Thank you for using this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document.
McAfee® VirusScan® Enterprise 8.8.0 Patch 3 provides support for Windows 8 and Windows Server 2012 operating systems only.
Although McAfee has thoroughly tested this release, we strongly recommend that you verify this update in test and pilot groups prior to mass deployment. Review the New features, Known issues, and Resolved issues sections for additional information.
This document supplements the product Release Notes in the current release package.
For a list of supported environments and latest information for VirusScan Enterprise 8.8.0 on Microsoft Windows, see KnowledgeBase article KB51111.
| • | VirusScan Enterprise 8.8.0 Patch 3 package — Updates VirusScan Enterprise 8.8.0 Patch 2 clients on Windows 8 and Windows Server 2012 systems only. | ||||||
| • | VirusScan Enterprise 8.8.0 Repost Patch 3 package for Windows — Includes full installation for new systems only. The Repost Patch 3 package installs:
| ||||||
| • | Both the Patch and Repost packages include VirusScan Enterprise 8.8.0 for ePolicy Orchestrator:
|
Refer to KnowledgeBase article KB51111 for the most current VirusScan Enterprise 8.8.0 details.
January 14, 2013
Patch 3: Mandatory for Windows 8 & Server 2012
Patch 3 supports Windows 8 and Server 2012 operating systems only and, for those systems, the patch is Mandatory. McAfee Support requires customers using Windows 8 or Windows Server 2012 systems to apply this patch before being able to provide assistance.
Patch 2: High Priority
McAfee considers this release to be high priority for supported Windows versions other than Windows 8 and Windows Server 2012. Failure to apply a High Priority update might result in potential business impact.
See KnowledgeBase article KB51560 for information on ratings.
Here is a list of features included with Patch 3.
This release of VirusScan Enterprise:
| • | Uses toast notifications (popup messages) to alert you to messages from the VirusScan Enterprise On-Access Scanner. | ||||||
| • | Integrates with the Windows Action Center (WAC). You can view messages and resolve problems reported by VirusScan Enterprise from the Security area of the Action Center. For example, when VirusScan Enterprise is out of date, a message appears in the Action Center. | ||||||
| • | Supports the Windows 8 Early Launch Anti-Malware (ELAM) feature. The ELAM driver (signed by Microsoft) starts anti-malware software before any third-party boot drivers, logs all drivers and executables loaded during boot and, once the system is booted, passes the list to VirusScan Enterprise for scanning. If you suspect a rootkit is present:
| ||||||
| • | Does not include the Buffer Overflow Protection (BOP) feature. See Policy settings changes for policy changes.
| ||||||
| • | VirusScan Enterprise Patch 3 no longer disables Microsoft Windows Defender during installation to Windows 8 and Server 2012 systems. |
This release of VirusScan Enterprise provides support for systems in connected standby mode (also called Always On Always Connected or AOAC).
| AOAC mode is only supported on Windows 8 systems with hardware chips that support AOAC. |
| • |
AOAC suspended mode
When the system is in AOAC suspended mode, VirusScan Enterprise does not perform scans or DAT updates. If an on-demand scan (ODS) starts before the system hibernates in AOAC or battery mode, the ODS pauses. If Run missed tasks option is selected, any missed ODS scans run immediately when the system wakes from suspended mode. |
| • |
User present mode
When a user is present (keyboard and/or mouse interaction within 5 minutes), VirusScan Enterprise performs any on-demand scans and DAT updates as specified by the schedule. |
| New or changed setting | Console option | Extension option | ||
|---|---|---|---|---|
| Cookie scans have been removed. | Scan cookie files on the tab | Scan cookie files on the tab | ||
Artemis (GTI) sensitivity level is now set to Medium by default for new installations only (not upgrades).
|
Sensitivity level on the tab | Sensitivity level on the tab | ||
| VirusScan Enterprise Console now includes a menu option that links to KnowledgeBase article KB65944. | n/a | |||
| Buffer Overflow Protection has been removed from Windows 8 and Windows Server 2012. | Buffer Overflow Protection in the Task list | Buffer Overflow Protection Policies |
| New or changed setting | Registry entries | DWORD default value | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Delayed Write Scan mode is now enabled by default. This mode delays all scans of modified files to lower priority background threads. This improves performance for processes that write data to disk frequently and/or write a lot of data in a short amount of time.
