mcaffee readme.txt

7/29/2019 McAFFEE readme.txt

http://slidepdf.com/reader/full/mcaffee-readmetxt 1/25

Release Notes forMcAfee(R) VirusScan (R) Enterprise

Version 8.5i plus PatchCopyright (C) 2008 McAfee, Inc.

All Rights Reserved

==========================================================

- DAT Version: 5426- Engine Version: 5.3.00

==========================================================

Than

you for using VirusScan(R) Enterprisesoftware. This file contains important informationregarding this release. We strongly recommend thatyou read the entire document.

IMPORTANT:McAfee does not support automatic upgrading of apre-release version of the software. To upgrade

to a later beta release, a release candidate, ora production release of the software, you mustfirst uninstall the existing version of thesoftware.

__________________________________________________________ WHAT'S IN THIS FILE

- Introduction- Product License- Installation & System Requirements- Testing Your Installation

- Resolved Issues- Known Issues- Installing, Upgrading, and Uninstalling- Language Support- Compatibility With Other Products

- Alert Manager(TM)- AntiSpyware Enterprise Standalone- ePolicy Orchestrator(R)- ePolicy Orchestrator Agent- McAfee Installation Designer(TM)- Microsoft Windows Vista- PreScan- ProtectionPilot(TM)

- GroupShield(TM)- Spy Sweeper

- Access Protection- Adding File Type Extensions- AutoUpdate- Buffer Overflow Protection- E-mail Scanning

- On-Delivery E-mail Scanning- Lotus Notes Scanning

- Help File



- Log File Format- Mirror Tas

s- Preserving Settings- Unwanted Programs Policy

- Documentation- Participating in the McAfee Beta Program- Contact Information- Copyright & Trademar

Attributions- License & Patent Information

__________________________________________________________ INTRODUCTION

McAfee VirusScan Enterprise protects your des

topand file servers from a wide range of threats,including viruses, worms, Trojan horses, andpotentially unwanted code and programs.This version provides these new or improvedfeatures:- Support for Microsoft Windows Server 2008

platforms.

- Support for 64-bit operating systems.

NOTE:These features or products are not supported on64-bit operating systems:

- Buffer Overflow Protection.- Scanning of Lotus Notes databases.- Alert Manager 4.7.1.

- Support for Microsoft Windows Vista operatingsystems.

- Quarantine Manager Policy. Configure a policy to

manage quarantined items. Before the on-accessor on-demand scanner cleans or deletes a file,it creates a bac

up copy of the original fileand registry value in the quarantine directory.These bac

ed-up items can be automaticallydeleted after a specified number of days. Youcan also selectively restore, delete, and rescanquarantined items.

- Detection of root

its in memory. The on-demandscanner can be configured to scan system memoryfor installed root

its. Root

its conceal runningprocesses and files or system data, and are a

threat if an intruder uses the root

it tomaintain access to a system without the users

nowledge.

- Enhanced Access Protection. This featureprevents unwanted changes by restricting accessto specified ports, files and folders, shares,registry

eys and values. The rules have beenenhanced to expand exclusion capability andprovide better protection:



- Access Protection rule configuration optionsinclude "Processes to include" and "Processesto exclude." See the Access Protectionsection of the VirusScan Enterprise ProductGuide for details.

- Rules have been separated into Anti-virus,Common, Outbrea

, and User-definedcategories.

- Protection levels. When you install theproduct, you choose whether to enable"Standard Protection" or "Maximum Protection"rules as the default.

- Standard Protection. Anti-virus and commonrules that protect some critical settingsand files from modification, butgenerally allow installation andexecution of legitimate software.

- Maximum Protection. Anti-virus and commonrules that protect most critical settings

and files from modification. These rulesprovide more protection, but might alsoprevent you from installing software. Ifyou are prevented from installinglegitimate software, we recommend thatyou disable the Access Protection featurebefore installing software, then enableit again after installation.

You can change which rules are enabled anddisabled after VirusScan Enterprise isinstalled.

__________________________________________________________ PRODUCT LICENSE

These time limits apply to these VirusScanEnterprise 8.5i product licenses:

- The Beta version with support for Windows Server2008 expires April, 30, 2008.

- The Evaluation license expires 90 days afterinstalling the evaluation version of theproduct.

__________________________________________________________ INSTALLATION AND SYSTEM REQUIREMENTS

Please see the product documentation for completeinformation on installation and systemrequirements.

__________________________________________________________



TESTING YOUR INSTALLATION

You can test the operation of the software byrunning the EICAR Standard AntiVirus Test File onany computer where you have installed the software.The EICAR Standard AntiVirus Test File is a combinedeffort by anti-virus vendors throughout the world toimplement one standard by which customers can verifytheir anti-virus installations.

To test your installation:

1. Copy the following line into its own file,ma

ing sure you do not include any spaces orline brea

s. Save the file with the nameEICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file size will be 68 or 70 bytes.

2. Start your anti-virus software and allow it toscan the directory that contains EICAR.COM.

When your software scans this file, it willreport finding the EICAR test file.

3. Delete the file when you have finished testingyour installation to avoid alarming unsuspectingusers.

IMPORTANT:Please note that this file is NOT A VIRUS.

For more information on the EICAR test file, visit:

http://www.eicar.org

_________________________________________________________ RESOLVED ISSUES

The following list describes issues from theprevious release of this software product that havebeen resolved with this current release.

