| • | About this release |
| • | Rating |
| • | Known issues |
| • | Resolved issues |
| • | Installation instructions |
| • | Find product documentation |
Thank you for choosing this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document.
| We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version. |
Release date: September 28, 2012
Release build: 4.6.4.202
| • | ePolicy Orchestrator 4.0 Patch 7 (build 1363 or later) |
| • | ePolicy Orchestrator 4.5 Patch 3 (build 937 or later) |
| • | ePolicy Orchestrator 4.6 (build 1029 or later) |
| • | ePolicy Orchestrator 4.6.1 (build 1192 or later) |
| • | ePolicy Orchestrator 4.6.2 (build 201 or later) |
| • | ePolicy Orchestrator 4.6.3 (build 197 or later) |
Rogue System Detection (RSD) is not included when installing ePolicy Orchestrator 4.6.4 software, either during a new install or an upgrade.
When upgrading to ePolicy Orchestrator version 4.6.4 from version 4.5.x or 4.6.x, the RSD components (product package and extension) are not upgraded. These components remain at the same version as before the upgrade.
You can download the latest RSD components using the ePolicy Orchestrator Software Manager tool after installing or upgrading to ePolicy Orchestrator version 4.6.4.
This release includes minor dashboard improvements.
| • | Graph colors and fonts have been updated for increased legibility. |
| • | Users can sort multi-line charts by value. |
| • | The MyAverts Threat Advisory dashboard has been replaced with the McAfee Labs dashboard to provide more useful and accurate information from McAfee Labs. |
Recommended. McAfee recommends this release for all environments. This update should be applied at the earliest convenience.
For more information about patch ratings, refer to McAfee Knowledgebase article KB51560.
For a list of known issues specific to this release, refer to McAfee KnowledgeBase article KB75916.
This release corrects the following issues.
This patch includes resolved issues released in earlier patches. For a list of previously resolved issues, see the Release Notes for a specific patch.
| McAfee doesn't disclose the nature of security-related issues and their resolutions. |
| 1 | Issue — When editing an Agent Handler group, the order of the Custom Handler List is not displayed in the same order it was saved in. (Reference: 786281)
Resolution — An order-by clause was added to the query used to generate the Custom Handler List on the Edit Agent Handler Group page. | ||
| 2 | Issue — Every time a
McAfee® Agent using 2048-bit server keys connects to an Agent Handler, the agent receives a new SiteList file even if the file has not changed. This causes unnecessary work for the agent in applying the new file. (Reference: 757955)
Resolution — The SiteList file is sent to agents only when the file has changed. | ||
| 3 | Issue — A doubly-signed extension isn't verified using the strongest possible certificate. (Reference: 767927)
Resolution — A doubly-signed extension is verified using the strongest possible certificate. | ||
| 4 | Issue — Certificate Based Authentication fails to authenticate users when no file has been provided for the optional Certificate Revoked List file. (Reference: 773566)
Resolution — The Certificate Revoked List checking logic is disabled when no Certificate Revoked List file has been provided by the user. | ||
| 5 | Issue — The
McAfee ePO server stops working after running certain server tasks. (Reference: 765499)
Resolution — To improve performance, McAfee ePO server tasks blacklist McAfee Agent GUIDs and reset sequence error counts when a large number of end-nodes are affected. | ||
| 6 | Issue — When a rollup task fails due to a database deadlock condition, the rollup is not automatically re-attempted. (Reference: 767181)
Resolution — Rollup tasks are retried when the rollup from a specific registered server fails due to database deadlock. | ||
| 7 | Issue — The Server Task Log displays this message: “This task does not have any log messages.” (Reference: 770656)
Resolution — This release fixes an issue where the McAfee ePO server attempts to insert several invalid log entries into the database. | ||
| 8 | Issue — Any user can view Run Client Task Now messages in the Server Task Log. (Reference: 764453)
Resolution — Only users who have the "Wake up agents; view Agent Activity Log" permission can view Run Client Task Now messages. | ||
| 9 | Issue — Breaking inheritance for a client task doesn't work properly. A child node that doesn't meet a criterion still receives a client task assignment if the parent group meets the criterion for the client task. (Reference: 765291)
Resolution — Breaking inheritance for a client task works properly. | ||
| 10 | Issue — When the
McAfee ePO server encounters an OutOfMemory: Java Heap Space error, all server tasks fail to execute when they are scheduled. (Reference: 775535)
Resolution — The server does not encounter Java Heap Space errors; server tasks function normally. | ||
| 11 | Issue — Using a server task to assign policy does not reset inheritance for all specified systems. (Reference: 699688, 699715, 699977)
Resolution — Using a server task to assign policy properly resets inheritance. | ||
| 12 | Issue — The purge of threat events or rolled up threat events doesn't always delete the specified events. (Reference: 765892)
Resolution — Purging threat events deletes the specified events. The McAfee ePO server performs the purge in batches to reduce server load. | ||
| 13 | Issue — The event parser service sometimes fails to reacquire database connectivity to the SQL server if the SQL server is reset or restarted while the event-parser is actively handling event content uploads. (Reference: 779749)
Resolution — For short disconnects (such as a restart of the SQL server service), the event parser service correctly reacquires database server connectivity shortly after the SQL server service becomes available.
