McAfee VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - RELEASE NOTES 09-02-2009 Release Note page 6

17. Issue: The Network Port Access Protection Rule window under the user-defined access protection policies
did not always display an OK or Cancel button. (Reference: 517382)
Resolution: The VirusScan 8.7i extension has been updated to properly display the buttons.
18. Issue: The threat event 1119 event showed an incorrect Engine and DAT version when an update failed or
was cancelled. (Reference: 468233)
Resolution: The AutoUpdate application now reports the proper information for the event.
19. Issue: The process name involved in a Buffer Overflow detection did not show in the ePolicy Orchestrator
query "Top 10 Buffer Overflows Detected". (Reference: 459789)
Resolution: VirusScan Reports extension was corrected to display the information under the proper column
name.
20. Issue: The query "Number of Detections by Tag" did not execute properly on ePolicy Orchestrator 4.5.
(Reference: 460304)
Resolution: The VirusScan Reports extension now uses the proper column validation.
21. Issue: The Access Protection and Buffer Overflow rule file that was contained in the VirusScan extension
introduced an incorrectly defined variable that prevented the McAfee Agent from calling back to the ePolicy
Orchestrator server if custom policies were made to the rules. (Reference: 530900)
Resolution: The VirusScan Extension has been updated to include a revised Access Protection and Buffer
Overflow rule that does not have this variable.
Patch 2 resolved issues:
1. Issue: Processes that ended were still listed in Task Manager. (Reference: 482720)
Resolution: The link driver no longer retains the handles to processes that have closed.
2. Issue: On a system using large quantities of handles, particularly busy servers, VirusScan would cache
excessive amounts of data in non-paged pool memory. (Reference: 492541)
Resolution: The link driver has been updated to reduce the amount of overhead in the data used for
operations.
3. Issue: In high I/O environments where Access Protection is enabled, a performance degradation symptom
could be encountered, appearing as a hang. Internal processing by VirusScan drivers occurred serially,
contributing to a bottleneck when large volumes of I/O were filtered. (Reference: 497580)
Resolution: The link and mini-firewall drivers no longer cause a sequential release of objects containing
gathered information on the I/O request. This should increase performance on multi-processor
environments.
4. Issue: The setting in Email Scan for Heuristic network check for suspicious files was not being updated
based on the user interface or policy changes. (Reference: 493594)
Resolution: The setting now updates the proper registry location to reflect the change in the user interface.
5. Issue: To support ePolicy Orchestrator's Countermeasures functionality, the properties collection was
modified for the new data. The section title was not named correctly to reflect the new functionality.
(Reference: 487603)
Resolution: The section in the computer properties was updated to Countermeasures for ePolicy
Orchestrator to use the data properly.
6. Issue: On systems with Symantec's SVS Client software installed, the on-access scan features did not load.
(Reference: 441670)
Resolution: The On-Access Scanner service now communicates with our filter drivers on systems where
SVS Client software is installed.
7. Issue: The Patch installer registered ScriptScan libraries, even when the user interface had the feature set
as disabled. (Reference: 498347)
Resolution: The Patch installer no longer runs the ScriptScan registration function, in order to prevent the
setting from being changed.
8. Issue: When Access Protection and Buffer Overflow were disabled in an attempt to improve performance,
the drivers were still loaded, although not active, causing little change in performance. (Reference: 465506)
Resolution: Disabling the Access Protection and Buffer Overflow drivers now yields the expected
performance increase.