1. ISSUE:When you upgrade from VirusScan Enterprise 7.1or 8.0i to version 8.5i and choose to preserve

settings, previously created console tas

s donot display in the VirusScan console.

RESOLUTION:The VirusScan Enterprise installation pac

agehas been updated to properly initializepreviously created console tas

s so they displayin the VirusScan console when preservingsettings during the product upgrade.



2. ISSUE:When you upgrade from VirusScan Enterprise 7.1or 8.0i to version 8.5i, the older version ofthe Chec

Point .DLL is not automaticallyupgraded. This results in failures as noted inthe Chec

Point VPN compliance reports.

RESOLUTION:The VirusScan Enterprise installation pac

agehas been updated to unregister the older Chec

Point .DLL before upgrading to the new versionof the Chec

Point .DLL that is included in theVirusScan Enterprise 8.5i installation pac

age.

3. ISSUE:When you use McAfee Installation Designer 8.5 tocreate a custom installation pac

age thatincludes a VirusScan Enterprise 8.5i Patch, thenattempt to install the pac

age, the installationfails.

RESOLUTION:The VirusScan Enterprise installation executablehas been updated to increase the buffer size of

the code that handles Patch installation.

4. ISSUE:When you upgrade to VirusScan Enterprise 8.5i inePolicy Orchestrator, the ePolicy Orchestratormigration tool did not properly port over accessprotection exclusions.

RESOLUTION:The ePolicy Orchestrator migration tool has beenupdated to no longer place quotes around theentire exclusion string when porting over accessprotection exclusions.

5. ISSUE:When you upgrade to VirusScan Enterprise 8.5i inePolicy Orchestrator, the ePolicy Orchestratormigration tool did not properly port overon-demand scan tas

s.

RESOLUTION:The ePolicy Orchestrator migration tool has beenupdated to solve SQL script issues so thaton-demand tas

s are properly ported over.

6. ISSUE:

When installing VirusScan Enterprise, theUniversal Uninstaller program removes non-McAfeeanti-virus products from your system. TheUniversal Uninstaller program included in theVirusScan Enterprise 8.5i installation pac

agedid not remove the most current versions ofnon-McAfee anti-virus products.

RESOLUTION:New scripts have been added to the Universal



Uninstaller program to support removal of newerversions of non-McAfee anti-virus products.

NOTE:Some 64-bit versions of non-McAfee anti-virusproducts may not be removed due to securityrights on the operating system.

7. ISSUE:A runtime error occurs when users withoutadministrative rights run on-demand scan tas

s.

RESOLUTION:A new version of the ePolicy Orchestrator Agentis included with this release to resolve thisissue.

_________________________________________________________ KNOWN ISSUES

INSTALLING, UPGRADING, AND UNINSTALLING

1. To install the VirusScan Enterprise product

using MSIEXEC.EXE, complete these steps:

a. Ensure that any competitor's products areremoved including previous versions of McAfeeVirusScan and VirusScan Enterprise.

b. To inject localized strings into the MSIbefore installing the product, enter thiscommand at the command prompt:

"setupvse.exe /IMPORTMSISTRINGS"

c. Run MSIEXEC.EXE by entering this command atthe command prompt:

"msiexec.exe /i vse850.msi"

2. When installing Buffer Overflow Protection,these limitations apply:

- If Buffer Overflow Protection is installed ona computer that already has the McAfeeEntercept or Host Intrusion Prevention agentinstalled on it, the Buffer OverflowProtection feature is disabled in the

VirusScan Console.

NOTE:The McAfee Entercept or Host IntrusionPrevention products provide more completecoverage, so they ta

e precedence over theBuffer Overflow Protection feature inVirusScan Enterprise.

- Buffer Overflow Protection cannot be



installed on 64-bit or Microsoft WindowsVista operating systems.

3. When installing VirusScan Enterprise 8.5i viathe command line, the property for choosing"Standard Protection" or "Maximum Protection" is"PROTECTIONTYPE." Standard Protection isinstalled by default. To silently installMaximum Protection rules, use this command:

Setupvse.exe PROTECTIONTYPE=Maximum /q

This command-line property is not documented inthe VirusScan Enterprise 8.5i InstallationGuide.

4. This release supports deployment usingAdministration Installation Points (AIP).However, you must run SETUPVSE.EXE from the AIPto perform upgrades or to uninstall otheranti-virus software.

To create an AIP, type "setupvse.exe /a" at thecommand prompt. A wizard appears to ta

e you

through the process of creating the AIP. Whenthe AIP is created, all of the necessary filesin the compressed (.ZIP) file are also copied tothe AIP. These files are:

- SETUPVSE.EXE- MSISTRINGS.BIN- SETUP.INI- UNINST.DLL- UNINST.INI- VSE850.MSI- WINDOWSINSTALLER-KB893803-V2-X86.EXE

Since these files are automatically copied tothe AIP, the administrator does not need tomanually copy the files.

NOTE:If you deploy VirusScan Enterprise via ActiveDirectory group policies, which install usingMSIEXEC.EXE, you must remove any existinganti-virus products prior to installingVirusScan Enterprise.

5. When silently over-installing the ComputerAssociates eTrust Antivirus program, the action

is not completely silent. The ComputerAssociates eTrust Antivirus program displays amessage box stating that a restart is neededwith an "OK" button. Once you clic

"OK", theover-installation continues normally. Thisproblem is a

nown Computer Associates problemreferenced on the Computer Associates' web siteunder article QO19636. The web site provides adownloadable file that fixes this problem. Theproblem references Computer Associates eTrust



Antivirus version 6.0, but the fix also wor

sfor version 7.0.