| ||
| 14 | Issue — Notifications stop working after several days due to an unhandled error in related internal tasks. (Reference: 783728)
Resolution — The McAfee ePO server handles potential errors in related internal tasks and provides diagnostic logging. | ||
| 15 | Issue — Some Threat Event Type values are not translated. (Reference: 736519)
Resolution — All Threat Event Type values are translated. | ||
| 16 |
Issue — In certain situations, the Agent Handler consumes all available memory on the server where it is deployed. Specifically, this condition can arise when the Agent Handler is processing product properties for a large number of deployed systems running McAfee® Host Intrusion Prevention in "learn" mode. This causes ever-increasing memory use until all memory is exhausted on the server. (Reference: 734830) Resolution — The Agent Handler caching mechanism and cache cleanup prevents the Agent Handler from consuming all available memory when running McAfee Host Intrusion Prevention in "learn" mode. | ||
| 17 |
Issue — Domain names containing underscore (_) characters are not supported when registering new LDAP servers. (Reference: 772631) Resolution — The underscore (_) character is supported in domain names when registering new LDAP servers. | ||
| 18 |
Issue — Importing a policy overwrites any existing shared policy of the same name. (Reference: 705618) Resolution — Attempting to share a policy to another McAfee ePO server that has an existing policy of the same type and name isn't allowed. Importing a policy of the same name and type as an existing policy shared from another server doesn't overwrite that policy. Additionally, shared policies can't be imported or exported. | ||
| 19 | Issue — Repository status queries show the master repository in an unknown state. (Reference: 781465)
Resolution — Repository status queries show the master repository state as idle or busy. | ||
| 20 | Issue — Rolled-up custom properties can't be included in Managed System queries because there is no SQUID defined for the rolled-up product properties table that the custom properties table can be joined to. (Reference: 768890)
Resolution — A SQUID definition exists for the rolled-up product properties table Reports for rolled up custom properties can be generated normally. | ||
| 21 | Issue — Navigation is disabled on the Query Filter page when multiple filter criteria are specified. (Reference: 771504)
Resolution — Navigation on the Query Filter page works properly. | ||
| 22 | Issue — When importing permission sets, the System Tree permissions of parent groups are imported but the permissions of child groups are not. Users assigned the imported permission sets can't access the child groups. (Reference: 769889)
Resolution — System Tree permissions are imported correctly. | ||
| 23 | Issue — Moving systems with identical names into the same System Tree group is not possible. (Reference: 784701)
Resolution — A system can be moved into a group with a system of the same name as long as either its IP address or FQDN (or both) are unique. | ||
| 24 | Issue — When quickly switching between pages in a table, users might be logged off (reference: 776169)
Resolution — Switching table pages no longer results in the user being logged off. | ||
| 25 | Issue —
ePolicy Orchestrator software uses an outdated version of Java (1.6.0_30). (Reference: 782596)
Resolution — ePolicy Orchestrator software uses Java 1.6.0_33. | ||
| 26 | Issue — Displaying large numbers of IP sorting conflicts in the
ePolicy Orchestrator console at one time causes out-of-memory errors. (Reference: 757432)
Resolution — The maximum number of IP sorting conflicts displayed at one time is limited to 500, so that conflicts can be found and removed in batches. | ||
| 27 | Issue — When upgrading from
ePolicy Orchestrator software from version 4.5.x to version 4.6.x, if a ProductCode exists in the EPOTask table but doesn't have a corresponding entry in the EPOSoftware table, the migration of client tasks stops, leaving a partial migration of tasks. (Reference: 770034)
Resolution — Client tasks with ProductCodes that are not in the EPOSoftware table are not imported. | ||
| 28 | Issue — Client tasks and client task assignments are missing after the upgrade from
ePolicy Orchestrator version 4.5.4 HF1 to version 4.6.x. (Reference: 774692)
Resolution — Client tasks and assignments are migrated properly during the ePolicy Orchestrator upgrade. | ||
| 29 | Issue — When a rollback occurs after a faulty update from
ePolicy Orchestrator software version 4.6.2 to a later version, the database that was rolled back still contains changes specific to the later version. (Reference: 786120)
Resolution — The rolled back database doesn't contain the changes from the later version. | ||
| 30 | Issue — CREATE DATABASE permissions are required to perform an
ePolicy Orchestrator patch or upgrade. (Reference: 784028)
Resolution — CREATE DATABASE permissions are not required to perform an ePolicy Orchestrator patch or upgrade.
| ||
| 31 | Issue — During the patch or upgrade process, the ssl.conf and httpd.conf files used by the Agent Handler are not properly updated. (Reference: 768285)
Resolution — The installation process for upgrades and patches overwrites the ssl.conf and httpd.conf files. | ||
| 32 | Issue — Reports generated using the server task Run Report action are translated into the language of the
McAfee ePO server locale instead of the language selected on the Actions page. (Reference: 792410)
Resolution — Reports generated using the Run Report action are translated into the selected language. | ||
| 33 | Issue — When using the Automatic Response Builder, filtering threat notifications and events by a point product extended event property generates a Table Not Found message. (Reference: 716890)
Resolution — Users can filter threat notifications and events by extended event properties created by point products. | ||
| 34 | Issue — When a product extension is installed that adds properties to an event type, events of that type fail to generate SNMP traps. (Reference: 719504)
Resolution — SNMP traps for all event types only show the ePolicy Orchestrator-specific properties of those events. |
For information on installing or upgrading ePolicy Orchestrator software, refer to the McAfee ePolicy Orchestrator Installation Guide.
McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
| 1 | Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. | ||||||||||||||||
| 2 |
Under Self Service, access the type of information you need:
|
Copyright © 2012 McAfee, Inc. Do not copy without permission.
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.