VMware | VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 - RESPOSITORY | Application Control 6.1.3 Release Notes

Release Notes
McAfee Application Control 6.1.3
•
About this release
•
New features
•
Resolved issues
•
Installation and upgrade instructions
•
Known issues
•
Find product documentation
◦
Product documentation
About this release
This document contains important information about the current release. We strongly recommend that you read the entire
document.
This McAfee Application Control release is available only for the Windows platform and includes:
•
Solidcore extension 6.1.3–131
•
Solidcore client 6.1.3–353
This release was developed for use with:
•
McAfee ® ePolicy Orchestrator ® 4.6.0–4.6.8
•
McAfee ® ePolicy Orchestrator ® 5.0.0–5.1.0
Purpose
This release contains many improvements. We have added support for deployment using third-party software distribution
tools, such as Microsoft System Center Configuration Manager (SCCM), and introduced web service Application Programming
Interfaces (APIs) for ticket-based enforcement. Also, we have enhanced the feedback (sent to McAfee) on how you are using
McAfee ® Global Threat Intelligence™ (McAfee GTI) and Application Control features. In this release, we have also provided
visibility into the status of native Windows Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)
techniques and made the Inventory Diff feature configurable. We have added support for the following:
•
Windows 8 (Pro and Enterprise)
•
Windows 8.1 (Pro and Enterprise)
•
Windows 8.1 update 1 (Pro and Enterprise)
•
Windows Embedded 8 Industry (Pro and Enterprise)
•
Windows Embedded 8.1 Industry (Pro and Enterprise)
•
Windows 8 and Windows 8.1-based tablets (32-bit only)
•
Windows 2012 R2 (Server Core, Standard, and Datacenter)
We have also fixed issues and thoroughly tested them. For detailed information about enhancements, review New features.
For information about the individual issues, review Known issues and Resolved issues.
Rating
Recommended — McAfee recommends this release for all environments. This update should be applied at the earliest
convenience.
For more information about patch ratings, see McAfee KnowledgeBase article KB51560.
New features
This release of the product includes these new features.
Support for deployment using third-party software distribution tools
You can install, upgrade, and remove the Application Control software using third-party tools, such as SCCM. We have
redesigned the Solidcore client installer to automatically detect installed McAfee Agent on the endpoints during installation and
upgrade.
•
If McAfee Agent is installed, the endpoint automatically connects to McAfee ePO after installation or when the upgrade is
complete.
•
If McAfee Agent is installed after installing or upgrading Application Control, use the new InstaConfig.exe utility to
connect to McAfee ePO.
For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide.
Web service APIs for ticket-based enforcement
We have added new web service APIs to help you integrate the Solicore extension with various ticketing systems used in your
setup. Because preconfigured connectors for BMC Remedy ticketing system are no longer available (End of Life in December
2013), these web service APIs also provide a migration strategy to existing users. These web service APIs are now available:
•
begin-update
•
end-update
•
delete-task
A sample connector is shipped with the Solidcore extension to help you integrate the web service APIs in your setup. To
review the sample connector, download and save the SampleConnector.zip file from the McAfee Downloads site. For detailed
information about this feature, see McAfee Change Control and McAfee Application Control Product Guide.
Support for Windows 8, Windows 8.1, and Windows Embedded
Application Control is now available on Windows 8 (Pro and Enterprise), Windows 8.1 (Pro and Enterprise), Windows 8.1
update 1 (Pro and Enterprise), Windows Embedded 8 Industry (Pro and Enterprise), and Windows Embedded 8.1 Industry
(Pro and Enterprise). We have also added support for Intel-based tablets running 32-bit versions of Windows 8 or Windows
8.1. However, memory-protection techniques in Application Control are unavailable on these platforms. We recommend that
you use McAfee VirusScan Enterprise or McAfee Host Intrusion Prevention memory protection to protect your endpoints on
these platforms. Also, the ActiveX and script as an updater (SAU) features are not available on these platforms.
Support for Windows 2012 R2
Application Control is now available on Windows 2012 R2 (Server Core, Standard, and Datacenter). However, memoryprotection techniques in Application Control are unavailable on this platform. We recommend that you use McAfee VirusScan
Enterprise or McAfee Host Intrusion Prevention memory protection to protect your endpoints on this platform. Also, the
ActiveX and script as an updater features are not available on the Windows 2012 R2 platform.