LANGUAGE SUPPORT

1. The language displayed in the update tas

progress dialog box and the "Edit AutoUpdateRepository List" dialog box does not match thepreferred language in the VirusScan Console.Setting the preferred language in the console toanother language does not fix this issue becausethe AutoUpdate tas

and related dialog boxesretain the system language.

When using ePolicy Orchestrator to manageVirusScan Enterprise 8.5i, you can correct thisissue by chec

ing the ePolicy Orchestrator Agentlanguage pac

in and deploying it to clientcomputers.

2. The language displayed when accessingright-clic

scan and the Microsoft Outloo

orLotus Notes On-Demand Scan Properties dialog box

does not match the preferred language in theVirusScan Console. Setting the preferredlanguage in the console to another language doesnot fix this issue because these features retainthe system language. See KB Article 1935692 forinformation about displayed language.

3. VirusScan Enterprise 8.5i user interface textmay appear to be corrupted when viewing an Asianversion of the product on an operating systemthat does not have Asian fonts installed. Tocorrect the issue, install Asian fonts on theoperating system.

COMPATIBILITY WITH OTHER PRODUCTS

Alert Manager

1. VirusScan Enterprise 8.5i can only send alertsto Alert Manager 4.7.x. It cannot send alerts toearlier versions of Alert Manager.

Furthermore, VirusScan Enterprise 8.5i cannot beinstalled on a computer where an Alert Managerversion earlier than 4.7.x is already installed.

If you are installing VirusScan Enterprise ontoa system where Alert Manager 4.5 or 4.6 isinstalled, you should also install Alert Manager4.7.x, which automatically replaces the olderversion of Alert Manager.

However, also note that Alert Manager 4.7.x canreceive alerts from earlier versions ofNetShield and VirusScan. You can configureearlier versions of these software programs to



send alerts to an installation of Alert Manager4.7.x.

AntiSpyware Enterprise Standalone

1. When using ePolicy Orchestrator to installVirusScan Enterprise 8.5i over AntiSpywareEnterprise Standalone 8.5, you must restart theclient computer after VirusScan Enterprise isinstalled.

ePolicy Orchestrator

1. This version of VirusScan Enterprise 8.5i iscompatible with ePolicy Orchestrator version3.5.0 or later. The ePolicy Orchestrator Agentversion 3.6 or later must be deployed to clientcomputers before you deploy VirusScanEnterprise.

2. This version of VirusScan Enterprise 8.5iprovides two .NAP files that must be added to

the ePolicy Orchestrator repository. These filesare included in the VirusScan Enterprise 8.5iinstallation pac

age and can be found in thelocation where you downloaded the files:

- VSE850.NAP.

- VSE850REPORTS.NAP. This file is an extendedreports .NAP file.

3. To install the VSE850REPORTS.NAP file to therepository:

a. Use the ePolicy Orchestrator Chec

-In Wizardto add the VSE800Reports.NAP file to therepository.

b. If applicable, log out of the Reportingconsole.

c. In the ePolicy Orchestrator installationdirectory, delete REPORTVERSIONS.SQL filefrom the AVI directory.

d. Log in to the Reporting Console using "ePOAuthentication."

e. Clic

"Yes" to download the new reports.

NOTE:Repeat Steps b through e for every computerrunning the remote ePolicy OrchestratorConsole.

4. To preserve settings when upgrading to VirusScanEnterprise 8.5i, run the



"ePOPolicyMigration.exe" file that is includedin the installation pac

age.

a. Add the VSE850.NAP file to the ePolicyOrchestrator repository.

b. Run the ePOPolicyMigration.exe on the serverwhere ePolicy Orchestrator is installed.

5. If you are using Microsoft SQL Server version7.0 with ePolicy Orchestrator 3.5 or later,on-demand scan tas

s are not preserved when yourun ePOPolicyMigration.exe. You must haveMicrosoft SQL Server version 2000 or laterinstalled to preserve on-demand scan tas

s.

6. ePolicy Orchestrator reports are affected by anissue where DAT and engine version numbersdisplay in different formats. The version numberformat varies depending on which ePolicyOrchestrator agent is being used, which productthe system property is collected from, andwhether ePolicy Orchestrator converts the formatwhen it reads the property. For example,

DAT version may be displayed in any of theseformats:

- 4.0.4841- 4841.000- 4841

Engine version may be displayed in either ofthese formats:

- 5.1.0002- 5100.0194

This difference in formats affects any ePolicy

Orchestrator reports or queries that compare theDAT and/or engine values, such as the ComplianceIssues and DAT/Engine Coverage reports. Forexample, a computer with a DAT system propertyof 4.0.4841 fails compliance when compared tosystems with the 4841.000 DAT file becauseePolicy Orchestrator doesnt recognize theversions to be the same.

This issue has been fixed in ePolicyOrchestrator 3.5 Patch 7 or later and ePolicyOrchestrator 3.6 Patch 4 or later.

If you are using ePolicy Orchestrator 3.5 or3.6.0, you can use report filters to select DATand engine version numbers that match. Forexample, to ascertain compliance of computerswith the 4841 DAT file, you must run theCompliance Issues report with a filter for4.0.4841, then run it again with a filter for4841.000, then once again with a filter for 4841if that format is used as well. See the ePolicyOrchestrator documentation and KB Article



5263068 for more information.