Removable media and network file share write operations are still scanned immediately on Close. For more information, see KnowledgeBase article KB75374. |
|
1 (enabled) | ||||||||||||||
| Rootkit Detection mode is now enabled by default. By enumerating the files at the NTFS level, this mode detects more rootkits that are hiding at the Win32 user-mode level. |
|
1 (enabled) | ||||||||||||||
On-Demand Scanner is now limited to one thread per CPU, 6 threads total by default. This limits the amount of memory used by ODS.
|
|
6 (maximum number of threads) | ||||||||||||||
| Artemis performance is increased when scanning large files. Large files are now hashed and, in parallel with the scan, an Artemis query runs to determine whether the file is known to be clean. If so, the scan stops.
By default, files larger than 5MB are hashed. To specify the size of files that trigger this behavior, set the DWORD value. |
|
5000 |
This release includes updated versions of the following components.
| Component | Version |
|---|---|
| McAfee Agent | 4.6.0.2988 |
| VSCore | 15.1 |
Here is a list of issues from previous releases of the software that have been fixed.
These issues were resolved in the VirusScan Enterprise Patch 3 release.
| 1 | Issue — On-Demand Scanner memory usage grows indefinitely when scanning large number of relatively small files. (Reference:
695931
)
Resolution — The number of files in the scanner queue is now limited to 100, preventing the On-Demand Scanner memory from growing too large. |
| 2 | Issue — In an IPv6 environment, when a
VirusScan Enterprise client sends an event with IPv6 information, the Threat Event log shows the IPv6 address as a string value instead of the original IPv6 address format. (Reference:
716512).
Resolution — The Threat Event log now correctly displays IPv6 addresses. |
| 3 | Issue —
McAfee ePolicy Orchestrator queries using pie charts that group by
VirusScan Enterprise version numbers display the client numbers accurately in the chart. However, when you drill down into one chart group, the filter is not applied and both workstations and servers are displayed. (Reference:
739627)
Resolution — VirusScan Enterprise 8.8.0 Patch 3 and later clients now report a new Machine Type property that classifies the client systems as Workstation or Server. Use this property in queries to filter against workstations or servers. |
| 4 | Issue — In specific situations, users could stop the McShield service. (Reference:
756805)
Resolution — Only administrative users can stop the McShield service. |
These issues were resolved in the VirusScan Enterprise Patch 2 release.
| 1 | Issue — Third-party products that inject DLLs into processes could cause the
VirusScan Enterprise service (VsTskMgr.exe) to periodically poll data and frequently log event 516 entries. (Reference:
625756)
Resolution — The VirusScan Enterprise Task Manager service no longer causes prolific generation of the event 516. | ||||
| 2 | Issue — When a
VirusScan Enterprise patch update is applied, the update would "succeed" and appear to be at the correct patch level even if a file was missing or corrupted in the repository. (Reference:
629564)
Resolution — A missing or corrupt patch file in the repository now causes VirusScan Enterprise updates to fail.
