion Prevention memory protection to protect your endpoints on this platform. Also, the ActiveX and script as an updater features are not available on the Windows 2012 R2 platform. Improved feedback sent to McAfee We have improved the feedback sent to McAfee about Application Control and McAfee GTI feature usage. This information helps McAfee understand how you are currently using our features and helps to improve the software. The new Solidcore: Send Policy Discovery Request Feedback to Application Control GTI Cloud Server server task sends information for policy discovery requests and includes details about the certificate associated with the binary file. We have also enhanced the usage information sent for inventory and user-editable policies. For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide. Visibility into native Windows DEP and ASLR status From the McAfee ePO console, you can check the status of the DEP and ASLR memory-protection techniques provided by the Windows operating system. You can verify if DEP and ASLR are Enabled or Disabled. For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide. Configurable Inventory Diff feature We have made the Inventory Diff feature configurable allowing you to specify whether inventory information is updated at regular intervals based on changes made to the endpoints. By default, the Inventory Diff value is set to Disabled and inventory information is not updated. If you set this value to Enabled , inventory updates are pushed to the McAfee ePO server after the agent-server communication interval. For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide. Resolved issues These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Solidcore extension Applicable Solidcore version Hotfix details Description SR number All (older than 6.1.3 EAP) Not applicable When Solidcore client is upgraded on an endpoint, there is no method available on the McAfee ePO console to determine if restart is pending for the endpoint to complete the upgrade. 936250 All (older than 6.1.3 RTW) Not applicable A large number of File Solidified and File Unsolidified events are 945762 reported at the McAfee ePO server that might affect the server performance. 6.0.0 to 6.1.2 Not applicable If the software is unable to fetch inventory information for an endpoint because the inventory is large, the Menu | Automation | Server Task Log page or log files do not show any error message. 939528 6.0.0 to 6.1.2 Not applicable On the Menu | 932155 Application Control | Inventory | By Applications page, no value is displayed for the Trust Score (Cloud) field if the cloud trust score is not available. 6.0.0 to 6.1.2 Not applicable On the Solidcore Inventory Details page, the Execution Status 931851 value is set to banned for non-whitelisted binaries. 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, and 6.1.3 EAP Not applicable Index entries for foreign keys are missing or duplicate in the Solidcore database. 903668 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, and 6.1.3 EAP Not applicable Updaters are not configured for the Real Time for ePolicy 949800 Orchestrator ® software. 6.1.1 and 6.1.2 6.1.2–150 When using Internet Explorer version 10, uploading or importing files to McAfee ePO 5.0 might fail. 921436 6.1.2 Not applicable An unexpected error is displayed when you edit the custom filters for an Application Control query. 920034 Solidcore client Applicable Solidcore version Affected operating system Hotfix details Description SR number All (older than 6.1.3 EAP) Windows all 6.1.1–395 The older McAfee signing certificate has expired and is removed from the list of trusted publishers. Also, the new and valid signing certificate is included in the list of trusted publishers. 937695 All (older than 6.1.3 RTW) Windows all 6.1.2–394 When you execute a file from a CD formatted with FAT 32 file system, the file execution is erroneously allowed. 4-4679724880 All (older than 6.1.3 RTW) Windows all 6.1.2–394 A kernel-mode memory leak occurs in the QCAe tag. 917736 All (older than 6.1.3 RTW) Windows all 6.1.2–394 If a system where Application Control is enabled is low on disk space, the inventory file (scinvlog.bak) fails to synchronize and shows an error 1012 or BADENV. This issue occurs because of low disk space. 