NOTE:You cannot filter the Compliance Issues reportto display compliance with the 64-bit engineproperty. All computers with the 64-bit engineare also reported as computers with a 32-bitengine.

7. When you chec

a new DAT file that containschanges to access protection rules into theePolicy Orchestrator repository, the changedrules do not appear in the Access ProtectionPolicies. You must install ePolicy Orchestrator3.6.0 Patch 2a or later to resolve this issue.

8. A replicated repository may be bloc

ed if theAccess Protection Properties for the "Preventremote creation/modification of executable andconfiguration files" rule are set to "Bloc

."The rule is set to "Report" by default.

9. A replicated repository may become corruptedwhen replicating via UNC from an ePolicy

Orchestrator server to a server that has thisfile bloc

ing rule enabled in the AccessProtection Properties:

"Prevent remote creation/modification ofexecutable and configuration files"

When this rule is set to "Bloc ", some filereplications are bloc

ed because the ePolicyOrchestrator server remotely opens the files forwrite access and modifies their contents in thesame way that a share-hopping worm performs.

If you plan to replicate a repository via UNCfrom an ePolicy Orchestrator server, be certainto disable file bloc

ing rules on the targetserver before you perform the replication.

10. The ePolicy Orchestrator compliance baselinedoes not recalculate compliance when you removeitems from the repository.

For example, when you chec

VirusScan Enterprise8.5i into the ePolicy Orchestrator repository,it is flagged as the new compliance baseline forthe environment. All computers with VirusScan

Enterprise versions earlier than 8.5i areflagged as non-compliant. However, if you removeVirusScan Enterprise 8.5i from the repository,rather than recalculate compliance, thecompliance baseline remains at version 8.5i. Thecompliance baseline only increasesincrementally, even if you re-chec

VirusScanEnterprise 8.0i into the repository.

11. The English description for VirusScan Enterprise



8.5i may not be available in the ePolicyOrchestrator Repository under Managed Products |Windows | VirusScan Enterprise | 8.5.0 dependingon the order in which you installed the twoVirusScan Enterprise 8.5i .NAP files.

- If you installed the VSE850.NAP to theRepository before you installed theVSE850REPORTS.NAP, the English description isnot available.

- If you installed the VSE850REPORTS.NAP beforeyou installed the VSE850.NAP, the Englishdescription is available.

ePolicy Orchestrator Agent

1. If you are using ePolicy Orchestrator to manageVirusScan Enterprise 8.5i, you must also useePolicy Orchestrator Agent version 3.6 or later.For Microsoft Windows Server 2008, agent version3.6 Patch 3 is the minimum version.

2. Unrelated error message in agent log. When usingePolicy Orchestrator to install VirusScanEnterprise on client computers from, you mayreceive an unrelated error message in the agentlog. The message states "Cant get the installedlanguage for VIRUSSCAN8600." This message ismisleading; it should state that the version ofthe currently installed ePolicy Orchestratoragent is not supported with this version ofVirusScan Enterprise. VirusScan Enterprise 8.5irequires ePolicy Orchestrator Agent version 3.6or later.

McAfee Installation Designer

1. This version of VirusScan Enterprise 8.5i iscompatible with McAfee Installation Designerversion 8.5 or later. It is not compatible withearlier versions.

Microsoft Windows Vista

1. Before remotely connecting to a computer withthe Windows Vista operating system, you must

complete these steps:

a. From the computer with the Windows Vistaoperating system, modify the Windows Firewallsettings to allow "Remote Service Management"as follows:

- From the "Start" menu, select "ControlPanel | Security | Windows Firewall |Change settings"



- On the "User Account Control" dialog box,clic

"Continue."- On the "Exception" tab, select "Remote

Service Management" on the "Program orport" list.

b. Start the "Remote Registry" service on thetarget computer with the Microsoft WindowsVista operating system, before remotelyconnecting to it. To start the "RemoteRegistry" service:

- From the "Start" menu, select "ControlPanel | Administrative Tools | Services.

- If the "User Account Control" dialog box isavailable, clic

"Continue."- Ensure the status of the "Remote Registry"

service is "Started." If necessary, startthe service.

We recommend that you stop the "RemoteRegistry" service on Windows Vista aftercompleting the remote configuration.

2. When using the "Browse" option to connect to aremote console with the Windows Vista operatingsystem, the list of computers does not displayfor a long period of time or at all. If the listdoes appear, you can select a computer, but the"OK" button is disabled so the connection cannotbe made.

You can ma

e a remote connection to the consoleof other computers by specifying the fullcomputer name or the IP address of the computerto which you want to remotely connect.

3. When running update or mirror tas

s from theVirusScan Console on a system using WindowsVista, the tas

progress dialog box does notdisplay while the tas

is running. However, thetas

completes successfully. You can viewinformation about the tas

in the activity log.

4. When a connection is bloc

ed in a share folderon a computer with the Windows Vista operatingsystem, the bloc

ed connection cannot beunbloc

ed using the "Unbloc

All ConnectionsNow" button in the On-Access Scan Statisticsdialog box. The "Unbloc

All Connections Now"

button is disabled in this scenario.

The bloc

ed connection will be unbloc

ed afterthe default time out.