| ||||
| 3 | Issue — A flaw in the Windows registry filtering model caused the
McAfee Access Protection driver to incorrectly block remote registry accesses. (Reference:
668312)
Resolution — Microsoft identified a workaround and McAfee implemented the fix. | ||||
| 4 | Issue — The Reports Extension might fail to check into the repository if the default group for the queries already exist. (Reference:
670759)
Resolution — All queries now include a group reference so they do not try to recreate the default group. | ||||
| 5 | Issue — A STOP error (Bugcheck 7f) could occur with the
McAfee filter driver due to lost content header information when transmitting through a raw socket on Windows 7. This issue was seen with some third-party VPN clients. (Reference:
682177)
Resolution — The McAfee filter driver now ensures header information is preserved and forwarded through a raw socket. | ||||
| 6 | Issue — McShield might fail to start due to an API not properly calling processor group affinity for Non-Uniform Memory Access systems. (Reference:
685950)
Resolution — The API to set processor group affinity is now called correctly. | ||||
| 7 | Issue — When a
McAfee driver queried for the engine version, the return value was a non-empty string if a version was not found in the registry. (Reference:
689986)
Resolution — The return value has been updated to send an empty string if no engine version is found. | ||||
| 8 | Issue — During an On-Demand Scan, the user was able to stop or cancel the scan, regardless of configured settings, by clicking the scan task in the console and selecting Show Progress. (Reference:
694042)
Resolution — Managed ePolicy Orchestrator On-Demand Scan tasks now properly enforce the password protection settings for the user if managed tasks are displayed in the user console. | ||||
| 9 | Issue — Access Protection rules that begin with the special wildcard character "?", even with no rules set to block, would cause the CPU to spike to 100% usage. (Reference:
696654)
Resolution — The Access Protection driver now properly addresses the issue when evaluating rules beginning with "?". | ||||
| 10 | Issue — A STOP error (Bugcheck 8E) could occur with
VirusScan Enterprise if a locked file was being scanned under some circumstances. (Reference:
702469)
Resolution — VirusScan Enterprise now prevents the STOP error when scanning locked files. | ||||
| 11 | Issue — When adding or removing a storage media device, the CPU usage could spike due to repeated attempts to acquire a resource that might be in an unguarded dead-lock state. (Reference:
703065)
Resolution — VirusScan Enterprise now recompiles rules from a separate thread to resolve the underlying dead-lock condition. | ||||
| 12 | Issue — The Lotus Notes scan driver did not support the new multi-threaded Lotus Notes Client version 8.0 and later. (Reference:
708485)
Resolution — The Lotus Notes scan driver code now allows processing in multi-threaded Lotus Notes Clients version 8.0 and later. | ||||
| 13 | Issue — The Lotus Notes scan driver sometimes encountered an out-of-bounds situation that caused an access violation, resulting in a crash on exit. (Reference:
712419)
Resolution — The Lotus Notes scan driver now handles the access violation, preventing a crash on exit. | ||||
| 14 | Issue — If event ID 560 (security failure audit messages) was enabled, the event was logged during every policy enforcement. (Reference:
716044)
Resolution — Policy enforcement no longer causes Event ID 560 to occur on the client. | ||||
| 15 | Issue — A STOP error (Bugcheck D5 or C2) could occur due to a race condition caused by a pool corruption with
VirusScan Enterprise and Host Data Protection. (Reference:
726019)
Resolution — VirusScan Enterprise was modified to eliminate the pool corruption that could cause the race condition. | ||||
| 16 | Issue — When an On-Demand Scan started, the wrong API call returned the machine name and user name individually and then concatenated them. (Reference:
726909)
Resolution — VirusScan Enterprise now calls the correct API to return the name of the user or other security principal associated with the calling thread. | ||||
| 17 | Issue — When using Microsoft Outlook 2010 mail client, an On-Demand Email Scan would stop scanning mail items that returned a NULL session object. The
VirusScan Enterprise Outlook Email Scanner was unable to scan NULL session objects. (Reference:
727314)
Resolution — The VirusScan Enterprise Outlook Email Scanner now skips scanning any NULL session objects. | ||||
| 18 | Issue — Under low memory conditions, a STOP error (Bugcheck 8E) could occur due to failure with allocated memory from the system pool. (Reference:
727788)
Resolution — VirusScan Enterprise no longer causes a STOP error due to a memory allocation failure. | ||||
| 19 | Issue — Some core files could fail to upgrade with
VirusScan Enterprise 8.8.0 causing the installer to remove the core files from the system instead of reverting back to the previous state.(Reference:
