Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
patch 10 4
- Thread starter terry712
- Start date
-
1
- #2
PredatorUK
MIS
Here's all the info on it:
RESOLVED ISSUES
1. ISSUE:
A memory leak occurred in non-page pool memory when accessing files via the network redirector. The TDI driver did not release memory that had been allocated for identifying Source IP information.
RESOLUTION:
Memory is properly released by the TDI driver.
2. ISSUE:
If the TDI driver received an I/O Request Packet (IRP) that did not have enough stack locations to be passed down the stack, a new IRP was created and the original IRP was left uncompleted. This resulted in a small memory leak.
RESOLUTION:
The original IRP is now completed.
3. ISSUE:
A driver conflict between the McAfee TDI driver and a driver from Aventail VPN Client software could result in NetBIOS network connectivity being lost.
RESOLUTION:
NetBIOS network connectivity functions as expected when these applications are installed.
4.ISSUE:
When a system was under considerable file I/O stress, and the path information of a file was not examined correctly by the exclusion library, an excluded file or a file inside an excluded folder could be scanned.
RESOLUTION:
The exclusion library has been updated to ensure that file path information is examined correctly under any stress condition.
5.ISSUE:
Malformed JPEG files taking advantage of the MS04-028 exploit could be rendered by a browser -? without first having to cache files locally -- to induce an attack on the system. Details of the security bulletin can be found at:
RESOLUTION:
The processes monitored by the Buffer Overflow Protection feature are protected against malicious code attempting to execute after exploiting the MS04-028 vulnerability.
IMPORTANT:
When a buffer overflow has occurred, the affected process may become unstable and may need to be restarted.
This patch release is not a substitute for any security patch(es) provided by Microsoft to resolve the MS04-028 vulnerability.
6.ISSUE:
Toolbar icons in some applications, including IBM WebSphere Studio, display as black boxes.
RESOLUTION:
Toolbar icons now display as expected.
7.ISSUE:
Web Inspector from Zixcorp would encounter an error upon initializing, usually seen at logon.
RESOLUTION:
Web Inspector loads without issue.
8.ISSUE:
Windows Media Player 10 could stop responding after you select the option to listen to a ?Radio? stream, then select the ?Music? tab.
RESOLUTION:
Windows Media Player 10 operates correctly without interruption when you change from the ?Radio? tab to ?Music? tab, and vice versa.
NOTE:
Once the Patch is applied, a reboot may be required to resolve this issue.
9. ISSUE:
List boxes and Message boxes in .NET applications do not display any content.
RESOLUTION:
List boxes and Message boxes now display content as expected.
10. ISSUE:
In some Notes configurations where user mail databases were located in varying locations, the Lotus Notes Scanner would not find a mailbox to scan.
RESOLUTION:
User mailboxes are correctly located, and the Lotus Notes scanner protects the database.
11. ISSUE:
The user interface option that allows you to password protect the ?On-Access Scanner: Detection? page mistakenly protects both the On-Access Scan ?Detection? and On-Access Scan ?Set Exclusions? property pages. A user could not add exclusions.
RESOLUTION:
Choosing to protect the ?On-Access Scanner: Detection? page from the ?User Interface Options? now protects only the On-Access Scan ?Detection? page.
12.ISSUE:
A ?Cannot find the file specified? error message could occur when starting Lotus Notes via a shortcut, or when starting Lotus Notes from a shell.
The same error message could occur when third-party applications that inject an add-in into Lotus Notes attempt to invoke the McAfee Lotus Notes scanner extensions and fail to find NCDAEMON.EXE.
RESOLUTION:
NCDAEMON.EXE now loads successfully.
13.ISSUE:
A delay in responsiveness of the script engine would occur when executing scripts sequentially.
RESOLUTION:
Scripts terminate correctly, allowing the script engine to respond to subsequent script commands.
14. ISSUE:
An ?Access denied? error appeared in an application that used the ?delete-on-close? flag when working with temporary files. The file system filter driver would lose track of the ?delete-on-close? flag.
RESOLUTION:
The updated file system filter driver resolves this issue, allowing temporary files to be utilized as expected.
KNOWN ISSUES
1.When installing locally, you may not be prompted to reboot after the installation. However, a reboot is necessary to unload the previous McAfee TDI filter driver and load the new driver.
2.Performing a repair of the product via the Control Panel ?Add/Remove Programs? applet and omitting to rewrite registry values, reinstalls both product and patch but will not report the patch is installed. For example, the ?About? screen will not show Patch 10.
Reinstall the product, or when doing the repair ensure the option to rewrite registry values is selected.
3. Installing the patch and specifying a log file path using the MSI switch ?/L? will not log to the specified path. A log capturing full data is logged to the folder ?NAILogs? under the Temp folder.
RESOLVED ISSUES
1. ISSUE:
A memory leak occurred in non-page pool memory when accessing files via the network redirector. The TDI driver did not release memory that had been allocated for identifying Source IP information.