5. Buffer Overflow Protection is not supported onMicrosoft Windows Vista operating systems.

Microsoft Windows Server 2008



1. Minimum agent version required is CMA 3.6 Patch3.

2. The AutoUpdate tas

does not display theinterface during the update process.

When running update or mirror tas

s from theVirusScan Console on Microsoft Windows Server2008, the tas

progress dialog box does notappear. However, the tas

completessuccessfully. You can view information about thetas

in the activity log.

3. Opening the VirusScan Console triggers the UserAccess Control dialog box on Microsoft WindowsServer 2008. Clic

"Allow" to proceed.

4. The Buffer Overflow Protection feature will notfunction properly unless Microsofts DataExecution Prevention is disabled for allprograms.

PreScan

1. McAfee PreScan 1.0 Service Pac

1 or earlierversions are not compatible with VirusScanEnterprise 8.5. Refer to KB Articles KB4095245and KB7675743 for more details.

ProtectionPilot

1. This version of VirusScan Enterprise 8.5i iscompatible with ProtectionPilot version 1.5 orlater. It is not compatible with earlier

versions.

GroupShield

1. If you plan to use GroupShield in addition toVirusScan Enterprise 8.5i and Alert Manager4.7.1, be certain to install GroupShield beforeyou install Alert Manager. This installationsequence is required to ensure alerting wor

scorrectly.

Spy Sweeper

1. Spy Sweeper. If you are using Spy Sweeper toscan the VirusScan Enterprise installationfolder, a false detection occurs when it detectsBHO.DLL. This file is not spyware; it is acomponent of ScriptScan that is installed aspart of VirusScan Enterprise.



ACCESS PROTECTION

1. On a dual boot system, the "Prevent WindowsProcess spoofing" rule may return a false alarmon the Windows files from other Windowsinstallations.

2. The "Prevent McAfee services from being stopped"feature is not supported on 64-bit operatingsystems.

3. If you have unexpected issues with bloc

edaccesses, review the actions set for accessprotection rules. For example, if the "Preventremote creation/modification of executable andconfiguration files" rule is set to "Bloc

", youare prevented from replicating the ePolicyOrchestrator repository.

ADDING FILE TYPE EXTENSIONS

1. If you are using wildcards to specify file typeextensions in either the Additional File Types

or Specified File Types dialog boxes, you cannotuse an asteris

(*) as the wildcard. You mustuse a question mar

(?) as the wildcard whenspecifying file type extensions in thesescenarios.

AUTOUPDATE

1. Updating from a mapped drive only wor

s if youare logged on when the update occurs and youhave at least read rights to that mapped drivelocation. If no one is logged on to the system,

or if you are logged on but do not have at leastread rights to the mapped location, the updatefails.

2. When editing the repository list to use a UNCpath, the "Edit AutoUpdate Repository List"dialog box does not validate that the pathentered is a valid UNC share before acceptingit. Be sure that you enter a valid UNC server,share, and path name. Entering an invalid UNCpath could cause problems when updating fromthis location.

3. If you are using content scanning and filteringsoftware on your networ

, you may experiencesome problems with updating. This can occur ifyour content filtering software modifies aMcAfee update pac

age.

BUFFER OVERFLOW PROTECTION

1. When the Sasser worm or any other malware that



uses MS04-011 infects your system, the infectionmay result in an exploited buffer overflow. TheBuffer Overflow Protection feature can detectand prevent the buffer overflow code fromexecuting on your computer. Although theexecution of malicious code is prevented, theactual buffer overflow is not stopped. If abuffer overflow occurs as a result of the Sasserworm, the LSASS.EXE becomes unstable and thecomputer automatically restarts.

2. The Buffer Overflow Protection feature is notsupported on 64-bit or Microsoft Windows Vistaoperating systems.

3. The Buffer Overflow Protection feature cannot beinstalled on a system that already has the CiscoSecurity Agent installed on it.

E-MAIL SCANNING

On-Delivery E-mail Scanning

1. When Microsoft Outloo

is configured to delivernew e-mail to a personal folder and rules areused to move e-mails, the on-delivery scannermay not detect infected e-mails. We do notrecommend that you configure Microsoft Outloo

to deliver new e-mails to a personal folder ifyou use rules to move e-mails to other foldersin Microsoft Outloo .

Lotus Notes Scanning

1. Lotus Notes Scanning is not supported onMicrosoft Vista operating systems.

2. If you exclude the "Lotus Notes E-mail Scanner"feature when you use the Setup utility toperform a custom installation of VirusScanEnterprise, you cannot use the Setup utility tolater add the "Lotus Notes E-mail Scanner"feature. You must install Lotus Notes manually.

3. Prompting for a password from other Notes-basedprograms reduces security. When accessing alocal database on Windows 2000 Server, Windows2003 Server, or Windows XP, the user is promptedfor a password. When the user types the

password, the text search dialog is initiatedand the password is inserted into the textsearch dialog instead of being inserted into thepassword dialog. The password dialog box is notcompletely modal. Selecting the dialog box againallows the user to input the password.

When using Lotus Client Release version 6 orlater, we recommend that you prevent prompts forpasswords as follows:



a. From Lotus Notes, select File | Preferences |Security | User Security | Dialog.

b. Select "Dont prompt for a password fromother Notes-based programs (reducessecurity)."

NOTE:This option is not available on otherversions of the Lotus Client.