730735)
Resolution — The installer now ensures the core files will not be removed from the system after a failed upgrade. | ||||
| 20 | Issue — Some event XML data included empty strings, which are not honored by the event parser. (Reference:
732299)
Resolution — Empty strings are now accepted for the following fields in the XML events:
| ||||
| 21 | Issue — ScriptScan URL exclusions did not allow several special characters, including '/', in the
ePolicy Orchestrator
VirusScan Enterprise policy settings. (Reference:
733717)
Resolution — ScriptScan URL exclusions with now will not allow only '*' and '?' as originally intended. | ||||
| 22 | Issue — A STOP error (Bugcheck 7E) occurs due to a race condition between internal interface registration and deregistration. (Reference:
735108)
Resolution — Simplified internal synchronization to avoid a registration race condition. | ||||
| 23 | Issue — A STOP error (Bugcheck D5 or C2) would occur from a race condition caused by corruption in the kernel pool when attempting to free a buffer that had already been freed. (Reference:
735511)
Resolution — VirusScan Enterprise was modified to eliminate the race condition that could corrupt the kernel pool. | ||||
| 24 | Issue — When installing to a machine with
Host Intrusion Prevention,
Host Intrusion Prevention blocks a
McAfee process (mfehidin.exe) from setting Access Control List (ACL) on a
McAfee driver (mfevtps). (Reference:
735512)
Resolution — The Host Intrusion Prevention Entercept Agent service is now stopped before upgrading the syscore drivers and vscore files. | ||||
| 25 | Issue — Lotus Notes Scanner does not support the new multi-threaded environment of Lotus Notes Clients version 8.0 and later. (Reference:
740019)
Resolution — Lotus Notes Scanner is now thread-safe in multithreaded environments of Lotus Notes Clients version 8.0 and later. | ||||
| 26 | Issue — Access Protection would cause incompatibilities with some Microsoft Windows component installers. (Reference:
740244)
Resolution — Access Protection was modified to remove the incompatibility. | ||||
| 27 | Issue — Attempting a remote connection to the SAP server using the WebIRichClient with On-Access Scanner enabled prevented the system from connecting and caused the WebIRichClient software to become non-responsive. (Reference:
741714)
Resolution — The file filter was revised to temporarily delay a scan if a file had been modified under conditions that could block concurrent access through the file system. | ||||
| 28 | Issue — The
McAfee McShield service could encounter a dead-lock situation in an internal utility routine when processing scans of modified files. In this case, the McShield internal dead-lock watchdog timer fires and the McShield service stops. (Reference:
754042)
Resolution — Scans of modified files are now conducted with corrected context information passed to internal utility routines, avoiding the dead-lock situation. | ||||
| 29 | Issue — When running an On-Demand scan on disk volumes where Update Sequence Number (USN) journals are not enabled, the last access time of the corresponding files might be updated. (Reference:
756797)
Resolution — VirusScan Enterprise On-Demand scanner no longer modifies the file time stamp while performing scans. | ||||
| 30 | Issue — If a file was cached as clean and then later added to the User Defined Detections (UDD) in the Registry, the file is not detected by the On-Access Scanner until the service restarts. (Reference:
762155)
Resolution — On-Access Scanner resets the cache so when the file is added to UDD it will now be detected. | ||||
| 31 | Issue — STOP error (Bugcheck 50) could occur as part of handling changes to the Windows PendingRename registry value by referencing an invalid memory location. (Reference:
773909)
Resolution — VirusScan Enterprise no longer accesses invalid memory locations when processing the PendingRename registry value. |
| 1 | Issue — The uninstall scripts do not detect the latest version of AV Kaspersky 6.0.4 when installing
VirusScan Enterprise. (Reference:
701815)
Resolution — When installing VirusScan Enterprise, the uninstall scripts now detects and removes AV Kaspersky 6.0.4. |
| 2 | Issue — The
REBOOT=A option to SetupVSE.exe did not reboot the system if launched from a scheduled task. (Reference:
717989)
Resolution — SetupVSE.exe now enforces the REBOOT=A option, even if the user is not logged on interactively. |
| 3 | Issue — When upgrading from
VirusScan Enterprise 8.5.0 to
VirusScan Enterprise 8.8.0, an outdated driver was left installed. In some instances, the old driver remained loaded in memory. (Reference:
741085)
Resolution — The installer now removes the outdated driver. A system reboot might be required to remove the driver from memory and load the correct driver. The installer does not force a reboot. |
These issues were resolved in the VirusScan Enterprise Patch 1 release.
