McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 4 - RELEASE NOTES Release Note page 7

17. Issue: The Network Port Access Protection Rule window under the user-defined access protection policies did not always display
an OK or Cancel button. (Reference: 517382)
Resolution: The VirusScan 8.7i extension has been updated to properly display the buttons.
18. Issue: The threat event 1119 event showed an incorrect Engine and DAT version when an update failed or was cancelled.
(Reference: 468233)
Resolution: The AutoUpdate application now reports the proper information for the event.
19. Issue: The process name involved in a Buffer Overflow detection did not show in the ePolicy Orchestrator query "Top 10 Buffer
Overflows Detected". (Reference: 459789)
Resolution: VirusScan Reports extension was corrected to display the information under the proper column name.
20. Issue: The query "Number of Detections by Tag" did not execute properly on ePolicy Orchestrator 4.5. (Reference: 460304)
Resolution: The VirusScan Reports extension now uses the proper column validation.
21. Issue: The Access Protection and Buffer Overflow rule file that was contained in the VirusScan extension introduced an
incorrectly defined variable that prevented the McAfee Agent from calling back to the ePolicy Orchestrator server if custom
policies were made to the rules. (Reference: 530900)
Resolution: The VirusScan Extension has been updated to include a revised Access Protection and Buffer Overflow rule that does
not have this variable.
Patch 2 resolved issues:
1. Issue: Processes that ended were still listed in Task Manager. (Reference: 482720)
Resolution: The link driver no longer retains the handles to processes that have closed.
2. Issue: On a system using large quantities of handles, particularly busy servers, VirusScan would cache excessive amounts of
data in non-paged pool memory. (Reference: 492541)
Resolution: The link driver has been updated to reduce the amount of overhead in the data used for operations.
3. Issue: In high I/O environments where Access Protection is enabled, a performance degradation symptom could be encountered,
appearing as a hang. Internal processing by VirusScan drivers occurred serially, contributing to a bottleneck when large volumes
of I/O were filtered. (Reference: 497580)
Resolution: The link and mini-firewall drivers no longer cause a sequential release of objects containing gathered information on
the I/O request. This should increase performance on multi-processor environments.
4. Issue: The setting in Email Scan for Heuristic network check for suspicious files was not being updated based on the user
interface or policy changes. (Reference: 493594)
Resolution: The setting now updates the proper registry location to reflect the change in the user interface.
5. Issue: To support ePolicy Orchestrator's Countermeasures functionality, the properties collection was modified for the new data.
The section title was not named correctly to reflect the new functionality. (Reference: 487603)
Resolution: The section in the computer properties was updated to Countermeasures for ePolicy Orchestrator to use the data
properly.
6. Issue: On systems with Symantec's SVS Client software installed, the on-access scan features did not load. (Reference: 441670)
Resolution: The On-Access Scanner service now communicates with our filter drivers on systems where SVS Client software is
installed.
7. Issue: The Patch installer registered ScriptScan libraries, even when the user interface had the feature set as disabled.
(Reference: 498347)
Resolution: The Patch installer no longer runs the ScriptScan registration function, in order to prevent the setting from being
changed.
8. Issue: When Access Protection and Buffer Overflow were disabled in an attempt to improve performance, the drivers were still
loaded, although not active, causing little change in performance. (Reference: 465506)
Resolution: Disabling the Access Protection and Buffer Overflow driver now yields the expected performance increase.
9. Issue: The on-access scanner did not properly time out when scanning large archives. This could lead to the system failing to
copy files. (Reference: 464768)
Resolution: The on-access scanner service now successfully times out at the interval specified in the user interface.
10. Issue: When the on-delivery Outlook scanner received emails to scan, some keyboard entries could be lost. (Reference: 480992)
Resolution: The Outlook scanner now handles the on-delivery scan of an email with Microsoft Outlook 2007, and caches the
keys entered during that time.
11. Issue: When VirusScan Enterprise 8.7i was installed on a system running Windows 2008, uninstall fails. (Reference: 496609)
Resolution: The Microsoft Patch (MSP) installer corrects a custom action that was preventing the re-enabling of Microsoft
Windows Defender.
12. Issue: When VirusScan Enterprise 8.7i is installed on a system running Windows 2000, where the installation was customized
using McAfee Installation Designer, a subsequent patch update might fail to install. (Reference: 489712)
Resolution: The MSP installer modifies the cached MSI for VirusScan Enterprise 8.7i, on Windows 2000, in order to correct the