4. Notes Scanner appears to slow Lotus Notes downsignificantly when using VPN. For each note itemthe user accesses, Lotus Notes reads it then theNotes scanner reads it a second time. Users donot realize that each item is accessed twice sothey perceive performance is twice as slow, whenin fact it is normal.

HELP FILE

1. The Help file is provided as a downloadable

file. Download it automatically the first timeyou access "Help" from VirusScan Enterprise.Clic

"Help" in any dialog box or select it fromthe "Tools" menu in the VirusScan Console.

If you are using ePolicy Orchestrator to manageVirusScan Enterprise, the Help file must bepresent in the ePolicy Orchestrator repositorybefore it can be deployed to client computers.The Help file is available in VirusScanEnterprise product pac

age that is available onthe McAfee download web site and the productCD.

LOG FILE FORMAT

1. The default format for the log files is UnicodeUTF8 except when installing Virus Enterprise8.5i on Windows NT operating systems. Thedefault format for log files on Windows NToperating systems is ANSI.

MIRROR TASKS

1. If you are using a VirusScan Enterprise 8.5imirror tas

to mirror the NAIFTP site, the tas

may fail in two ways.

- First, the tas

does not mirror 100% of thefiles on the FTP site. For example, if a fileis missing on the NAIFTP site, the tas

doesnot replicate anything other than the"current" folder.



- Second, if you configured the schedule to doso, it will execute the tas

again, but willnot execute any programs that were specifiedto run after successful completion of thetas

.

NOTE:If the scheduled mirror tas

is manuallyexecuted in this scenario, the programs that arespecified to run after successful completion ofthe tas

will run.

We recommend that you use McAfee AutoUpdateArchitect to create a tas

to mirror the NAIFTPsite.

PRESERVING SETTINGS

1. Settings can be preserved when upgradingVirusScan Enterprise from an earlier version toversion 8.5i:

- When using the VirusScan Enterprise Setup

utility to install the product, select the"Preserve Settings" option. See the VirusScanEnterprise Installation Guide for details.

- When using ePolicy Orchestrator, run the"ePOPolicyMigration.exe" file that isincluded in the installation pac

age.

- Add the VSE850.NAP file to the ePolicyOrchestrator repository.

- Run the ePOPolicyMigration.exe on theserver where ePolicy Orchestrator is

installed.

2. The path to the previous products installationdirectory is not preserved even though youselect the "Preserve Settings" option. VirusScanEnterprise 8.5i is installed to %ProgramFiles%\McAfee\VirusScan by default unless adifferent installation path is specified.

UNWANTED PROGRAMS POLICY

1. Wildcards are not supported when configuring

user-defined unwanted programs.

__________________________________________________________ DOCUMENTATION

Documentation is included on the product CD and/oris available with a valid grant number from theMcAfee download site:



https://secure.nai.com/us/forms/downloads/upgrades/login.asp

NOTE:Unless otherwise noted, product documentationcomes as Adobe Acrobat .PDF files. The productCD includes the latest version of AcrobatReader, or you can download any version from theAdobe web site:

http://www.adobe.com/products/acrobat/readstep2.html

STANDARD DOCUMENTATION

This product includes the following documentationset:

- Installation GuideSystem requirements and instructions forinstalling and starting the software.

- Product GuideIntroduction to the product and its features;

detailed instructions for configuring thesoftware; information on deployment, recurringtas

s, and operating procedures.

- HelpHigh-level and detailed information accessedfrom the software application: Help menu and/orHelp button for page-level help.

- Configuration GuideFor use with ePolicy Orchestrator(R) managementsoftware. Procedures for deploying and managingsupported products through the ePolicy

Orchestrator management software.

- Release Notes (this ReadMe file)

- LICENSE AgreementThe McAfee License Agreement boo

let thatincludes all of the license types you canpurchase for your product. The License Agreementpresents general terms and conditions for use ofthe licensed product.

ADDITIONAL DOCUMENTATION

- Quic

Reference CardA handy card with information on basic productfeatures, routine tas

s that you perform often,and critical tas

s that you performoccasionally. A printed card accompanies theproduct CD.



SUPPLEMENTAL DOCUMENTATION

- ePolicy Orchestrator(R) 3.5 or later versiondocumentation set.

- ProtectionPilot(TM) 1.5 documentation set.

- McAfee Installation Designer(TM) 8.5documentation set.

- Alert Manager(TM) 4.7.1 documentation set.

__________________________________________________________ PARTICIPATING IN THE MCAFEE BETA PROGRAM

To download new beta software or to read about thelatest beta information, visit the McAfee beta website located at:

http://www.mcafeesecurity.com/us/downloads/beta/mcafeebetahome.htm

To submit beta feedbac

on any McAfee product, sende-mail to:

[email protected]

McAfee is devoted to providing solutions based onyour input.