| 1 | Issue — Installation fails with ERROR 1920, citing The
McShield Service failed to start. This can occur when Microsoft Windows is installed to a sub-folder rather than the root. (Reference:
638858)
Resolution — The system core installer has been revised to recognize all system paths. |
| 2 | Issue — A Bugcheck 5 error could occur if memory allocations are not checked for failure, resulting in an invalid memory reference. (Reference:
643013,
651019,
673463,
676448)
Resolution — The memory allocation is now checked for success prior to referencing it. |
| 3 | Issue — Malicious software might change NTFS folder permissions on
McAfee folders in order to disable the software. (Reference:
643440)
Resolution — Self protection now protects McAfee folders, files and registry data from permission changes. |
| 4 | Issue — Process exclusion for Buffer Overflow was broken after introducing more granularity in Buffer Overflow exclusions using Module Name and API Name. (Reference:
651569,
686711,
687670)
Resolution — Process exclusions for Buffer Overflow work as expected on standalone machines, ePolicy Orchestrator managed systems and during ePolicy Orchestrator Policy Migration. |
| 5 | Issue — When multiple signatures are included in an EXTRA.DAT, the buffer used to store the description information for the "About" window might not be large enough. (Reference:
651670)
Resolution — Buffer size for storing Extra.DAT signature information has been increased to 4 times its original size. |
| 6 | Issue — When the option “Show add-in user interface error” is enabled in Outlook, the following pop-up error appears every time Outlook is started and the first e-mail is opened or created: “Custom UI Runtime Error in
McAfee E-mail Scan Add-in”. (Reference:
651887,
656365,
656366,
656644,
656674,
656678,
657131,
657398,
657409,
657411,
657413,
657414,
657433,
661628,
675246)
Resolution — McAfee E-mail Scan Add-in has been fixed to return correct “success” error code to Outlook. The pop-up error no longer appears. |
| 7 | Issue — Files on network locations might trigger an unhandled exception leading to a system crash if the network experiences a failure or the object is unreadable. One report of this occurred when opening Outlook 2010 with PST files configured to reside on remote storage. (Reference:
660014,
663389,
665822,
667934)
Resolution — The exception is handled to avoid a system crash. |
| 8 | Issue — Access Protection rules involving the block of System:Remote fail to enforce. This also applies to preventing remote access to shares. (Reference:
661424)
Resolution — VirusScan Enterprise identifies remote share access and enforces Access Protection rules that prevent remote access to shares. |
| 9 | Issue — The XML file generated for Event 1202 contained incorrect values for GMTTime and UTCTime fields. (Reference:
661702,
676893)
Resolution — GMTTime and UTCTime fields for Event 1202 now have the correct time information. |
| 10 | Issue — TA Bugcheck C2, “Bad_Pool_Caller” error, could occur under varied conditions. One instance was triggered when using Virtual Machine Converter. (Reference:
662350,
666697,
673448,
678179,
690657,
691258)
Resolution — A memory corruption issue has been resolved. |
| 11 | Issue — A variety of symptoms, including an application crash, might occur with the ScriptScan feature disabled. (Reference:
662684,
665748,
668796,
668807,
669035,
669605,
669773,
669875,
671666,
671668,
671671,
671672,
672710,
675259,
675261,
676492,
685467,
685551,
685566,
685650,
686667,
686828,
687336,
693321,
696789,
696834)
Resolution — ScriptScan DLLs are no longer accessed if the feature is disabled. |
| 12 | Issue — An attempt to add an exclusion to the Access Protection rule "Protect Internet Explorer favorites and settings" failed when the edit box reached its maximum limit. (Reference:
663135)
Resolution — Buffer size for storing processes to exclude has been increased, enabling customers to add exclusions. |
| 13 | Issue — When filtering network Input/Output, a timing issue could occur, leading to a kernel thread stack exhaustion. This issue could result in a system crash. (Reference:
664539,
665345)
Resolution — VirusScan Enterprise now uses a Deferred Procedure Call to ensure a fresh thread stack. |
| 14 | Issue — A bugcheck 50 error could occur when a
McAfee driver encountered unexpected data while examining loaded resources of a third-party application. (Reference:
667172)
Resolution — The McAfee driver has been updated to handle this situation. |
| 15 | Issue — A memory leak could occur with the process validation service and the Microsoft .NET runtime support library, mscoree.dll. (Reference:
673462)
Resolution — Changes made to the process validation service have removed the dependency of the Microsoft .NET runtime support library, mscoree.dll. |