RESOLUTION:
Memory is properly released by the TDI driver.
2. ISSUE:
If the TDI driver received an I/O Request Packet (IRP) that did not have enough stack locations to be passed down the stack, a new IRP was created and the original IRP was left uncompleted. This resulted in a small memory leak.
RESOLUTION:
The original IRP is now completed.
3. ISSUE:
A driver conflict between the McAfee TDI driver and a driver from Aventail VPN Client software could result in NetBIOS network connectivity being lost.
RESOLUTION:
NetBIOS network connectivity functions as expected when these applications are installed.
4.ISSUE:
When a system was under considerable file I/O stress, and the path information of a file was not examined correctly by the exclusion library, an excluded file or a file inside an excluded folder could be scanned.
RESOLUTION:
The exclusion library has been updated to ensure that file path information is examined correctly under any stress condition.
5.ISSUE:
Malformed JPEG files taking advantage of the MS04-028 exploit could be rendered by a browser -? without first having to cache files locally -- to induce an attack on the system. Details of the security bulletin can be found at:
RESOLUTION:
The processes monitored by the Buffer Overflow Protection feature are protected against malicious code attempting to execute after exploiting the MS04-028 vulnerability.
IMPORTANT:
When a buffer overflow has occurred, the affected process may become unstable and may need to be restarted.
This patch release is not a substitute for any security patch(es) provided by Microsoft to resolve the MS04-028 vulnerability.
6.ISSUE:
Toolbar icons in some applications, including IBM WebSphere Studio, display as black boxes.
RESOLUTION:
Toolbar icons now display as expected.
7.ISSUE:
Web Inspector from Zixcorp would encounter an error upon initializing, usually seen at logon.
RESOLUTION:
Web Inspector loads without issue.
8.ISSUE:
Windows Media Player 10 could stop responding after you select the option to listen to a ?Radio? stream, then select the ?Music? tab.
RESOLUTION:
Windows Media Player 10 operates correctly without interruption when you change from the ?Radio? tab to ?Music? tab, and vice versa.
NOTE:
Once the Patch is applied, a reboot may be required to resolve this issue.
9. ISSUE:
List boxes and Message boxes in .NET applications do not display any content.
RESOLUTION:
List boxes and Message boxes now display content as expected.
10. ISSUE:
In some Notes configurations where user mail databases were located in varying locations, the Lotus Notes Scanner would not find a mailbox to scan.
RESOLUTION:
User mailboxes are correctly located, and the Lotus Notes scanner protects the database.
11. ISSUE:
The user interface option that allows you to password protect the ?On-Access Scanner: Detection? page mistakenly protects both the On-Access Scan ?Detection? and On-Access Scan ?Set Exclusions? property pages. A user could not add exclusions.
RESOLUTION:
Choosing to protect the ?On-Access Scanner: Detection? page from the ?User Interface Options? now protects only the On-Access Scan ?Detection? page.
12.ISSUE:
A ?Cannot find the file specified? error message could occur when starting Lotus Notes via a shortcut, or when starting Lotus Notes from a shell.
The same error message could occur when third-party applications that inject an add-in into Lotus Notes attempt to invoke the McAfee Lotus Notes scanner extensions and fail to find NCDAEMON.EXE.
RESOLUTION:
NCDAEMON.EXE now loads successfully.
13.ISSUE:
A delay in responsiveness of the script engine would occur when executing scripts sequentially.
RESOLUTION:
Scripts terminate correctly, allowing the script engine to respond to subsequent script commands.
14. ISSUE:
An ?Access denied? error appeared in an application that used the ?delete-on-close? flag when working with temporary files. The file system filter driver would lose track of the ?delete-on-close? flag.
RESOLUTION:
The updated file system filter driver resolves this issue, allowing temporary files to be utilized as expected.
KNOWN ISSUES
1.When installing locally, you may not be prompted to reboot after the installation. However, a reboot is necessary to unload the previous McAfee TDI filter driver and load the new driver.
2.Performing a repair of the product via the Control Panel ?Add/Remove Programs? applet and omitting to rewrite registry values, reinstalls both product and patch but will not report the patch is installed. For example, the ?About? screen will not show Patch 10.
Reinstall the product, or when doing the repair ensure the option to rewrite registry values is selected.
3. Installing the patch and specifying a log file path using the MSI switch ?/L? will not log to the specified path. A log capturing full data is logged to the folder ?NAILogs? under the Temp folder.