__________________________________________________________ CONTACT INFORMATION

THREAT CENTER: Avert(R) LabsHome Page

http://www.mcafee.com/us/threat_center/default.asp

Avert Labs Threat Library

http://vil.nai.com/

Avert WebImmune & Submit a Sample (Logoncredentials required)

https://www.webimmune.net/default.asp

Avert DAT Notification Servicehttp://vil.nai.com/vil/signup_DAT_notification.aspx

DOWNLOAD SITEHome Page

http://www.mcafee.com/us/downloads/

Security Updates (Clic

"Chec

for updates")- Enterprise:

http://www.mcafee.com/us/enterprise/downloads/index.html

- Small & Medium Business:http://www.mcafee.com/us/smb/downloads/index.html

Anti-Spam Rules File and Engine Updatesftp://ftp.mcafee.com/spamdefs/1.x/



Product Upgrades (Valid grant number required)- Enterprise:

https://mcafee.com/apps/downloads/my_products/login.asp

- Small & Medium Business:http://www.mcafee.com/us/smb/downloads/index.html (Clic

"Login")

HotFix and Patch Releases for SecurityVulnerabilities (Available to the public)

- Enterprise:http://www.mcafee.com/apps/downloads/security_updates/hotfixes.asp?region

=us&segment=enterprise

- Small & Medium Business:http://www.mcafee.com/apps/downloads/security_updates/hotfixes.asp?region

=us&segment=smb

HotFix and Patch Releases for Products(ServicePortal account and valid grant numberrequired)

http://mysupport.mcafee.com/eservice_enu/start.swe

SOFTWARE & HARDWARE TECHNICAL SUPPORTHome Pagehttp://www.mcafee.com/us/support

Knowledge Searchhttp://

nowledge.mcafee.com/

McAfee Technical Support ServicePortal (Logoncredentials required)

https://mysupport.mcafee.com/eservice_enu/start.swe

CUSTOMER SERVICEWeb: http://www.mcafee.com/us/support/index.html

http://www.mcafee.com/us/about/contact/index.html

Phone: +1-888-VIRUS NO or +1-888-847-8766Monday-Friday, 8am-8pm, Central TimeUS, Canada, and Latin Americatoll-free

MCAFEE BETA PROGRAM- Enterprise:

http://www.mcafee.com/us/enterprise/downloads/beta/index.html

- Small & Medium Business:http://www.mcafee.com/us/smb/downloads/beta/index.html

- Submit Beta Feedbac

:[email protected]

PROFESSIONAL SERVICES- Enterprise:

http://www.mcafee.com/us/enterprise/services/index.html



- Small & Medium Business:http://www.mcafee.com/us/smb/services/index.html

_____________________________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS

Copyright (C) 2008 McAfee, Inc. All Rights Reserved.No part of this publication may be reproduced,transmitted, transcribed, stored in a retrievalsystem, or translated into any language in any formorbyany means without the written permission ofMcAfee, Inc., or its suppliers or affiliatecompanies.

TRADEMARKS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY(AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN(STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT,

EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE,GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA),INTRUSHIELD, INTRUSION PREVENTION THROUGHINNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEEAND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS,NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD,NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER,THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM,VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA),WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) areregistered trademar

s or trademar

s of McAfee, Inc.and/or its affiliates in the US and/or othercountries. The color red in connection with security

is distinctive of McAfee brand products. All otherregistered and unregistered trademar

s herein arethe sole property of their respective owners.

_____________________________________________________ LICENSE & PATENT INFORMATION

LICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATELEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOUPURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND

CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IFYOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVEACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATEDLICENSE GRANT OR PURCHASE ORDER DOCUMENTS THATACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVERECEIVED SEPARATELY AS PART OF THE PURCHASE (AS ABOOKLET, A FILE ON THE PRODUCT CD, OR A FILEAVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADEDTHE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OFTHE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL



THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THEPRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR AFULL REFUND.

LICENSE ATTRIBUTIONS

This product includes or may include:*Software developed by the OpenSSL Project for usein the OpenSSL Tool

it (http://www.openssl.org/).*Cryptographic software written by Eric A. Youngand software written by Tim J. Hudson. *Somesoftware programs that are licensed (or sublicensed)to the user under the GNU General Public License(GPL) or other similar Free Software licenses which,among other rights, permit the user to copy, modifyand redistribute certain programs, or portionsthereof, and have access to the source code. The GPLrequires that for any software covered under theGPL, which is distributed to someone in anexecutable binary format, that the source code alsobe made available to those users. For any suchsoftware covered under the GPL, the source code ismade available on this CD. If any Free Software

licenses require that McAfee provide rights to use,copy or modify a software program that are broaderthan the rights granted in this agreement, then suchrights shall ta e precedence over the rights andrestrictions herein. *Software originally writtenby Henry Spencer, Copyright 1992, 1993, 1994, 1997Henry Spencer. *Software originally written byRobert Nordier, Copyright (C) 1996-7 Robert Nordier.*Software written by Douglas W. Sauder. *Softwaredeveloped by the Apache Software Foundation(http://www.apache.org/). A copy of the licenseagreement for this software can be found atwww.apache.org/licenses/LICENSE-2.0.txt.

*International Components for Unicode ("ICU")Copyright (C)1995-2002 International BusinessMachines Corporation and others. *Softwaredeveloped by CrystalClear Software, Inc., Copyright(C)2000 CrystalClear Software, Inc. *FEAD(R)Optimizer(R) technology, Copyright Netopsystems AG,Berlin, Germany. *Outside In(R) Viewer Technology(C)1992-2001 Stellent Chicago, Inc. and/or OutsideIn(R) HTML Export, (C) 2001 Stellent Chicago, Inc.*Software copyrighted by Thai Open Source SoftwareCenter Ltd. and Clar

Cooper, (C) 1998, 1999, 2000.*Software copyrighted by Expat maintainers.*Software copyrighted by The Regents of the

University of California, (C) 1996, 1989, 1998-2000.*Software copyrighted by Gunnar Ritter. *Softwarecopyrighted by Sun Microsystems, Inc., 4150 Networ

Circle, Santa Clara, California 95054, U.S.A., (C)2003. *Software copyrighted by Gisle Aas. (C)1995-2003. *Software copyrighted by Michael A.Chase, (C) 1999-2000. *Software copyrighted by NeilWinton, (C)1995-1996. *Software copyrighted by RSAData Security, Inc., (C) 1990-1992. *Softwarecopyrighted by Sean M. Bur

e, (C) 1999, 2000.