| 16 | Issue — When Hotfix 660014, which introduces folder permission restrictions, is installed,
McAfee Agent installations might be blocked by an Access Protection rule. (Reference:
684965,
686259,
686272)
Resolution — The McAfee Agent is no longer blocked when trying to set folder permissions. |
| 17 | Issue — A defect in the matching engine prevents the deletion of folder names that are a substring of “Program Files”, such as “c:\pro” or “c:\prog”. (Reference:
685273)
Resolution — The matching engine now only matches complete folder names, so deleting “Program Files” is prevented, but deleting “C:\pro”, “c:\prog”, or other substrings is allowed. |
| 18 | Issue — An issue in the clean-file scan cache logic was identified on systems supporting the Server Message Block 2 (SMB2) protocol that could allow files to be written to a share and not be scanned. (Reference:
686645,
686650,
690277)
Resolution — When On-Access Scanner tries to scan a share file and the scan does not succeed, the scanner now returns an OPLOCK error to McShield. McShield returns NOTSCANNED status to the driver and the file is not added to the cache, causing the file to be scanned when accessed. |
| 19 | Issue — When Hotfix 660014, which introduces Access Protection rule: Prevent modification of
McAfee files and settings, is installed,
VirusScan Enterprise prevents installation and adding features to Windows systems. (Reference:
691269,
691651)
Resolution — VSCAN.BOF content file has been modified to properly restrict access to McAfee files and settings. |
| 20 | Issue — The On-Demand Scanner cleanup events (1034, 1035, 1202, and 1203) have timestamps that are identical to the On-Demand Scanner start time. (Reference:
691660)
Resolution — VirusScan Enterprise now obtains the current time before generating On-Demand Scan cleanup events. |
| 1 | Issue — When installing
VirusScan Enterprise, the installer checks for the existence of UNC paths in the PATH environment variable. If found,
VirusScan Enterprise will block the installation because of an issue with McShield. (Reference:
657079,
657651)
Resolution — SetupVSE.exe now includes a bypass flag that allows the installation to continue on machines with UNC paths in their PATH environment variable. |
| 2 | Issue — When upgrading from
VirusScan Enterprise 8.7i to
VirusScan Enterprise 8.8, the Access Protection rules from an older version (8.7) of the product were used. (Reference:
659049)
Resolution — The installation now loads the correct Access Protection rule-set. |
| 3 | Issue — When upgrading from
VirusScan Enterprise 8.7i (without the
McAfee AntiSpyware Enterprise module) to
VirusScan Enterprise 8.8, the
McAfee AntiSpyware scanner did not have the default detections defined. (Reference:
663995)
Resolution — The installer now detects that McAfee AntiSpyware Enterprise is being installed for the first time and now sets the default scanning options. |
Use these instructions to install, verify, and remove this VirusScan Enterprise Patch release.
VirusScan Enterprise 8.8.0 Patch 3 updates Patch 2 on Windows 8 and Windows Server 2012 systems only. VirusScan Enterprise 8.8.0 Repost Patch 3 installs Patch 3 on Windows 8 and Windows Server 2012 systems and Patch 2 on all other supported Windows versions.
| Package | VirusScan Enterprise version | Windows version | ||||||
|---|---|---|---|---|---|---|---|---|
| Patch 3 | VirusScan Enterprise 8.8.0 Patch 2 |
|
||||||
|
|
|||||||
| Repost Patch 3 | New system installations |
|
||||||
|
|
| Using McAfee Installation Designer (MID) to install VirusScan Enterprise 8.8.0 Patch 3 has not been tested and is not supported with this released version of VirusScan Enterprise. |
This release supports the following minimum versions.
| • | Scan Engine: 5400 |
| • | Detection Definitions (DAT): 6900+ |
| • | McAfee Agent: 4.6.0.2988 |
Install this patch directly to a target client system or use ePolicy Orchestrator to deploy this release to managed systems. McAfee Installation Designer (MID) is not supported when installing VirusScan Enterprise 8.8.0 Patch 3.
| If your existing scripts call SetupVSE.Exe, you must change these references to SetupVSE_Win8.Exe to install Patch 3 on Windows 8 and Windows Server 2012 systems. |
| Client | ePolicy Orchestrator | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
To install this patch directly to a target client system:
|
To deploy this release to managed systems:
|
||||||||||||||||||||||||||||||||
|
For more information, see the VirusScan Enterprise Installation Guide. |
For more information, see Checking in packages manually in the ePolicy Orchestrator online help. |
To deploy without ePolicy Orchestrator, see KnowledgeBase article KB76536 for information on creating separate standalone Patch 2 and Patch 3 installation packages.
After installing VirusScan Enterprise Patch 3, verify that the product installed correctly.