Improved feedback sent to McAfee
We have improved the feedback sent to McAfee about Application Control and McAfee GTI feature usage. This information
helps McAfee understand how you are currently using our features and helps to improve the software.
The new Solidcore: Send Policy Discovery Request Feedback to Application Control GTI Cloud Server server
task sends information for policy discovery requests and includes details about the certificate associated with the binary file.
We have also enhanced the usage information sent for inventory and user-editable policies.
For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide.
Visibility into native Windows DEP and ASLR status
From the McAfee ePO console, you can check the status of the DEP and ASLR memory-protection techniques provided by the
Windows operating system. You can verify if DEP and ASLR are Enabled or Disabled.
For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide.
Configurable Inventory Diff feature
We have made the Inventory Diff feature configurable allowing you to specify whether inventory information is updated at
regular intervals based on changes made to the endpoints. By default, the Inventory Diff value is set to Disabled and
inventory information is not updated. If you set this value to Enabled , inventory updates are pushed to the McAfee ePO
server after the agent-server communication interval.
For detailed information about this feature, see McAfee Change Control and McAfee Application Control Product Guide.
Resolved issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for
the specific release.
Solidcore extension
Applicable Solidcore
version
Hotfix details
Description
SR number
All (older than 6.1.3 EAP)
Not applicable
When Solidcore client is
upgraded on an endpoint,
there is no method available
on the McAfee ePO console
to determine if restart is
pending for the endpoint to
complete the upgrade.
936250
All (older than 6.1.3 RTW)
Not applicable
A large number of File
Solidified and File
Unsolidified events are
945762
reported at the McAfee ePO
server that might affect the
server performance.
6.0.0 to 6.1.2
Not applicable
If the software is unable to
fetch inventory information
for an endpoint because the
inventory is large, the
Menu | Automation |
Server Task Log page or
log files do not show any
error message.
939528
6.0.0 to 6.1.2
Not applicable
On the Menu |
932155
Application Control |
Inventory | By
Applications page, no
value is displayed for the
Trust Score (Cloud) field
if the cloud trust score is
not available.
6.0.0 to 6.1.2
Not applicable
On the Solidcore
Inventory Details page,
the Execution Status
931851
value is set to banned for
non-whitelisted binaries.
6.0.0, 6.0.1, 6.1.0, 6.1.1,
6.1.2, and 6.1.3 EAP
Not applicable
Index entries for foreign
keys are missing or
duplicate in the Solidcore
database.
903668
6.0.0, 6.0.1, 6.1.0, 6.1.1,
6.1.2, and 6.1.3 EAP
Not applicable
Updaters are not configured
for the Real Time for ePolicy
949800
Orchestrator ® software.
6.1.1 and 6.1.2
6.1.2–150
When using Internet
Explorer version 10,
uploading or importing files
to McAfee ePO 5.0 might
fail.
921436
6.1.2
Not applicable
An unexpected error is
displayed when you edit the
custom filters for an
Application Control query.
920034
Solidcore client
Applicable Solidcore
version
Affected operating
system
Hotfix details
Description
SR number
All (older than 6.1.3
EAP)
Windows all
6.1.1–395
The older McAfee
signing certificate has
expired and is
removed from the list
of trusted publishers.
Also, the new and
valid signing
certificate is included
in the list of trusted
publishers.
937695
All (older than 6.1.3
RTW)
Windows all
6.1.2–394
When you execute a
file from a CD
formatted with FAT
32 file system, the
file execution is
erroneously allowed.
4-4679724880
All (older than 6.1.3
RTW)
Windows all
6.1.2–394
A kernel-mode
memory leak occurs
in the QCAe tag.
917736
All (older than 6.1.3
RTW)
Windows all
6.1.2–394
If a system where
Application Control is
enabled is low on
disk space, the
inventory file
(scinvlog.bak) fails to
synchronize and
shows an error 1012
or BADENV. This
issue occurs because
of low disk space.
4-4950134170, 44292574661
6.1.0, 6.1.1, 6.1.2
and 6.1.3 EAP
Windows all (64-bit
only)
6.1.2–394
When you try to
install the VMware
vCenter Configuration
Manager (VCM)
software on a system
whereApplication
4-3568610543
6.1.2–368
Control is enabled,
the installation fails.
This issue occurs
because the Data
Execution Prevention
(DEP) feature bypass
is applicable only to
the specified binaries
and does not include
other associated
binaries created on
execution, while the
VCM installer, on
execution, creates
other associated
binaries that are not
bypassed from DEP.