*Software copyrighted by Martijn Koster, (C) 1995.*Software copyrighted by Brad Appleton, (C)1996-1999. *Software copyrighted by Michael G.Schwern, (C)2001. *Software copyrighted by GrahamBarr, (C) 1998. *Software copyrighted by Larry Walland Clar

Cooper, (C) 1998-2000. *Softwarecopyrighted by Frodo Looijaard, (C) 1997. *Softwarecopyrighted by the Python Software Foundation,Copyright (C) 2001, 2002, 2003. A copy of thelicense agreement for this software can be found atwww.python.org. *Software copyrighted by BemanDawes, (C) 1994-1999, 2002. *Software written byAndrew Lumsdaine, Lie-Quan Lee, Jeremy G. Sie

(C)1997-2000 University of Notre Dame. *Softwarecopyrighted by Simone Bordet & Marco Cravero, (C)2002. *Software copyrighted by Stephen Purcell, (C)2001. *Software developed by the Indiana UniversityExtreme! Lab (http://www.extreme.indiana.edu/).*Software copyrighted by International BusinessMachines Corporation and others, (C) 1995-2003.*Software developed by the University ofCalifornia, Ber

eley and its contributors.*Software developed by Ralf S. Engelschall<[email protected]> for use in the mod_ssl project

(http:// www.modssl.org/). *Software copyrighted byKevlin Henney, (C) 2000-2002. *Software copyrightedby Peter Dimov and Multi Media Ltd. (C) 2001, 2002.*Software copyrighted by David Abrahams, (C) 2001,2002. See http://www.boost.org/libs/bind/bind.htmlfor documentation. *Software copyrighted by SteveCleary, Beman Dawes, Howard Hinnant & John Maddoc

,(C) 2000. *Software copyrighted by Boost.org, (C)1999-2002. *Software copyrighted by Nicolai M.Josuttis, (C) 1999. *Software copyrighted by JeremySie

, (C) 1999-2001. *Software copyrighted byDaryle Wal

er, (C) 2001. *Software copyrighted byChuc

Allison and Jeremy Sie

, (C) 2001, 2002.

*Software copyrighted by Samuel Krempp, (C) 2001.See http://www.boost.org for updates, documentation,and revision history. *Software copyrighted by DougGregor ([email protected]), (C) 2001, 2002.*Software copyrighted by Cadenza New Zealand Ltd.,(C) 2000. *Software copyrighted by Jens Maurer,(C)2000, 2001. *Software copyrighted by Jaa

oJärvi (jaa

[email protected]), (C)1999, 2000.*Software copyrighted by Ronald Garcia, (C) 2002.*Software copyrighted by David Abrahams, JeremySie

, and Daryle Wal

er, (C)1999-2001. *Softwarecopyrighted by Stephen Cleary ([email protected]),(C)2000. *Software copyrighted by Housemarque Oy

<http://www.housemarque.com>, (C) 2001. *Softwarecopyrighted by Paul Moore, (C) 1999. *Softwarecopyrighted by Dr. John Maddoc

, (C) 1998-2002.*Software copyrighted by Greg Colvin and BemanDawes, (C) 1998, 1999. *Software copyrighted byPeter Dimov, (C) 2001, 2002. *Software copyrightedby Jeremy Sie

and John R. Bandela, (C) 2001.*Software copyrighted by Joerg Walter and MathiasKoch, (C) 2000-2002. *Software copyrighted byCarnegie Mellon University (C) 1989, 1991, 1992.



*Software copyrighted by Cambridge Broadband Ltd.,(C) 2001-2003. *Software copyrighted by Sparta,Inc., (C) 2003-2004. *Software copyrighted byCisco, Inc and Information Networ

Center of BeijingUniversity of Posts and Telecommunications, (C)2004. *Software copyrighted by Simon Josefsson, (C)2003. *Software copyrighted by Thomas Jacob, (C)2003-2004. *Software copyrighted by AdvancedSoftware Engineering Limited, (C) 2004. *Softwarecopyrighted by Todd C. Miller, (C) 1998. *Softwarecopyrighted by The Regents of the University ofCalifornia, (C) 1990, 1993, with code derived fromsoftware contributed to Ber

eley by Chris Tore

.

PATENTSProtected by US Patents 6,006,035; 6,029,256;6,035,423; 6,151,643; 6,230,288; 6,266,811;6,269,456; 6,457,076; 6,496,875; 6,542,943;6,594,686; 6,611,925; 6,622,150; 6,668,289;6,697,950; 6,735,700; 6,748,534; 6,763,403;6,763,466; 6,775,780; 6,851,058; 6,886,099;6,898,712; 6,928,555; 6,931,540; 6,938,161;

6,944,775; 6,963,978; 6,968,461; 6,971,023;6,973,577; 6,973,578.

DBN-008-EN

V3.1.4

mcaffee readme.txt

Documents