Reboot the client system prior to validating that the installation is successfully installed.
| • |
Check any of the following items:
|
| File name | Version (x64/x86) | File name | Version (x64/x86) | File name | Version (x64/x86) |
|---|---|---|---|---|---|
| MfeOtlkAddin.dll | 15.1.0.500 | adslokuu.dll | 15.1.0.500 | BBCpl.dll | 8.8.0.1128 |
| mfevtps.exe | 15.1.0.500 | csscan.exe | 15.1.0.500 | condl.dll | 8.8.0.1128 |
| mfeapconfig.dll | 15.1.0.580 | dainstall.exe | 15.1.0.500 | consl.dll | 8.8.0.1128 |
| mfeapfa.dll | 15.1.0.580 | entvutil.exe | 15.1.0.500 | graphics.dll | 8.8.0.1128 |
| mfeapfk.sys | 15.1.0.580 | ftl.dll | 15.1.0.500 | mapprem.dll * | 8.8.0.1128 |
| mfeavfa.dll | 15.1.0.580 | lockdown.dll | 15.1.0.500 | mmalnot.dll * | 8.8.0.1128 |
| mfeavfk.sys | 15.1.0.580 | mcshield.dll | 15.1.0.500 | naiann.dll | 8.8.0.1128 |
| mfebopa.dll | 15.1.0.580 | mcshield.exe | 15.1.0.500 | NCDaemon.exe | 8.8.0.1128 |
| mfebopk.sys | 15.1.0.580 | mcvssnmp.dll | 15.1.0.500 | NCExtMgr.dll | 8.8.0.1128 |
| mfeclnk.sys | 15.1.0.580 | mfeann.exe | 15.1.0.500 | NCInstall.exe | 8.8.0.1128 |
| mfeelam.dll * | 15.1.0.580 | mytilus3.dll | 15.1.0.500 | NCMenu.dll | 8.8.0.1128 |
| mfeelamk.sys * | 15.1.0.580 | mytilus3_server.dll | 15.1.0.500 | NCScan.dll | 8.8.0.1128 |
| mfehida.dll | 15.1.0.580 | mytilus3_worker.dll | 15.1.0.500 | NCTrace.dll | 8.8.0.1128 |
| mfehidin.exe | 15.1.0.580 | naevent.dll | 15.1.0.500 | odspause.dll * | 8.8.0.1128 |
| mfehidk.sys | 15.1.0.580 | naievent.dll | 15.1.0.500 | shcfg32.exe | 8.8.0.1128 |
| mfehidk_messages.dll | 15.1.0.580 | OtlkScan.dll | 15.1.0.500 | shstat.dll | 8.8.0.1128 |
| mferkda.dll | 15.1.0.580 | OtlkUI.xxx.dll | 15.1.0.500 | shstat.exe | 8.8.0.1128 |
| mferkdet.sys | 15.1.0.580 | RkScan.dll | 15.1.0.500 | shutil.dll | 8.8.0.1128 |
| mfetdi2k.sys | 15.1.0.580 | scriptff.dll | 15.1.0.500 | vsodscpl.dll | 8.8.0.1128 |
| mfevtpa.dll | 15.1.0.580 | scriptsn.xxx.dll | 15.1.0.500 | vsplugin.dll | 8.8.0.1128 |
| mfewfpk.sys | 15.1.0.580 | VSCAN.BOF | 589 | VsTskMgr.exe | 8.8.0.1128 |
| wscavexe.exe | 8.8.0.1128 | ||||
| wscav.dll | 8.8.0.1128 | ||||
| * New with Patch 3. | |||||
Remove the patch installation files using Add/Remove Programs.
For information on removing the VirusScan Enterprise product, see the VirusScan Enterprise Installation Guide.
| Removing the patch from a client system places the client system in an unsupported state. See Known issues for further details. |
| 1 |
To remove the patch manually, use
Add/Remove Programs. (You must have administrative rights to the local system.)
All features affected by the patch are reset to installation defaults. Any features not modified by the patch are left with their current settings.
|
| 2 | Update VirusScan Enterprise after removing the patch to ensure that VirusScan Enterprise is running the latest version of the engine and DAT files. |
McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
| 1 | Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. | ||||||||||||||||
| 2 |
Under Self Service, access the type of information you need:
|
Copyright © 2013 McAfee, Inc. Do not copy without permission.
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.