6.1.1 and 6.1.2
Windows XP (32-bit
only)
6.1.1–395
When Application
Control is enabled in
the Limited Feature
Activation mode and
certain processes
such as, cmd.exe and
naprdmgr.exe are
added to Microsoft
User Mode Process
Dumper tool, the
system might stop
responding. This
issue occurs because
of incompatibility with
the tool.
4-4641017224
6.1.1 and 6.1.2
Windows all
6.1.2–368
If the FBReseal utility
is run on a system
where Application
Control version
6.1.1–379 or later is
installed, the system
might stop
responding. This
issue occurs because
of conflicts in the
code.
4-4236780493
6.1.1 and 6.1.2
Windows all
6.1.1–392
The system might
stop responding
during startup
because of conflicts
between the
Application Control
driver and other
drivers, such as
Acronis True Image.
4-4129128028
While uninstalling a
software package, if
you enable
Application Control in
4-5287525781
6.1.2–367
6.1.1, 6.1.2 and 6.1.3
EAP
Windows all
6.1.2–402
the Limited Feature
Activation mode, the
system might stop
responding. This
issue occurs because
of a race condition.
6.1.2 and 6.1.3 EAP
Windows all
6.1.2–394
On a system where
Application Controlis
enabled, when you
open a Microsoft
Outlook Data File
(.PST) from a
network path
containing the tilde
symbol (~), the
system might stop
responding. This
issue occurs because
of pool memory
corruption.
4-4920543343, 44763111601, 45037341401
6.1.3 EAP
Windows all
Not applicable
While upgrading
Application Control on
a Windows system
(on a non-English
locale) using the
InstaConfig.exe
utility, environment
variables are not
used in the paths (in
code) resulting in
upgrade failure.
951247
Installation and upgrade instructions
Here is information specific to the 6.1.3 release.
System requirements
To review system requirements for this release, see the McAfee KnowledgeBase article KB76579.
Supported platforms
This release is available on all supported Microsoft Windows platforms except Windows NT and Windows 2000.
Upgrade support
Solidcore extension
This release supports upgrade from these Solidcore extension versions:
•
5.1.0, 5.1.1, 5.1.2
•
6.0.0, 6.0.1
•
6.1.0, 6.1.1, 6.1.2
Note
We do not support installation of Solidcore extension 6.1.3 on McAfee ePO 4.5. Install and
upgrade of Solidcore extension 6.1.3 is supported on McAfee ePO versions 4.6, 5.0, and
5.1.
Solidcore client
This release supports upgrade from these Solidcore client versions:
•
5.1.0, 5.1.1, 5.1.2
Note
If you are upgrading the Solidcore client from 5.1.2 or earlier releases, you must
upgrade to the 6.0.0 release, and then to the 6.1.3 release. You need to restart the
endpoints only once to complete the upgrade.
•
6.0.0, 6.0.1
•
6.1.0, 6.1.1, 6.1.2
Note
If you are upgrading the Solidcore client from 6.1.1 to later releases, we recommend
that you upgrade in Enabled or Update mode. If you choose to upgrade in Observe
mode, review the McAfee KnowledgeBase article KB79517 before upgrading.
Known issues
For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB81085.
Find product documentation
After a product is released, information about the product is entered into the McAfee online Knowledge Center.
Task
1 Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.
2
Enter a product name, select a version, then click Search to display a list of documents.
Product documentation
Every McAfee product has a comprehensive set of documentation.
Document
Configuration
Description
McAfee Change Control and McAfee
Application Control 6.1.3 Product Guide
Managed
Provides information you need to configure, use, and
maintain the product.
McAfee Change Control and McAfee
Application Control 6.1.2 Help
Managed
Provides context-sensitive help for all product-specific
interface pages and options in McAfee ePO.
McAfee Change Control and McAfee
Application Control 6.1.3 Installation Guide
Managed
Provides information you need to install, upgrade, and
uninstall the product.
McAfee Application Control 6.1.2 Product
Guide
Standalone
Provides the information you need to use and maintain
the product.
McAfee Change Control and McAfee
Application Control 6.1.3 Installation Guide
Standalone
Provides information you need to install, upgrade, and
uninstall the product.
McAfee Application Control 6.1.0 Command
Line Interface Guide
Standalone
Details all Application Control commands that are
available when using the command line interface (CLI).
Copyright © 2014 McAfee, Inc. Do not copy without permission.
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and
brands may be claimed as the property of others.
Download PDF