4-4950134170, 44292574661 6.1.0, 6.1.1, 6.1.2 and 6.1.3 EAP Windows all (64-bit only) 6.1.2–394 When you try to install the VMware vCenter Configuration Manager (VCM) software on a system whereApplication 4-3568610543 6.1.2–368 Control is enabled, the installation fails. This issue occurs because the Data Execution Prevention (DEP) feature bypass is applicable only to the specified binaries and does not include other associated binaries created on execution, while the VCM installer, on execution, creates other associated binaries that are not bypassed from DEP. 6.1.1 and 6.1.2 Windows XP (32-bit only) 6.1.1–395 When Application Control is enabled in the Limited Feature Activation mode and certain processes such as, cmd.exe and naprdmgr.exe are added to Microsoft User Mode Process Dumper tool, the system might stop responding. This issue occurs because of incompatibility with the tool. 4-4641017224 6.1.1 and 6.1.2 Windows all 6.1.2–368 If the FBReseal utility is run on a system where Application Control version 6.1.1–379 or later is installed, the system might stop responding. This issue occurs because of conflicts in the code. 4-4236780493 6.1.1 and 6.1.2 Windows all 6.1.1–392 The system might stop responding during startup because of conflicts between the Application Control driver and other drivers, such as Acronis True Image. 4-4129128028 While uninstalling a software package, if you enable Application Control in 4-5287525781 6.1.2–367 6.1.1, 6.1.2 and 6.1.3 EAP Windows all 6.1.2–402 the Limited Feature Activation mode, the system might stop responding. This issue occurs because of a race condition. 6.1.2 and 6.1.3 EAP Windows all 6.1.2–394 On a system where Application Controlis enabled, when you open a Microsoft Outlook Data File (.PST) from a network path containing the tilde symbol (~), the system might stop responding. This issue occurs because of pool memory corruption. 4-4920543343, 44763111601, 45037341401 6.1.3 EAP Windows all Not applicable While upgrading Application Control on a Windows system (on a non-English locale) using the InstaConfig.exe utility, environment variables are not used in the paths (in code) resulting in upgrade failure. 951247 Installation and upgrade instructions Here is information specific to the 6.1.3 release. System requirements To review system requirements for this release, see the McAfee KnowledgeBase article KB76579. Supported platforms This release is available on all supported Microsoft Windows platforms except Windows NT and Windows 2000. Upgrade support Solidcore extension This release supports upgrade from these Solidcore extension versions: • 5.1.0, 5.1.1, 5.1.2 • 6.0.0, 6.0.1 • 6.1.0, 6.1.1, 6.1.2 Note We do not support installation of Solidcore extension 6.1.3 on McAfee ePO 4.5. Install and upgrade of Solidcore extension 6.1.3 is supported on McAfee ePO versions 4.6, 5.0, and 5.1. Solidcore client This release supports upgrade from these Solidcore client versions: • 5.1.0, 5.1.1, 5.1.2 Note If you are upgrading the Solidcore client from 5.1.2 or earlier releases, you must upgrade to the 6.0.0 release, and then to the 6.1.3 release. You need to restart the endpoints only once to complete the upgrade. • 6.0.0, 6.0.1 • 6.1.0, 6.1.1, 6.1.2 Note If you are upgrading the Solidcore client from 6.1.1 to later releases, we recommend that you upgrade in Enabled or Update mode. If you choose to upgrade in Observe mode, review the McAfee KnowledgeBase article KB79517 before upgrading. Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB81085. Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. Task 1 Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. Product documentation Every McAfee product has a comprehensive set of documentation. Document Configuration Description McAfee Change Control and McAfee Application Control 6.1.3 Product Guide Managed Provides information you need to configure, use, and maintain the product. McAfee Change Control and McAfee Application Control 6.1.2 Help Managed Provides context-sensitive help for all product-specific interface pages and options in McAfee ePO. McAfee Change Control and McAfee Application Control 6.1.3 Installation Guide Managed Provides information you need to install, upgrade, and uninstall the product. McAfee Application Control 6.1.2 Product Guide Standalone Provides the information you need to use and maintain the product. McAfee Change Control and McAfee Application Control 6.1.3 Installation Guide Standalone Provides information you need to install, upgrade, and uninstall the product. McAfee Application Control 6.1.0 Command Line Interface Guide Standalone Details all Application Control commands that are available when using the command line interface (CLI). Copyright © 2014 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.