- Thread starter
- #3
it seems erratic as well in regards to reporting in epo and on the client
when you add the .z file i notice patch 4,7,8,9 dissapear
i assume it's a cumulative in that respect
if you manually update a client - correct it doesnt ask to reboot where the auto does prompt
when i manually do it on one client - check patch level after and it only says 10 - yet on another it say 1,4,5,7,8,9,10
i wonder what we should get ?
when you add the .z file i notice patch 4,7,8,9 dissapear
i assume it's a cumulative in that respect
if you manually update a client - correct it doesnt ask to reboot where the auto does prompt
when i manually do it on one client - check patch level after and it only says 10 - yet on another it say 1,4,5,7,8,9,10
i wonder what we should get ?
NickFerrar
MIS
Does patch 10 supercede patch 7 (which seemd to be TDI driver realted as well)? I still need to apply Patch 7 but want to avoid 2 reboots if I can just apply Patch 10 after testing.
PredatorUK
MIS
Mcafee have removed the other patches from their site, so I assume it superseeds them.
I've manually installed it on a test PC and it now only says patch 10. I've yet to upgrade the rest of the network....
I've manually installed it on a test PC and it now only says patch 10. I've yet to upgrade the rest of the network....
PredatorUK
MIS
Ok I started a company wide roll out.... 800 were successfull and over 300 PC's now report no AV installed. It appears that something (possibly hotfix 10) has corrupted the local installs. Today is not a good day.
NickFerrar
MIS
Hmm well at least you've made me hold off for now! Have you made any progress on figuring out what the problem is?
PredatorUK
MIS
A call is logged with Mcafee and has now been escalated. I'll post any solutions I find!!!
PredatorUK
MIS
I have followed this up today with Mcafee and it appears we're not the only company affected by this issue.
Joy!
Therfore its gone back to development for further testing.....
i will post more when I hear more!
Joy!
Therfore its gone back to development for further testing.....
i will post more when I hear more!
-
3
- #12
We had the same problem (about 20% of all VS8 installations are reporting "no AV installed" after applying Patch 10).
Mcafee told us that Patch 10 installation stopped during writing some registry keys but they do not know why. But it seems that all necessary files are installed when the installation fails.
We found a workaround (unsupported!) that worked on all affected clients:
1) Set Registrykey HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8000\Plugin Flag to 0 (on affected systems you find the value 8)
2) stop and restart frameworkservice
Now VS8 should be reported back to the ePO server.
Mcafee told us that Patch 10 installation stopped during writing some registry keys but they do not know why. But it seems that all necessary files are installed when the installation fails.
We found a workaround (unsupported!) that worked on all affected clients:
1) Set Registrykey HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8000\Plugin Flag to 0 (on affected systems you find the value 8)
2) stop and restart frameworkservice
Now VS8 should be reported back to the ePO server.
inkastinka
IS-IT--Management
not if you have 3000+ machines in 15 different locations 
PredatorUK
MIS
Cheers for the postings everyone. Its nice to know I'm not alone here, although its a pain some of you have also experienced this problem.
Why on earth Mcafee don't take off that patch from their site I'll never know!
I'm still waiting to hear of a resolution from Mcafee regarding this.
Why on earth Mcafee don't take off that patch from their site I'll never know!
I'm still waiting to hear of a resolution from Mcafee regarding this.
@stki and all,
I found a solution for the "no AV installed" problem. Just follow the instructions on KB39914 (Mcafee KB):
1. Open Regedit and browse to HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion and find the entries named Patch_x, where x is a number greater than 10. Delete the string (there may be more than one) and install Patch 10.
2. If you are using EPO to deploy patch 10, and it has already failed to deploy, then in addition to the first solution also remove the following registry entries:
Found at HKEY_LOCAL_MACHINE\Software\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8000
"HotFixInstallDate"
"HotFixVersions"
"HotFix10LangID"
It worked for all my computers.
I found a solution for the "no AV installed" problem. Just follow the instructions on KB39914 (Mcafee KB):
1. Open Regedit and browse to HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion and find the entries named Patch_x, where x is a number greater than 10. Delete the string (there may be more than one) and install Patch 10.
2. If you are using EPO to deploy patch 10, and it has already failed to deploy, then in addition to the first solution also remove the following registry entries:
Found at HKEY_LOCAL_MACHINE\Software\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8000
"HotFixInstallDate"
"HotFixVersions"
"HotFix10LangID"
It worked for all my computers.
Has anyone tried installing patch 10 using a 3rd party deployment method? We are using Landesk because we dont have control over test patches through EPO. The script kicks off but it doesnt install. Neither Landesk or NAI want to think its there problem:
The script we are using is:
%LDMS_CLIENT_DIR%\sdclient.exe /p=" /cmds="/qn" /exe /N /An /Ac /E /lanpps=0 /wanpps=0 /Hash="buVOYGLx7W71m6g4TGNUlQ=="
The script we are using is:
%LDMS_CLIENT_DIR%\sdclient.exe /p=" /cmds="/qn" /exe /N /An /Ac /E /lanpps=0 /wanpps=0 /Hash="buVOYGLx7W71m6g4TGNUlQ=="
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question